Fedora 19 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 19 Security updates need testing:
 Age  URL
  62  https://admin.fedoraproject.org/updates/FEDORA-2013-19262/quassel-0.9.1-1.fc19
  55  https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19
  12  https://admin.fedoraproject.org/updates/FEDORA-2013-22919/net-snmp-5.7.2-13.fc19
   9  https://admin.fedoraproject.org/updates/FEDORA-2013-23141/python-setuptools-0.6.49-1.fc19
   6  https://admin.fedoraproject.org/updates/FEDORA-2013-23315/libreswan-3.7-1.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2013-23432/openttd-1.3.3-1.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2013-23437/v8-3.14.5.10-3.fc19
   3  https://admin.fedoraproject.org/updates/FEDORA-2013-23457/xen-4.2.3-12.fc19
   2  https://admin.fedoraproject.org/updates/FEDORA-2013-23517/libgadu-1.12.0-0.2.rc1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-23653/kernel-3.12.5-200.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-23635/perl-Proc-Daemon-0.14-9.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-23567/ca-certificates-2013.1.95-1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-23592/rubygem-actionpack-3.2.13-3.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-23601/seamonkey-2.23-1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-23622/ibus-chewing-1.4.4-1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-23615/gnupg-1.4.16-2.fc19


The following Fedora 19 Critical Path updates have yet to be approved:
 Age URL
  28  https://admin.fedoraproject.org/updates/FEDORA-2013-21772/unzip-6.0-11.fc19
   9  https://admin.fedoraproject.org/updates/FEDORA-2013-23155/langtable-0.0.23-1.fc19
   9  https://admin.fedoraproject.org/updates/FEDORA-2013-23141/python-setuptools-0.6.49-1.fc19
   7  https://admin.fedoraproject.org/updates/FEDORA-2013-23219/iscsi-initiator-utils-6.2.0.873-17.fc19
   6  https://admin.fedoraproject.org/updates/FEDORA-2013-23305/libfm-1.1.4-1.fc19
   3  https://admin.fedoraproject.org/updates/FEDORA-2013-23467/gupnp-0.20.9-1.fc19
   3  https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-23666/fedora-release-19-6


The following builds have been pushed to Fedora 19 updates-testing

    caja-actions-1.6.2-2.fc19
    docker-io-0.7.2-1.fc19
    drupal7-features-2.0-5.fc19
    fedora-release-19-6
    ghc-numbers-3000.2.0.0-1.fc19
    gnupg-1.4.16-2.fc19
    golang-github-syndtr-gocapability-0-0.3.git3454319.fc19
    gust-antykwa-torunska-fonts-2.08-4.fc19
    ibus-chewing-1.4.4-1.fc19
    idle3-tools-0.9.1-1.fc19
    kernel-3.12.5-200.fc19
    mysql-utilities-1.3.6-1.fc19
    opendkim-2.9.0-2.fc19
    pcs-0.9.103-1.fc19
    perl-Proc-Daemon-0.14-9.fc19
    python-caja-1.4.0-4.fc19
    python-flask-whooshee-0.0.6-2.fc19
    qemu-1.4.2-15.fc19
    rubygem-actionpack-3.2.13-3.fc19
    seamonkey-2.23-1.fc19
    sqlcli-2-3.fc19
    subsurface-4.0-1.fc19
    suricata-1.4.7-1.fc19
    tuxcut-5.1-1.fc19
    tzdata-2013i-1.fc19
    vrq-1.0.97-1.fc19
    wireshark-1.10.4-2.fc19
    x2goclient-4.0.1.2-1.fc19

Details about builds:


================================================================================
 caja-actions-1.6.2-2.fc19 (FEDORA-2013-23628)
 Caja extension for customizing the context menu
--------------------------------------------------------------------------------
Update Information:

- update for rename caja in f21
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 18 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.2-2
- update for rename caja in f21
--------------------------------------------------------------------------------


================================================================================
 docker-io-0.7.2-1.fc19 (FEDORA-2013-23602)
 Automates deployment of containerized applications
--------------------------------------------------------------------------------
Update Information:

upstream release bump to v0.7.2
updating to upstream 0.7.1
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 18 2013 Lokesh Mandvekar <lsm5@xxxxxxxxxx> - 0.7.2-1
- upstream release bump to v0.7.2
* Fri Dec  6 2013 Vincent Batts <vbatts@xxxxxxxxxx> - 0.7.1-1
- upstream release of v0.7.1
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1044373 - docker-io-0.7.2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1044373
--------------------------------------------------------------------------------


