Fedora 19 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 19 Security updates need testing:
 Age  URL
 131  https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19
  68  https://admin.fedoraproject.org/updates/FEDORA-2013-24023/varnish-3.0.5-1.fc19
  50  https://admin.fedoraproject.org/updates/FEDORA-2014-0797/libinfinity-0.5.5-1.fc19
  22  https://admin.fedoraproject.org/updates/FEDORA-2014-2260/NetworkManager-ssh-0.9.2-0.2.20140209git46247c2.fc19
  20  https://admin.fedoraproject.org/updates/FEDORA-2014-2445/augeas-1.2.0-1.fc19
  20  https://admin.fedoraproject.org/updates/FEDORA-2014-2439/maradns-2.0.09-1.fc19
  14  https://admin.fedoraproject.org/updates/FEDORA-2014-2710/zabbix-2.0.11-2.fc19
  12  https://admin.fedoraproject.org/updates/FEDORA-2014-2825/postgresql-9.2.7-1.fc19
  11  https://admin.fedoraproject.org/updates/FEDORA-2014-2967/openldap-2.4.39-2.fc19
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-3192/freeradius-2.2.3-7.fc19
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-3232/rubygem-actionpack-3.2.13-5.fc19
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-3253/v8-3.14.5.10-6.fc19
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-3344/mediawiki-1.21.6-1.fc19
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-3405/php-sabre-dav-1.8.9-1.fc19
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-3420/ReviewBoard-1.7.22-1.fc19
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-3448/kernel-3.13.5-103.fc19
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-3423/net-snmp-5.7.2-14.fc19
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-3440/mantis-1.2.17-1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-3485/libssh-0.6.3-1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-3491/imapsync-1.584-2.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-3453/catfish-0.4.0.2-4.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-3493/mingw-gnutls-3.1.22-1.fc19


The following Fedora 19 Critical Path updates have yet to be approved:
 Age URL
  79  https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19
  11  https://admin.fedoraproject.org/updates/FEDORA-2014-2901/keyutils-1.5.9-1.fc19
  11  https://admin.fedoraproject.org/updates/FEDORA-2014-2967/openldap-2.4.39-2.fc19
   9  https://admin.fedoraproject.org/updates/FEDORA-2014-3052/langtable-0.0.24-1.fc19
   9  https://admin.fedoraproject.org/updates/FEDORA-2014-3030/selinux-policy-3.12.1-74.19.fc19
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-3103/hwdata-0.261-1.fc19
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-3134/krb5-1.11.3-21.fc19
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-3243/cryptsetup-1.6.4-1.fc19
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-3178/audit-2.3.4-1.fc19
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-3282/iproute-3.12.0-2.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-3308/hicolor-icon-theme-0.13-1.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-3179/kde-workspace-4.11.7-1.fc19
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-3340/gdisk-0.8.9-1.fc19
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-3367/nss-util-3.15.5-1.fc19,nss-softokn-3.15.5-2.fc19,nss-3.15.5-1.fc19
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-3448/kernel-3.13.5-103.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-3455/curl-7.29.0-15.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-3450/bind-9.9.3-15.P2.fc19


The following builds have been pushed to Fedora 19 updates-testing

    abi-compliance-checker-1.99.9-1.fc19
    abi-dumper-0.99.8-1.fc19
    anyremote-6.4-1.fc19
    api-sanity-checker-1.98.6-1.fc19
    asterisk-11.8.0-1.fc19
    avr-gcc-4.8.2-2.fc19
    bind-9.9.3-15.P2.fc19
    canl-java-1.3.1-1.fc19
    catfish-0.4.0.2-4.fc19
    curl-7.29.0-15.fc19
    fldigi-3.21.78-1.fc19
    gnome-chemistry-utils-0.14.7-3.fc19
    gnulib-0-7.20140225git.fc19
    gnumeric-1.12.12-1.fc19
    goffice-0.10.12-1.fc19
    imapsync-1.584-2.fc19
    ksh-20120801-15.fc19
    libreoffice-4.1.5.3-4.fc19
    libssh-0.6.3-1.fc19
    mingw-gnutls-3.1.22-1.fc19
    pogo-0.8.1-4.fc19
    quota-4.01-9.fc19
    rubygem-cinch-2.1.0-1.fc19
    sandbox-runner-data-0.3.5-1.fc19
    shogun-data-0.8.1-0.2.git20140303.6615cf0.fc19
    wget-1.14-10.fc19

