The following Fedora 20 Security updates need testing: Age URL 40 https://admin.fedoraproject.org/updates/FEDORA-2013-17866/chicken-4.8.0.4-4.fc20 29 https://admin.fedoraproject.org/updates/FEDORA-2013-18705/phpMyAdmin-3.5.8.2-1.fc20 21 https://admin.fedoraproject.org/updates/FEDORA-2013-19198/quassel-0.9.1-1.fc20 14 https://admin.fedoraproject.org/updates/FEDORA-2013-19934/openstack-glance-2013.2-2.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2013-20138/mantis-1.2.15-3.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2013-19507/openstack-keystone-2013.2-2.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2013-20749/python-djblets-0.7.23-1.fc20,ReviewBoard-1.7.17-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2013-20687/krb5-1.11.3-29.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20869/libvirt-1.1.3.1-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20940/prboom-plus-2.5.1.3-3.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20929/ibus-pinyin-1.5.0-5.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20937/wireshark-1.10.3-3.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20942/drupal7-context-3.1-1.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 8 https://admin.fedoraproject.org/updates/FEDORA-2013-20393/phonon-4.6.0-9.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2013-20475/libevdev-0.4.1-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2013-20522/highlight-3.16.1-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2013-20596/gupnp-0.20.8-1.fc20,gssdp-0.14.6-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2013-20780/libbluray-0.4.0-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2013-20701/initial-setup-0.3.10-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2013-20687/krb5-1.11.3-29.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20939/libpcap-1.5.0-1.20131108git459712e.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20932/NetworkManager-0.9.9.0-15.git20131003.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20946/kde-settings-20-6.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20935/libdrm-2.4.47-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20951/xorg-x11-drv-qxl-0.1.1-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20949/python-setuptools-1.3.1-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20836/cyrus-sasl-2.1.26-13.fc20 The following builds have been pushed to Fedora 20 updates-testing NetworkManager-0.9.9.0-15.git20131003.fc20 alpine-2.11-1.fc20 antlr-2.7.7-28.fc20 dnsyo-1.1.4-2.fc20 drupal7-context-3.1-1.fc20 drupal7-strongarm-2.0-1.fc20 edk2-20130515svn14365-7.fc20 freeipmi-1.3.3-1.fc20 ghc-hjsmin-0.1.4.3-2.fc20 ghc-language-javascript-0.5.8-2.fc20 gimp-2.8.8-3.fc20 gstreamer1-plugins-bad-free-1.2.0-3.fc20 hg-git-0.4.0-3.fc20 ibus-pinyin-1.5.0-5.fc20 kde-settings-20-6.fc20 libdrm-2.4.47-1.fc20 libpcap-1.5.0-1.20131108git459712e.fc20 mate-applets-1.6.1-7.fc20 mercurial-2.8-1.fc20 mingw-gnutls-3.1.16-1.fc20 mingw-sane-backends-1.0.24-1.fc20 openscap-0.9.13-3.fc20 prboom-plus-2.5.1.3-3.fc20 pyparsing-2.0.1-1.fc20 python-moksha-wsgi-1.2.1-3.fc20 python-setuptools-1.3.1-1.fc20 sxiv-1.1.1-2.fc20 sysusage-5.3-2.fc20 tcpdump-4.5.0-1.20131108gitb07944a.fc20 testdisk-6.14-2.fc20 tortoisehg-2.10-1.fc20 wireshark-1.10.3-3.fc20 xorg-x11-drv-qxl-0.1.1-2.fc20 Details about builds: ================================================================================ NetworkManager-0.9.9.0-15.git20131003.fc20 (FEDORA-2013-20932) Network connection manager and user applications -------------------------------------------------------------------------------- Update Information: Fix of several crashes (both in core and ifcfg-rh plugin). -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 8 2013 Jiří Klimeš <jklimes@xxxxxxxxxx> - 0.9.9.0-15.git20131003 - ifcfg-rh: fix crash in ifcfg-rh plugin when reloading connections (rh #1023571) - ifcfg-rh: fix crash when having connections with NEVER_DEFAULT (rh #1021112) - core: fix segfault in nm-policy when setting default route for vpn (rh #1019021) - ifcfg-rh: fix crash when reading connection (assert) (rh #1025007) - core: allow IPv4 to proceed if IPv6 is globally disabled but set to "auto" (rh #1012151) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1023571 - [abrt] NetworkManager-0.9.9.0-14.git20131003.fc20: _g_log_abort: Process /usr/sbin/NetworkManager was killed by signal 6 (SIGABRT) https://bugzilla.redhat.com/show_bug.cgi?id=1023571 [ 2 ] Bug #1021112 - [abrt] NetworkManager-0.9.9.0-14.git20131003.fc20: _g_log_abort: Process /usr/sbin/NetworkManager was killed by signal 6 (SIGABRT) https://bugzilla.redhat.com/show_bug.cgi?id=1021112 [ 3 ] Bug #1025007 - [abrt] NetworkManager-0.9.9.0-14.git20131003.fc20: _g_log_abort: Process /usr/sbin/NetworkManager was killed by signal 6 (SIGABRT) https://bugzilla.redhat.com/show_bug.cgi?id=1025007 [ 4 ] Bug #1012151 - [abrt] NetworkManager-0.9.9.0-12.git20130913.fc20: _g_log_abort: Process /usr/sbin/NetworkManager was killed by signal 6 (SIGABRT) https://bugzilla.redhat.com/show_bug.cgi?id=1012151 -------------------------------------------------------------------------------- ================================================================================ alpine-2.11-1.fc20 (FEDORA-2013-20471) powerful, easy to use console email client -------------------------------------------------------------------------------- Update Information: Update to latest bugfix release, and restore README.fedora (which was lost in recent builds) -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 6 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.11-1 - alpine-2.11, drop old/unused patches * Thu Oct 31 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.10-4 - re-add README.fedora -------------------------------------------------------------------------------- ================================================================================ antlr-2.7.7-28.fc20 (FEDORA-2013-20938) ANother Tool for Language Recognition -------------------------------------------------------------------------------- Update Information: Rebuild -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 8 2013 Marek Goldmann <mgoldman@xxxxxxxxxx> - 0:2.7.7-28 - Rebuild -------------------------------------------------------------------------------- ================================================================================ dnsyo-1.1.4-2.fc20 (FEDORA-2013-20952) Check DNS against many global DNS servers -------------------------------------------------------------------------------- Update Information: Latest upstream release Latest upstream version New package, dnsyo -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 7 2013 Ricky Elrod <codeblock@xxxxxxxxxxxxxxxxx> - 1.1.4-2 - Fix 'requests' sed to fix the build on Fedora. * Tue Nov 5 2013 Ricky Elrod <codeblock@xxxxxxxxxxxxxxxxx> - 1.1.4-1 - Latest upstream version. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1021091 - Review Request: dnsyo - Check DNS against many global DNS servers https://bugzilla.redhat.com/show_bug.cgi?id=1021091 -------------------------------------------------------------------------------- ================================================================================ drupal7-context-3.1-1.fc20 (FEDORA-2013-20942) Allows you to manage contextual conditions and reactions of your site -------------------------------------------------------------------------------- Update Information: - Update to upstream 3.1 release for bug fixes - Upstream changelog for this release: https://drupal.org/node/2113785 - Fixes CVE-2013-4445, CVE-2013-4446 BZ 1020777, BZ 1020262, BZ 1020781, BZ 1020784 -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 8 2013 Peter Borsa <peter.borsa@xxxxxxxxx> - 3.1-1 - Update to upstream 3.1 release for bug fixes - Upstream changelog for this release: https://drupal.org/node/2113785 - Fixes CVE-2013-4445, CVE-2013-4446 BZ 1020777, BZ 1020262, BZ 1020781, BZ 1020784 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1020777 - CVE-2013-4445 CVE-2013-4446 drupal-context: multiple vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=1020777 -------------------------------------------------------------------------------- ================================================================================ drupal7-strongarm-2.0-1.fc20 (FEDORA-2013-20947) Strongarm gives a way to override the default variable values -------------------------------------------------------------------------------- Update Information: - Update to upstream 2.0 release for bug fixes - Upstream changelog for this release: https://drupal.org/node/1632574 -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 8 2013 Peter Borsa <peter.borsa@xxxxxxxxx> - 2.0-1 - Update to upstream 2.0 release for bug fixes - Upstream changelog for this release: https://drupal.org/node/1632574 -------------------------------------------------------------------------------- References: [ 1 ] Bug #993735 - drupal7-strongarm possibly affected by F-20 unversioned docdir change https://bugzilla.redhat.com/show_bug.cgi?id=993735 -------------------------------------------------------------------------------- ================================================================================ edk2-20130515svn14365-7.fc20 (FEDORA-2013-20957) EFI Development Kit II -------------------------------------------------------------------------------- Update Information: The package is now available for ARM as well. No change for x86. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 8 2013 Paolo Bonzini <pbonzini@xxxxxxxxxx> - 20130515svn14365-7 - Make BaseTools compile on ARM. -------------------------------------------------------------------------------- References: [ 1 ] Bug #992180 - edk2 does not compile on ARM due to missing arch-dependent header https://bugzilla.redhat.com/show_bug.cgi?id=992180 -------------------------------------------------------------------------------- ================================================================================ freeipmi-1.3.3-1.fc20 (FEDORA-2013-20934) IPMI remote console and system management software -------------------------------------------------------------------------------- Update Information: upstream release with portability bugfix -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 8 2013 Ales Ledvinka <aledvink@xxxxxxxxxx> - 1.3.3-1 - Updated to freeipmi-1.3.3 - Add support for intelnm get-node-manager-alert-destination and set-node-manager-alert-destination in ipmi-oem. - Under very verbose mode, ipmi-sel will now record types for OEM records. This should allow OEM parses outside of FreeIPMI to more effectively parse OEM specific SEL records. - Fix big endian portability bugs. * Mon Sep 23 2013 Ales Ledvinka <aledvink@xxxxxxxxxx> - 1.3.2-1 - Updated to freeipmi-1.3.2 - Update FreeIPMI tools to check libfreeipmi API error codes correctly. - Update ipmi-api.h to list mappings of IPMI completion codes and RMCPPlus codes to API Error codes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1024839 - freeipmi-1.3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1024839 -------------------------------------------------------------------------------- ================================================================================ ghc-hjsmin-0.1.4.3-2.fc20 (FEDORA-2013-20933) Haskell implementation of a javascript minifier -------------------------------------------------------------------------------- Update Information: Rebuild for language-javascript update -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 7 2013 Ricky Elrod <codeblock@xxxxxxxxxxxxxxxxx> - 0.1.4.3-2 - rebuild * Tue Oct 8 2013 Ricky Elrod <codeblock@xxxxxxxxxxxxxxxxx> - 0.1.4.3-1 - Latest upstream release. * Thu Sep 26 2013 Jens Petersen <petersen@xxxxxxxxxx> - 0.1.4.1-3 - rebuild -------------------------------------------------------------------------------- ================================================================================ ghc-language-javascript-0.5.8-2.fc20 (FEDORA-2013-20945) Parser for JavaScript -------------------------------------------------------------------------------- Update Information: Latest upstream, plus add BangPatterns. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 7 2013 Jens Petersen <petersen@xxxxxxxxxx> - 0.5.8-2 - add BangPatterns patch from Debian for secondary arch's (#1027169) * Tue Sep 17 2013 Ricky Elrod <codeblock@xxxxxxxxxxxxxxxxx> - 0.5.8-1 - Latest upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1027169 - FTBFS: Illegal bang-pattern (use -XBangPatterns) https://bugzilla.redhat.com/show_bug.cgi?id=1027169 -------------------------------------------------------------------------------- ================================================================================ gimp-2.8.8-3.fc20 (FEDORA-2013-20865) GNU Image Manipulation Program -------------------------------------------------------------------------------- Update Information: This update fixes a crash in the lcms plug-in and various issues found during a static code scan. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 8 2013 Nils Philippsen <nils@xxxxxxxxxx> - 2:2.8.8-3 - file-bmp: don't close already closed FD * Thu Nov 7 2013 Nils Philippsen <nils@xxxxxxxxxx> - 2:2.8.8-2 - fix crash in lcms plug-in - fix issues found during static code check * Mon Nov 4 2013 Nils Philippsen <nils@xxxxxxxxxx> - 2:2.8.8-1 - version 2.8.8 * Thu Sep 19 2013 Nils Philippsen <nils@xxxxxxxxxx> - 2:2.8.6-5 - fix lcms2 patch -------------------------------------------------------------------------------- ================================================================================ gstreamer1-plugins-bad-free-1.2.0-3.fc20 (FEDORA-2013-20941) GStreamer streaming media framework "bad" plugins -------------------------------------------------------------------------------- Update Information: Build with GObject-Introspection support. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 8 2013 Brian Pepple <bpepple@xxxxxxxxxxxxxxxxx> - 1.2.0-3 - Build gobject-introspection support. (#1028156) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1028156 - Build GObject-Introspection support https://bugzilla.redhat.com/show_bug.cgi?id=1028156 -------------------------------------------------------------------------------- ================================================================================ hg-git-0.4.0-3.fc20 (FEDORA-2013-20936) Mercurial Plugin for Communicating with Git Servers -------------------------------------------------------------------------------- Update Information: Add missing python module requires. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 8 2013 Christopher Meng <rpm@xxxxxxxx> - 0.4.0-3 - Add missing ordereddict requires. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1028493 - hg-git needs python module ordereddict https://bugzilla.redhat.com/show_bug.cgi?id=1028493 -------------------------------------------------------------------------------- ================================================================================ ibus-pinyin-1.5.0-5.fc20 (FEDORA-2013-20929) The Chinese Pinyin and Bopomofo engines for IBus input platform -------------------------------------------------------------------------------- Update Information: Fixes ibus: visible password entry flaw. (rhbz#1027029) (CVE-2013-4509) -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 8 2013 Peng Wu <pwu@xxxxxxxxxx> - 1.5.0-5 - Fixes ibus: visible password entry flaw. (rhbz#1027029) (CVE-2013-4509) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1027028 - CVE-2013-4509 ibus: visible password entry flaw https://bugzilla.redhat.com/show_bug.cgi?id=1027028 -------------------------------------------------------------------------------- ================================================================================ kde-settings-20-6.fc20 (FEDORA-2013-20946) Config files for kde -------------------------------------------------------------------------------- Update Information: Add some default settings polish: - kmixrc: VolumeFeedback=true - kdmrc: ConfigVersion 2.4, GrabInput=Always (#631767) - gpg-agent isn't started automatically with KDE anymore (#845492) -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 7 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 20-6 - kmixrc: VolumeFeedback=true - kdmrc: ConfigVersion 2.4 - gpg-agent isn't started automatically with KDE anymore (#845492) * Mon Oct 14 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 20-4 - drop -sddm -------------------------------------------------------------------------------- References: [ 1 ] Bug #631767 - kdm shutdown menu lacks focus, keyboard control https://bugzilla.redhat.com/show_bug.cgi?id=631767 [ 2 ] Bug #845492 - gpg-agent isn't started automatically with KDE anymore https://bugzilla.redhat.com/show_bug.cgi?id=845492 -------------------------------------------------------------------------------- ================================================================================ libdrm-2.4.47-1.fc20 (FEDORA-2013-20935) Direct Rendering Manager runtime library -------------------------------------------------------------------------------- Update Information: fix nouveau gpus less < nv50 instability -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 8 2013 Dave Airlie <airlied@xxxxxxxxxx> 2.4.47-1 - libdrm 2.4.47 - add fix for nouveau with gcc 4.8 -------------------------------------------------------------------------------- ================================================================================ libpcap-1.5.0-1.20131108git459712e.fc20 (FEDORA-2013-20939) A system-independent interface for user-level packet capture -------------------------------------------------------------------------------- Update Information: Rebase to libpcap-1.5.0 Beta. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 8 2013 Michal Sekletar <msekleta@xxxxxxxxxx> - 14:1.5.0-1.20131108git459712e - update to snapshot 20131108git459712e -------------------------------------------------------------------------------- References: [ 1 ] Bug #1028373 - Rebase libpcap to the latest upstream https://bugzilla.redhat.com/show_bug.cgi?id=1028373 -------------------------------------------------------------------------------- ================================================================================ mate-applets-1.6.1-7.fc20 (FEDORA-2013-20931) MATE Desktop panel applets -------------------------------------------------------------------------------- Update Information: - add patch for build against upower-1.0 - clean up BRs -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 7 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.1-7 - add patch for build against upower-1.0 - clean up BRs * Fri Nov 1 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.1-6 - disable upower BR > f20, until we know to handle upower-1.0 -------------------------------------------------------------------------------- ================================================================================ mercurial-2.8-1.fc20 (FEDORA-2013-20759) Mercurial -- a distributed SCM -------------------------------------------------------------------------------- Update Information: http://mercurial.selenic.com/wiki/WhatsNew#Mercurial_2.8_.282013-11-1.29 https://bitbucket.org/tortoisehg/thg/wiki/ReleaseNotes#!tortoisehg-210 -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 8 2013 nbecker <ndbecker2@xxxxxxxxx> - 2.8-1 - Update to 2.8 -------------------------------------------------------------------------------- ================================================================================ mingw-gnutls-3.1.16-1.fc20 (FEDORA-2013-20943) MinGW GnuTLS TLS/SSL encryption library -------------------------------------------------------------------------------- Update Information: Version 3.1.16 (released 2013-10-31) * gnulib: updated. * libdane: Fixed a one-off bug in dane_query_tlsa() introduced by the previous fix. Reported by Tomas Mraz. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 7 2013 Michael Cronenworth <mike@xxxxxxxxxx> - 3.1.16-1 - Update to 3.1.16 * Tue Oct 29 2013 Michael Cronenworth <mike@xxxxxxxxxx> - 3.1.15-1 - Update to 3.1.15 - Enable ECC NIST Suite B curves -------------------------------------------------------------------------------- ================================================================================ mingw-sane-backends-1.0.24-1.fc20 (FEDORA-2013-20954) MinGW package for SANE -------------------------------------------------------------------------------- Update Information: * Significant enhancements to pixma, genesys, kodakaio, fujitsu, canon_dr. * Minor updates, bugfixes or scanners added in several backends. * Added new testsuite * 51 new scanner models supported. * USB support improvements. * Improved build system (mingw64, bug fixes, default pthread on Linux). * Documentation updates. * Bugfixes. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 7 2013 Michael Cronenworth <mike@xxxxxxxxxx> - 1.0.24-1 - New upstream release -------------------------------------------------------------------------------- ================================================================================ openscap-0.9.13-3.fc20 (FEDORA-2013-20956) Set of open source libraries enabling integration of the SCAP line of standards -------------------------------------------------------------------------------- Update Information: OpenSCAP updates to new upstream release (0.9.13). SCE is separated to openscap-engine-sce sub-package. openscap-content is obsoleted by scap-security-guide. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 8 2013 Šimon Lukašík <slukasik@xxxxxxxxxx> 0.9.13-3 - correct openscap-utils dependencies * Fri Nov 8 2013 Šimon Lukašík <slukasik@xxxxxxxxxx> 0.9.13-2 - drop openscap-content package (use scap-security-guide instead) * Fri Nov 8 2013 Šimon Lukašík <slukasik@xxxxxxxxxx> 0.9.13-1 - upgrade -------------------------------------------------------------------------------- ================================================================================ prboom-plus-2.5.1.3-3.fc20 (FEDORA-2013-20940) Free enhanced DOOM engine -------------------------------------------------------------------------------- Update Information: -------- prboom-plus-2.5.1.3-3 replaces mktemp with mkstemp to satisfy rpmlint Doom is a classic 3D shoot-em-up game. PrBoom+ is a Doom source port developed from the original PrBoom project by Andrey Budko. The target of the project is to extend the original port with features that are necessary or useful. -------------------------------------------------------------------------------- References: [ 1 ] Bug #990614 - Request for Prboom-Plus doom engine. https://bugzilla.redhat.com/show_bug.cgi?id=990614 [ 2 ] Bug #1026517 - Review Request: prboom-plus - Free enhanced DOOM engine https://bugzilla.redhat.com/show_bug.cgi?id=1026517 -------------------------------------------------------------------------------- ================================================================================ pyparsing-2.0.1-1.fc20 (FEDORA-2013-20950) An object-oriented approach to text processing -------------------------------------------------------------------------------- Update Information: Update pyparsing to new major version pyparsing 2.0.1 -------------------------------------------------------------------------------- ChangeLog: * Sun Oct 27 2013 Terje Rosten <terje.rosten@xxxxxxx> - 2.0.1-1 - 2.0.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #950775 - Update python3-pyparsing to 2.0.1 https://bugzilla.redhat.com/show_bug.cgi?id=950775 -------------------------------------------------------------------------------- ================================================================================ python-moksha-wsgi-1.2.1-3.fc20 (FEDORA-2013-20955) WSGI components for Moksha -------------------------------------------------------------------------------- Update Information: Requires python-paste-script. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 7 2013 Ralph Bean <rbean@xxxxxxxxxx> - 1.2.1-3 - Requires on python-paste-script. -------------------------------------------------------------------------------- ================================================================================ python-setuptools-1.3.1-1.fc20 (FEDORA-2013-20949) Easily build and distribute Python packages -------------------------------------------------------------------------------- Update Information: Fixes compatibility with the subversion version shipped in Fedora 20. Fixes a security issue with ssl wildcard certs and IDNA domain names. See http://bugs.python.org/issue17997#msg194950 for details * New upstream minor bugfix. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 7 2013 Toshio Kuratomi <toshio@xxxxxxxxxxxxxxxxx> - 1.3.1-1 - Minor upstream update to reign in overzealous warnings * Mon Nov 4 2013 Toshio Kuratomi <toshio@xxxxxxxxxxxxxxxxx> - 1.3-1 - Upstream update that pulls in our security patches * Mon Oct 28 2013 Toshio Kuratomi <toshio@xxxxxxxxxxxxxxxxx> - 0.9.8-2 - Pull in a fix for a security issue with wildcard certs and IDNA domain names * Sat Oct 26 2013 Toshio Kuratomi <toshio@xxxxxxxxxxxxxxxxx> - 0.9.8-1 - Upstream update with a few bugfixes -------------------------------------------------------------------------------- ================================================================================ sxiv-1.1.1-2.fc20 (FEDORA-2013-20930) Simple (or small or suckless) X Image Viewer -------------------------------------------------------------------------------- Update Information: Correct the manpage to reflect the unversioned docdir change. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 8 2013 Petr Šabata <contyk@xxxxxxxxxx> - 1.1.1-2 - Don't use versioned docdir paths in the manpage (#1027734) * Mon Oct 14 2013 Petr Šabata <contyk@xxxxxxxxxx> - 1.1.1-1 - 1.1.1 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1027734 - sxiv affected by F-20 unversioned docdir change https://bugzilla.redhat.com/show_bug.cgi?id=1027734 -------------------------------------------------------------------------------- ================================================================================ sysusage-5.3-2.fc20 (FEDORA-2013-20948) The sysstat and sar grapher -------------------------------------------------------------------------------- Update Information: Correct localstate path. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 8 2013 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 5.3-2 - Fix localstatedir var for PID location -------------------------------------------------------------------------------- ================================================================================ tcpdump-4.5.0-1.20131108gitb07944a.fc20 (FEDORA-2013-20953) A network traffic monitoring tool -------------------------------------------------------------------------------- Update Information: Rebase to tcpdump-4.5.0 Beta. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 8 2013 Michal Sekletar <msekleta@xxxxxxxxxx> - 14:4.5.0-1.20131108gitb07944a - update to snaphot gitb07944a -------------------------------------------------------------------------------- References: [ 1 ] Bug #1028375 - Rebase tcpdump to the latest upstream https://bugzilla.redhat.com/show_bug.cgi?id=1028375 -------------------------------------------------------------------------------- ================================================================================ testdisk-6.14-2.fc20 (FEDORA-2013-20944) Tool to check and undelete partition, PhotoRec recovers lost files -------------------------------------------------------------------------------- Update Information: Fix a crash in recover_EXT2 -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 6 2013 Christophe Grenier <grenier@xxxxxxxxxxxxxx> - 6.14-2 - Patch for additional ext2 check (Bug #1027026) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1027026 - [abrt] testdisk-6.14-1.fc20: recover_EXT2: Process /usr/bin/testdisk was killed by signal 8 (SIGFPE) https://bugzilla.redhat.com/show_bug.cgi?id=1027026 -------------------------------------------------------------------------------- ================================================================================ tortoisehg-2.10-1.fc20 (FEDORA-2013-20759) Mercurial GUI command line tool thg -------------------------------------------------------------------------------- Update Information: http://mercurial.selenic.com/wiki/WhatsNew#Mercurial_2.8_.282013-11-1.29 https://bitbucket.org/tortoisehg/thg/wiki/ReleaseNotes#!tortoisehg-210 -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 6 2013 Mads Kiilerich <mads@xxxxxxxxxxxxx> - 2.10-1 - tortoisehg 2.10 -------------------------------------------------------------------------------- ================================================================================ wireshark-1.10.3-3.fc20 (FEDORA-2013-20937) Network traffic analyzer -------------------------------------------------------------------------------- Update Information: fix subpackage requires Harden dumpcap capabilities * Ver. 1.10.3 -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 7 2013 Peter Hatina <phatina@xxxxxxxxxx> - 1.10.3-3 - fix subpackage requires * Wed Nov 6 2013 Peter Hatina <phatina@xxxxxxxxxx> - 1.10.3-2 - harden dumpcap capabilities * Sat Nov 2 2013 Peter Lemenkov <lemenkov@xxxxxxxxx> - 1.10.3-1 - Ver. 1.10.3 - Dropped upsteamed patch no. 13 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1026534 - CVE-2013-6336 wireshark: IEEE 802.15.4 dissector crash (wnpa-sec-2013-61) https://bugzilla.redhat.com/show_bug.cgi?id=1026534 [ 2 ] Bug #1026538 - CVE-2013-6337 wireshark: NBAP dissector crash (wnpa-sec-2013-62) https://bugzilla.redhat.com/show_bug.cgi?id=1026538 [ 3 ] Bug #1026539 - CVE-2013-6338 wireshark: SIP dissector crash (wnpa-sec-2013-63) https://bugzilla.redhat.com/show_bug.cgi?id=1026539 [ 4 ] Bug #1026540 - CVE-2013-6339 wireshark: ActiveMQ OpenWire dissector large loop (wnpa-sec-2013-64) https://bugzilla.redhat.com/show_bug.cgi?id=1026540 [ 5 ] Bug #1026541 - CVE-2013-6340 wireshark: TCP dissector crash (wnpa-sec-2013-65) https://bugzilla.redhat.com/show_bug.cgi?id=1026541 -------------------------------------------------------------------------------- ================================================================================ xorg-x11-drv-qxl-0.1.1-2.fc20 (FEDORA-2013-20951) Xorg X11 qxl video driver -------------------------------------------------------------------------------- Update Information: This is a workaround for the kernel oops we've been seeing I hope. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 8 2013 Dave Airlie <airlied@xxxxxxxxxx> 0.1.1-2 - possibly fix F20 blocker with oops in the kernel (#1027831) * Mon Oct 21 2013 Alon Levy <alevy@xxxxxxxxxx> - 0.1.1-1 - New upstream release - Fixes to said release to work with suid issues (upstream) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1027831 - kernel BUG at drivers/gpu/drm/ttm/ttm_bo.c:173! https://bugzilla.redhat.com/show_bug.cgi?id=1027831 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