================================================================================
 drupal7-features-2.0-5.fc19 (FEDORA-2013-23595)
 Provides feature management for Drupal
--------------------------------------------------------------------------------
Update Information:

Quote from the page of Features Plumber(https://drupal.org/project/features_plumber), 

"Note: The d7 version of this module should no longer be necessary when using more recent versions of Features module. If you feel this is incorrect, please open an issue."
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 18 2013 Peter Borsa <peter.borsa@xxxxxxxxx> - 2.0-5
- Fix Obsolotes line, remove zero
* Wed Dec 18 2013 Peter Borsa <peter.borsa@xxxxxxxxx> - 2.0-4
- Obsolete drupal7-features_plumber package
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1043582 - according to upstream drupal7-features_plumber is not required anymore
        https://bugzilla.redhat.com/show_bug.cgi?id=1043582
--------------------------------------------------------------------------------


================================================================================
 fedora-release-19-6 (FEDORA-2013-23666)
 Fedora release files
--------------------------------------------------------------------------------
Update Information:

add the Fedora 21 gpg keys and setup symlinks for them
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 16 2013 Dennis Gilmore <dennis@xxxxxxxx> - 19-6
- add f21 keys
--------------------------------------------------------------------------------


================================================================================
 ghc-numbers-3000.2.0.0-1.fc19 (FEDORA-2013-23629)
 Instances of numerical classes for numbers
--------------------------------------------------------------------------------
Update Information:

Updated to 3000.2.0.0
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 18 2013 Shakthi Kannan <shakthimaan [AT] fedoraproject dot org> - 3000.2.0.0-1
- new upstream version 3000.2.0.0
* Sat Aug  3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3000.1.0.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Fri Jun  7 2013 Jens Petersen <petersen@xxxxxxxxxx> - 3000.1.0.3-2
- update to new simplified Haskell Packaging Guidelines
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1018672 - ghc-numbers-3000.2.0.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1018672
--------------------------------------------------------------------------------


================================================================================
 gnupg-1.4.16-2.fc19 (FEDORA-2013-23615)
 A GNU utility for secure communication and data storage
--------------------------------------------------------------------------------
Update Information:

What's New
===========

 * Fixed the RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack as described by Genkin, Shamir, and Tromer.
 See <http://www.cs.tau.ac.il/~tromer/acoustic/>.[CVE-2013-4576]

 * Put only the major version number by default into armored output.

 * Do not create a trustdb file if --trust-model=always is used.

 * Print the keyid for key packets with --list-packets.

 * Changed modular exponentiation algorithm to recover from a small performance loss due to a change in 1.4.14.


Impact of the security problem
==============================

CVE-2013-4576 has been assigned to this security bug.

The paper describes two attacks.The first attack allows to distinguish keys: An attacker is able to notice which key is currently used for decryption.This is in general not a problem but may be used to reveal the information that a message, encrypted to a commonly not used key, has been received by the targeted machine.We do not have a software solution to mitigate this attack.

The second attack is more serious. It is an adaptive chosen ciphertext attack to reveal the private key. A possible scenario is that the attacker places a sensor (for example a standard smartphone) in the vicinity of the targeted machine. That machine is assumed to do unattended RSA decryption of received mails, for example by using a mail client which speeds up browsing by opportunistically decrypting mails expected to be read soon.While listening to the acoustic emanations of the targeted machine, the smartphone will send new encrypted messages to that machine and re-construct the private key bit by bit.A 4096 bit RSA key used on a laptop can be revealed within an hour.

GnuPG 1.4.16 avoids this attack by employing RSA blinding during decryption.GnuPG 2.x and current Gpg4win versions make use of Libgcrypt which employs RSA blinding anyway and are thus not vulnerable.

For the highly interesting research on acoustic cryptanalysis and the details of the attack see http://www.cs.tau.ac.il/~tromer/acoustic/ .