Details about builds:


================================================================================
 abi-compliance-checker-1.99.9-1.fc19 (FEDORA-2014-3501)
 An ABI Compliance Checker
--------------------------------------------------------------------------------
Update Information:

Update to latest upstream release. See ChangeLog for more details.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  4 2014 Richard Shaw <hobbes1069@xxxxxxxxx> - 1.99.9-1
- Update to latest bugfix release.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1057012 - abi-compliance-checker-1.99.9 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1057012
--------------------------------------------------------------------------------


================================================================================
 abi-dumper-0.99.8-1.fc19 (FEDORA-2014-3456)
 Tool to dump ABI of an ELF object containing DWARF debug info
--------------------------------------------------------------------------------
Update Information:

* Update to latest upstream release
- Support for _string_ data type
- Added -dir option
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  4 2014 Richard Shaw <hobbes1069@xxxxxxxxx> - 0.99.8-1
- Update to latest upstream release.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1072222 - abi-dumper-0.99.8 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1072222
--------------------------------------------------------------------------------


================================================================================
 anyremote-6.4-1.fc19 (FEDORA-2014-3461)
 Remote control through bluetooth or Wi-Fi connection
--------------------------------------------------------------------------------
Update Information:

v6.4
v6.3.2
v6.3.1
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar  2 2014 Mikhail Fedotov <anyremote at mail.ru> - 6.4
- Support for keyboard and mouse emulation events for Android client.
--------------------------------------------------------------------------------


================================================================================
 api-sanity-checker-1.98.6-1.fc19 (FEDORA-2014-3474)
 An automatic generator of basic unit tests for a shared C/C++ library
--------------------------------------------------------------------------------
Update Information:

Update to latest upstream release.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  4 2014 Richard Shaw <hobbes1069@xxxxxxxxx> - 1.98.6-1
- Update to latest upstrem release.
* Sat Aug  3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx>
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jul 17 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 1.98-3
- Perl 5.18 rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1026668 - api-sanity-checker-12.11 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1026668
--------------------------------------------------------------------------------


================================================================================
 asterisk-11.8.0-1.fc19 (FEDORA-2014-3478)
 The Open Source PBX
--------------------------------------------------------------------------------
Update Information:

The Asterisk Development Team has announced the release of Asterisk 11.8.0.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 11.8.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-22544 - Italian prompt vm-options has advertisement in
      it (Reported by Rusty Newton)
 * ASTERISK-21383 - STUN Binding Requests Not Being Sent Back from
      Asterisk to Chrome (Reported by Shaun Clark)
 * ASTERISK-22478 - [patch]Can't use pound(hash) symbol for custom
      DTMF menus in ConfBridge (processed as directive) (Reported by
      Nicolas Tanski)
 * ASTERISK-12117 - chan_sip creates a new local tag (from-tag) for
      every register message (Reported by Pawel Pierscionek)
 * ASTERISK-20862 - Asterisk min and max member penalties not
      honored when set with 0 (Reported by Schmooze Com)
 * ASTERISK-22746 - [patch]Crash in chan_dahdi during caller id
      read (Reported by Michael Walton)
 * ASTERISK-22788 - [patch] main/translate.c: access to variable f
      after free in ast_translate() (Reported by Corey Farrell)
 * ASTERISK-21242 - Segfault when T.38 re-invite retransmission
      receives 200 OK (Reported by Ashley Winters)
 * ASTERISK-22590 - BufferOverflow in unpacksms16() when receiving
      16 bit multipart SMS with app_sms (Reported by Jan Juergens)
 * ASTERISK-22905 - Prevent Asterisk functions that are 'dangerous'
      from being executed from external interfaces (Reported by Matt
      Jordan)
 * ASTERISK-23021 - Typos in code : "avaliable" instead of
      "available" (Reported by Jeremy Lainé)
 * ASTERISK-22970 - [patch]Documentation fix for QUOTE() (Reported
      by Gareth Palmer)
 * ASTERISK-21960 - ooh323 channels stuck (Reported by Dmitry
      Melekhov)
 * ASTERISK-22350 - DUNDI - core dump on shutdown - segfault in
      sqlite3_reset from /usr/lib/libsqlite3.so.0 (Reported by Birger
      "WIMPy" Harzenetter)
 * ASTERISK-22942 - [patch] - Asterisk crashed after
      Set(FAXOPT(faxdetect)=t38) (Reported by adomjan)
 * ASTERISK-22856 - [patch]SayUnixTime in polish reads minutes
      instead of seconds (Reported by Robert Mordec)
 * ASTERISK-22854 - [patch] - Deadlock between cel_pgsql unload and
      core_event_dispatcher taskprocessor thread (Reported by Etienne
      Lessard)
 * ASTERISK-22910 - [patch] - REPLACE() calls strcpy on overlapping
      memory when <replace-char> is empty (Reported by Gareth Palmer)
 * ASTERISK-22871 - cel_pgsql module not loading after "reload" or
      "reload cel_pgsql.so" command (Reported by Matteo)
 * ASTERISK-23084 - [patch]rasterisk needlessly prints the
      AST-2013-007 warning (Reported by Tzafrir Cohen)
 * ASTERISK-17138 - [patch] Asterisk not re-registering after it
      receives "Forbidden - wrong password on authentication"
      (Reported by Rudi)
 * ASTERISK-23011 - [patch]configure.ac and pbx_lua don't support
      lua 5.2 (Reported by George Joseph)
 * ASTERISK-22834 - Parking by blind transfer when lot full orphans
      channels (Reported by rsw686)
 * ASTERISK-23047 - Orphaned (stuck) channel occurs during a failed
      SIP transfer to parking space (Reported by Tommy Thompson)
 * ASTERISK-22946 - Local From tag regression with sipgate.de
      (Reported by Stephan Eisvogel)
 * ASTERISK-23010 - No BYE message sent when sip INVITE is received
      (Reported by Ryan Tilton)
 * ASTERISK-23135 - Crash - segfault in ast_channel_hangupcause_set
      - probably introduced in 11.7.0 (Reported by OK)

