The following Fedora 19 Security updates need testing: Age URL 88 https://admin.fedoraproject.org/updates/FEDORA-2013-19262/quassel-0.9.1-1.fc19 81 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 26 https://admin.fedoraproject.org/updates/FEDORA-2013-23592/rubygem-actionpack-3.2.13-3.fc19 26 https://admin.fedoraproject.org/updates/FEDORA-2013-23622/ibus-chewing-1.4.4-1.fc19 18 https://admin.fedoraproject.org/updates/FEDORA-2013-24023/varnish-3.0.5-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-0398/cantata-1.2.2-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-0467/libXfont-1.4.5-5.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-0508/drupal7-entity-1.3-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-0574/flite-1.3-20.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-0567/strongswan-5.1.1-4.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-0094/rubygem-will_paginate-3.0.4-5.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-0621/graphviz-2.30.1-12.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-0719/openjpeg-1.5.1-8.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22883/qt3-3.3.8b-56.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0858/bind-9.9.3-14.P2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22932/qt-4.8.5-14.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0850/puppet-3.4.2-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0797/libinfinity-0.5.5-1.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 55 https://admin.fedoraproject.org/updates/FEDORA-2013-21772/unzip-6.0-11.fc19 29 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-0158/perl-Encode-2.54-2.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-0051/libldb-1.1.16-4.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-0250/qtwebkit-2.3.3-3.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-0452/popt-1.16-2.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-0498/livecd-tools-19.8-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-0525/ca-certificates-2013.1.96-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-0517/pcre-8.32-8.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-0437/satyr-0.13-1.fc19,abrt-2.1.11-1.fc19,libreport-2.1.11-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-0630/control-center-3.8.5-2.fc19,accountsservice-0.6.35-3.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-0636/selinux-policy-3.12.1-74.17.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-0639/rtkit-0.11-8.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-0719/openjpeg-1.5.1-8.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0858/bind-9.9.3-14.P2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0847/ibus-1.5.5-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0752/firewalld-0.3.9-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0739/colord-1.0.6-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0749/util-linux-2.23.2-5.fc19 The following builds have been pushed to Fedora 19 updates-testing NLopt-2.4.1-5.fc19 bind-9.9.3-14.P2.fc19 corosync-2.3.3-1.fc19 cpuid-20140112-1.fc19 duplicity-0.6.22-4.fc19 findbugs-bcel-5.3-0.2.20130910svn1521566.fc19 fswebcam-20140113-1.fc19 gnome-commander-1.2.8.17-1.fc19 google-android-emoji-fonts-1.01-0.1.20120228git.fc19 ibus-1.5.5-1.fc19 jFormatString-0-0.14.20131227git.fc19 keepalived-1.2.10-1.fc19 knot-1.4.1-1.fc19 libinfinity-0.5.5-1.fc19 mediawiki-1.21.4-1.fc19 nodejs-grunt-cli-0.1.11-1.fc19 nodejs-joosex-simplerequest-0.2.2-4.fc19 open-sans-fonts-1.10-1.fc19 openscap-1.0.3-1.fc19 php-pecl-rrd-1.1.2-1.fc19 puppet-3.4.2-1.fc19 python-argcomplete-0.6.7-1.fc19 python-argcomplete-0.6.7-2.fc19 python-patsy-0.2.1-2.fc19 qt-4.8.5-14.fc19 qt3-3.3.8b-56.fc19 qt5-qtbase-5.2.0-4.fc19 qtchooser-39-1.fc19 sddm-kcm-0-0.2.20140114gitfe615f21.fc19 srm-1.2.12-1.fc19 will-crash-0.6-1.fc19 Details about builds: ================================================================================ NLopt-2.4.1-5.fc19 (FEDORA-2014-0820) Open-Source library for nonlinear optimization -------------------------------------------------------------------------------- Update Information: fixed description-file for octave-NLopt (#1048510) * fixed nlopt.pc to reflect the correct lib to link against -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Björn Esser <bjoern.esser@xxxxxxxxx> - 2.4.1-5 - fixed description-file for octave-NLopt (#1048510) * Tue Jan 14 2014 Björn Esser <bjoern.esser@xxxxxxxxx> - 2.4.1-4 - fixed nlopt.pc to reflect the correct lib to link against * Sat Dec 28 2013 Kevin Fenzi <kevin@xxxxxxxxx> - 2.4.1-3 - Rebuild to fix broken deps * Sat Dec 28 2013 Björn Esser <bjoern.esser@xxxxxxxxx> - 2.4.1-2 - rebuild for octave-3.8.0-rc2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1048510 - octave-NLopt install errors https://bugzilla.redhat.com/show_bug.cgi?id=1048510 -------------------------------------------------------------------------------- ================================================================================ bind-9.9.3-14.P2.fc19 (FEDORA-2014-0858) The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server -------------------------------------------------------------------------------- Update Information: Fixed CVE-2014-0591. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Tomas Hozza <thozza@xxxxxxxxxx> 32:9.9.3-14.P2 - Fix CVE-2014-0591 * Thu Nov 28 2013 Tomas Hozza <thozza@xxxxxxxxxx> 32:9.9.3-13.P2 - Fixed memory leak in nsupdate if 'realm' was used multiple times (#984687) * Thu Oct 31 2013 Tomas Hozza <thozza@xxxxxxxxxx> 32:9.9.3-12.P2 - Correct the upstream patch for #794940 * Wed Oct 30 2013 Tomas Hozza <thozza@xxxxxxxxxx> 32:9.9.3-11.P2 - Use upstream version of patch for previously fixed #794940 - Create symlink /var/named/chroot/var/run -> /var/named/chroot/run - Added session-keyfile statement into default named.conf since we use /run/named * Fri Oct 18 2013 Tomas Hozza <thozza@xxxxxxxxxx> 32:9.9.3-10.P2 - Fix race condition on send buffers in dighost.c (#794940) * Tue Oct 8 2013 Tomas Hozza <thozza@xxxxxxxxxx> 32:9.9.3-9.P2 - install isc/errno2result.h header * Tue Sep 10 2013 Tomas Hozza <thozza@xxxxxxxxxx> 32:9.9.3-8.P2 - Fix [ISC-Bugs #34738] dns_journal_open() returns a pointer to stack * Fri Aug 16 2013 Tomas Hozza <thozza@xxxxxxxxxx> 32:9.9.3-7.P2 - Don't generate rndc.key if there exists rndc.conf * Fri Aug 16 2013 Tomas Hozza <thozza@xxxxxxxxxx> 32:9.9.3-6.P2 - don't install named-sdb.service if SDB macro is defined to zero -------------------------------------------------------------------------------- References: [ 1 ] Bug #1051717 - CVE-2014-0591 bind: named crash when handling malformed NSEC3-signed zones https://bugzilla.redhat.com/show_bug.cgi?id=1051717 -------------------------------------------------------------------------------- ================================================================================ corosync-2.3.3-1.fc19 (FEDORA-2014-0801) The Corosync Cluster Engine and Application Programming Interfaces -------------------------------------------------------------------------------- Update Information: This update improves stability and addresses several bugs -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Jan Friesse <jfriesse@xxxxxxxxxx> - 2.3.3-1 - New upstream release -------------------------------------------------------------------------------- ================================================================================ cpuid-20140112-1.fc19 (FEDORA-2014-0848) Dumps information about the CPU(s) -------------------------------------------------------------------------------- Update Information: * Tue Jan 14 2014 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 20140114-1 - Update to new upstream version 20130114 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 20140114-1 - Update to new upstream version 20130114 * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 20130610-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ duplicity-0.6.22-4.fc19 (FEDORA-2014-0823) Encrypted bandwidth-efficient backup using rsync algorithm -------------------------------------------------------------------------------- Update Information: Added runtime requirement to python-dropbox -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.6.22-4 - Added runtime requirement to python-dropbox (#1048656) * Fri Dec 27 2013 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.6.22-3 - Fix ssl cert enforcement (rhbz#960860) - Fix bogus date in changelog * Thu Dec 26 2013 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 0.6.22-2 - Added runtime requirement to python-paramiko (#819272, #918933) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1048656 - duplicity prints a non-fatal error message https://bugzilla.redhat.com/show_bug.cgi?id=1048656 -------------------------------------------------------------------------------- ================================================================================ findbugs-bcel-5.3-0.2.20130910svn1521566.fc19 (FEDORA-2014-0837) Byte Code Engineering Library for FindBugs -------------------------------------------------------------------------------- Update Information: Added Maven depmap -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Marek Goldmann <mgoldman@xxxxxxxxxx> - 5.3-0.2.20130910svn1521566 - Add com.google.code.findbugs:bcel Maven mapping, RHBZ#1052087 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1052087 - findbugs-bcel: Add com.google.code.findbugs:bcel Maven mapping https://bugzilla.redhat.com/show_bug.cgi?id=1052087 -------------------------------------------------------------------------------- ================================================================================ fswebcam-20140113-1.fc19 (FEDORA-2014-0793) Tiny and flexible webcam program -------------------------------------------------------------------------------- Update Information: * Tue Jan 14 2014 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 20140113-1 - Update to new upstream version 20140113 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 20140113-1 - Update to new upstream version 20140113 * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 20110717-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Jun 26 2013 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 20110717-6 - Spec file updated * Tue Jun 11 2013 Remi Collet <rcollet@xxxxxxxxxx> - 20110717-5 - Rebuild for new GD 2.1.0 -------------------------------------------------------------------------------- ================================================================================ gnome-commander-1.2.8.17-1.fc19 (FEDORA-2014-0830) A nice and fast file manager for the GNOME desktop -------------------------------------------------------------------------------- Update Information: New version 1.2.8.17 is released. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 4:1.2.8.17-1 - Update to 1.2.8.17 * Thu Dec 26 2013 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 4:1.2.8.16-1 - Update to 1.2.8.16 -------------------------------------------------------------------------------- ================================================================================ google-android-emoji-fonts-1.01-0.1.20120228git.fc19 (FEDORA-2014-0863) Android Emoji font released by Google -------------------------------------------------------------------------------- Update Information: New package, Android Emoji font released by Google. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1049076 - Review Request: google-android-emoji-fonts - Android Emoji font released by Google https://bugzilla.redhat.com/show_bug.cgi?id=1049076 -------------------------------------------------------------------------------- ================================================================================ ibus-1.5.5-1.fc19 (FEDORA-2014-0847) Intelligent Input Bus for Linux OS -------------------------------------------------------------------------------- Update Information: This release includes bug fixes and features. Each bug description explains itself. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.5-1 - Bumped to 1.5.5 - Deleted notify-python in Requires -------------------------------------------------------------------------------- References: [ 1 ] Bug #1013651 - fi_FI compose keys not working with ibus https://bugzilla.redhat.com/show_bug.cgi?id=1013651 [ 2 ] Bug #1037999 - [abrt] ibus-1.5.4-2.fc20: panel_switch_engine: Process /usr/libexec/ibus-ui-gtk3 was killed by signal 6 (SIGABRT) https://bugzilla.redhat.com/show_bug.cgi?id=1037999 [ 3 ] Bug #1047833 - ibus compose/candidates windows placement needs to be more intelligent https://bugzilla.redhat.com/show_bug.cgi?id=1047833 [ 4 ] Bug #1050817 - ibus should no longer require notify-python https://bugzilla.redhat.com/show_bug.cgi?id=1050817 -------------------------------------------------------------------------------- ================================================================================ jFormatString-0-0.14.20131227git.fc19 (FEDORA-2014-0783) Java format string compile-time checker -------------------------------------------------------------------------------- Update Information: Added Maven depmap -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Marek Goldmann <mgoldman@xxxxxxxxxx> - 0-0.14.20131227git - Add com.google.code.findbugs:jFormatString Maven mapping, RHBZ#1052089 * Fri Dec 27 2013 Richard Fearn <richardfearn@xxxxxxxxx> - 0-0.13.20131227git - Bump release after fixing incoherent-version-in-changelog rpmlint warning * Fri Dec 27 2013 Richard Fearn <richardfearn@xxxxxxxxx> - 0-0.12.20131227git - Build using source from new Google Code j-format-string project -------------------------------------------------------------------------------- References: [ 1 ] Bug #1052089 - jFormatString: Add com.google.code.findbugs:jFormatString Maven mapping https://bugzilla.redhat.com/show_bug.cgi?id=1052089 -------------------------------------------------------------------------------- ================================================================================ keepalived-1.2.10-1.fc19 (FEDORA-2014-0856) High Availability monitor built upon LVS, VRRP and service pollers -------------------------------------------------------------------------------- Update Information: Update to version 1.2.10. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Ryan O'Hara <rohara@xxxxxxxxxx> - 1.2.10-1 - Update to 1.2.10. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1048443 - keepalived-1.2.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1048443 -------------------------------------------------------------------------------- ================================================================================ knot-1.4.1-1.fc19 (FEDORA-2014-0827) An authoritative DNS daemon -------------------------------------------------------------------------------- Update Information: update to new upstream version -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Jan Vcelak <jvcelak@xxxxxxxxxxxxxxxxx> 1.4.1-1 - update to 1.4.1 -------------------------------------------------------------------------------- ================================================================================ libinfinity-0.5.5-1.fc19 (FEDORA-2014-0797) Library implementing the infinote protocol -------------------------------------------------------------------------------- Update Information: * Fix a crash in infinoted when nmap scans the infinote port (Rainer Rehak). -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Till Maas <opensource@xxxxxxxxx> - 0.5.5-1 - Update to new release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1052396 - libinfinity-0.5.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1052396 -------------------------------------------------------------------------------- ================================================================================ mediawiki-1.21.4-1.fc19 (FEDORA-2014-0803) A wiki engine -------------------------------------------------------------------------------- Update Information: - Update to 1.21.4 - (bug 57550) (CVE-2013-6452) SECURITY: Disallow stylesheets in SVG Uploads - (bug 58088) (CVE-2013-6451) SECURITY: Don't normalize U+FF3C to \ in CSS Checks - (bug 58472) (CVE-2013-6454) SECURITY: Disallow -o-link in styles - (bug 58553) (CVE-2013-6453) SECURITY: Return error on invalid XML for SVG Uploads - (bug 58699) (CVE-2013-6472) SECURITY: Fix RevDel log entry information leaks -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> - 1.21.4-1 - Security update to 1.19.10 - (bug 57550) (CVE-2013-6452) SECURITY: Disallow stylesheets in SVG Uploads - (bug 58088) (CVE-2013-6451) SECURITY: Don't normalize U+FF3C to \ in CSS Checks - (bug 58472) (CVE-2013-6454) SECURITY: Disallow -o-link in styles - (bug 58553) (CVE-2013-6453) SECURITY: Return error on invalid XML for SVG Uploads - (bug 58699) (CVE-2013-6472) SECURITY: Fix RevDel log entry information leaks -------------------------------------------------------------------------------- References: [ 1 ] Bug #1052874 - New mediawiki security releases have been released https://bugzilla.redhat.com/show_bug.cgi?id=1052874 -------------------------------------------------------------------------------- ================================================================================ nodejs-grunt-cli-0.1.11-1.fc19 (FEDORA-2014-0782) Command-line interface for Grunt, the JavaScript testing framework -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #977122 - Review Request: nodejs-grunt-cli - The grunt command-line interface https://bugzilla.redhat.com/show_bug.cgi?id=977122 -------------------------------------------------------------------------------- ================================================================================ nodejs-joosex-simplerequest-0.2.2-4.fc19 (FEDORA-2014-0809) Simple XHR request abstraction for Node.js -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #968604 - Review Request: nodejs-joosex-simplerequest - Simple XHR request abstraction for Node.js https://bugzilla.redhat.com/show_bug.cgi?id=968604 -------------------------------------------------------------------------------- ================================================================================ open-sans-fonts-1.10-1.fc19 (FEDORA-2014-0812) Open Sans is a humanist sans-serif typeface designed by Steve Matteson -------------------------------------------------------------------------------- Update Information: Open Sans is a humanist sans serif typeface designed by Steve Matteson, Type Director of Ascender Corp. This version contains the complete 897 character set, which includes the standard ISO Latin 1, Latin CE, Greek and Cyrillic character sets. Open Sans was designed with an upright stress, open forms and a neutral, yet friendly appearance. It was optimized for print, web, and mobile interfaces, and has excellent legibility characteristics in its letter forms. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1035897 - Review Request: open-sans-fonts - a humanist sans-serif typeface https://bugzilla.redhat.com/show_bug.cgi?id=1035897 -------------------------------------------------------------------------------- ================================================================================ openscap-1.0.3-1.fc19 (FEDORA-2014-0849) Set of open source libraries enabling integration of the SCAP line of standards -------------------------------------------------------------------------------- Update Information: OpenSCAP 1.0.3 brings minor bug fixes. Update to new upstream release: OpenSCAP 1.0.2. Vast majority of the changes are bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Šimon Lukašík <slukasik@xxxxxxxxxx> - 1.0.3-1 - upgrade - This upstream release addresses: #1052142 * Fri Jan 10 2014 Šimon Lukašík <slukasik@xxxxxxxxxx> - 1.0.2-1 - upgrade - This upstream release addresses: #1018291, #1029879, #1026833 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1052142 - partition_test fails with huge values in *space* system data https://bugzilla.redhat.com/show_bug.cgi?id=1052142 -------------------------------------------------------------------------------- ================================================================================ php-pecl-rrd-1.1.2-1.fc19 (FEDORA-2014-0805) PHP Bindings for rrdtool -------------------------------------------------------------------------------- Update Information: Upstream changelog: * closing connection to rrd caching daemon #66088 * better documentation for RRDGraph::setOptions #65756 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.1.2-1 - Update to 1.1.2 (stable) - install doc in pecl doc_dir - install tests in pecl test_dir - add conditional build of ZTS extension -------------------------------------------------------------------------------- ================================================================================ puppet-3.4.2-1.fc19 (FEDORA-2014-0850) A network tool for managing many disparate systems -------------------------------------------------------------------------------- Update Information: Update to 3.4.2 to mitigate CVE-2013-4969 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Sam Kottler <skottler@xxxxxxxxxxxxxxxxx> - 3.4.2-1 - Update to 3.4.2 to mitigate CVE-2013-4969 (BZ#1047792) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1047792 - CVE-2013-4969 Puppet: Unsafe use of Temp files in File type [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1047792 -------------------------------------------------------------------------------- ================================================================================ python-argcomplete-0.6.7-1.fc19 (FEDORA-2014-0816) Bash tab completion for argparse -------------------------------------------------------------------------------- Update Information: Applying latest patch (0.6.7) of argcomplete. Pushing new build for update as previous was not picked up. -------------------------------------------------------------------------------- ================================================================================ python-argcomplete-0.6.7-2.fc19 (FEDORA-2014-0784) Bash tab completion for argparse -------------------------------------------------------------------------------- Update Information: Removing '%exclude %{python_sitelib}/test' fom %files as no longer needed. -------------------------------------------------------------------------------- ================================================================================ python-patsy-0.2.1-2.fc19 (FEDORA-2014-0804) Describing statistical models in Python using symbolic formulas -------------------------------------------------------------------------------- Update Information: A Python package for describing statistical models and for building design matrices. -------------------------------------------------------------------------------- ================================================================================ qt-4.8.5-14.fc19 (FEDORA-2013-22932) Qt toolkit -------------------------------------------------------------------------------- Update Information: Qt Project Security Advisory: XML Entity Expansion Denial of Service (CVE-2013-4549) See also http://lists.qt-project.org/pipermail/announce/2013-December/000036.html In addition, this update: * adds support for discovering printers shared by CUPS 1.6, * adds support for the aarch64 architecture, * fixes QTBUG-35459, a too low character limit for XML entities enforced by the fix for CVE-2013-4549 that was breaking real-world XML files (in particular, the KatePart Lilypond syntax highlighting description), * fixes QTBUG-35460, a misspelling in the error message produced by the CVE-2013-4549 fix when the character limit for XML entities was exceeded. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> - 4.8.5-14 - fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549) - fix QTBUG-35460 (error message for CVE-2013-4549 is misspelled) * Mon Dec 23 2013 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 4.8.5-13 - Add support for aarch64 (#1046360) * Thu Dec 5 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.8.5-12 - XML Entity Expansion Denial of Service (CVE-2013-4549) -------------------------------------------------------------------------------- References: [ 1 ] Bug #980952 - RFE: Discover printers shared by CUPS 1.6 https://bugzilla.redhat.com/show_bug.cgi?id=980952 -------------------------------------------------------------------------------- ================================================================================ qt3-3.3.8b-56.fc19 (FEDORA-2013-22883) The shared library for the Qt 3 GUI toolkit -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2013-4549 (XML Entity Expansion Denial of Service) in Qt 3. See the Qt Project Security Advisory for details: http://lists.qt-project.org/pipermail/announce/2013-December/000036.html In addition, this update fixes: * QTBUG-35459, a too low character limit for XML entities enforced by the fix for CVE-2013-4549 that was breaking real-world XML files (in particular, the KatePart Lilypond syntax highlighting description), * QTBUG-35460, a misspelling in the error message produced by the CVE-2013-4549 fix when the character limit for XML entities was exceeded, * some minor format string abuse that was probably not exploitable (most instances definitely weren't). -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> - 3.3.8b-56 - work around -Werror=format-security false positives (#1037297) * Mon Jan 13 2014 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> - 3.3.8b-55 - fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549) - fix QTBUG-35460 (error message for CVE-2013-4549 is misspelled) * Thu Dec 5 2013 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> - 3.3.8b-54 - backport CVE-2013-4549 fix from Qt 4 * Tue Aug 27 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 3.3.8b-53 - trim changelog * Tue Aug 27 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 3.3.8b-52 - strip extraneous libs from .pc/.prl files - -devel: due to ^^, drop non-X11-related deps too * Mon Aug 26 2013 Jon Ciesla <limburgher@xxxxxxxxx> - 3.3.8b-51 - libmng rebuild. * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.3.8b-50 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Jul 17 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 3.3.8b-49 - Perl 5.18 rebuild * Thu Apr 25 2013 Than Ngo <than@xxxxxxxxxx> - 3.3.8b-48 - build with -fno-strict-aliasing - drop deprecated Encoding -------------------------------------------------------------------------------- ================================================================================ qt5-qtbase-5.2.0-4.fc19 (FEDORA-2014-0853) Qt5 - QtBase components -------------------------------------------------------------------------------- Update Information: This update fixes: * building against QtSql, by requiring all the SQL plugins in qt5-qtbase-devel so they are detected at build time, * QTBUG-35459, a too low character limit for XML entities enforced by the recent fix for CVE-2013-4549 that was breaking real-world XML files (in particular, the KatePart Lilypond syntax highlighting description), * QTBUG-35460, a misspelling in the error message produced by the recent CVE-2013-4549 fix when the character limit for XML entities was exceeded. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> - 5.2.0-4 - fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549) - fix QTBUG-35460 (error message for CVE-2013-4549 is misspelled) - reenable docs on Fedora (accidentally disabled) * Mon Jan 13 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 5.2.0-3 - move sql build deps into subpkg sections - macro'ize ibase,tds support (disabled on rhel) * Thu Jan 2 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 5.2.0-2 - -devel: qtsql apparently wants all drivers available at buildtime -------------------------------------------------------------------------------- ================================================================================ qtchooser-39-1.fc19 (FEDORA-2014-0794) Qt Chooser -------------------------------------------------------------------------------- Update Information: Qt Chooser provides a wrapper to switch between versions of Qt development binaries when multiple versions like 4 and 5 are installed or local Qt builds are to be used. -------------------------------------------------------------------------------- References: [ 1 ] Bug #895149 - Review Request: qtchooser - Qt Chooser https://bugzilla.redhat.com/show_bug.cgi?id=895149 -------------------------------------------------------------------------------- ================================================================================ sddm-kcm-0-0.2.20140114gitfe615f21.fc19 (FEDORA-2014-0802) SDDM KDE configuration module -------------------------------------------------------------------------------- Update Information: Updated to the latest upstream commit. Fixes theme display New package -------------------------------------------------------------------------------- ================================================================================ srm-1.2.12-1.fc19 (FEDORA-2014-0845) Secure file deletion -------------------------------------------------------------------------------- Update Information: * Tue Jan 14 2014 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 1.2.12-1 - Update to new upstream version 1.2.12 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 1.2.12-1 - Update to new upstream version 1.2.12 * Sat Sep 7 2013 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 1.2.11-8 - Spec file update * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2.11-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ will-crash-0.6-1.fc19 (FEDORA-2014-0785) Set of crashing executables written in various languages -------------------------------------------------------------------------------- Update Information: Version bump New version 0.5 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Richard Marko <rmarko@xxxxxxxxxxxxxxxxx> - 0.6-1 - Version bump - added will_cpp_segfault - reworked will_segfault to produce more stack frames * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Fri May 3 2013 Jiri Moskovcak <jmoskovc@xxxxxxxxxx> 0.5-1 - new upstream release - 0.5 - added will_oops -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test