The following Fedora 20 Security updates need testing: Age URL 48 https://admin.fedoraproject.org/updates/FEDORA-2013-19198/quassel-0.9.1-1.fc20 40 https://admin.fedoraproject.org/updates/FEDORA-2013-19934/openstack-glance-2013.2-2.fc20 35 https://admin.fedoraproject.org/updates/FEDORA-2013-19507/openstack-keystone-2013.2-2.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2013-22042/varnish-3.0.4-2.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2013-22130/chicken-4.8.0.5-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2013-22396/ganglia-3.6.0-3.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2013-22377/seamonkey-2.22.1-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2013-22352/drupal6-6.29-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2013-22393/ruby-2.0.0.353-16.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2013-22557/nbd-3.5-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2013-22586/python-django-horizon-2013.2-4.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2013-22565/maradns-2.0.07d-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2013-22575/subversion-1.8.5-2.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2013-22652/xdialog-2.3.1-13.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2013-22667/openstack-nova-2013.2-4.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2013-22649/monitorix-3.4.0-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2013-22645/tuxcut-5.0-15.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22713/hdapsd-20090401.20131204git401ca60-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22722/rootfiles-8.1-16.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22701/gimp-2.8.10-4.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22741/zabbix-2.0.9-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22700/lynis-1.3.6-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22730/mod_nss-1.0.8-28.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22754/xen-4.3.1-5.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22756/nss-3.15.3-2.fc20,nss-softokn-3.15.3-1.fc20,nss-util-3.15.3-1.fc20,nspr-4.10.2-1.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 59 https://admin.fedoraproject.org/updates/FEDORA-2013-18447/createrepo-0.9.9-23.fc20 21 https://admin.fedoraproject.org/updates/FEDORA-2013-21163/libproxy-0.4.11-8.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2013-22152/btrfs-progs-3.12-1.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2013-22293/lxde-common-0.5.5-0.9.20110328git87c368d7.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2013-22412/libosinfo-0.2.8-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2013-22527/libbluray-0.4.0-2.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2013-22535/llvm-3.3-3.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2013-22576/less-458-5.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2013-22570/libdrm-2.4.49-2.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2013-22638/dnf-0.4.9-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2013-22646/selinux-policy-3.12.1-106.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2013-22641/libfm-1.1.3-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2013-22657/kdelibs-4.11.3-3.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2013-22666/anaconda-20.25.13-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22706/yum-3.4.3-119.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22714/hawkey-0.4.6-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22748/langtable-0.0.22-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22705/tracker-0.16.4-2.fc20,thunderbird-24.1.0-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22704/systemd-208-8.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22756/nss-3.15.3-2.fc20,nss-softokn-3.15.3-1.fc20,nss-util-3.15.3-1.fc20,nspr-4.10.2-1.fc20 The following builds have been pushed to Fedora 20 updates-testing ShellCheck-0.2.0-3.fc20 apper-0.8.1-2.fc20 asciidoc-8.6.8-3.fc20 async-http-client-1.7.22-1.fc20 demorse-1.1-3.fc20 devassistant-0.8.0-1.fc20 ding-libs-0.3.0.1-20.fc20 discount-2.1.7-1.fc20 dropbear-2013.62-1.fc20 fedora-release-notes-20-0.5 ghc-language-ecmascript-0.15.2-2.fc20 gimp-2.8.10-4.fc20 golang-1.2-1.fc20 groonga-3.1.0-1.fc20 guayadeque-0.3.6-17.svn1887.fc20 hadoop-2.2.0-2.fc20 hadoop-2.2.0-3.fc20 hamster-time-tracker-1.03.3-2.fc20 hawkey-0.4.6-1.fc20 hdapsd-20090401.20131204git401ca60-1.fc20 jsonic-1.3.0-2.fc20 klt-1.3.4-7.fc20 langtable-0.0.22-1.fc20 libetonyek-0.0.2-1.fc20 libodfgen-0.0.3-2.fc20 libodfgen-0.0.4-1.fc20 libreoffice-4.1.3.2-9.fc20 lpf-0-13.ff55de0.fc20 luajit-2.0.2-6.fc20 lynis-1.3.6-1.fc20 man-pages-3.53-2.fc20 merkaartor-0.18.1-8.fc20 mingw-libosinfo-0.2.8-1.fc20 mingw-libvirt-1.1.3.1-1.fc20 mod_form-0.1-1.20131204svn145.fc20 mod_nss-1.0.8-28.fc20 mxml-2.7-1.fc20 nickle-2.77-5.fc20 nifticlib-2.0.0-8.fc20 nspr-4.10.2-1.fc20 nss-3.15.3-2.fc20 nss-softokn-3.15.3-1.fc20 nss-util-3.15.3-1.fc20 pythia8-8.1.80-1.fc20 python-chai-0.4.6-1.fc20 python-cmdln-1.3.0-1.fc20 python-hwdata-1.10.1-1.fc20 python-moksha-wsgi-1.2.2-1.fc20 python-virtualenvwrapper-4.1.1-2.fc20 qmidiarp-0.5.3-1.fc20 root-5.34.13-1.fc20 rootfiles-8.1-16.fc20 rubygem-equalizer-0.0.8-1.fc20 rubygem-redis-namespace-1.4.1-1.fc20 scsi-target-utils-1.0.42-1.fc20 spin-kickstarts-0.20.22-1.fc20 squid-3.3.11-1.fc20 systemd-208-8.fc20 thunderbird-24.1.0-2.fc20 tracker-0.16.4-2.fc20 xen-4.3.1-5.fc20 xrootd-3.3.5-1.fc20 yum-3.4.3-119.fc20 zabbix-2.0.9-2.fc20 Details about builds: ================================================================================ ShellCheck-0.2.0-3.fc20 (FEDORA-2013-22710) Tool for checking common errors in POSIX shell scripts -------------------------------------------------------------------------------- Update Information: Tool for checking common errors in POSIX shell scripts -------------------------------------------------------------------------------- References: [ 1 ] Bug #1033967 - Review Request: ShellCheck - Tool for checking common errors in shell scripts https://bugzilla.redhat.com/show_bug.cgi?id=1033967 -------------------------------------------------------------------------------- ================================================================================ apper-0.8.1-2.fc20 (FEDORA-2013-22720) KDE interface for PackageKit -------------------------------------------------------------------------------- Update Information: Update translations and fix upgrade path (from f18/f19) -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 26 2013 Lukáš Tinkl <ltinkl@xxxxxxxxxx> 0.8.1-2 - fix translations in the updater applet -------------------------------------------------------------------------------- References: [ 1 ] Bug #1038324 - Version needs to be updated for F20 https://bugzilla.redhat.com/show_bug.cgi?id=1038324 -------------------------------------------------------------------------------- ================================================================================ asciidoc-8.6.8-3.fc20 (FEDORA-2013-22724) Text based document generation -------------------------------------------------------------------------------- Update Information: Fix issue with encoding of titles when generating epub files and fix packaging issue related to documentation directory change -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Stanislav Ochotnicky <sochotnicky@xxxxxxxxxx> - 8.6.8-3 - Fix duplicate documentation files (#1001234) - Fix encoding of manifests being written (#968308) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1001234 - asciidoc : duplicate documentation files / potentially conflicting https://bugzilla.redhat.com/show_bug.cgi?id=1001234 [ 2 ] Bug #968308 - [abrt] asciidoc-8.6.8-1.fc18: a2x:150:write_file:UnicodeEncodeError: 'ascii' codec can't encode character u'\u2019' in position 292: ordinal not in range(128) https://bugzilla.redhat.com/show_bug.cgi?id=968308 -------------------------------------------------------------------------------- ================================================================================ async-http-client-1.7.22-1.fc20 (FEDORA-2013-22728) Asynchronous Http Client for Java -------------------------------------------------------------------------------- Update Information: Rebase to upstream bugfix release 1.7.22. Fixes several minor bugs. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 1.7.22-1 - Update to upstream version 1.7.22 * Fri Oct 18 2013 Michal Srb <msrb@xxxxxxxxxx> - 1.7.21-1 - Update to upstream version 1.7.21 -------------------------------------------------------------------------------- ================================================================================ demorse-1.1-3.fc20 (FEDORA-2013-22711) Command line tool for decoding Morse code signals -------------------------------------------------------------------------------- Update Information: This is an update that fixes compilation with -Werror=format-security. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 1.1-3 - Fixed compilation with format-security Resolves: rhbz#1037032 - Updated URL -------------------------------------------------------------------------------- References: [ 1 ] Bug #1037032 - demorse FTBFS if "-Werror=format-security" flag is used https://bugzilla.redhat.com/show_bug.cgi?id=1037032 -------------------------------------------------------------------------------- ================================================================================ devassistant-0.8.0-1.fc20 (FEDORA-2013-22739) DevAssistant - Making life easier for developers -------------------------------------------------------------------------------- Update Information: Updated devassistant package bringing some nice improvements to gui and assistant functionality. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 Bohuslav Kabrda <bkabrda@xxxxxxxxxx> - 0.8.0-1 - Update to 0.8.0. - Don't create the /usr/local hierarchy, leave it up to users. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1037833 - [abrt] devassistant-0.7.0-1.fc20: setup_context: Process /usr/bin/python2.7 was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=1037833 [ 2 ] Bug #1014967 - DevAssistant GUI is not visible in Gnome section Application-> Programming. https://bugzilla.redhat.com/show_bug.cgi?id=1014967 -------------------------------------------------------------------------------- ================================================================================ ding-libs-0.3.0.1-20.fc20 (FEDORA-2013-22744) "Ding is not GLib" assorted utility libraries -------------------------------------------------------------------------------- Update Information: Fixes issue with trailing space in INI files. -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 27 2013 Jakub Hrozek <jhrozek@xxxxxxxxxx> - 0.3.0.1-20 - Merge Doxygen patch from f19 branch to avoid regressions * Fri Sep 27 2013 Jakub Hrozek <jhrozek@xxxxxxxxxx> - 0.3.0.1-19 - Apply a patch by Dmitri Pal to strip trailing whitespace -------------------------------------------------------------------------------- ================================================================================ discount-2.1.7-1.fc20 (FEDORA-2013-22719) A command-line utility for converting Markdown files into HTML -------------------------------------------------------------------------------- Update Information: Discount 2.1.7 fixes various bugs and adds support for fenced code blocks -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Craig Barnes <cbgnome@xxxxxxxxx> - 2.1.7-1 - Update to latest release -------------------------------------------------------------------------------- ================================================================================ dropbear-2013.62-1.fc20 (FEDORA-2013-22747) A lightweight SSH server and client -------------------------------------------------------------------------------- Update Information: 2013.62 - Tuesday 3 December 2013 - Disable "interactive" QoS connection options when a connection doesn't have a PTY (eg scp, rsync). Thanks to Catalin Patulea for the patch. - Log when a hostkey is generated with -R, fix some bugs in handling server hostkey commandline options - Fix crash in Dropbearconvert and 521 bit key, reported by NiLuJe - Update config.guess and config.sub again 2013.61test - Thursday 14 November 2013 - ECC (elliptic curve) support. Supports ECDSA hostkeys (requires new keys to be generated) and ECDH for setting up encryption keys (no intervention required). This is significantly faster. - curve25519-sha256@xxxxxxxxxx support for setting up encryption keys. This is another elliptic curve mode with less potential of NSA interference in algorithm parameters. curve25519-donna code thanks to Adam Langley - -R option to automatically generate hostkeys. This is recommended for embedded platforms since it allows the system random number device /dev/urandom a longer startup time to generate a secure seed before the hostkey is required. - Compile fixes for old vendor compilers like Tru64 from Daniel Richard G. - Make authorized_keys handling more robust, don't exit encountering malformed lines. Thanks to Lorin Hochstein and Mark Stillwell 2013.60 - Wednesday 16 October 2013 - Fix "make install" so that it doesn't always install to /bin and /sbin - Fix "make install MULTI=1", installing manpages failed - Fix "make install" when scp is included since it has no manpage - Make --disable-bundled-libtom work -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 Christopher Meng <rpm@xxxxxxxx> - 2013.62-1 - Update to 2013.62 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1020251 - dropbear-2013.60 is available https://bugzilla.redhat.com/show_bug.cgi?id=1020251 -------------------------------------------------------------------------------- ================================================================================ fedora-release-notes-20-0.5 (FEDORA-2013-22702) Release Notes -------------------------------------------------------------------------------- Update Information: Updating for post-beta change status, including many translations. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 Pete Travis <me@xxxxxxxxxxxxxx> - 20-0.5 - Updates to reflect post-Beta change status - Including translations -------------------------------------------------------------------------------- References: [ 1 ] Bug #1035531 - Fedora 20 final release notes required for GA https://bugzilla.redhat.com/show_bug.cgi?id=1035531 -------------------------------------------------------------------------------- ================================================================================ ghc-language-ecmascript-0.15.2-2.fc20 (FEDORA-2013-22753) JavaScript parser and pretty-printer library -------------------------------------------------------------------------------- Update Information: JavaScript parser and pretty-printer library - http://hackage.haskell.org/package/language-ecmascript -------------------------------------------------------------------------------- References: [ 1 ] Bug #1023605 - Review Request: ghc-language-ecmascript - JavaScript parser and pretty-printer library https://bugzilla.redhat.com/show_bug.cgi?id=1023605 -------------------------------------------------------------------------------- ================================================================================ gimp-2.8.10-4.fc20 (FEDORA-2013-22701) GNU Image Manipulation Program -------------------------------------------------------------------------------- Update Information: This update fixes buffer overflows in the XWD loader. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 Nils Philippsen <nils@xxxxxxxxxx> - 2:2.8.10-4 - avoid buffer overflows in file-xwd plug-in (CVE-2013-1913, CVE-2013-1978) * Fri Nov 29 2013 Nils Philippsen <nils@xxxxxxxxxx> - 2:2.8.10-1 - version 2.8.10 * Tue Nov 26 2013 Nils Philippsen <nils@xxxxxxxxxx> - 2:2.8.10-1 - use grep -E instead of egrep -------------------------------------------------------------------------------- References: [ 1 ] Bug #1037720 - CVE-2013-1913 CVE-2013-1978 gimp: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1037720 -------------------------------------------------------------------------------- ================================================================================ golang-1.2-1.fc20 (FEDORA-2013-22742) The Go Programming Language -------------------------------------------------------------------------------- Update Information: update to upstream go1.2 fix rpmspec conditional split out the golang-godoc -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 2 2013 Vincent Batts <vbatts@xxxxxxxxxxxxxxxxx> - 1.2-1 - Update to upstream 1.2 release - remove the pax tar patches * Tue Nov 26 2013 Vincent Batts <vbatts@xxxxxxxxxx> - 1.1.2-8 - fix the rpmspec conditional for rhel and fedora * Thu Nov 21 2013 Vincent Batts <vbatts@xxxxxxxxxx> - 1.1.2-7 - patch tests for testing on rawhide - let the same spec work for rhel and fedora * Wed Nov 20 2013 Vincent Batts <vbatts@xxxxxxxxxx> - 1.1.2-6 - don't symlink /usr/bin out to ../lib..., move the file - seperate out godoc, to accomodate the go.tools godoc -------------------------------------------------------------------------------- References: [ 1 ] Bug #1022983 - Update to Go 1.2 https://bugzilla.redhat.com/show_bug.cgi?id=1022983 [ 2 ] Bug #1034951 - golang-vim has unsatisfied dependencies on epel6 https://bugzilla.redhat.com/show_bug.cgi?id=1034951 -------------------------------------------------------------------------------- ================================================================================ groonga-3.1.0-1.fc20 (FEDORA-2013-22745) An Embeddable Fulltext Search Engine -------------------------------------------------------------------------------- Update Information: Update to 3.1.0 See http://groonga.org/ja/docs/news.html#release-3-1-0-2013-11-29 Update to 3.0.9 See http://groonga.org/docs/news.html#release-3-0-9-2013-10-29 -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 29 2013 HAYASHI Kentaro <hayashi@xxxxxxxxxxxxxx> - 3.1.0-1 - new upstream release. * Tue Oct 29 2013 HAYASHI Kentaro <hayashi@xxxxxxxxxxxxxx> - 3.0.9-1 - new upstream release. -------------------------------------------------------------------------------- ================================================================================ guayadeque-0.3.6-17.svn1887.fc20 (FEDORA-2013-22708) Music player -------------------------------------------------------------------------------- Update Information: %changelog * Tue Dec 3 2013 Martin Gansser <martinkg@xxxxxxxxxxxxxxxxx> - 0.3.6-17.svn1887 - rebuild for new svn release - added compiler flag to suppress "-Wno-unused-local-typedefs" warnings -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Martin Gansser <martinkg@xxxxxxxxxxxxxxxxx> - 0.3.6-17.svn1887 - rebuild for new svn release - added compiler flag to suppress "-Wno-unused-local-typedefs" warnings -------------------------------------------------------------------------------- ================================================================================ hadoop-2.2.0-2.fc20 (FEDORA-2013-22738) A software platform for processing vast amounts of data -------------------------------------------------------------------------------- Update Information: Fixed naming of hadoop-common test jar and other minor fixes -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Robert Rati <rrati@redhat> - 2.2.0-2 - Changed provides filter to just filter the .so - Corrected naming of hadoop-common test jar - Removed jline BuildRequires - Moved pre/port install invocation of ldconfig to common-native - Added workaround for bz1023116 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1034630 - hadoop: Broken upgrade path and FTBFS https://bugzilla.redhat.com/show_bug.cgi?id=1034630 [ 2 ] Bug #1023004 - [heads-up] Upcoming jline change in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1023004 -------------------------------------------------------------------------------- ================================================================================ hadoop-2.2.0-3.fc20 (FEDORA-2013-22740) A software platform for processing vast amounts of data -------------------------------------------------------------------------------- Update Information: Removed jline Requires -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Robert Rati <rrati@redhat> - 2.2.0-3 - Removed jline Requires * Tue Dec 3 2013 Robert Rati <rrati@redhat> - 2.2.0-2 - Changed provides filter to just filter the .so - Corrected naming of hadoop-common test jar - Removed jline BuildRequires - Moved pre/port install invocation of ldconfig to common-native - Added workaround for bz1023116 -------------------------------------------------------------------------------- ================================================================================ hamster-time-tracker-1.03.3-2.fc20 (FEDORA-2013-22746) The Linux time tracker -------------------------------------------------------------------------------- Update Information: Hamster-time-tracker is a time tracking system for Linux. A gnome-shell extension is also available at extensions.gnome.org. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1036254 - Review Request: hamster-time-tracker - The Linux time tracker https://bugzilla.redhat.com/show_bug.cgi?id=1036254 -------------------------------------------------------------------------------- ================================================================================ hawkey-0.4.6-1.fc20 (FEDORA-2013-22714) Library providing simplified C and Python API to libsolv -------------------------------------------------------------------------------- Update Information: Here. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 Aleš Kozumplík <ales@xxxxxxxxxx> - 0.4.6-1 - remove: packageDelta_new (Zdenek Pavlas) - get_delta_from_evr(): create the python object only when delta exists (Zdenek Pavlas) - fix pycomp_get_string(), pycomp_get_string_from_unicode() (Zdenek Pavlas) - fix get_str() in packagedelta-py (Zdenek Pavlas) - fix: spec: running tests in python3 after build (Jan Silhan) - tests: order packages in .repo files by name. (Ales Kozumplik) - fix: goal: reason for installing when more packages are available to a selector. (Ales Kozumplik) - tests: add a package that is not installed yet available in main, updates. (Ales Kozumplik) - add hy_packagedelta_get_chksum() (Zdenek Pavlas) - add hy_packagedelta_get_downloadsize() (Zdenek Pavlas) - add hy_packagedelta_get_baseurl() (Zdenek Pavlas) - test_query_provides_in: avoid ck_assert_int_eq() as it evaluates args twice (Zdenek Pavlas) - installonlies: fix sorting packages depending on the running kernel. (Ales Kozumplik) - use pool_lookup_deltalocation() (Zdenek Pavlas) - initialize _hawkey.PackageDelta type (Zdenek Pavlas) - delta_create(): fix the sizeof() (Zdenek Pavlas) - parse_reldep_str(): fix buffer overflow (Zdenek Pavlas) - string reldep parsing using parse_reldep_str (Jan Silhan) - added hy_query_filter_provides_in function (RhBug:1019168) (Jan Silhan) - added parse_reldep_str function (Jan Silhan) - fix: py: abort() from python when writing the system .solv cache fails. (Ales Kozumplik) - fix forgotten include causing a compiler warning in testsys.c. (Ales Kozumplik) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1019168 - hy_query_filter_provides_in doesn't exist https://bugzilla.redhat.com/show_bug.cgi?id=1019168 -------------------------------------------------------------------------------- ================================================================================ hdapsd-20090401.20131204git401ca60-1.fc20 (FEDORA-2013-22713) Protects hard drives by parking head when fall is detected -------------------------------------------------------------------------------- Update Information: New version with minor fixes and mitigating possible security issue. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 Tomasz Torcz <ttorcz@xxxxxxxxxxxxxxxxx> - 20090401.20131204git401ca60c75-1 - latest upstream snapshot, fixes rhbz#1037119 -------------------------------------------------------------------------------- ================================================================================ jsonic-1.3.0-2.fc20 (FEDORA-2013-22731) Simple JSON encoder/decoder for Java -------------------------------------------------------------------------------- Update Information: Initial import (#1005800). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1005800 - Review Request: jsonic - Simple JSON encoder/decoder for Java https://bugzilla.redhat.com/show_bug.cgi?id=1005800 -------------------------------------------------------------------------------- ================================================================================ klt-1.3.4-7.fc20 (FEDORA-2013-22709) An implementation of the Kanade-Lucas-Tomasi feature tracker -------------------------------------------------------------------------------- Update Information: * Fix duplicate docs due to unversioned docdir change -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 Ankur Sinha <ankursinha AT fedoraproject DOT org> 1.3.4-7 - Fix docs - https://bugzilla.redhat.com/show_bug.cgi?id=1001274 * Fri Oct 11 2013 Ankur Sinha <ankursinha AT fedoraproject DOT org> 1.3.4-6 - https://bugzilla.redhat.com/show_bug.cgi?id=1001274 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1001274 - klt : duplicate documentation files / potentially conflicting https://bugzilla.redhat.com/show_bug.cgi?id=1001274 -------------------------------------------------------------------------------- ================================================================================ langtable-0.0.22-1.fc20 (FEDORA-2013-22748) Guessing reasonable defaults for locale, keyboard layout, territory, and language. -------------------------------------------------------------------------------- Update Information: fix typo in locale and territory for Malay add entries for several layouts known to be non-ASCII by systemd/s-c-k (patch by Adam Williamson) -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 Mike FABIAN <mfabian@xxxxxxxxxx> - 0.0.22-1 - Fix typo in territory and locale for ms (Resolves: rhbz#1038109) - add ba, chm, kv, sah, syc, udm, xal - add entries for more keyboard layouts known to be non-ASCII -------------------------------------------------------------------------------- References: [ 1 ] Bug #1038109 - [ms] typo in territory and locale for Malay language (causes error when selecting Malay in the language selection screen in Anaconda) https://bugzilla.redhat.com/show_bug.cgi?id=1038109 -------------------------------------------------------------------------------- ================================================================================ libetonyek-0.0.2-1.fc20 (FEDORA-2013-22749) A library for import of Apple Keynote presentations -------------------------------------------------------------------------------- Update Information: New release. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 David Tardon <dtardon@xxxxxxxxxx> - 0.0.2-1 - new release -------------------------------------------------------------------------------- ================================================================================ libodfgen-0.0.3-2.fc20 (FEDORA-2013-22725) An ODF generator library -------------------------------------------------------------------------------- Update Information: Drops unneeded dependency on libetonyek. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 David Tardon <dtardon@xxxxxxxxxx> - 0.0.3-2 - rhbz#1000893 do not pull in unneeded packages -------------------------------------------------------------------------------- References: [ 1 ] Bug #1000893 - Desktop Live is oversized (larger than 1 GB) https://bugzilla.redhat.com/show_bug.cgi?id=1000893 -------------------------------------------------------------------------------- ================================================================================ libodfgen-0.0.4-1.fc20 (FEDORA-2013-22715) An ODF generator library -------------------------------------------------------------------------------- Update Information: New release. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 David Tardon <dtardon@xxxxxxxxxx> - 0.0.4-1 - new release * Tue Dec 3 2013 David Tardon <dtardon@xxxxxxxxxx> - 0.0.3-2 - rhbz#1000893 do not pull in unneeded packages -------------------------------------------------------------------------------- ================================================================================ libreoffice-4.1.3.2-9.fc20 (FEDORA-2013-22725) Free Software Productivity Suite -------------------------------------------------------------------------------- Update Information: Drops unneeded dependency on libetonyek. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 David Tardon <dtardon@xxxxxxxxxx> - 1:4.1.3.2-9 - rhbz#1000893 do not pull in unneeded packages * Wed Nov 27 2013 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.1.3.2-8 - Related: rhbz#1032774 bodge around reported NULL - Resolves: rhbz#1030009 SwXTextDocument crash at exit - Resolves: rhbz#1035092 no shortcut key for Italian 'Tools' menu * Fri Nov 22 2013 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.1.3.2-7 - Resolves: rhbz#958300 fix GTK non Latin keyboard layout shortcuts - Resolves: rhbz#977068 fix qt/kde crash -------------------------------------------------------------------------------- References: [ 1 ] Bug #1000893 - Desktop Live is oversized (larger than 1 GB) https://bugzilla.redhat.com/show_bug.cgi?id=1000893 -------------------------------------------------------------------------------- ================================================================================ lpf-0-13.ff55de0.fc20 (FEDORA-2013-22737) Local package factory - build non-redistributable rpms -------------------------------------------------------------------------------- Update Information: Upstream bugfix: ignore errors in lpf-kill-pgroup (issue 13). Upstream bugfixes. Upstream: Automate adding of pkg-build group to user, handle i686-only packages, cruft left after uninstalling lpf-* packages. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 Alec Leamas <leamas.alec@xxxxxxxxx> - 0-13.ff55de0 - Fix for upstream bug #13: ignore errors in lpf-kill-pgroup * Wed Nov 27 2013 Alec Leamas <leamas.alec@xxxxxxxxx> - 0-12.1478565 - Upstream bugfixes. * Fri Nov 22 2013 Alec Leamas <leamas@xxxxxxxxxxx> - 0-11.c885df3 - Upstream: Automate adding of pkg-build group to user. - Upstream: Handle packages built only on i386. - Fix left behind cruft after uninstalling lpf-* packages. -------------------------------------------------------------------------------- ================================================================================ luajit-2.0.2-6.fc20 (FEDORA-2013-22732) Just-In-Time Compiler for Lua -------------------------------------------------------------------------------- Update Information: New package: luajit - Just-In-Time Compiler for Lua -------------------------------------------------------------------------------- References: [ 1 ] Bug #1035661 - Review Request: luajit - Just-In-Time Compiler for Lua https://bugzilla.redhat.com/show_bug.cgi?id=1035661 -------------------------------------------------------------------------------- ================================================================================ lynis-1.3.6-1.fc20 (FEDORA-2013-22700) Security and system auditing tool -------------------------------------------------------------------------------- Update Information: * 1.3.6 (2013-12-03) New: - Support for the dntpd time daemon - New Apache test for modules [HTTP-6632] - Apache test for mod_evasive [HTTP-6640] - Apache test for mod_qos [HTTP-6641] - Apache test for mod_spamhaus [HTTP-6642] - Apache test for ModSecurity [HTTP-6643] - Check for installed package audit tool [PKGS-7398] - Added initial support for new pkgng and related tools [PKGS-7381] - Check for ssh-keyscan binary - ZFS support for FreeBSD [FILE-6330] - Test for passwordless accounts [AUTH-9283] - Initial OS support for DragonFly BSD - Initial OS support for TrueOS (FreeBSD based) - Initial OS support for elementary OS (Luna) - GetHostID for DragonFly, FreeBSD, NetBSD and OpenBSD - Check for DHCP client [NETW-3030] - Initial support for OSSEC (system integrity) [FINT-4328] - New parameter --log-file to adjust log file location - New function IsRunning() to check status of processes - New function RealFilename() to determine file name - New function CheckItem() for parsing files - New function ReportManual() and ReportException() to simplify code - New function DirectoryExists() to check existence of a directory - Support for dntpd [TIME-3104] Changes: - Extended pf checks for FreeBSD/OpenBSD and others [FIRE-4518] - Extended test to gather listening network ports for Linux [NETW-3012] - Adjusted lsof statement to ignore warnings (e.g. fuse) [LOGG-2180] [LOGG-2190] - Added suggestion for discovered shells on FreeBSD [AUTH-9218] - Extended core dump test with additional details [KRNL-5820] - Properly display suggestion if portaudit is not installed [PKGS-7382] - Ignore message if no packages are installed (pkg_info) [PKGS-7320] - Also try using apt-check on Debian systems [PKGS-7392] - Adjusted logging for RPM binary on systems not using it [PKGS-7308] - Extended search in cron directories for rdate/ntpdate [TIME-3104] - Adjusted PHP check to find ini files [PHP-2211] - Skip Apache test for NetBSD [HTTP-6622] - Skip test http version check for NetBSD [HTTP-6624] - Additional check to surpress sort error [HTTP-6626] - Improved the way binaries are checked (less disk reads) - Adjusted ReportWarning() function to skip impact rating - Improved report on screen by leaving out date/time and type - Redirect errors while checking for OpenSSL version - Extended reporting with firewall status and software - Adjusted naming of some operating systems to make them more consistent - Extended update check by using host binary if dig is not installed - Count number of installed binaries/packages and report them - Report about log rotation tool and status - Updated man page Belated update after 4 years. Belated update after 4 years. Belated update after 4 years. Update. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 Christopher Meng <rpm@xxxxxxxx> - 1.3.6-1 - Update to 1.3.6 * Tue Nov 26 2013 Christopher Meng <rpm@xxxxxxxx> - 1.3.5-1 - Update to 1.3.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #469317 - Review request: lynis - Security and system auditing tool https://bugzilla.redhat.com/show_bug.cgi?id=469317 [ 2 ] Bug #1037866 - lynis-1.3.5-1.fc19.noarch: broken permissions https://bugzilla.redhat.com/show_bug.cgi?id=1037866 -------------------------------------------------------------------------------- ================================================================================ man-pages-3.53-2.fc20 (FEDORA-2013-22703) Man (manual) pages from the Linux Documentation Project -------------------------------------------------------------------------------- Update Information: This update removes the pt_chown(5) manual page, because 'pt_chown' is not available on the system anymore. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 Peter Schiffer <pschiffe@xxxxxxxxxx> - 3.53-2 - resolves: #1031703 removed pt_chown(5) man page -------------------------------------------------------------------------------- References: [ 1 ] Bug #1031703 - Remove pt_chown man page https://bugzilla.redhat.com/show_bug.cgi?id=1031703 -------------------------------------------------------------------------------- ================================================================================ merkaartor-0.18.1-8.fc20 (FEDORA-2013-22755) Qt-Based OpenStreetMap editor -------------------------------------------------------------------------------- Update Information: Fix build failure on ARM architecture. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> - 0.18.1-8 - fix the ARM fix (#992224) to also do the right thing at runtime * Tue Dec 3 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 0.18.1-7 - fix FTBFS on arm (#992224) * Tue Dec 3 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 0.18.1-6 - rebuild (exiv2) * Tue Aug 27 2013 Orion Poplawski <orion@xxxxxxxxxxxxx> - 0.18.1-5 - Rebuild for gdal 1.10.0 * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.18.