Improvements made in this release:
-----------------------------------
 * ASTERISK-22728 - [patch] Improve Understanding Of 'Forcerport'
      When Running "sip show peers" (Reported by Michael L. Young)
 * ASTERISK-22659 - Make a new core and extra sounds release
      (Reported by Rusty Newton)
 * ASTERISK-22919 - core show channeltypes slicing  (Reported by
      outtolunc)
 * ASTERISK-22918 - dahdi show channels slices PRI channel dnid on
      output (Reported by outtolunc)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.8.0
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  4 2014 Jeffrey Ollie <jeff@xxxxxxxxxx> - 11.8.0-1:
- The Asterisk Development Team has announced the release of Asterisk 11.8.0.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 11.8.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following are the issues resolved in this release:
-
- Bugs fixed in this release:
- -----------------------------------
-  * ASTERISK-22544 - Italian prompt vm-options has advertisement in
-       it (Reported by Rusty Newton)
-  * ASTERISK-21383 - STUN Binding Requests Not Being Sent Back from
-       Asterisk to Chrome (Reported by Shaun Clark)
-  * ASTERISK-22478 - [patch]Can't use pound(hash) symbol for custom
-       DTMF menus in ConfBridge (processed as directive) (Reported by
-       Nicolas Tanski)
-  * ASTERISK-12117 - chan_sip creates a new local tag (from-tag) for
-       every register message (Reported by Pawel Pierscionek)
-  * ASTERISK-20862 - Asterisk min and max member penalties not
-       honored when set with 0 (Reported by Schmooze Com)
-  * ASTERISK-22746 - [patch]Crash in chan_dahdi during caller id
-       read (Reported by Michael Walton)
-  * ASTERISK-22788 - [patch] main/translate.c: access to variable f
-       after free in ast_translate() (Reported by Corey Farrell)
-  * ASTERISK-21242 - Segfault when T.38 re-invite retransmission
-       receives 200 OK (Reported by Ashley Winters)
-  * ASTERISK-22590 - BufferOverflow in unpacksms16() when receiving
-       16 bit multipart SMS with app_sms (Reported by Jan Juergens)
-  * ASTERISK-22905 - Prevent Asterisk functions that are 'dangerous'
-       from being executed from external interfaces (Reported by Matt
-       Jordan)
-  * ASTERISK-23021 - Typos in code : "avaliable" instead of
-       "available" (Reported by Jeremy Lainé)
-  * ASTERISK-22970 - [patch]Documentation fix for QUOTE() (Reported
-       by Gareth Palmer)
-  * ASTERISK-21960 - ooh323 channels stuck (Reported by Dmitry
-       Melekhov)
-  * ASTERISK-22350 - DUNDI - core dump on shutdown - segfault in
-       sqlite3_reset from /usr/lib/libsqlite3.so.0 (Reported by Birger
-       "WIMPy" Harzenetter)
-  * ASTERISK-22942 - [patch] - Asterisk crashed after
-       Set(FAXOPT(faxdetect)=t38) (Reported by adomjan)
-  * ASTERISK-22856 - [patch]SayUnixTime in polish reads minutes
-       instead of seconds (Reported by Robert Mordec)
-  * ASTERISK-22854 - [patch] - Deadlock between cel_pgsql unload and
-       core_event_dispatcher taskprocessor thread (Reported by Etienne
-       Lessard)
-  * ASTERISK-22910 - [patch] - REPLACE() calls strcpy on overlapping
-       memory when <replace-char> is empty (Reported by Gareth Palmer)
-  * ASTERISK-22871 - cel_pgsql module not loading after "reload" or
-       "reload cel_pgsql.so" command (Reported by Matteo)
-  * ASTERISK-23084 - [patch]rasterisk needlessly prints the
-       AST-2013-007 warning (Reported by Tzafrir Cohen)
-  * ASTERISK-17138 - [patch] Asterisk not re-registering after it
-       receives "Forbidden - wrong password on authentication"
-       (Reported by Rudi)
-  * ASTERISK-23011 - [patch]configure.ac and pbx_lua don't support
-       lua 5.2 (Reported by George Joseph)
-  * ASTERISK-22834 - Parking by blind transfer when lot full orphans
-       channels (Reported by rsw686)
-  * ASTERISK-23047 - Orphaned (stuck) channel occurs during a failed
-       SIP transfer to parking space (Reported by Tommy Thompson)
-  * ASTERISK-22946 - Local From tag regression with sipgate.de
-       (Reported by Stephan Eisvogel)
-  * ASTERISK-23010 - No BYE message sent when sip INVITE is received
-       (Reported by Ryan Tilton)
-  * ASTERISK-23135 - Crash - segfault in ast_channel_hangupcause_set
-       - probably introduced in 11.7.0 (Reported by OK)
-
- Improvements made in this release:
- -----------------------------------
-  * ASTERISK-22728 - [patch] Improve Understanding Of 'Forcerport'
-       When Running "sip show peers" (Reported by Michael L. Young)
-  * ASTERISK-22659 - Make a new core and extra sounds release
-       (Reported by Rusty Newton)
-  * ASTERISK-22919 - core show channeltypes slicing  (Reported by
-       outtolunc)
-  * ASTERISK-22918 - dahdi show channels slices PRI channel dnid on
-       output (Reported by outtolunc)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.8.0
--------------------------------------------------------------------------------


================================================================================
 avr-gcc-4.8.2-2.fc19 (FEDORA-2014-3496)
 Cross Compiling GNU GCC targeted at avr
--------------------------------------------------------------------------------
Update Information:

- silent false positive warnings about misspelled __vector_NN
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar  5 2014 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 4.8.2-2
- silent false positive warnings about misspelled __vector_NN
--------------------------------------------------------------------------------


================================================================================
 bind-9.9.3-15.P2.fc19 (FEDORA-2014-3450)
 The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
--------------------------------------------------------------------------------
Update Information:

Two bugs fixed:
- dlz_dlopen driver could return the wrong error leading to a segfault (#1052781)
- Fix race condition when freeing fetch object (ISC-Bugs #35385)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar  5 2014 Tomas Hozza <thozza@xxxxxxxxxx> 32:9.9.3-15.P2
- dlz_dlopen driver could return the wrong error leading to a segfault (#1052781)
- Fix race condition when freeing fetch object (ISC-Bugs #35385)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1052781 - [abrt] bind: dlopen_dlz_configure(): Process /usr/sbin/named was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=1052781
--------------------------------------------------------------------------------


================================================================================
 canl-java-1.3.1-1.fc19 (FEDORA-2014-3494)
 EMI Common Authentication library - bindings for Java
--------------------------------------------------------------------------------
Update Information:

This update contains a single bugfix: https://github.com/eu-emi/canl-java/issues/62 which is relevant for proxy certificate users.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 28 2014 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 1.3.1-1
- New Upstream version
--------------------------------------------------------------------------------


================================================================================
 catfish-0.4.0.2-4.fc19 (FEDORA-2014-3453)
 A handy file search tool
--------------------------------------------------------------------------------
Update Information:

In the previous rpm, catfish used a wrapper launching script using some bad logic for searching paths, which might lead to arbitrary code execution exploit by malicious local user. This vulnerability is now assigned as CVE-2014-2093 through CVE-2014-2096.

This new rpm should fix this issue.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar  2 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 0.4.0.2-4
- Fix insecure loading of script at startup (CVE-2014-2093 through 
  CVE-2014-2096, bug 1069398)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1069398 - catfish: insecure loading of python script [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1069398
--------------------------------------------------------------------------------


================================================================================
 curl-7.29.0-15.fc19 (FEDORA-2014-3455)
 A utility for getting files from remote servers (FTP, HTTP, and others)
--------------------------------------------------------------------------------
Update Information:

- avoid spurious failure of test1086 on s390(x) koji builders (#1072273)
- refresh expired cookie in test172 from upstream test-suite (#1068967)
- use proxy name in error messages when proxy is used (#1066484) 
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar  5 2014 Kamil Dudka <kdudka@xxxxxxxxxx> 7.29.0-15
- avoid spurious failure of test1086 on s390(x) koji builders (#1072273)
* Tue Feb 25 2014 Kamil Dudka <kdudka@xxxxxxxxxx> 7.29.0-14
- refresh expired cookie in test172 from upstream test-suite (#1068967)
- use proxy name in error messages when proxy is used (#1066484)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1072273 - test 1086 failing on s390(x)
        https://bugzilla.redhat.com/show_bug.cgi?id=1072273
  [ 2 ] Bug #1068967 - FTBFS: self check 172 failing
        https://bugzilla.redhat.com/show_bug.cgi?id=1068967
  [ 3 ] Bug #1066484 - wrong hostname used in (proxy) error reporting
        https://bugzilla.redhat.com/show_bug.cgi?id=1066484
--------------------------------------------------------------------------------


================================================================================
 fldigi-3.21.78-1.fc19 (FEDORA-2014-3471)
 Digital modem program for Linux
--------------------------------------------------------------------------------
Update Information:

Update to latest upstream release.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 13 2014 Richard Shaw <hobbes1069@xxxxxxxxx> - 3.21.78-1
- Update to latest bugfix release.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1063008 - fldigi-3.21.78 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1063008
--------------------------------------------------------------------------------


================================================================================
 gnome-chemistry-utils-0.14.7-3.fc19 (FEDORA-2014-3467)
 A set of chemical utilities
--------------------------------------------------------------------------------
Update Information:

This is an update to the latest upstream releases of gnumeric and goffice:
* http://gnumeric.org/announcements/1.12/gnumeric-1.12.12.html
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  4 2014 Julian Sikorski <belegdol@xxxxxxxxxxxxxxxxx> - 0.14.7-3
- Rebuilt for gnumeric-1.12.12
--------------------------------------------------------------------------------


================================================================================
 gnulib-0-7.20140225git.fc19 (FEDORA-2014-3487)
 GNU Portability Library
--------------------------------------------------------------------------------
Update Information:

Update to latest git.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar  3 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> - 0-7.20140225git
- Update to latest git.
--------------------------------------------------------------------------------


================================================================================
 gnumeric-1.12.12-1.fc19 (FEDORA-2014-3467)
 Spreadsheet program for GNOME
--------------------------------------------------------------------------------
Update Information:

This is an update to the latest upstream releases of gnumeric and goffice:
* http://gnumeric.org/announcements/1.12/gnumeric-1.12.12.html
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  4 2014 Julian Sikorski <belegdol@xxxxxxxxxxxxxxxxx> - 1:1.12.12-1
- Updated to 1.12.12
--------------------------------------------------------------------------------


================================================================================
 goffice-0.10.12-1.fc19 (FEDORA-2014-3467)
 G Office support libraries
--------------------------------------------------------------------------------
Update Information:

This is an update to the latest upstream releases of gnumeric and goffice:
* http://gnumeric.org/announcements/1.12/gnumeric-1.12.12.html
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  4 2014 Julian Sikorski <belegdol@xxxxxxxxxxxxxxxxx> - 0.10.12-1
- Updated to 0.10.12
- Added libxslt-devel to BuildRequires
- Added %{_datadir}/goffice to %files
- Patched the bogus DESTDIR out
--------------------------------------------------------------------------------


================================================================================
 imapsync-1.584-2.fc19 (FEDORA-2014-3491)
 Tool to migrate email between IMAP servers
--------------------------------------------------------------------------------
Update Information:

Disable releasecheck - CVE-2013-4279
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  4 2014 Nick Bebout <nb@xxxxxxxxxxxxxxxxx> - 1.584-2
- Disable releasecheck - CVE-2013-4279
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1000215 - CVE-2013-4279 imapsync default version check with http://imapsync.lamiral.info information leakage
        https://bugzilla.redhat.com/show_bug.cgi?id=1000215
--------------------------------------------------------------------------------


================================================================================
 ksh-20120801-15.fc19 (FEDORA-2014-1044)
 The Original ATT Korn Shell
--------------------------------------------------------------------------------
Update Information:

- fix overflow in subshell loop
- fix lexical parser crash
- fix man page hang
- reading a file via command substitution did not work when any of stdin, stdout or stderr were closed
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar  5 2014 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 20120801-15
- reading a file via command substitution did not work when any of stdin,
  stdout or stderr were closed
* Mon Mar  3 2014 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 20120801-14
- fix man page hang (#1071574)
* Thu Feb  6 2014 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 20120801-13
- fix lexical parser crash (#960371)
* Fri Jan 17 2014 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 20120801-12
- fix overflow in subshell loop
* Tue Jan 14 2014 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 20120801-11
- fix argv rewrite (#1047508)
- ksh stops on read when monitor mode is enabled
* Wed Jun 12 2013 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 20120801-10
- fix memory leak
* Mon Jun 10 2013 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 20120801-9
- monitor mode in scripts wasn't working
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1053938 - [abrt] ksh: sh_assignok(): ksh killed by SIGSEGV
        https://bugzilla.redhat.com/show_bug.cgi?id=1053938
--------------------------------------------------------------------------------


================================================================================
 libreoffice-4.1.5.3-4.fc19 (FEDORA-2014-3458)
 Free Software Productivity Suite
--------------------------------------------------------------------------------
Update Information:

Fix for a notorious difficult to reproduce but common crash in writer
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  4 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.1.5.3-4
- Related: rhbz#1065807 search for "wizards" in the different template dirs
* Mon Mar  3 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.1.5.3-3
- Resolves: rhbz#1065807 search XDG defined "Templates"
- Resolves: rhbz#1057977 do not crash when fonts are updated
- Resolves: rhbz#1007697 Update on a Window deletes itself
* Tue Feb 18 2014 David Tardon <dtardon@xxxxxxxxxx> - 1:4.1.5.3-2
- Resolves: rhbz#1065925 [abrt] libreoffice-core: Divide(): soffice.bin killed
  by SIGFPE
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1057977 - [abrt] libreoffice-core: ServerFont::Release(): soffice.bin killed by SIGSEGV
        https://bugzilla.redhat.com/show_bug.cgi?id=1057977
  [ 2 ] Bug #1007697 - [abrt] libreoffice-core-4.1.1.2-3.fc19: Window::GetWindow: Process /usr/lib64/libreoffice/program/soffice.bin was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=1007697
--------------------------------------------------------------------------------


================================================================================
 libssh-0.6.3-1.fc19 (FEDORA-2014-3485)
 A library implementing the SSH protocol
--------------------------------------------------------------------------------
Update Information:

Fix CVE-2014-0017.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  4 2014 - Andreas Schneider <asn@xxxxxxxxxx> - 0.6.3-1
- Fix CVE-2014-0017.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1072191 - CVE-2014-0017 libssh: Improper initialization of PRNG after fork()
        https://bugzilla.redhat.com/show_bug.cgi?id=1072191
--------------------------------------------------------------------------------


================================================================================
 mingw-gnutls-3.1.22-1.fc19 (FEDORA-2014-3493)
 MinGW GnuTLS TLS/SSL encryption library
--------------------------------------------------------------------------------
Update Information:

Version 3.1.22 (released 2014-03-03)

* libgnutls: Corrected certificate verification issue (GNUTLS-SA-2014-2)

* libgnutls: Corrected issue in gnutls_pcert_list_import_x509_raw when provided with invalid data. Reported by Dmitriy Anisimkov.

* libgnutls: Corrected timeout issue in subsequent to the first DTLS handshakes.

* libgnutls: Removed unconditional not-trusted message in gnutls_certificate_verification_status_print() when used with OpenPGP certificates. Reported by Michel Briand.

* libgnutls: All ciphersuites that were available in TLS1.0 or later are now made available in SSL3.0 or later to prevent any incompatibilities with servers that negotiate them in SSL 3.0.

--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  4 2014 Michael Cronenworth <mike@xxxxxxxxxx> - 3.1.22-1
- Update to 3.1.22
- Fixes CVE-2014-0092 and CVE-2014-1959
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1069865 - CVE-2014-0092 gnutls: incorrect error handling in certificate verification (GNUTLS-SA-2014-2)
        https://bugzilla.redhat.com/show_bug.cgi?id=1069865
--------------------------------------------------------------------------------


================================================================================
 pogo-0.8.1-4.fc19 (FEDORA-2014-3495)
 Probably the simplest and fastest audio player for Linux
--------------------------------------------------------------------------------
Update Information:

Fixing typo in the zeitgeist subpackage group membership : "Mutimedia" -> "Multimedia".

--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  4 2014 Jaromir Capik <jcapik@xxxxxxxxxx> - 0.8.1-4
- Fixing typo in the zeitgeist subpackage group membership (#1068996)
* Sun Aug  4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.8.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1068996 - Typo in group membership of pogo-zeitgeist: Has "Mulmedia" should be (I think) "Multimedia"
        https://bugzilla.redhat.com/show_bug.cgi?id=1068996
--------------------------------------------------------------------------------


================================================================================
 quota-4.01-9.fc19 (FEDORA-2014-3484)
 System administration tools for monitoring users' disk usage
--------------------------------------------------------------------------------
Update Information:

This release fixes grace time reported on an NFS client, especially after expiring the grace time.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar  5 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 1:4.01-9
- Prevent from grace period overflow in RPC transport (bug #1072769)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1072769 - Wrong value for expired grace period retrieved over network
        https://bugzilla.redhat.com/show_bug.cgi?id=1072769
--------------------------------------------------------------------------------


================================================================================
 rubygem-cinch-2.1.0-1.fc19 (FEDORA-2014-3476)
 An IRC Bot Building Framework
--------------------------------------------------------------------------------
Update Information:

Rebased on Cinch 2.1.0.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar  5 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 2.1.0-1
- Rebased on Cinch 2.1.0.
- Updated project URL.
--------------------------------------------------------------------------------


================================================================================
 sandbox-runner-data-0.3.5-1.fc19 (FEDORA-2014-3489)
 Basic directories for Sandbox Runners miscellaneous data
--------------------------------------------------------------------------------
Update Information:

replenished "network" icon set (added "network-xml" icon);
added "utilities-log-viewer" from oxygen;
added "virtual-engineering" icon;
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  4 2014 Fl@sh <kaperang07@xxxxxxxxx> - 0.3.5-1
- version updated;
--------------------------------------------------------------------------------


================================================================================
 shogun-data-0.8.1-0.2.git20140303.6615cf0.fc19 (FEDORA-2014-3482)
 Data-files for the SHOGUN machine learning toolbox
--------------------------------------------------------------------------------
Update Information:

* updated to new snapshot git20140303.6615cf007634595d459853bf4dc6f1a227d2450c
* added a macro for use in other spec-files
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar  5 2014 Björn Esser <bjoern.esser@xxxxxxxxx> - 0.8.1-0.2.git20140303.6615cf0
- added a macro for use in other spec-files
* Tue Mar  4 2014 Björn Esser <bjoern.esser@xxxxxxxxx> - 0.8.1-0.1.git20140303.6615cf0
- updated to new snapshot git20140303.6615cf007634595d459853bf4dc6f1a227d2450c
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1068941 - shogun-data 0.8 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1068941
--------------------------------------------------------------------------------


================================================================================
 wget-1.14-10.fc19 (FEDORA-2014-3498)
 A utility for retrieving files using the HTTP or FTP protocols
--------------------------------------------------------------------------------
Update Information:

One bug fixed
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar  5 2014 Tomas Hozza <thozza@xxxxxxxxxx> - 1.14-10
- Bump release
* Thu Oct 10 2013 Tomas Hozza <thozza@xxxxxxxxxx> - 1.14-9
- remove excessive line for '-nv' option in the manpage (#1017106)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1017106 - excessive line for '-nv' option in 'wget' manpage
        https://bugzilla.redhat.com/show_bug.cgi?id=1017106
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test





[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux