The following Fedora 19 Security updates need testing: Age URL 67 https://admin.fedoraproject.org/updates/FEDORA-2013-17836/davfs2-1.4.7-3.fc19 46 https://admin.fedoraproject.org/updates/FEDORA-2013-19262/quassel-0.9.1-1.fc19 39 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2013-22208/subversion-1.7.14-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2013-22325/xen-4.2.3-10.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2013-22467/seamonkey-2.22.1-1.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2013-22444/ganglia-3.6.0-3.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2013-22507/drupal6-6.29-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22680/tuxcut-5.0-15.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22697/xdialog-2.3.1-13.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22693/openstack-nova-2013.1.4-3.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22610/nbd-3.5-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22608/maradns-2.0.07d-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22669/kernel-3.11.10-200.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 13 https://admin.fedoraproject.org/updates/FEDORA-2013-21772/unzip-6.0-11.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2013-21769/libwacom-0.8-1.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2013-21779/wpa_supplicant-2.0-8.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2013-21876/dosfstools-3.0.22-3.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2013-21833/langtable-0.0.21-1.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2013-22229/qt-4.8.5-11.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2013-22194/btrfs-progs-3.12-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-4.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2013-22324/clutter-1.14.4-5.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2013-22509/llvm-3.3-3.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2013-22421/gvfs-1.16.4-2.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2013-22463/gvfs-1.16.4-1.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2013-22512/highlight-3.16.1-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22670/libfm-1.1.3-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22669/kernel-3.11.10-200.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22609/libdrm-2.4.49-2.fc19 The following builds have been pushed to Fedora 19 updates-testing bluefish-2.2.4-4.fc19 docker-registry-0.6.0-3.fc19 golang-googlecode-tools-0-0.3.hg17c8fe23290a.fc19 gromacs-4.6.5-1.fc19 guayadeque-0.3.6-17.svn1887.fc19 hg-git-0.4.0-4.fc19 kernel-3.11.10-200.fc19 kexec-tools-2.0.4-14.fc19 libfm-1.1.3-1.fc19 luajit-2.0.2-6.fc19 monitorix-3.4.0-1.fc19 openlmi-tools-0.9-8.fc19 openstack-nova-2013.1.4-3.fc19 perl-Date-Manip-6.42-1.fc19 python-django-extensions-1.2.5-1.fc19 python-moksha-wsgi-1.2.2-1.fc19 rtpproxy-1.2.1-14.git2121113.fc19 tuxcut-5.0-15.fc19 undbx-0.21-1.fc19 vdsm-4.13.0-11.fc19 xdialog-2.3.1-13.fc19 xinetd-2.3.15-9.fc19 Details about builds: ================================================================================ bluefish-2.2.4-4.fc19 (FEDORA-2013-22678) GTK2 web development application for experienced users -------------------------------------------------------------------------------- Update Information: This update fixes a syntax highlighting issue, and includes a new javascript minifier implementation that will be used in bluefish 2.2.5. -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 2 2013 Paul Howarth <paul@xxxxxxxxxxxx> - 2.2.4-4 - Replace v8 jsmin implementation (which doesn't work with bluefish) with an MIT-licensed version that will be in bluefish 2.2.5 - Add upstream fix for syntax highlighting problem (#983902, Gnome Bug #704108) * Tue Sep 3 2013 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.2.4-3 - Remove non-free jsmin.py code, replace with free jsmin.py * Sun Jul 28 2013 Paul Howarth <paul@xxxxxxxxxxxx> - 2.2.4-2 - Install docs to %{_pkgdocdir} where available -------------------------------------------------------------------------------- References: [ 1 ] Bug #983902 - Syntax highlighting broken https://bugzilla.redhat.com/show_bug.cgi?id=983902 -------------------------------------------------------------------------------- ================================================================================ docker-registry-0.6.0-3.fc19 (FEDORA-2013-22689) Registry server for Docker -------------------------------------------------------------------------------- Update Information: Added EPEL support Initial packaging -------------------------------------------------------------------------------- References: [ 1 ] Bug #1032670 - Review Request: docker-registry - Registry server for Docker https://bugzilla.redhat.com/show_bug.cgi?id=1032670 -------------------------------------------------------------------------------- ================================================================================ golang-googlecode-tools-0-0.3.hg17c8fe23290a.fc19 (FEDORA-2013-22671) Supplementary tools and packages for Go -------------------------------------------------------------------------------- Update Information: initial release of go.tools package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1029068 - Review Request: golang-googlecode-tools - Supplementary tools and packages for Go https://bugzilla.redhat.com/show_bug.cgi?id=1029068 -------------------------------------------------------------------------------- ================================================================================ gromacs-4.6.5-1.fc19 (FEDORA-2013-22668) Fast, Free and Flexible Molecular Dynamics -------------------------------------------------------------------------------- Update Information: Update to 4.6.5. See changelog at http://www.gromacs.org/About_Gromacs/Release_Notes/Versions_4.6.x . -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 4.6.5-1 - Update to 4.6.5. * Thu Nov 14 2013 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 4.6.4-1 - Update to 4.6.4. * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.6.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #969153 - gromacs-4.6.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=969153 -------------------------------------------------------------------------------- ================================================================================ guayadeque-0.3.6-17.svn1887.fc19 (FEDORA-2013-22698) Music player -------------------------------------------------------------------------------- Update Information: %changelog * Tue Dec 3 2013 Martin Gansser <martinkg@xxxxxxxxxxxxxxxxx> - 0.3.6-17.svn1887 - rebuild for new svn release - added compiler flag to suppress "-Wno-unused-local-typedefs" warnings -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Martin Gansser <martinkg@xxxxxxxxxxxxxxxxx> - 0.3.6-17.svn1887 - rebuild for new svn release - added compiler flag to suppress "-Wno-unused-local-typedefs" warnings -------------------------------------------------------------------------------- ================================================================================ hg-git-0.4.0-4.fc19 (FEDORA-2013-22682) Mercurial Plugin for Communicating with Git Servers -------------------------------------------------------------------------------- Update Information: Remove aggresive dep workingaround. -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 2 2013 Matěj Cepl <mcepl@xxxxxxxxxx> - 0.4.0-4 - We only need python-ordereddict on EPEL<=6. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1036831 - ordered dict is required only with python <= 2.6 (i.e., only EPEL-6) https://bugzilla.redhat.com/show_bug.cgi?id=1036831 -------------------------------------------------------------------------------- ================================================================================ kernel-3.11.10-200.fc19 (FEDORA-2013-22669) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 3.11.10 stable update contains a number of important fixes across the tree -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 30 2013 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - CVE-2013-6405 net: leak of uninited mem to userspace via recv syscalls (rhbz 1035875 1035887) * Fri Nov 29 2013 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - 3.11.10-200 - Linux v3.11.10 - Fix memory leak in qxl (from Dave Airlie) * Tue Nov 26 2013 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Add patch to fix usbnet URB handling (rhbz 998342) - Fix crash in via-velocity driver (rhbz 1022733) - CVE-2013-6382 xfs: missing check for ZERO_SIZE_PTR (rhbz 1033603 1034670) * Mon Nov 25 2013 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - CVE-2013-6380 aacraid: invalid pointer dereference (rhbz 1033593 1034304) - CVE-2013-6378 libertas: potential oops in debugfs (rhbz 1033578 1034183) * Fri Nov 22 2013 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Add patches from Jeff Layton to fix 15sec NFS mount hang -------------------------------------------------------------------------------- References: [ 1 ] Bug #1035875 - CVE-2013-6405 Kernel: net: leakage of uninitialized memory to user-space via recv syscalls https://bugzilla.redhat.com/show_bug.cgi?id=1035875 [ 2 ] Bug #1033603 - CVE-2013-6382 Kernel: fs: xfs: missing check for ZERO_SIZE_PTR https://bugzilla.redhat.com/show_bug.cgi?id=1033603 [ 3 ] Bug #1033593 - CVE-2013-6380 Kernel: aacraid: invalid pointer dereference https://bugzilla.redhat.com/show_bug.cgi?id=1033593 [ 4 ] Bug #1033578 - CVE-2013-6378 Kernel: drivers: libertas: potential oops in debugfs https://bugzilla.redhat.com/show_bug.cgi?id=1033578 -------------------------------------------------------------------------------- ================================================================================ kexec-tools-2.0.4-14.fc19 (FEDORA-2013-22691) The kexec/kdump userspace component. -------------------------------------------------------------------------------- Update Information: backport two commits from upstream disable mmap() vmcore in makedumpfile A few backports from upstream (makedumpfile, kexec) -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 WANG Chao <chaowang@xxxxxxxxxx> - 2.0.4-13 - Add rd.memdebug in kdump module - kdumpctl: Avoid leaking fd to subshell - makedumpfile: Understand >= v3.11-rc4 dmesg - makedumpfile, ppc: Support to filter dump for kernels that use CONFIG_SPARSEMEM_VMEMMAP. * Fri Nov 15 2013 WANG Chao <chaowang@xxxxxxxxxx> - 2.0.4-13 - makedumpfile: disable mmap() * Tue Oct 29 2013 WANG Chao <chaowang@xxxxxxxxxx> - 2.0.4-12 - fix sadump format phys_base calculating error - kdump, x86: Process multiple Crash kernel in /proc/iomem - makedumpfile: wrong cyclic buffer size recalculation causes bitmap data corruption - Fix max_mapnr issue on system has over 44-bit addressing. -------------------------------------------------------------------------------- ================================================================================ libfm-1.1.3-1.fc19 (FEDORA-2013-22670) GIO-based library for file manager-like programs -------------------------------------------------------------------------------- Update Information: New version 1.1.3 is released. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.1.3-1 - 1.1.3 * Mon Nov 11 2013 Christoph Wickert <wickert@xxxxxxxxxxxx> - 1.1.2.2-3 - Rebuild for new menu-cache 0.5.x -------------------------------------------------------------------------------- ================================================================================ luajit-2.0.2-6.fc19 (FEDORA-2013-22679) Just-In-Time Compiler for Lua -------------------------------------------------------------------------------- Update Information: New package: luajit - Just-In-Time Compiler for Lua -------------------------------------------------------------------------------- References: [ 1 ] Bug #1035661 - Review Request: luajit - Just-In-Time Compiler for Lua https://bugzilla.redhat.com/show_bug.cgi?id=1035661 -------------------------------------------------------------------------------- ================================================================================ monitorix-3.4.0-1.fc19 (FEDORA-2013-22677) A free, open source, lightweight system monitoring tool -------------------------------------------------------------------------------- Update Information: 3.4.0 - 02-Dec-2013 ==================== - Added a complete statistical Memcached graph. [#27] - Added support for different BIND stats versions (2 and 3 right now). (thanks to Ivo Brhel, ivb AT volny.cz) - Added two new alerts in the 'disk' graph in order to know if a disk drive has exceeded or reached a threshold for reallocated and pending sectors. (suggested by Matthew Connelly, maff AT maff.im) - Added a new option called 'max_historic_years' (with a default value of 1), which enables the ability to have up to 5 years of data. Beware with this option because it generates a new '.rrd' file every time the value is extended, losing the current historical data. (suggested by Mohan Reddy, Mohan.Reddy AT analog.com) - Improved the regexp when collecting data from devices's interrupts which also fixes some annoying messages on using non-numeric arguments. - Added support for the Pure-FTPd logs in the 'serv' and 'ftp' graphs. - Added the new configuration option 'https_url'. [#31] - Fixed error messages about use of uninitialized values in 'system' graph on BSD systems. - Fixed error messages about not numeric argument in addition in 'fs' graph on BSD systems. - Fixed in 'emailreports' to use the command line 'hostname' if the variable $ENV{HOSTNAME} is not defined (Debian/Ubuntu and perhaps other systems). (thanks to Skibbi, skibbi AT gmail.com for pointing this out) - Fixed the error message 'String ends after the = sign on CDEF:allvalues=' in the 'int' graph (the Interrupts graph is pending to have a complete rewrite). - Fixed the 'int' graph in order to be more compatible with Raspberry Pi. - Fixed in 'bind.pm' to store a 0 value if threads are disabled. [#29] - Fixed to correctly sent images in graphs 'proc', 'port' and 'fail2ban' when using emailreports. (thanks to Bénoît Segond von Banchet, bjm.segondvonbanchet AT telfort.nl for pointing this out) - Fixed to show the real hostname in the emailreports. - Fixed the 'int' graph in order to be compatible with Excito B3 product. (thanks to Patrick Fallberg, patrick AT fallberg.net for pointing this out) - Fixed to correctly sanitize the input string in the built-in HTTP server which led into a number of security vulnerabilities. [#30] - Fixed the lack of minimum definition in some data sources of 'bind' graph. (thanks to Andreas Itzchak Rehberg, izzy AT qumran.org for pointing this out) - Fixed a fail to adequately sanitize request strings of malicious JavaScript. [#30] (thanks to Jacob Amey, jamey AT securityinspection.com for pointing this out) - Fixed a typo in monitorix.service. [#32] - Fixed the requests value in the 'nginx' graph. Now it honours the label to show the value per second, instead of per minute. (thanks to Martin Culak, culak AT firma.azet.sk for pointing this out) - Small fixes and typos. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Christopher Meng <rpm@xxxxxxxx> - 3.4.0-1 - Update to 3.4.0 -------------------------------------------------------------------------------- ================================================================================ openlmi-tools-0.9-8.fc19 (FEDORA-2013-22684) Set of CLI tools for Openlmi providers -------------------------------------------------------------------------------- Update Information: fixed LMIShell naming fixed interactive connect(), when -i option present fix missing log messages in connect() fix instance comparision fix passing method params - fix instance deletion - fix passing LMIInstance argumetns to method calls Upgrade to v0.9. fix instance comparision fix passing method params - fix instance deletion - fix passing LMIInstance argumetns to method calls Upgrade to v0.9. fix missing log messages in connect() fix instance comparision fix passing method params - fix instance deletion - fix passing LMIInstance argumetns to method calls Upgrade to v0.9. fix instance comparision fix passing method params - fix instance deletion - fix passing LMIInstance argumetns to method calls Upgrade to v0.9. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Peter Hatina <phatina@xxxxxxxxxx> - 0.9-8 - fix interactive connect when run with -i * Tue Dec 3 2013 Peter Hatina <phatina@xxxxxxxxxx> - 0.9-7 - unify LMIShell naming * Mon Dec 2 2013 Peter Hatina <phatina@xxxxxxxxxx> - 0.9-6 - fix missing log messages in connect() * Wed Nov 20 2013 Peter Hatina <phatina@xxxxxxxxxx> - 0.9-5 - fix passing method params * Wed Nov 20 2013 Peter Hatina <phatina@xxxxxxxxxx> - 0.9-4 - fix instance comparision -------------------------------------------------------------------------------- References: [ 1 ] Bug #1035693 - lmishell does not return success or error status message when connecting to CIMOM https://bugzilla.redhat.com/show_bug.cgi?id=1035693 -------------------------------------------------------------------------------- ================================================================================ openstack-nova-2013.1.4-3.fc19 (FEDORA-2013-22693) OpenStack Compute (nova) -------------------------------------------------------------------------------- Update Information: Fix CVE-2013-4469 and CVE-2013-4463 Fix CVE-2013-4469 and CVE-2013-4463 -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Xavier Queralt <xqueralt@xxxxxxxxxx> - 2013.1.4-3 - Fix the CVE number references from the latest change * Fri Nov 29 2013 Xavier Queralt <xqueralt@xxxxxxxxxx> - 2013.1.4-2 - Ensure we don't boot oversized images (CVE-2013-4463 and CVE-2013-2096) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1023239 - CVE-2013-4463 OpenStack Nova: Compressed disk image DoS https://bugzilla.redhat.com/show_bug.cgi?id=1023239 [ 2 ] Bug #1023581 - CVE-2013-4469 OpenStack Nova: Incomplete fix for CVE-2013-2096 https://bugzilla.redhat.com/show_bug.cgi?id=1023581 -------------------------------------------------------------------------------- ================================================================================ perl-Date-Manip-6.42-1.fc19 (FEDORA-2013-22676) Date manipulation routines -------------------------------------------------------------------------------- Update Information: This release completes DM6 functional interface with ParseDateFormat() function, it adds support for the Apache date format, it updates zone data to 2013h. It fixes date in delta with a time zone format and it silents a warning when no events were applied. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 6.42-1 - 6.42 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1037520 - perl-Date-Manip-6.42 is available https://bugzilla.redhat.com/show_bug.cgi?id=1037520 -------------------------------------------------------------------------------- ================================================================================ python-django-extensions-1.2.5-1.fc19 (FEDORA-2013-22688) Extensions for Django -------------------------------------------------------------------------------- Update Information: New version. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 24 2013 Richard Marko <rmarko@xxxxxxxxxxxxxxxxx> - 1.2.5-1 - New version * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1001129 - python-django-extensions-1.2.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1001129 -------------------------------------------------------------------------------- ================================================================================ python-moksha-wsgi-1.2.2-1.fc19 (FEDORA-2013-22692) WSGI components for Moksha -------------------------------------------------------------------------------- Update Information: kill repoze dep. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 27 2013 Ralph Bean <rbean@xxxxxxxxxx> - 1.2.2-1 - Cut out repoze for real. -------------------------------------------------------------------------------- ================================================================================ rtpproxy-1.2.1-14.git2121113.fc19 (FEDORA-2013-22685) A symmetric RTP proxy -------------------------------------------------------------------------------- Update Information: - Updated to the latest Git -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Peter Lemenkov <lemenkov@xxxxxxxxx> - 1.2.1-14.git2121113 - Fixed FTBFS in F20+ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1037311 - rtpproxy FTBFS if "-Werror=format-security" flag is used https://bugzilla.redhat.com/show_bug.cgi?id=1037311 -------------------------------------------------------------------------------- ================================================================================ tuxcut-5.0-15.fc19 (FEDORA-2013-22680) Arpspoof attacks protector -------------------------------------------------------------------------------- Update Information: TuxCut is a utility that protect linux computers againest arpspoof attacks Features: - Hide your machine (ip/MAC) from arp scanner utilities. - list all the live host in your LAN. - cut the connection between any live host and the gateway. - use wondershaper to limit your upload or download speed. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1015775 - Review Request: tuxcut - Arpspoof attacks protector https://bugzilla.redhat.com/show_bug.cgi?id=1015775 -------------------------------------------------------------------------------- ================================================================================ undbx-0.21-1.fc19 (FEDORA-2013-22675) Outlook Express .dbx files extractor -------------------------------------------------------------------------------- Update Information: Outlook Express .dbx files extractor. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1033037 - Review Request: undbx - Outlook Express .dbx files extractor https://bugzilla.redhat.com/show_bug.cgi?id=1033037 -------------------------------------------------------------------------------- ================================================================================ vdsm-4.13.0-11.fc19 (FEDORA-2013-22673) Virtual Desktop Server Manager -------------------------------------------------------------------------------- Update Information: update for vdsm-4.13.0-11.fc19 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 12 2013 Douglas Schilling Landgraf <dougsland@xxxxxxxxxx> - 4.13.0-11 - update from branch ovirt-3.3 which include: upgrade-fix-v3ResetMetaVolSize-argument lvm-Do-not-use-udev-cache-for-obtaining-device-list Fix-ballooning-rules-for-computing-the-minimum-avail Avoid-M2Crypto-races spec-declare-we-provide-an-existing-python-cpopen configuring-selinux-allowing-qemu-kvm-to-generate-co * Tue Nov 12 2013 Douglas Schilling Landgraf <dougsland@xxxxxxxxxx> - 4.13.0-10 - Fix requires on post for hostname. * Tue Nov 5 2013 Douglas Schilling Landgraf <dougsland@xxxxxxxxxx> - 4.13.0-9 - Build 4.13.0-9 from branch ovirt-3.3 * Wed Oct 30 2013 Cole Robinson <crobinso@xxxxxxxxxx> - 4.12.1-5 - Fix broken hostname dep on rawhide * Thu Oct 10 2013 Douglas Schilling Landgraf <dougsland@xxxxxxxxxx> 4.12.1-4 - remoteFileHandler: Add create exclusive option for truncateFile (BZ#979193) - oop: improve safety for truncateFile * Tue Oct 8 2013 Douglas Schilling Landgraf <dougsland@xxxxxxxxxx> 4.12.1-3 - vm.Vm._getUnderlyingDriveInfo: extract path of gluster disks (BZ#1007980) - Require libvirt that allows vmUpdateDevice (BZ#1001001) - imageSharing: return proper size in httpGetSize - vdsmd.init: Add service-is-managed in shutdown_conflicting_srv (BZ#1006842) * Tue Sep 10 2013 Federico Simoncelli <fsimonce@xxxxxxxxxx> 4.12.1-2 - systemd init: no need to stop conflicting services (BZ#999664) * Tue Aug 27 2013 Federico Simoncelli <fsimonce@xxxxxxxxxx> 4.12.1-1 - update to 4.12.1 * Thu Aug 22 2013 Federico Simoncelli <fsimonce@xxxxxxxxxx> 4.12.0-2 - Fix GlusterFS RPM dep to support GlusterFS SD (BZ#988299) * Tue Aug 13 2013 Federico Simoncelli <fsimonce@xxxxxxxxxx> 4.12.0-1 - update to 4.12.0 final release - mom: Require latest mom - Mark ksmtuned as conflicting service in the init file - spec: vdsm-hook-sriov on el6 should not require - Crash fix for migrations that involve devices with no aliases (BZ#988065) - vdsm: Always retrieve alias for Balloon and Console (BZ#988065) - vdsm: Fix regression introduced by refactoring (BZ#985735) - VDSM now writes its version number in VDSM-generated - Bump requires version of selinux-policy-targeted - vdsm_reg: fix ovirt_node without default bridge (BZ#988990) - Source Route script now checks that the DHCP response (BZ#994600) - Management network is now kept in main routing table (BZ#984028) - Only remove dhcp source routing if the removal reason (BZ#995142) - image: use successor volume size when merging * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.12.0-0.2.rc3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Tue Jul 23 2013 Federico Simoncelli <fsimonce@xxxxxxxxxx> 4.12.0-0.1.rc3 - update to vdsm-4.12.0-rc3 -------------------------------------------------------------------------------- ================================================================================ xdialog-2.3.1-13.fc19 (FEDORA-2013-22697) X11 drop in replacement for cdialog -------------------------------------------------------------------------------- Update Information: Fixes a format string issue. argv[0] was injected unchecked into a format string. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Matthieu Saulnier <fantom@xxxxxxxxxxxxxxxx> - 2.3.1-13 - Remove obsolete Group tag - Remove obsolete BuildRoot tag - Remove obsolete cleanup buildroot at the beggining of %install section - Remove obsolete %clean section - Remove obsolete %defattr tag in %files section * Tue Dec 3 2013 Conrad Meyer <cemeyer@xxxxxx> - 2.3.1-12 - Fix fprintf() of untrusted format string (#1037393) * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.3.1-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1037393 - xdialog FTBFS if "-Werror=format-security" flag is used https://bugzilla.redhat.com/show_bug.cgi?id=1037393 -------------------------------------------------------------------------------- ================================================================================ xinetd-2.3.15-9.fc19 (FEDORA-2013-22672) A secure replacement for inetd -------------------------------------------------------------------------------- Update Information: Fix segfault when NAMEINARGS flag is specified after server_args in the configuration -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Jan Synáček <jsynacek@xxxxxxxxxx> - 2:2.3.15-9 - xinetd segfaults when connecting to tcpmux service - Resolves: #1033528 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1033528 - xinetd segfaults when connecting to tcpmux service https://bugzilla.redhat.com/show_bug.cgi?id=1033528 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