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #992224 - merkaartor: FTBFS in rawhide(arm) https://bugzilla.redhat.com/show_bug.cgi?id=992224 -------------------------------------------------------------------------------- ================================================================================ mingw-libosinfo-0.2.8-1.fc20 (FEDORA-2013-22750) MinGW Windows port of a library for managing OS information for virtualization -------------------------------------------------------------------------------- Update Information: Update to 0.2.8 release to match native version -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 Daniel P. Berrange <berrange@xxxxxxxxxx> - 0.2.8-1 - Update to 0.2.8 release -------------------------------------------------------------------------------- ================================================================================ mingw-libvirt-1.1.3.1-1.fc20 (FEDORA-2013-22716) MinGW Windows libvirt virtualization library -------------------------------------------------------------------------------- Update Information: Update to 1.1.3.1 release to match native build -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 Daniel P. Berrange <berrange@xxxxxxxxxx> - 1.1.3.1-1 - Update to 1.1.3.1 release -------------------------------------------------------------------------------- ================================================================================ mod_form-0.1-1.20131204svn145.fc20 (FEDORA-2013-22718) Apache module that decodes data submitted from Web forms -------------------------------------------------------------------------------- Update Information: New package inclusion. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1035934 - Review Request: mod_form - Apache module that decodes data submitted from Web forms https://bugzilla.redhat.com/show_bug.cgi?id=1035934 -------------------------------------------------------------------------------- ================================================================================ mod_nss-1.0.8-28.fc20 (FEDORA-2013-22730) SSL/TLS module for the Apache HTTP server -------------------------------------------------------------------------------- Update Information: A flaw was found in the way NSSVerifyClient was handled when used in both server / vhost context as well as directory context (specified either via <Directory> or <Location> directive). If 'NSSVerifyClient none' was set in the server / vhost context (i.e. when server is configured to not request or require client certificate authentication on the initial connection), and client certificate authentication was expected to be required for a specific directory via 'NSSVerifyClient require' setting, mod_nss failed to properly require expected certificate authentication. Remote attacker able to connect to the web server using such mod_nss configuration and without a valid client certificate could possibly use this flaw to access content of the restricted directories. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Rob Crittenden <rcritten@xxxxxxxxxx> - 1.0.8-28 - Resolves: CVE-2013-4566, bz #1036940 - [mod_nss-nssverifyclient.patch] - Bugzilla Bug #1037722 - CVE-2013-4566 mod_nss: incorrect handling of NSSVerifyClient in directory context [fedora-all] (rcritten) - Bugzilla Bug #1037761 - mod_nss does not respect `NSSVerifyClient` in Directory (rcritten) - [mod_nss-usecases.patch] - Bugzilla Bug #1036940 - [DOC] making mod_nss work in FIPS mode (mharmsen) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1016832 - CVE-2013-4566 mod_nss: incorrect handling of NSSVerifyClient in directory context https://bugzilla.redhat.com/show_bug.cgi?id=1016832 -------------------------------------------------------------------------------- ================================================================================ mxml-2.7-1.fc20 (FEDORA-2013-22751) Miniature XML development library -------------------------------------------------------------------------------- Update Information: Update to 2.7: CHANGES IN Mini-XML 2.7 - Added 64-bit configurations to the VC++ project files (STR #129) - Fixed conformance of mxmldoc's HTML and CSS output. - Added data accessor ("get") functions and made the mxml_node_t and mxml_index_t structures private but still available in the Mini-XML header to preserve source compatibility (STR #118) - Updated the source headers to reference the Mini-XML license and its exceptions to the LGPL2 (STR #108) - Fixed a memory leak when loading a badly-formed XML file (STR #121) - Added a new mxmlFindPath() function to find the value node of a named element (STR #110) - Building a static version of the library did not work on Windows (STR #112) - The shared library did not include a destructor for the thread- specific data key on UNIX-based operating systems (STR #103) - mxmlLoad* did not error out on XML with multiple root nodes (STR #101) - Fixed an issue with the _mxml_vstrdupf function (STR #107) - mxmlSave* no longer write all siblings of the passed node, just that node and its children (STR #109) CHANGES IN Mini-XML 2.6 - Documentation fixes (STR #91, STR #92) - The mxmldoc program did not handle typedef comments properly (STR #72) - Added support for "long long" printf formats. - The XML parser now ignores BOMs in UTF-8 XML files (STR #89) - The mxmldoc program now supports generating Xcode documentation sets. - mxmlSave*() did not output UTF-8 correctly on some platforms. - mxmlNewXML() now adds encoding="utf-8" in the ?xml directive to avoid problems with non-conformant XML parsers that assume something other than UTF-8 as the default encoding. - Wrapping was not disabled when mxmlSetWrapMargin(0) was called, and "<?xml ... ?>" was always followed by a newline (STR #76) - The mxml.pc.in file was broken (STR #79) - The mxmldoc program now handles "typedef enum name {} name" correctly (STR #72) -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Brendan Jones <brendan.jones.it@xxxxxxxxx> 2.6-1 - Update to 2.7 -------------------------------------------------------------------------------- ================================================================================ nickle-2.77-5.fc20 (FEDORA-2013-22734) A programming language-based prototyping environment -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 2.77-5 - Install docs into % _pkgdocdir (Fix FTBFS RHBZ#992357). * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.77-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #992357 - nickle: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=992357 -------------------------------------------------------------------------------- ================================================================================ nifticlib-2.0.0-8.fc20 (FEDORA-2013-22721) A set of i/o libraries for reading and writing files in the nifti-1 data format -------------------------------------------------------------------------------- Update Information: * Update to fix duplicate files due to unversioned doc dir. - No real change in functioning of the package with this. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 Ankur Sinha <ankursinha AT fedoraproject DOT org> 2.0.0-8 - Fix docs - https://bugzilla.redhat.com/show_bug.cgi?id=1001274 * Fri Oct 11 2013 Ankur Sinha <ankursinha AT fedoraproject DOT org> 2.0.0-7 - https://bugzilla.redhat.com/show_bug.cgi?id=1001238 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1001238 - nifticlib : duplicate documentation files / potentially conflicting https://bugzilla.redhat.com/show_bug.cgi?id=1001238 -------------------------------------------------------------------------------- ================================================================================ nspr-4.10.2-1.fc20 (FEDORA-2013-22756) Netscape Portable Runtime -------------------------------------------------------------------------------- Update Information: This update rebases the nss, nss-util, and nss-softokn packages to nss-3.15.3 and nspr to nspr-4.10.2 in order to address security-relevant bugs have been resolved in NSS 3.15.3. For further details please refer to the upstream release notes at https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.3_release_notes Included are some fixes to the manpages. For best results you should upgrade all packages at once including any devel packages. -------------------------------------------------------------------------------- ChangeLog: * Sun Dec 1 2013 Elio Maldonado <emaldona@xxxxxxxxxx> - 4.10.2-1 - Update to NSPR_4_10_2_RTM - Avoid unsigned integer wrapping in PL_ArenaAllocate - Resolves: rhbz#1031465 - CVE-2013-5607 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1030807 - CVE-2013-5605 nss: Null_Cipher() does not respect maxOutputLen (MFSA 2013-103) https://bugzilla.redhat.com/show_bug.cgi?id=1030807 [ 2 ] Bug #1031458 - CVE-2013-1741 nss: Integer truncation in certificate parsing (MFSA 2013-103) https://bugzilla.redhat.com/show_bug.cgi?id=1031458 -------------------------------------------------------------------------------- ================================================================================ nss-3.15.3-2.fc20 (FEDORA-2013-22756) Network Security Services -------------------------------------------------------------------------------- Update Information: This update rebases the nss, nss-util, and nss-softokn packages to nss-3.15.3 and nspr to nspr-4.10.2 in order to address security-relevant bugs have been resolved in NSS 3.15.3. For further details please refer to the upstream release notes at https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.3_release_notes Included are some fixes to the manpages. For best results you should upgrade all packages at once including any devel packages. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.15.3-2 - Install symlink to setup-nsssysinit.sh, without suffix, to match manpage * Sun Nov 24 2013 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.15.3-1 - Update to NSS_3_15_3_RTM - Resolves: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws - Fix option descriptions for setup-nsssysinit manpage - Fix man page of nss-sysinit wrong path and other flaws - Document email option for certutil manpage - Remove unused patches -------------------------------------------------------------------------------- References: [ 1 ] Bug #1030807 - CVE-2013-5605 nss: Null_Cipher() does not respect maxOutputLen (MFSA 2013-103) https://bugzilla.redhat.com/show_bug.cgi?id=1030807 [ 2 ] Bug #1031458 - CVE-2013-1741 nss: Integer truncation in certificate parsing (MFSA 2013-103) https://bugzilla.redhat.com/show_bug.cgi?id=1031458 -------------------------------------------------------------------------------- ================================================================================ nss-softokn-3.15.3-1.fc20 (FEDORA-2013-22756) Network Security Services Softoken Module -------------------------------------------------------------------------------- Update Information: This update rebases the nss, nss-util, and nss-softokn packages to nss-3.15.3 and nspr to nspr-4.10.2 in order to address security-relevant bugs have been resolved in NSS 3.15.3. For further details please refer to the upstream release notes at https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.3_release_notes Included are some fixes to the manpages. For best results you should upgrade all packages at once including any devel packages. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 1 2013 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.15.2-3 - Update to NSS_3_15_3_RTM - Related: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1030807 - CVE-2013-5605 nss: Null_Cipher() does not respect maxOutputLen (MFSA 2013-103) https://bugzilla.redhat.com/show_bug.cgi?id=1030807 [ 2 ] Bug #1031458 - CVE-2013-1741 nss: Integer truncation in certificate parsing (MFSA 2013-103) https://bugzilla.redhat.com/show_bug.cgi?id=1031458 -------------------------------------------------------------------------------- ================================================================================ nss-util-3.15.3-1.fc20 (FEDORA-2013-22756) Network Security Services Utilities Library -------------------------------------------------------------------------------- Update Information: This update rebases the nss, nss-util, and nss-softokn packages to nss-3.15.3 and nspr to nspr-4.10.2 in order to address security-relevant bugs have been resolved in NSS 3.15.3. For further details please refer to the upstream release notes at https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.3_release_notes Included are some fixes to the manpages. For best results you should upgrade all packages at once including any devel packages. -------------------------------------------------------------------------------- ChangeLog: * Sun Dec 1 2013 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.15.3-1 - Update to NSS_3_15_3_RTM - Related: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1030807 - CVE-2013-5605 nss: Null_Cipher() does not respect maxOutputLen (MFSA 2013-103) https://bugzilla.redhat.com/show_bug.cgi?id=1030807 [ 2 ] Bug #1031458 - CVE-2013-1741 nss: Integer truncation in certificate parsing (MFSA 2013-103) https://bugzilla.redhat.com/show_bug.cgi?id=1031458 -------------------------------------------------------------------------------- ================================================================================ pythia8-8.1.80-1.fc20 (FEDORA-2013-22752) Pythia Event Generator for High Energy Physics -------------------------------------------------------------------------------- Update Information: * root 5.34.13 ** See http://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes for a list of changes * xrootd 3.3.5 ** See https://github.com/xrootd/xrootd/blob/v3.3.5/docs/ReleaseNotes.txt for a list of changes * pythia8 8.1.80 ** See http://home.thep.lu.se/~torbjorn/pythia81html/UpdateHistory.html (scroll to the bottom) for a list of changes -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 30 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 8.1.80-1 - Update to version 8.1.80 - Use full version in soname -------------------------------------------------------------------------------- ================================================================================ python-chai-0.4.6-1.fc20 (FEDORA-2013-22723) Easy to use mocking/stub framework -------------------------------------------------------------------------------- Update Information: Update to 0.4.6 * Immediately after running a test, teardown the stubs. This fixes any problems with exception handling, such as UnexpectedCall, when methods involved in exception handling, such as `open`, have been stubbed. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> 0.4.6-1 - Update to 0.4.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1037546 - python-chai-0.4.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1037546 -------------------------------------------------------------------------------- ================================================================================ python-cmdln-1.3.0-1.fc20 (FEDORA-2013-22729) An improved cmd.py for Writing Multi-command Scripts and Shells -------------------------------------------------------------------------------- Update Information: New package inclusion. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1038190 - Review Request: python-cmdln - An improved cmd.py for Writing Multi-command Scripts and Shells https://bugzilla.redhat.com/show_bug.cgi?id=1038190 -------------------------------------------------------------------------------- ================================================================================ python-hwdata-1.10.1-1.fc20 (FEDORA-2013-22717) Python bindings to hwdata package -------------------------------------------------------------------------------- Update Information: provide python3 binding -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 Miroslav Suchý <msuchy@xxxxxxxxxx> 1.10.1-1 - create python3-hwdata subpackage - Bumping package versions for 1.9 - %defattr is not needed since rpm 4.4 -------------------------------------------------------------------------------- ================================================================================ python-moksha-wsgi-1.2.2-1.fc20 (FEDORA-2013-22707) WSGI components for Moksha -------------------------------------------------------------------------------- Update Information: kill repoze dep. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 27 2013 Ralph Bean <rbean@xxxxxxxxxx> - 1.2.2-1 - Cut out repoze for real. * Mon Nov 11 2013 Ralph Bean <rbean@xxxxxxxxxx> - 1.2.1-4 - Remove deps on repoze, shove, and feed*. * Thu Nov 7 2013 Ralph Bean <rbean@xxxxxxxxxx> - 1.2.1-3 - Requires on python-paste-script. -------------------------------------------------------------------------------- ================================================================================ python-virtualenvwrapper-4.1.1-2.fc20 (FEDORA-2013-22735) Enhancements to virtualenv -------------------------------------------------------------------------------- Update Information: Latest upstream with wipeenv. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 Ralph Bean <rbean@xxxxxxxxxx> - 4.1.1-2 - BuildRequires on python-pbr * Wed Dec 4 2013 Ralph Bean <rbean@xxxxxxxxxx> - 4.1.1-1 - Latest upstream. -------------------------------------------------------------------------------- References: [ 1 ] Bug #987417 - python-virtualenvwrapper-4.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=987417 -------------------------------------------------------------------------------- ================================================================================ qmidiarp-0.5.3-1.fc20 (FEDORA-2013-22712) An arpeggiator, sequencer and MIDI LFO for ALSA -------------------------------------------------------------------------------- Update Information: New Features o Random functions for sequencer and LFO steps and arp repeat mode (feature request #5 Keith Milner) Improvements o NSM support now handles import/export/clear to facilitate getting started (Roy Vegard Ovesen) o Tempo is now MIDI-controllable (MIDI-learn) o Sequencer transpose slider is now MIDI controllable (MIDI-learn) (feature request #7) o Sequencer pattern maximum length extended to 32 bars (feature request #6) Fixed Bugs o LFO offset jumped back to fixed value when MIDI controlled (bug #6 distrozapper) o Arp trigger behavior was not practical with chords pressed on keyboard (bug #7 Burkhard Ritter) o JACK Transport no longer worked when no JT Master tempo was present (bug #5 Barney Holmes) o Deleting an arp pattern in text window while running caused crash o Note lengths were not consistent between alsa and jack backends o Note lengths did not account for current tempo o Sequencer did not honor "D" button when MIDI controlled o Seq note length is now a 16th at half slider scale -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 Brendan Jones <brendan.jones.it@xxxxxxxxx> 0.5.3-1 - Update to 0.5.3 -------------------------------------------------------------------------------- ================================================================================ root-5.34.13-1.fc20 (FEDORA-2013-22752) Numerical data analysis framework -------------------------------------------------------------------------------- Update Information: * root 5.34.13 ** See http://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes for a list of changes * xrootd 3.3.5 ** See https://github.com/xrootd/xrootd/blob/v3.3.5/docs/ReleaseNotes.txt for a list of changes * pythia8 8.1.80 ** See http://home.thep.lu.se/~torbjorn/pythia81html/UpdateHistory.html (scroll to the bottom) for a list of changes -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 5.34.13-1 - Update to 5.34.13 - Remove java-devel build dependency (not needed with Fedora's libhdfs) - Adapt to pythia8 >= 8.1.80 * Mon Nov 25 2013 Orion Poplawski <orion@xxxxxxxxxxxxx> - 5.34.10-3 - Fix hadoop lib location * Mon Nov 18 2013 Dave Airlie <airlied@xxxxxxxxxx> - 5.34.10-2 - rebuilt for GLEW 1.10 -------------------------------------------------------------------------------- ================================================================================ rootfiles-8.1-16.fc20 (FEDORA-2013-22722) The basic required files for the root user's directory -------------------------------------------------------------------------------- Update Information: - fix the posttrans scriptlet to not change the /root permissions (#1037688) -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 Ondrej Vasik <ovasik@xxxxxxxxxx> 0.1-16 - actually --no-preserve doesn't work for this case... - changing to --preserve * Wed Dec 4 2013 Ondrej Vasik <ovasik@xxxxxxxxxx> 0.1-15 - fix the posttrans scriptlet to not change the /root permissions (#1037688) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1037688 - /root has 755 permissions - should be 550 https://bugzilla.redhat.com/show_bug.cgi?id=1037688 -------------------------------------------------------------------------------- ================================================================================ rubygem-equalizer-0.0.8-1.fc20 (FEDORA-2013-22733) Module to define equality, equivalence and inspection methods -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. Review the [list of changes](https://github.com/dkubb/equalizer/commits/v0.0.8) on GitHub for more information. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Ken Dreyer <ktdreyer@xxxxxxxxxxxx> - 0.0.8-1 - Update to 0.0.8 - Remove dot-files during %prep -------------------------------------------------------------------------------- ================================================================================ rubygem-redis-namespace-1.4.1-1.fc20 (FEDORA-2013-22726) Namespaces Redis commands -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. See [upstream's changelog](https://github.com/resque/redis-namespace/blob/v1.4.1/CHANGELOG.md) for more details. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1038151 - rubygem-redis-namespace-1.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1038151 -------------------------------------------------------------------------------- ================================================================================ scsi-target-utils-1.0.42-1.fc20 (FEDORA-2013-22736) The SCSI target daemon and utility programs -------------------------------------------------------------------------------- Update Information: fix aio backstore add Ceph RBD subpackage -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 2 2013 Andy Grover <agrover@xxxxxxxxxx> - 1.0.42-1 - New upstream version * Fri Nov 1 2013 Andy Grover <agrover@xxxxxxxxxx> - 1.0.41-1 - New upstream version - Remove patches: * fix-no-module-build.patch * usr-Makefile-fix-typo-in-bs_aio-so-filename.patch - Disable aio in a subpackage * Fri Oct 4 2013 Andy Grover <agrover@xxxxxxxxxx> - 1.0.40-1 - New upstream version - Break out Ceph (bs_rbd) support into a subpackage - Repackage patches based on git - Add patches: * fix-no-module-build.patch * usr-Makefile-fix-typo-in-bs_aio-so-filename.patch - Fix some weird date issues in changelog - Enable aio in a subpackage - Remove defattrs from file sections * Tue Sep 3 2013 Andy Grover <agrover@xxxxxxxxxx> - 1.0.39-1 - New upstream version - Move with_rbd outside ifnarch, and add comment -------------------------------------------------------------------------------- ================================================================================ spin-kickstarts-0.20.22-1.fc20 (FEDORA-2013-22743) Kickstart files and templates for creating your own Fedora Spins -------------------------------------------------------------------------------- Update Information: Includes last minute LXDE changes (to get under size limit) If no one ends up making any changes after freeze, this build can be used for final. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 <bruno@xxxxxxxx> - 0.20.22-1 - Pick up last minute changes to LXDE for final * Wed Nov 27 2013 <bruno@xxxxxxxx> - 0.20.21-1 - Build for final freeze -------------------------------------------------------------------------------- References: [ 1 ] Bug #1035536 - Final spin-kickstarts build required for Fedora 20 GA https://bugzilla.redhat.com/show_bug.cgi?id=1035536 -------------------------------------------------------------------------------- ================================================================================ squid-3.3.11-1.fc20 (FEDORA-2013-22727) The Squid proxy caching server -------------------------------------------------------------------------------- Update Information: Upstream 3.3.11 bugfix release -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> - 7:3.3.11-1 - Update to latest upstream bugfix version 3.3.11 * Fri Sep 13 2013 Michal Luscon <mluscon@xxxxxxxxxx> - 7:3.3.9-1 - Update to latest upstream version 3.3.9 - Fixed #976815: file descriptors are hard coded to 16384 - Fixed: active ftp crashing - Fixed: offset of patches -------------------------------------------------------------------------------- ================================================================================ systemd-208-8.fc20 (FEDORA-2013-22704) A System and Service Manager -------------------------------------------------------------------------------- Update Information: Potential fix for journal slowness. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> - 208-8 - Back out patches for bugs which are not freeze-excepted (only #1006386? remains) * Tue Dec 3 2013 Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> - 208-7 - Backport patches (#1023041, #1036845, #1006386?) - HWDB update - Some small new features: nspawn --drop-capability=, running PID 1 under valgrind, "yearly" and "annually" in calendar specifications - Some small documentation and logging updates -------------------------------------------------------------------------------- References: [ 1 ] Bug #1006386 - Journal flushing often slow, can prevent system booting correctly https://bugzilla.redhat.com/show_bug.cgi?id=1006386 [ 2 ] Bug #1016834 - libgudev1-devel.i686 not coninstallable with x86_64 https://bugzilla.redhat.com/show_bug.cgi?id=1016834 -------------------------------------------------------------------------------- ================================================================================ thunderbird-24.1.0-2.fc20 (FEDORA-2013-22705) Mozilla Thunderbird mail/newsgroup client -------------------------------------------------------------------------------- Update Information: Release for ARM architecture. -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 2 2013 Dennis Gilmore <dennis@xxxxxxxx> - 24.1.0-2 - remove ExcludeArch: armv7hl -------------------------------------------------------------------------------- References: [ 1 ] Bug #1037913 - thunderbird in F20 stable incorrectly excludes arm arches https://bugzilla.redhat.com/show_bug.cgi?id=1037913 [ 2 ] Bug #1026283 - Nautilus eating 100% cpu https://bugzilla.redhat.com/show_bug.cgi?id=1026283 -------------------------------------------------------------------------------- ================================================================================ tracker-0.16.4-2.fc20 (FEDORA-2013-22705) Desktop-neutral search tool and indexer -------------------------------------------------------------------------------- Update Information: Release for ARM architecture. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Debarshi Ray <rishi@xxxxxxxxxxxxxxxxx> - 0.16.4-2 - Strengthen against sqlite failures in FTS functions (Red Hat #1026283) * Sun Nov 24 2013 Kalev Lember <kalevlember@xxxxxxxxx> - 0.16.4-1 - Update to 0.16.4 * Tue Nov 12 2013 Debarshi Ray <rishi@xxxxxxxxxxxxxxxxx> - 0.16.2-5 - Bump the minimum memory requirement to 768M (GNOME #712142) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1037913 - thunderbird in F20 stable incorrectly excludes arm arches https://bugzilla.redhat.com/show_bug.cgi?id=1037913 [ 2 ] Bug #1026283 - Nautilus eating 100% cpu https://bugzilla.redhat.com/show_bug.cgi?id=1026283 -------------------------------------------------------------------------------- ================================================================================ xen-4.3.1-5.fc20 (FEDORA-2013-22754) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885] -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 2 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.3.1-5 - HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885] * Tue Nov 26 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.3.1-4 - Lock order reversal between page_alloc_lock and mm_rwlock [XSA-74, CVE-2013-4553] (#1034925) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests [XSA-76, CVE-2013-4554] (#1034923) * Thu Nov 21 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.3.1-3 - Insufficient TLB flushing in VT-d (iommu) code [XSA-78, CVE-2013-6375] (#1033149) -------------------------------------------------------------------------------- ================================================================================ xrootd-3.3.5-1.fc20 (FEDORA-2013-22752) Extended ROOT file server -------------------------------------------------------------------------------- Update Information: * root 5.34.13 ** See http://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes for a list of changes * xrootd 3.3.5 ** See https://github.com/xrootd/xrootd/blob/v3.3.5/docs/ReleaseNotes.txt for a list of changes * pythia8 8.1.80 ** See http://home.thep.lu.se/~torbjorn/pythia81html/UpdateHistory.html (scroll to the bottom) for a list of changes -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 1:3.3.5-1 - Update to version 3.3.5 * Tue Nov 19 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 1:3.3.4-1 - Update to version 3.3.4 -------------------------------------------------------------------------------- ================================================================================ yum-3.4.3-119.fc20 (FEDORA-2013-22706) RPM package installer/updater/manager -------------------------------------------------------------------------------- Update Information: Update to latest HEAD -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 4 2013 Zdenek Pavlas <zpavlas@xxxxxxxxxx> - 3.4.3-119 - docs only: group_command=objects is the distro default. - Parse float timestamps as valid, for global timestamp. - Add check_config_file_age, so we can turn that off for rhsm repos. BZ 103544 - Better doc. comment for re_primary_filename(). * Thu Nov 21 2013 James Antill <james at fedoraproject.org> - 3.4.3-118 - Update to latest HEAD. - Don't use the provide for distroverpkg if it's the name of the pkg. BZ 1002977. - Use the provides as-is when we do use it. BZ 1002977. - Fix the man page formatting for ! explanation in repolist, so it can be read. - Add deltarpm_metadata_percentage config. so people can configure MD download. * Tue Nov 19 2013 James Antill <james at fedoraproject.org> - 3.4.3-117 - Update to latest HEAD. - Fix autocheck_running_kernel config. * Mon Nov 18 2013 James Antill <james at fedoraproject.org> - 3.4.3-116 - Update to latest HEAD. - Add installed for groups pkg. lists on transaction output. BZ 1031374. - Add autocheck_running_kernel config. so people can turn it off. - Add upgrade_group_objects_upgrade config. so people can turn it off. - Add distupgrade command as alias for distro-sync, to be compat. with zypper. * Fri Nov 15 2013 James Antill <james at fedoraproject.org> - 3.4.3-115 - Update to latest HEAD. - Use makecache systemd timer on f20, maybe use it on f19 too? - installonlypkgs: remove unneeded provides, add "installonlypkg(kernel)" - docs: Suggest "--" when using "-<pkg>" to exclude packages. BZ 1026598. - applydeltarpm: turn fork() failure to MiscError. BZ 1028334. * Sun Nov 10 2013 James Antill <james at fedoraproject.org> - 3.4.3-114 - Update to latest HEAD. - Fixup always turning cron/makecache systemd stuff off. - _readRawRepoFile: return only valid (ini, section_id). BZ 1018795. - Same-mirror retry on refused connections. Helps BZ 853432. * Thu Oct 31 2013 James Antill <james at fedoraproject.org> - 3.4.3-113 - Update to latest HEAD. - Mostly backwards compat. change to how distroverpkg config. works. BZ 1002977. * Wed Oct 30 2013 James Antill <james at fedoraproject.org> - 3.4.3-112 - Update to latest HEAD. - Actually run the groups update config. when not in objects mode. BZ 1002439. - Implement pkg.remote_url for YumLocalPackage. BZ 1016148. - UpdateNotice.xml(): sanitize pkg['epoch']. BZ 1020540. - yum-cron: support download/install with update_messages==False. BZ 1018068. - Fix some bugs in setopt for repo config. entries. BZ 1023595. - Add loop limit for depsolving. BZ 1017840. - Add yum-makecache systemd service, force network updates on for better UI. * Mon Oct 7 2013 James Antill <james at fedoraproject.org> - 3.4.3-111 - Update to latest HEAD. - More reliable po.localpath file:// URL test. BZ 1004089 - Disable drpms for local repositories. BZ 1007097 - docs: fix formatting of "yum swap" examples. BZ 1009154 - Move disableplugin checks to before we load the conf/module - Set repo_error.repo attr also when filelists DL fails - Fix the "repo failed" message - docs: update "yum check" extra args description. BZ 1014993 - unlink_f(): handle ENOENT, EPERM, EACCES, EROFS. BZ 1015647, BZ 975619 * Fri Sep 6 2013 James Antill <james at fedoraproject.org> - 3.4.3-110 - Update to latest HEAD. - Add cache check to repolist, using "!". Document repoinfo. - Add epoch to updateinfo xml output. - Add missing translation hooks for ignored -c option message. - Try to smooth out the edge cases for cacheReq not ever updating data. * Wed Sep 4 2013 James Antill <james at fedoraproject.org> - 3.4.3-109 - Update to latest HEAD. - update /etc/yum-cron-hourly.conf. BZ 1002623 - Tweak y-c-t and history redo msg. BZ 974576. - docs: $arch does not map 1:1 to uname(2) arch. BZ 1003554 - checkMD: re-check when xattr matches but size==0. BZ 1002494 * Wed Aug 28 2013 James Antill <james at fedoraproject.org> - 3.4.3-108 - Update to latest HEAD. - Use new comps. mock objects to re-integrate group removal. BZ 996866. - Add "weak" comps. groups, for installed groups. - Add msg. to help users deal with RepoError failures. BZ 867389. - Give msgs about install/trans. obsoletes a higher priority. BZ 991080. - waitForLock() raises YumBaseError. BZ 1001154. * Sun Aug 25 2013 James Antill <james at fedoraproject.org> - 3.4.3-107 - Update to latest HEAD. - Pass requirement to compare_proviers so we can use provides version compare. - Show conf. file in yum-cron error message. - Add mark convert messages. - Fix logging level regression, -d9 works again. - Override users umask for groups files, so users can read it. BZ 982361. - Fix downgrade keeping .reason, note that remove+install doesn't. BZ 961938. - Inherit reason from install package into txmbr. BZ BZ 961938. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1016148 - yum localinstall throws: ValueError: <any rpm> has no attribute basepath https://bugzilla.redhat.com/show_bug.cgi?id=1016148 [ 2 ] Bug #1020540 - yum.update_md.UpdateNotice.xml() does not sanitize pkg['epoch'] with the to_xml() function https://bugzilla.redhat.com/show_bug.cgi?id=1020540 [ 3 ] Bug #1018068 - RFE: yum-cron: Need to turn off update notifications https://bugzilla.redhat.com/show_bug.cgi?id=1018068 [ 4 ] Bug #1023595 - yum-config-manager --setopt doesn't work with dotted repoids https://bugzilla.redhat.com/show_bug.cgi?id=1023595 [ 5 ] Bug #1026598 - yum install @somegroup -somepackage causes error https://bugzilla.redhat.com/show_bug.cgi?id=1026598 [ 6 ] Bug #1028334 - Yum traceback when spawnl(applydeltarpm) hits resource limits https://bugzilla.redhat.com/show_bug.cgi?id=1028334 [ 7 ] Bug #1035440 - subscription-manager yum plugin makes yum refresh all RHSM repos. on every command. https://bugzilla.redhat.com/show_bug.cgi?id=1035440 -------------------------------------------------------------------------------- ================================================================================ zabbix-2.0.9-2.fc20 (FEDORA-2013-22741) Open-source monitoring solution for your IT infrastructure -------------------------------------------------------------------------------- Update Information: This update solves the vulnerability described in CVE-2013-6824: "Zabbix agent is vulnerable to remote command execution from the Zabbix server in some cases" https://support.zabbix.com/browse/ZBX-7479 -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 3 2013 Volker Fröhlich <volker27@xxxxxx> - 2.0.9-2 - Fix vulnerability for remote command execution injection (ZBX-7479, CVE-2013-6824) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1037943 - CVE-2013-6824 zabbix: remote command execution from zabbix server [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1037943 [ 2 ] Bug #1037942 - CVE-2013-6824 zabbix: remote command execution from zabbix server [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1037942 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
