The following Fedora 20 Security updates need testing: Age URL 78 https://admin.fedoraproject.org/updates/FEDORA-2013-19198/quassel-0.9.1-1.fc20 38 https://admin.fedoraproject.org/updates/FEDORA-2013-22130/chicken-4.8.0.5-1.fc20 29 https://admin.fedoraproject.org/updates/FEDORA-2013-22809/net-snmp-5.7.2-16.fc20 24 https://admin.fedoraproject.org/updates/FEDORA-2013-23116/python-swiftclient-1.8.0-1.fc20 15 https://admin.fedoraproject.org/updates/FEDORA-2013-23524/openstack-nova-2013.2.1-2.fc20 14 https://admin.fedoraproject.org/updates/FEDORA-2013-23636/rubygem-actionpack-4.0.0-2.fc20 14 https://admin.fedoraproject.org/updates/FEDORA-2013-23659/ibus-chewing-1.4.4-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2013-24018/varnish-3.0.5-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2013-24059/mingw-openjpeg-1.5.1-7.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2013-24108/asterisk-11.7.0-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2013-24153/libsrtp-1.4.4-9.20101004cvs.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-0033/goffice-0.10.9-1.fc20,gnumeric-1.12.9-1.fc20,gnome-chemistry-utils-0.14.5-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0156/poppler-0.24.3-3.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0129/python-libcloud-0.13.3-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0066/rubygem-will_paginate-3.0.4-4.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 51 https://admin.fedoraproject.org/updates/FEDORA-2013-21163/libproxy-0.4.11-8.fc20 13 https://admin.fedoraproject.org/updates/FEDORA-2013-23721/krb5-1.11.3-38.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2013-23850/libbluray-0.5.0-2.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2013-23915/rygel-0.20.3-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0156/poppler-0.24.3-3.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0157/librepo-1.5.1-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0151/cups-1.7.0-9.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0150/perl-Encode-2.54-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0120/libevdev-0.6-3.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0088/policycoreutils-2.2.4-6.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0099/libldb-1.1.16-4.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0044/gnutls-3.1.18-3.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0096/hwdata-0.259-1.fc20 The following builds have been pushed to Fedora 20 updates-testing cups-1.7.0-9.fc20 darktable-1.4-1.fc20 dovecot-2.2.10-1.fc20 drupal7-7.25-1.fc20 epiphany-3.10.3-1.fc20 freeipa-3.3.3-4.fc20 freeipmi-1.3.4-1.fc20 gimp-elsamuko-24-2.fc20 glances-1.7.2-1.fc20 glusterfs-3.4.2-1.fc20 kde-plasma-nm-0.9.3.2-3.fc20 librepo-1.5.1-1.fc20 linpsk-1.2-1.fc20 lohit-gujarati-fonts-2.92.2-1.fc20 mailman-2.1.15-17.fc20 nx-libs-3.5.0.21-5.fc20 parcellite-1.1.7-2.fc20 perl-Encode-2.54-2.fc20 perl-Perl-Critic-Tics-0.008-1.fc20 php-sabre-dav-1.8.7-1.fc20 php-sabre-vobject-2.1.3-1.fc20 poppler-0.24.3-3.fc20 python-libcloud-0.13.3-1.fc20 pywbem-0.7.0-23.20131121svn626.fc20 quiterss-0.14.2-1.fc20 xfig-3.2.5-38.b.fc20 Details about builds: ================================================================================ cups-1.7.0-9.fc20 (FEDORA-2014-0151) CUPS printing system -------------------------------------------------------------------------------- Update Information: This update fixes the long delay when shutting down the cups service. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 2 2014 Tim Waugh <twaugh@xxxxxxxxxx> - 1:1.7.0-9 - dbus notifier: call _exit when handling SIGTERM (STR #4314). - Use '-f' when using rm in %setup section. - Fixed avahi-no-threaded patch so it removes a call to avahi_threaded_poll_stop() (bug #1044602). * Fri Dec 13 2013 Tim Waugh <twaugh@xxxxxxxxxx> - 1:1.7.0-8 - Use string literal for format string in sd_journal_print call. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1044602 - Long wait at shutdown/reboot https://bugzilla.redhat.com/show_bug.cgi?id=1044602 -------------------------------------------------------------------------------- ================================================================================ darktable-1.4-1.fc20 (FEDORA-2014-0147) Utility to organize and develop raw images -------------------------------------------------------------------------------- Update Information: New darktable stable release 1.4 -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 1 2014 Edouard Bourguignon <madko@xxxxxxxxxxx> - 1.4-1 - Upgrade to 1.4 * Mon Dec 2 2013 Edouard Bourguignon <madko@xxxxxxxxxxx> - 1.4-0.1.rc1 - Upgrade to 1.4~rc1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1025748 - Darktable's background process is not closed after UI is closed https://bugzilla.redhat.com/show_bug.cgi?id=1025748 -------------------------------------------------------------------------------- ================================================================================ dovecot-2.2.10-1.fc20 (FEDORA-2014-0137) Secure imap and pop3 server -------------------------------------------------------------------------------- Update Information: * auth: passdb/userdb dict rewrite to support much more complex setups. See doc/example-config/dovecot-dict-auth.conf.ext. The old settings will continue to work. * auth: Added userdb result_success/failure/tempfail and skip settings, similar to passdb's. See http://wiki2.dovecot.org/UserDatabase * imap: Implemented SETQUOTA command for admin user when quota_set is configured. See http://master.wiki2.dovecot.org/Quota/Configuration * quota: Support "*" and "?" wildcards in mailbox names in quota_rules * mysql: Added ssl_verify_server_cert=no|yes parameter. This currently defaults to "no" to make sure nothing breaks, but likely will become "yes" in Dovecot v2.3. * ldap: Added blocking=yes setting to use auth worker processes for ldap lookups. This is a workaround for now to be able to use multiple simultaneous LDAP connections. * pop3c+dsync performance improvements * quota-status: quota_grace was ignored * ldap: Fixed memory leak with auth_bind=yes and without auth_bind_userdn. * imap: Don't send HIGHESTMODSEQ anymore on SELECT/EXAMINE when CONDSTORE/QRESYNC has never before been enabled for the mailbox. * imap: Fixes to handling mailboxes without permanent modseqs. (When [NOMODSEQ] is returned by SELECT, mainly with in-memory indexes.) * imap: Various fixes to METADATA support. * stats plugin: Processes that only temporarily dropped privileges (e.g. indexer-worker) may have been logging errors about not being able to open /proc/self/io. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 2 2014 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 1:2.2.10-1 - dovecot updated to 2.2.10 - quota-status: quota_grace was ignored - ldap: Fixed memory leak with auth_bind=yes and without auth_bind_userdn. - imap: Don't send HIGHESTMODSEQ anymore on SELECT/EXAMINE when CONDSTORE/QRESYNC has never before been enabled for the mailbox. - imap: Fixes to handling mailboxes without permanent modseqs. (When [NOMODSEQ] is returned by SELECT, mainly with in-memory indexes.) - imap: Various fixes to METADATA support. - stats plugin: Processes that only temporarily dropped privileges (e.g. indexer-worker) may have been logging errors about not being able to open /proc/self/io. -------------------------------------------------------------------------------- ================================================================================ drupal7-7.25-1.fc20 (FEDORA-2014-0124) An open-source content-management platform -------------------------------------------------------------------------------- Update Information: Latest upstream. https://drupal.org/drupal-7.25-release-notes -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 3 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 7.25-1 - 7.25, BZ 1048114. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1048114 - drupal7-7.25 is available https://bugzilla.redhat.com/show_bug.cgi?id=1048114 -------------------------------------------------------------------------------- ================================================================================ epiphany-3.10.3-1.fc20 (FEDORA-2014-0143) Web browser for GNOME -------------------------------------------------------------------------------- Update Information: - Do not lock when resizing columns in history window (#696653) - Fix critical warnings (#719405) - Fix text encoding dialog #703825) - Change default charset to iso-8859-1 for greater web compatibility (720247) - A few performance fixes. - Updated translations. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 3 2014 Debarshi Ray <rishi@xxxxxxxxxxxxxxxxx> - 1:3.10.3-1 - Update to 3.10.3 -------------------------------------------------------------------------------- ================================================================================ freeipa-3.3.3-4.fc20 (FEDORA-2013-23354) The Identity, Policy and Audit system -------------------------------------------------------------------------------- Update Information: Fixes #1040576. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 3 2014 Martin Kosek <mkosek@xxxxxxxxxx> - 3.3.3-4 - Build crashed with rhino exception on s390 architectures (#1040576) * Thu Dec 12 2013 Martin Kosek <mkosek@xxxxxxxxxx> - 3.3.3-3 - Build crashed rhino exception on some architectures (#1040576) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1040576 - FTBFS: Exception in thread "process reaper" java.lang.StackOverflowError https://bugzilla.redhat.com/show_bug.cgi?id=1040576 -------------------------------------------------------------------------------- ================================================================================ freeipmi-1.3.4-1.fc20 (FEDORA-2014-0149) IPMI remote console and system management software -------------------------------------------------------------------------------- Update Information: Update to 1.3.4. Changelog: * ipmi-sensors-config/ipmi-sensors-config-threshold-section.c, ipmi-sensors-config/ipmi-sensors-config-utils.c: Force some error messages to output on fatal errors. * libfreeipmi/util/ipmi-sensor-util.c (ipmi_sensor_decode_raw_value): Fix error in input checks. * ipmi-config/ipmi-config-category-sensors-threshold-section.c: Fix error message cut & paste typo. * ipmiseld/ipmiseld.c: Fix error message typo. * doc/freeipmi-faq.txi: Update with new information on OS issues. * bmc-watchdog/bmc-watchdog.c (_fiid_obj_get_safe): New function. * bmc-watchdog/bmc-watchdog.c (_get_watchdog_timer_cmd): Use _fiid_obj_get_safe and do not exit on data not available errors. * doc/freeipmi-faq.txi: Update with new information. * libfreeipmi/sdr/ipmi-sdr-cache-create.c (ipmi_sdr_cache_create): Fix bug w/ Fujitsu SDR count workaround. * ipmiconsole/, libipmiconsole/: Support solchannelsupport workaround option / IPMICONSOLE_WORKAROUND_SKIP_CHANNEL_PAYLOAD_SUPPORT workaround flag. * doc/freeipmi-bugs-issues-and-workarounds.txt, man/manpage-common-workaround-outofband-15-text.man: Document workaround for Quanta Winterfell. * libfreeipmi/util/ipmi-rmcpplus-util.c (ipmi_rmcpplus_check_rakp_4_integrity_check_value): Fix incorrect secure memset call. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 17 2013 Christopher Meng <rpm@xxxxxxxx> - 1.3.4-1 - Updated to freeipmi-1.3.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1043061 - freeipmi-1.3.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1043061 -------------------------------------------------------------------------------- ================================================================================ gimp-elsamuko-24-2.fc20 (FEDORA-2014-0148) Script collection for the GIMP -------------------------------------------------------------------------------- Update Information: New GIMP scripts. -------------------------------------------------------------------------------- References: [ 1 ] Bug #924682 - Review Request: gimp-elsamuko - Elsamukos script collection for the GIMP https://bugzilla.redhat.com/show_bug.cgi?id=924682 -------------------------------------------------------------------------------- ================================================================================ glances-1.7.2-1.fc20 (FEDORA-2014-0128) CLI curses based monitoring tool -------------------------------------------------------------------------------- Update Information: Upgrade to 1.7.2 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 12 2013 Edouard Bourguignon <madko@xxxxxxxxxxx> - 1.7.2-1 - Update to 1.7.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1025996 - glances-1.7.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1025996 -------------------------------------------------------------------------------- ================================================================================ glusterfs-3.4.2-1.fc20 (FEDORA-2014-0133) Cluster File System -------------------------------------------------------------------------------- Update Information: GlusterFS 3.4.2 GA Update to glusterFS-3.4.2qa5 * include gfapi.py and the .../python*/site-packages/gluster/ -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 3 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 3.5.0-1 - GlusterFS 3.4.2 GA * Wed Dec 25 2013 Niels de Vos <ndevos@xxxxxxxxxx> - 3.4.2-0.1qa5 - GlusterFS 3.4.2 QA5, glusterfs-3.4.2-0.1qa5 - Correct source URL to automatic release location * Fri Dec 20 2013 Niels de Vos <ndevos@xxxxxxxxxx> - Include .../site-packages/gluster/gfapi.py in glusterfs-api * Thu Dec 19 2013 Niels de Vos <ndevos@xxxxxxxxxx> - Include the .../site-packages/gluster/__init__.py file by default, skip EL-5 and earlier (#1045123) * Tue Dec 17 2013 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 3.4.2-0.1qa4 - GlusterFS 3.4.2 QA4 , glusterfs-3.4.2-0.1qa4 * Fri Dec 6 2013 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 3.5.0-0.1qa3 - GlusterFS 3.5.0 QA3 , glusterfs-3.5.0-0.1qa3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1045123 - Latest Fedora 3.4.1 RPM does not install python gluster directory https://bugzilla.redhat.com/show_bug.cgi?id=1045123 -------------------------------------------------------------------------------- ================================================================================ kde-plasma-nm-0.9.3.2-3.fc20 (FEDORA-2014-0081) Plasma applet written in QML for managing network connections -------------------------------------------------------------------------------- Update Information: Some upstream fixes -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 3 2014 Jan Grulich <jgrulich@xxxxxxxxxx> - 0.9.3.2-3 - More upstream fixes * Thu Jan 2 2014 Jan Grulich <jgrulich@xxxxxxxxxx> - 0.9.3.2-2 - Pickup some upstream fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1043195 - KDE lies when asks for wifi password at startup https://bugzilla.redhat.com/show_bug.cgi?id=1043195 [ 2 ] Bug #1031997 - Prevent auto-reconnect on secrets failure until agents change https://bugzilla.redhat.com/show_bug.cgi?id=1031997 -------------------------------------------------------------------------------- ================================================================================ librepo-1.5.1-1.fc20 (FEDORA-2014-0157) Repodata downloading library -------------------------------------------------------------------------------- Update Information: Update to 1.5.1 -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 3 2014 Tomas Mlcoch <tmlcoch at redhat.com> - 1.5.1-1 - Downloading: LRO_MAXSPEED has effect over whole downloading, it is not per target max speed anymore. - Sanitize progresscb (GitHub issue 24) (Thanks zde/zpavlas) -------------------------------------------------------------------------------- ================================================================================ linpsk-1.2-1.fc20 (FEDORA-2014-0132) Psk31 and RTTY program for Linux -------------------------------------------------------------------------------- Update Information: This is new version of linpsk, for details see upstream page: http://linpsk.sourceforge.net/ -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 3 2014 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 1.2-1 - New version Resolves: rhbz#1046658 - Dropped compile-fix patch (not needed) - Various minor fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1046658 - linpsk-1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1046658 -------------------------------------------------------------------------------- ================================================================================ lohit-gujarati-fonts-2.92.2-1.fc20 (FEDORA-2014-0161) Free Gujarati font -------------------------------------------------------------------------------- Update Information: This is an update with enhancements in upstream. This is an update that provides latest upstream version with couple of bug fixes. This is an upstream release with enhancements over earlier release. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 3 2014 Pravin Satpute <psatpute@xxxxxxxxxx> - 2.92.2-1 - Minor release 2.92.2 from upstream. * Thu Dec 12 2013 Pravin Satpute <psatpute@xxxxxxxxxx> - 2.92.1-1 - Minor release 2.92.1 from upstream. * Mon Dec 9 2013 Pravin Satpute <psatpute@xxxxxxxxxx> - 2.92.0-1 - Beta release 2.92.0 from upstream (lohit2 project) -------------------------------------------------------------------------------- ================================================================================ mailman-2.1.15-17.fc20 (FEDORA-2014-0154) Mailing list manager with built in Web access -------------------------------------------------------------------------------- Update Information: Add setgid for /usr/lib/mailman/mail/mailman. Fix bug caused by RPM change in setgid handling. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 3 2014 Jan Kaluza <jkaluza@xxxxxxxxxx> - 3:2.1.15-17 - fix #1043677 - fix setgid for /usr/lib/mailman/mail/mailman * Wed Dec 18 2013 Jan Kaluza <jkaluza@xxxxxxxxxx> - 3:2.1.15-16 - fix #1043677 - fix setgid for cgi binaries -------------------------------------------------------------------------------- References: [ 1 ] Bug #1043677 - mailman cgi scripts lack setgid bit https://bugzilla.redhat.com/show_bug.cgi?id=1043677 -------------------------------------------------------------------------------- ================================================================================ nx-libs-3.5.0.21-5.fc20 (FEDORA-2014-0142) NX X11 protocol compression libraries -------------------------------------------------------------------------------- Update Information: Provide /usr/share/X11/xkb/keymap.dir so nxagent can find keymap dir (bug #1033876) -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 3 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.5.0.21-5 - Provide /usr/share/X11/xkb/keymap.dir so nxagent can find keymap dir (bug #1033876) * Thu Oct 10 2013 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.5.0.21-4 - Do not build/ship unneeded xlib18n libs -------------------------------------------------------------------------------- References: [ 1 ] Bug #1033876 - x2go session does not set correct keyboard type https://bugzilla.redhat.com/show_bug.cgi?id=1033876 -------------------------------------------------------------------------------- ================================================================================ parcellite-1.1.7-2.fc20 (FEDORA-2013-22534) A lightweight GTK+ clipboard manager -------------------------------------------------------------------------------- Update Information: This update fixes a problem with two duplicate action keys, several translation issues and a crash that occurred when right-clicking empty lines in the history. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 3 2014 Christoph Wickert <cwickert@xxxxxxxxxxxxxxxxx> - 1.1.7-2 - Add 6 upstream patches to fix three segfaults (#1038899 is one of them), case-sensitive search, search-as-you-type and updates Russian translations * Wed Oct 16 2013 Christoph Wickert <cwickert@xxxxxxxxxxxxxxxxx> - 1.1.7-1 - Update to 1.1.7 (#1019649) -------------------------------------------------------------------------------- References: [ 1 ] Bug #913586 - [abrt] parcellite-1.1.4-1.fc18: _dbus_abort: Process /usr/bin/parcellite was killed by signal 6 (SIGABRT) https://bugzilla.redhat.com/show_bug.cgi?id=913586 [ 2 ] Bug #949190 - [abrt] parcellite-1.1.4-1.fc18: g_malloc0: Process /usr/bin/parcellite was killed by signal 5 (SIGTRAP) https://bugzilla.redhat.com/show_bug.cgi?id=949190 [ 3 ] Bug #1019649 - parcellite-1.1.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1019649 [ 4 ] Bug #1038899 - [abrt] parcellite-1.1.7-1.fc19: set_keys_from_prefs: Process /usr/bin/parcellite was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=1038899 -------------------------------------------------------------------------------- ================================================================================ perl-Encode-2.54-2.fc20 (FEDORA-2014-0150) Character encodings in Perl -------------------------------------------------------------------------------- Update Information: Passing non-string argument to decode_utf8() returned random data. This release fixes it to return stringified value of the argument. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 3 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 1:2.54-2 - Stringify all decode_utf8() arguments (bug #1048134) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1048134 - decode_utf8() returns gibberish on non-string value https://bugzilla.redhat.com/show_bug.cgi?id=1048134 -------------------------------------------------------------------------------- ================================================================================ perl-Perl-Critic-Tics-0.008-1.fc20 (FEDORA-2014-0164) Policies for things that make me wince -------------------------------------------------------------------------------- Update Information: This release avoids warnings about undefined variables. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 3 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 0.008-1 - 0.008 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1047216 - perl-Perl-Critic-Tics-0.008 is available https://bugzilla.redhat.com/show_bug.cgi?id=1047216 -------------------------------------------------------------------------------- ================================================================================ php-sabre-dav-1.8.7-1.fc20 (FEDORA-2014-0134) WebDAV Framework for PHP -------------------------------------------------------------------------------- Update Information: What is SabreDAV SabreDAV allows you to easily add WebDAV support to a PHP application. SabreDAV is meant to cover the entire standard, and attempts to allow integration using an easy to understand API. Feature list: * Fully WebDAV compliant * Supports Windows XP, Windows Vista, Mac OS/X, DavFSv2, Cadaver, Netdrive, Open Office, and probably more. * Passing all Litmus tests. * Supporting class 1, 2 and 3 Webdav servers. * Locking support. * Custom property support. * CalDAV (tested with Evolution, iCal, iPhone and Lightning). * CardDAV (tested with OS/X addressbook, the iOS addressbook and Evolution). * Over 97% unittest code coverage. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1047551 - Review Request: php-sabre-dav - WebDAV Framework for PHP https://bugzilla.redhat.com/show_bug.cgi?id=1047551 -------------------------------------------------------------------------------- ================================================================================ php-sabre-vobject-2.1.3-1.fc20 (FEDORA-2014-0138) Library to parse and manipulate iCalendar and vCard objects -------------------------------------------------------------------------------- Update Information: The VObject library allows you to easily parse and manipulate iCalendar and vCard objects using PHP. The goal of the VObject library is to create a very complete library, with an easy to use API. This project is a spin-off from SabreDAV, where it has been used for several years. The VObject library has 100% unittest coverage. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1047532 - Review Request: php-sabre-vobject - Library to parse and manipulate iCalendar and vCard objects https://bugzilla.redhat.com/show_bug.cgi?id=1047532 -------------------------------------------------------------------------------- ================================================================================ poppler-0.24.3-3.fc20 (FEDORA-2014-0156) PDF rendering library -------------------------------------------------------------------------------- Update Information: Use correct format string for a syntax error. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 3 2014 Marek Kasik <mkasik@xxxxxxxxxx> - 0.24.3-3 - Use correct format string - Resolves: #1048202 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1048199 - poppler: DoS due to a format string error https://bugzilla.redhat.com/show_bug.cgi?id=1048199 -------------------------------------------------------------------------------- ================================================================================ python-libcloud-0.13.3-1.fc20 (FEDORA-2014-0129) A Python library to address multiple cloud provider APIs -------------------------------------------------------------------------------- Update Information: Security Fix - BUG: 1047867 1047868 -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 3 2014 Daniel Bruno <dbruno@xxxxxxxxxxxxxxxxx> - 0.13.3-1 - Security Fix - BUG: 1047867 1047868 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1047867 - CVE-2013-6480 python-libcloud: doesn't send scrub_data query parameter when destroying a DigitalOcean node https://bugzilla.redhat.com/show_bug.cgi?id=1047867 -------------------------------------------------------------------------------- ================================================================================ pywbem-0.7.0-23.20131121svn626.fc20 (FEDORA-2014-0162) Python WBEM Client and Provider Interface -------------------------------------------------------------------------------- Update Information: Skip hostname check when no verification is desired. Work around M2Crypto's inability to handle unicode strings. Adjusted default certificate paths. Fixed TOCTOU vulnerability in certificate validation. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 3 2014 Michal Minar <miminar@xxxxxxxxxx> 0.7.0-23.20131121svn656 - Skip hostname check when no verification is desired. * Fri Dec 27 2013 Michal Minar <miminar@xxxxxxxxxx> 0.7.0-22.20131121svn656 - Work around M2Crypto's inability to handle unicode strings. * Wed Dec 18 2013 Michal Minar <miminar@xxxxxxxxxx> 0.7.0-21.20131121svn656 - Adjusted default certificates paths searched for cert validation. * Tue Dec 17 2013 Michal Minar <miminar@xxxxxxxxxx> 0.7.0-20.20131121svn656 - Tweaked the ssl_verify_host patch. * Mon Dec 16 2013 Michal Minar <miminar@xxxxxxxxxx> 0.7.0-18.20131121svn656 - Fixes TOCTOU vulnerability in certificate validation. - Resolves: rhbz#1026891 -------------------------------------------------------------------------------- ================================================================================ quiterss-0.14.2-1.fc20 (FEDORA-2014-0140) RSS/Atom aggregator -------------------------------------------------------------------------------- Update Information: Version bump. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 3 2014 TI_Eugene <ti.eugene@xxxxxxxxx> - 0.14.2-1 - Version bump -------------------------------------------------------------------------------- ================================================================================ xfig-3.2.5-38.b.fc20 (FEDORA-2014-0153) An X Window System tool for drawing basic vector graphics -------------------------------------------------------------------------------- Update Information: Fix crash when creating lines with linestyle 3 -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 3 2014 Michal Srb <msrb@xxxxxxxxxx> - 3.2.5-38.b - Fix crash when creating lines with linestyle 3 - Resolves: rhbz#1023744 (Thanks to Maurizio Paolini and David Kaufmann) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1023744 - xfig crashes when creating lines with linestyle 4 https://bugzilla.redhat.com/show_bug.cgi?id=1023744 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