--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 18 2013 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 1.4.16-2
- New upstream v1.4.16
  fixes for CVE-2013-4576
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1044402 - gnupg-1.4.16 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1044402
--------------------------------------------------------------------------------


================================================================================
 golang-github-syndtr-gocapability-0-0.3.git3454319.fc19 (FEDORA-2013-23658)
 POSIX capability library for the Go programming language
--------------------------------------------------------------------------------
Update Information:

new release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1032750 - Review Request: golang-github-syndtr-gocapability - POSIX capability library for the Go programming language
        https://bugzilla.redhat.com/show_bug.cgi?id=1032750
--------------------------------------------------------------------------------


================================================================================
 gust-antykwa-torunska-fonts-2.08-4.fc19 (FEDORA-2013-23610)
 Two-element typeface for typesetting of small prints
--------------------------------------------------------------------------------
Update Information:

Nice new package of an old font.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1024134 - Review Request: gust-antykwa-torunska-fonts - Two-element typeface for typesetting of small prints
        https://bugzilla.redhat.com/show_bug.cgi?id=1024134
--------------------------------------------------------------------------------


================================================================================
 ibus-chewing-1.4.4-1.fc19 (FEDORA-2013-23622)
 The Chewing engine for IBus input platform
--------------------------------------------------------------------------------
Update Information:

- Resolves Bug 842856 - ibus-chewing 1.4.3-1 not built with $RPM_OPT_FLAGS
- Resolves Bug 1027030 - CVE-2013-4509 ibus-chewing: ibus: visible 
  password entry flaw [fedora-all]
  Thanks czchen for the GitHub pull request 39.
- Added translations: fr_FR, ja_JP, ko_KR
- Adopt cmake-fedora-1.2.0
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 18 2013 Ding-Yi Chen <dchen at redhat.com> - 1.4.4-1
- Resolves Bug 842856 - ibus-chewing 1.4.3-1 not built with $RPM_OPT_FLAGS
- Resolves Bug 1027030 - CVE-2013-4509 ibus-chewing: ibus: visible 
  password entry flaw [fedora-all]
  Thanks czchen for the GitHub pull request 39.
- Added translations: fr_FR, ja_JP, ko_KR
- Adopt cmake-fedora-1.2.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #842856 - ibus-chewing 1.4.3-1 not built with $RPM_OPT_FLAGS
        https://bugzilla.redhat.com/show_bug.cgi?id=842856
  [ 2 ] Bug #1027030 - CVE-2013-4509 ibus-chewing: ibus: visible password entry flaw [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1027030
--------------------------------------------------------------------------------


================================================================================
 idle3-tools-0.9.1-1.fc19 (FEDORA-2013-23623)
 Manipulate the value of the idle3 timer found on recent WD Hard Disk Drives
--------------------------------------------------------------------------------
Update Information:

Add idle3-tools, a small utility to edit some low-level knobs in WD hard drives.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #883104 - Review Request: idle3-tools - Manipulate the value of the idle3 timer found on recent WD Hard Disk Drives
        https://bugzilla.redhat.com/show_bug.cgi?id=883104
--------------------------------------------------------------------------------


================================================================================
 kernel-3.12.5-200.fc19 (FEDORA-2013-23653)
 The Linux kernel
--------------------------------------------------------------------------------
Update Information:

The 3.12.5 kernel contains support for new devices, and a number of bug fixes across the tree.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 17 2013 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx - 3.12.5-200
- Linux v3.12.5 rebase
* Mon Dec 16 2013 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx>
- Fix host lockup in bridge code when starting from virt guest (rhbz 1025770)
* Thu Dec 12 2013 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx>
- CVE-2013-4587 kvm: out-of-bounds access (rhbz 1030986 1042071)
- CVE-2013-6376 kvm: BUG_ON in apic_cluster_id (rhbz 1033106 1042099)
- CVE-2013-6368 kvm: cross page vapic_addr access (rhbz 1032210 1042090)
- CVE-2013-6367 kvm: division by 0 in apic_get_tmcct (rhbz 1032207 1042081)
* Wed Dec 11 2013 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx>
- Add patches to support ETPS/2 Elantech touchpads (rhbz 1030802)
* Tue Dec 10 2013 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx>
- CVE-2013-XXXX net: memory leak in recvmsg (rhbz 1039845 1039874)
* Tue Dec  3 2013 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx>
- Add patches to fix rfkill switch on Dell machines (rhbz 958826)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1030986 - CVE-2013-4587 kernel: kvm: rtc_status.dest_map out-of-bounds access
        https://bugzilla.redhat.com/show_bug.cgi?id=1030986
  [ 2 ] Bug #1033106 - CVE-2013-6376 kernel: kvm: BUG_ON() in apic_cluster_id()
        https://bugzilla.redhat.com/show_bug.cgi?id=1033106
  [ 3 ] Bug #1032210 - CVE-2013-6368 kvm: cross page vapic_addr access
        https://bugzilla.redhat.com/show_bug.cgi?id=1032210
  [ 4 ] Bug #1032207 - CVE-2013-6367 kvm: division by zero in apic_get_tmcct()
        https://bugzilla.redhat.com/show_bug.cgi?id=1032207
  [ 5 ] Bug #1039845 - Kernel: net: information leak in recvmsg handler msg_name & msg_namelen logic
        https://bugzilla.redhat.com/show_bug.cgi?id=1039845
  [ 6 ] Bug #1035875 - CVE-2013-6405 Kernel: net: leakage of uninitialized memory to user-space via recv syscalls
        https://bugzilla.redhat.com/show_bug.cgi?id=1035875
--------------------------------------------------------------------------------


================================================================================
 mysql-utilities-1.3.6-1.fc19 (FEDORA-2013-23625)
 MySQL Utilities
--------------------------------------------------------------------------------
Update Information:

Release 1.3.6 (Released November 26, 2013)

- BUG#13417229: mysqldbexport/mysqldbimport doesn't work with non-latin data
- BUG#13563921: mysqlmetagrep does not search the body of all objects
- BUG#13572964: mysqlprocgrep missing kill process by id
- BUG#13773247: mysqlserverclone wrongly states it can only clone local server
- BUG#14181681: server info should include the log files (error, general, slow)
- BUG#14725390: multithreaded copy, export, import
- BUG#16226348: test server_info_errors does not execute correctly on windows
- BUG#16386941: Parsing errors to identify treatment instead of use errno
- BUG#17066910: a killed connection can cause failover
- BUG#17214291: cannot access login-path with dashes in the name
- BUG#17217461: mysqluserclone throws exception when --source omitted
- BUG#17242369: extend mysqlfrm to produce .frm file
- BUG#17347424: No MySQL Utilities package for MAC OS X
- BUG#17393523: Utilities can not be upgraded using RPM distribution pkg
- BUG#17393742: Debian pkgs can't use C/py if License types are different
- BUG#17415167: mysqluc crashes when pressing home button on windows
- BUG#17423074: reuse drop_db() function in mut tests instead of redefining it
- BUG#17457402: mysqlindexcheck not displaying best/worst when low data
- BUG#17474810: constraint error copying the employees with mysqldbcopy
- BUG#17475780: mysqlauditadmin unnecessary flush audit log during rotation
- BUG#17510350: mysqldbcompare fails with no error message
- BUG#17548335: clone_db test to copy databases with weird names not executed
- BUG#17622298: mysqldbcopy and mysqldbexport copy and export routines after views
- BUG#17633465: mysqldbexport requires the replicate user on master
- BUG#17634676: Add missing option to show license type on Utilities
- BUG#17722274: Error when copying db with blob fields
- BUG#17903944: mysqlfailover crashes when non-existing slave is used
- BUG#17908146: metagrep utility crashes when unsupported object-type is used
- BUG#17909223: The backspace key is not recognized by utilities console
- WL#7232: MySQL Utilities: PEP-8 Compliance

Upstream changelog:

Release 1.3.5 (Released August 21, 2013)
- BUG#17061126: mysqldiff needs an auto_increment ignoring option
- BUG#17205680: non-deterministic failure of rpl_admin tests
- BUG#17256821: Commercial and GPL msi distro shares build descriptor
- BUG#17271100: mysqldbexport does not export fkeys
- BUG#17316515: Community distros contain both GPL and Commercial license
- BUG#17353571: GPL & Commercial msi installers create separate installs

--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 19 2013 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.3.6-1
- update to 1.3.6 GA
- add mysqlauditadmin and mysqlauditgrep on EPEL-6
--------------------------------------------------------------------------------


================================================================================
 opendkim-2.9.0-2.fc19 (FEDORA-2013-23612)
 A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail
--------------------------------------------------------------------------------
Update Information:

- Updating to new upstream 2.9.0 for all build version
- Fixing some minor bugs for systemd users.
* Sun Nov  3 2013 Steve Jenkins <steve stevejenkins com> - 2.8.4-4
- Rebuild of all release packages to sync version numbers

* Sun Nov  3 2013 Ville Skytta <ville.skytta@xxxxxx> - 2.8.4-3
- Fix path to docs in sample config when doc dir is unversioned (#993997).

* Sat Aug 03 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 2.8.4-2
- Perl 5.18 rebuild
* Sun Nov  3 2013 Steve Jenkins <steve stevejenkins com> - 2.8.4-4
- Rebuild of all release packages to sync version numbers

* Sun Nov  3 2013 Ville Skytta <ville.skytta@xxxxxx> - 2.8.4-3
- Fix path to docs in sample config when doc dir is unversioned (#993997).

* Sat Aug 03 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 2.8.4-2
- Perl 5.18 rebuild
* Sun Nov  3 2013 Steve Jenkins <steve stevejenkins com> - 2.8.4-4
- Rebuild of all release packages to sync version numbers

* Sun Nov  3 2013 Ville Skytta <ville.skytta@xxxxxx> - 2.8.4-3
- Fix path to docs in sample config when doc dir is unversioned (#993997).

* Sat Aug 03 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 2.8.4-2
- Perl 5.18 rebuild
* Sun Nov  3 2013 Steve Jenkins <steve stevejenkins com> - 2.8.4-4
- Rebuild of all release packages to sync version numbers

* Sun Nov  3 2013 Ville Skytta <ville.skytta@xxxxxx> - 2.8.4-3
- Fix path to docs in sample config when doc dir is unversioned (#993997).

* Sat Aug 03 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 2.8.4-2
- Perl 5.18 rebuild
* Sun Nov  3 2013 Steve Jenkins <steve stevejenkins com> - 2.8.4-4
- Rebuild of all release packages to sync version numbers

* Sun Nov  3 2013 Ville Skytta <ville.skytta@xxxxxx> - 2.8.4-3
- Fix path to docs in sample config when doc dir is unversioned (#993997).

* Sat Aug 03 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 2.8.4-2
- Perl 5.18 rebuild
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 18 2013 Steve Jenkins <steve stevejenkins com> - 2.9.0-2
- Patch adds user and group to systemd service file (Thx jcosta@xxxxxxxxxx)
- Changed default ownership of /etc/opendkim/keys directory to opendkim user
* Wed Dec 18 2013 Steve Jenkins <steve stevejenkins com> - 2.9.0-1
- Updated to use newer upstream 2.9.0 source code
- Added libbsd-devel to Build Requires
- Removed listrl references from libopendkim files section (handled by libbsd-devel)
* Sun Nov  3 2013 Steve Jenkins <steve stevejenkins com> - 2.8.4-4
- Rebuild of all release packages to sync version numbers
* Sun Nov  3 2013 Ville Skytta ville.skytta@xxxxxx> - 2.8.4-3
- Fix path to docs in sample config when doc dir is unversioned (#993997).
* Sat Aug  3 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 2.8.4-2
- Perl 5.18 rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1041546 - opendkim.service needs user/group
        https://bugzilla.redhat.com/show_bug.cgi?id=1041546
  [ 2 ] Bug #993997 - opendkim possibly affected by F-20 unversioned docdir change
        https://bugzilla.redhat.com/show_bug.cgi?id=993997
--------------------------------------------------------------------------------


================================================================================
 pcs-0.9.103-1.fc19 (FEDORA-2013-23633)
 Pacemaker Configuration System
--------------------------------------------------------------------------------
Update Information:

Updated to latest upstream
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 17 2013 Chris Feist <cfeist@xxxxxxxxxx> - 0.9.103-1
- Re-synced to upstream sources
* Fri Dec 13 2013 Chris Feist <cfeist@xxxxxxxxxx> - 0.9.102-1
- Re-synced to upstream sources
--------------------------------------------------------------------------------


================================================================================
 perl-Proc-Daemon-0.14-9.fc19 (FEDORA-2013-23635)
 Run Perl program as a daemon process
--------------------------------------------------------------------------------
Update Information:

Add patch from debian to fix pidfile with mode 666 CVE-2013-7135
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 18 2013 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 0.14-9
- fix pidfile with mode 666, patch from debian, CVE-2013-7135
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1043872 - CVE-2013-7135 perl-Proc-Daemon: writes pidfile with mode 666
        https://bugzilla.redhat.com/show_bug.cgi?id=1043872
--------------------------------------------------------------------------------


================================================================================
 python-caja-1.4.0-4.fc19 (FEDORA-2013-23624)
 Python bindings for Caja
--------------------------------------------------------------------------------
Update Information:

- rebuild for caja rename in f21
- add python2 stacks
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 18 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1:1.4.0-4
- rebuild for caja rename in f21
- add python2 stacks
--------------------------------------------------------------------------------


================================================================================
 python-flask-whooshee-0.0.6-2.fc19 (FEDORA-2013-23617)
 Whoosh integration
--------------------------------------------------------------------------------
Update Information:

New tiny version of flask-whooshee that fixes couple of upstream bugs and brings few enhancements while staying fully backwards compatible.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 18 2013 Bohuslav Kabrda <bkabrda@xxxxxxxxxx> - 0.0.6-2
- No python3 subpackage in F19.
* Wed Dec 18 2013 Bohuslav Kabrda <bkabrda@xxxxxxxxxx> - 0.0.6-1
- Update to flask-whooshee 0.0.6.
- Drop py3 compat patch, since it's now upstream.
- Use buildroot macro consistently.
* Fri Oct  4 2013 Robert Kuska <rkuska@xxxxxxxxxx> 0.0.5-4
- Add python3 subpackage
* Sun Aug  4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.0.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 qemu-1.4.2-15.fc19 (FEDORA-2013-23641)
 QEMU is a FAST! processor emulator
--------------------------------------------------------------------------------
Update Information:

* Add kill() to seccomp whitelist, fix AC97 with -sandbox on (bz #1043521)
* Changing streaming mode default to off for spice (bz #1038336)
* Fix qemu-img ceph dep (bz #1024781)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 18 2013 Cole Robinson <crobinso@xxxxxxxxxx> - 2:1.4.2-15
- Add kill() to seccomp whitelist, fix AC97 with -sandbox on (bz #1043521)
- Changing streaming mode default to off for spice (bz #1038336)
- Fix qemu-img ceph dep (bz #1024781)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1043521 - qemu with sandbox turned ON hangs when started with option '-device AC97,bus=pci.0,addr=03'
        https://bugzilla.redhat.com/show_bug.cgi?id=1043521
  [ 2 ] Bug #1024781 - qemu-system-x86_64: symbol lookup error: qemu-system-x86_64: undefined symbol: rbd_aio_flush
        https://bugzilla.redhat.com/show_bug.cgi?id=1024781
--------------------------------------------------------------------------------


================================================================================
 rubygem-actionpack-3.2.13-3.fc19 (FEDORA-2013-23592)
 Web-flow and rendering framework putting the VC in MVC
--------------------------------------------------------------------------------
Update Information:

Includes security patches for:

- CVE-2013-6417 - Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)
- CVE-2013-4491 - Reflective XSS Vulnerability in Ruby on Rails
- CVE-2013-6415 - XSS Vulnerability in number_to_currency
- CVE-2013-6414 - Denial of Service Vulnerability in Action View
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 16 2013 Josef Stribny <jstribny@xxxxxxxxxx> - 1:3.2.13-3
- Fixes for CVE-2013-6417, CVE-2013-4491, CVE-2013-6415, CVE-2013-6414
--------------------------------------------------------------------------------


================================================================================
 seamonkey-2.23-1.fc19 (FEDORA-2013-23601)
 Web browser, e-mail, news, IRC client, HTML editor
--------------------------------------------------------------------------------
Update Information:

Update to 2.23

Fixes various security issues, see http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html for more info.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 18 2013 Dmitry Butskoy <Dmitry@xxxxxxxxxxxx> 2.23-1
- update to 2.23
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1043100 - seamonkey-2.23 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1043100
--------------------------------------------------------------------------------


================================================================================
 sqlcli-2-3.fc19 (FEDORA-2013-23667)
 A command-line SQL query utility
--------------------------------------------------------------------------------
Update Information:

A command-line SQL query utility
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1034523 - Review Request: sqlcli - a tool for running sql queries from the command line using sqlalchemy
        https://bugzilla.redhat.com/show_bug.cgi?id=1034523
--------------------------------------------------------------------------------


================================================================================
 subsurface-4.0-1.fc19 (FEDORA-2013-23606)
 Rough divelog in C and Gtk
--------------------------------------------------------------------------------
Update Information:

Update to 4.0

        Move from GTK to Qt
        Move from libosmgps to Marble
        New printing logic/code

--------------------------------------------------------------------------------
ChangeLog:

* Sun Dec 15 2013 Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> - 4.0-1
- Update to release 4.0
* Mon Dec  9 2013 Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> - 3.9.2-1
- Update to 3.9.2 which is the second beta release before 4.0
* Wed Aug  7 2013 Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> - 3.1.1-3
- Rebuild to fix broken dependency
* Sun Aug  4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.1.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1000111 - Printing dive some of the characters are over printed
        https://bugzilla.redhat.com/show_bug.cgi?id=1000111
  [ 2 ] Bug #1025016 - Update from F19 to F20 fails due to osm-gps-map dependency
        https://bugzilla.redhat.com/show_bug.cgi?id=1025016
--------------------------------------------------------------------------------


================================================================================
 suricata-1.4.7-1.fc19 (FEDORA-2013-23587)
 Intrusion Detection System
--------------------------------------------------------------------------------
Update Information:

This update fixes many issues compared to 1.4.3 including CVE-2013-5919.
Fixed accuracy issues with relative pcre matching
Improved accuracy of file_data keyword
Invalidate negative depth
Fix http host parsing for IPv6 addresses
Fix fast.log formatting issues
Fixed deadlock in flowvar set code for http buffers
Various signature ordering improvements
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 18 2013 Steve Grubb <sgrubb@xxxxxxxxxx> 1.4.7-1
- New upstream bug fix release
* Fri Oct  4 2013 Steve Grubb <sgrubb@xxxxxxxxxx> 1.4.6-1
- New upstream bug fix release
* Sun Aug  4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Fri Jun 21 2013 Steve Grubb <sgrubb@xxxxxxxxxx> 1.4.3-2
- Drop prelude support
* Fri Jun 21 2013 Steve Grubb <sgrubb@xxxxxxxxxx> 1.4.3-1
- New upstream bug fix release
* Mon Jun  3 2013 Steve Grubb <sgrubb@xxxxxxxxxx> 1.4.2-1
- New upstream bug fix release
--------------------------------------------------------------------------------


================================================================================
 tuxcut-5.1-1.fc19 (FEDORA-2013-23630)
 Arpspoof attacks protector
--------------------------------------------------------------------------------
Update Information:

Fix the remove issue.
Fix delay time when closing the application sometimes.
Enhance the application launcher.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 12 2013 Mosaab Alzoubi <moceap@xxxxxxxxxxx> - 5.1-1
- Update release.
- New upstream URL method.
- Tweak %prep for new release.
- Use upstream icon.
- Update bin/tuxcut.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1041398 - [abrt] tuxcut-5.0-15.fc19: TuxCut.py:124:gw_mac:AttributeError: 'TuxCut' object has no attribute '_iface'
        https://bugzilla.redhat.com/show_bug.cgi?id=1041398
--------------------------------------------------------------------------------


================================================================================
 tzdata-2013i-1.fc19 (FEDORA-2013-23608)
 Timezone data
--------------------------------------------------------------------------------
Update Information:

- Rebase with early release of 2013i from Paul Eggert github.
  - Jordan switches back to standard time at 00:00 on December 20,2013.
  - The 2006-2011 transition schedule is planned to resume in 2014.
  - The compile-time flag NOSOLAR has been removed.
  - The files solar87, solar88, and solar89 are no longer distributed.
  - tz-link.htm now mentions Noda Time.

--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 18 2013 Patsy Franklin <pfrankli@xxxxxxxxxx> 2013i-1
- Rebase with early release of 2013i from Paul Eggert github.
  - Jordan switches back to standard time at 00:00 on December 20,2013.
  - The 2006-2011 transition schedule is planned to resume in 2014.
  - The compile-time flag NOSOLAR has been removed.
  - The files solar87, solar88, and solar89 are no longer distributed.
  - tz-link.htm now mentions Noda Time.
--------------------------------------------------------------------------------


================================================================================
 vrq-1.0.97-1.fc19 (FEDORA-2013-23647)
 Verilog tool framework with plugins for manipulating source code
--------------------------------------------------------------------------------
Update Information:

Updated to 1.0.97.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 18 2013 Shakthi Kannan <shakthimaan [AT] fedoraproject dot org> - 1.0.97-1
- Updated to 1.0.97
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #987435 - vrq-1.0.97 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=987435
--------------------------------------------------------------------------------


================================================================================
 wireshark-1.10.4-2.fc19 (FEDORA-2013-23660)
 Network traffic analyzer
--------------------------------------------------------------------------------
Update Information:

- Ver. 1.10.4
- Don't apply upsteamed patches no. 13, 14, 15, 16, 17
- Fix variable overflow (patch no. 18)
- Updated RTPproxy dissector (backported three more patches from trunk)
- Fix endianness in the Bitcoin protocol dissector (patch no. 19)
- Last-minute fix for wrongly backported change (patch no. 20)
- Recent Glib doesn't provide g_memmove macro anymore so we have to fallback to memmove (patch no. 21)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 19 2013 Peter Lemenkov <lemenkov@xxxxxxxxx> - 1.10.4-2
- Fix endianness in the Bitcoin protocol dissector (patch no. 19)
- Last-minute fix for wrongly backported change (patch no. 20)
- Fix FTBFS in Rawhide (see patch no. 21 - recent Glib doesn't provide g_memmove macro anymore)
* Wed Dec 18 2013 Peter Lemenkov <lemenkov@xxxxxxxxx> - 1.10.4-1
- Ver. 1.10.4
- Don't apply upsteamed patches no. 13, 14, 15, 16, 17
- Fix variable overflow (patch no. 18)
- Updated RTPproxy dissector (backported patches from trung)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1044439 - Wireshark 1.10.4 FTBFS in Rawhide due to dropped g_memmove in recent Glib versions
        https://bugzilla.redhat.com/show_bug.cgi?id=1044439
--------------------------------------------------------------------------------


================================================================================
 x2goclient-4.0.1.2-1.fc19 (FEDORA-2013-23634)
 X2Go Client application (Qt4)
--------------------------------------------------------------------------------
Update Information:

- Update to 4.0.1.2:
    - Provide Keywords: key in .desktop file.
    - Store broker HTTPS certificate exceptions in $HOME/.x2go/ssl/exceptions (before: $HOME/ssl/exceptions). (Fixes: #328).
    - Perform sanity checks on data that comes in from X2Go Servers.  Prohibit the execution of arbitrary code via the ~/.bashrc file. (Fixes: #333).
    - Add option --broker-cacertfile. Allow usage of non-system-wide installed (self-signed) SSL certificate chains for https (SSL) session broker connections. (Fixes: #311).
    - Update man page for new --tray-icon cmdline option.
    - Update man page for --broker-url. Explain the syntax of <URL>.
    - Properly handle (=expand) the "~" character in key filenames. (Brought to attention by Eldamir on IRC. Thanks!).
    - Expand tilde operator for all other file paths handed over to X2Go Client via sessions file or cmdline parameter.
    - Syntax fix of x2goclient.desktop file.
    - Test for various file locations of the pulseaudio cookie file.
    - Strip whitespaces off of user name, host name and other strings when loading / saving session profiles. (Fixes: #315).
    - New option --tray-icon. Force showing the tray icon, even for hidden sessions. Also allow creation of .desktop files with --tray-icon optionally being enabled. (Fixes: #316).
    - Update Spanish translation.
    - Support for keys "shadowuser" "shadowdisplay" and "shadowmode" in config file. This allows choosing the default display for shadow sessions.
    - Support for GSSApi(Kerberos 5) authentication. Using ssh/scp commands on Linux and Mac and plink/pscp on Windows.
    - Support for ChallengeResponseAuthentication (Google Authenticator)
    - Additional check if authentication with GSSApi successfull
    - c121b7e2d3d83abdc2d7a29637bc3294e38b2ec3 broke checking if remote command produce only stderr and not stdout. It made x2goclient crash if x2gostartagent send LIMIT error. Current commit fixes this issue.
    - SshMasterConnection should use current user name if no user name is specified in session settings
    - GSSApi(Kerberos 5) authentication for sshproxy and sshbroker
    - Handle SSH host key changes more elegantly and allow user interaction if such a host key change occurs. (Fixes: #241).

- Update summary and description from upstream
- Split out browser plugin into x2goplugin package
- Add x2goplugin-provider package for apache config
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 17 2013 Orion Poplawski <orion@xxxxxxxxxxxxx> - 4.0.1.2-1
- Update to 4.0.1.2
- Update summary and description from upstream
- Split out browser plugin into x2goplugin package
- Add x2goplugin-provider package for apache config
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test





[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux