The following Fedora 19 Security updates need testing: Age URL 131 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 68 https://admin.fedoraproject.org/updates/FEDORA-2013-24023/varnish-3.0.5-1.fc19 50 https://admin.fedoraproject.org/updates/FEDORA-2014-0797/libinfinity-0.5.5-1.fc19 22 https://admin.fedoraproject.org/updates/FEDORA-2014-2260/NetworkManager-ssh-0.9.2-0.2.20140209git46247c2.fc19 20 https://admin.fedoraproject.org/updates/FEDORA-2014-2445/augeas-1.2.0-1.fc19 20 https://admin.fedoraproject.org/updates/FEDORA-2014-2439/maradns-2.0.09-1.fc19 14 https://admin.fedoraproject.org/updates/FEDORA-2014-2710/zabbix-2.0.11-2.fc19 12 https://admin.fedoraproject.org/updates/FEDORA-2014-2825/postgresql-9.2.7-1.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-2967/openldap-2.4.39-2.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-3192/freeradius-2.2.3-7.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-3232/rubygem-actionpack-3.2.13-5.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-3253/v8-3.14.5.10-6.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-3344/mediawiki-1.21.6-1.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-3405/php-sabre-dav-1.8.9-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-3420/ReviewBoard-1.7.22-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-3448/kernel-3.13.5-103.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-3423/net-snmp-5.7.2-14.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-3440/mantis-1.2.17-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3485/libssh-0.6.3-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3491/imapsync-1.584-2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3453/catfish-0.4.0.2-4.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3493/mingw-gnutls-3.1.22-1.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 79 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-2901/keyutils-1.5.9-1.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-2967/openldap-2.4.39-2.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-3052/langtable-0.0.24-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-3030/selinux-policy-3.12.1-74.19.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-3103/hwdata-0.261-1.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-3134/krb5-1.11.3-21.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-3243/cryptsetup-1.6.4-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-3178/audit-2.3.4-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-3282/iproute-3.12.0-2.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-3308/hicolor-icon-theme-0.13-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-3179/kde-workspace-4.11.7-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-3340/gdisk-0.8.9-1.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-3367/nss-util-3.15.5-1.fc19,nss-softokn-3.15.5-2.fc19,nss-3.15.5-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-3448/kernel-3.13.5-103.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3455/curl-7.29.0-15.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3450/bind-9.9.3-15.P2.fc19 The following builds have been pushed to Fedora 19 updates-testing abi-compliance-checker-1.99.9-1.fc19 abi-dumper-0.99.8-1.fc19 anyremote-6.4-1.fc19 api-sanity-checker-1.98.6-1.fc19 asterisk-11.8.0-1.fc19 avr-gcc-4.8.2-2.fc19 bind-9.9.3-15.P2.fc19 canl-java-1.3.1-1.fc19 catfish-0.4.0.2-4.fc19 curl-7.29.0-15.fc19 fldigi-3.21.78-1.fc19 gnome-chemistry-utils-0.14.7-3.fc19 gnulib-0-7.20140225git.fc19 gnumeric-1.12.12-1.fc19 goffice-0.10.12-1.fc19 imapsync-1.584-2.fc19 ksh-20120801-15.fc19 libreoffice-4.1.5.3-4.fc19 libssh-0.6.3-1.fc19 mingw-gnutls-3.1.22-1.fc19 pogo-0.8.1-4.fc19 quota-4.01-9.fc19 rubygem-cinch-2.1.0-1.fc19 sandbox-runner-data-0.3.5-1.fc19 shogun-data-0.8.1-0.2.git20140303.6615cf0.fc19 wget-1.14-10.fc19 Details about builds: ================================================================================ abi-compliance-checker-1.99.9-1.fc19 (FEDORA-2014-3501) An ABI Compliance Checker -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. See ChangeLog for more details. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 4 2014 Richard Shaw <hobbes1069@xxxxxxxxx> - 1.99.9-1 - Update to latest bugfix release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1057012 - abi-compliance-checker-1.99.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1057012 -------------------------------------------------------------------------------- ================================================================================ abi-dumper-0.99.8-1.fc19 (FEDORA-2014-3456) Tool to dump ABI of an ELF object containing DWARF debug info -------------------------------------------------------------------------------- Update Information: * Update to latest upstream release - Support for _string_ data type - Added -dir option -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 4 2014 Richard Shaw <hobbes1069@xxxxxxxxx> - 0.99.8-1 - Update to latest upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1072222 - abi-dumper-0.99.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1072222 -------------------------------------------------------------------------------- ================================================================================ anyremote-6.4-1.fc19 (FEDORA-2014-3461) Remote control through bluetooth or Wi-Fi connection -------------------------------------------------------------------------------- Update Information: v6.4 v6.3.2 v6.3.1 -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 2 2014 Mikhail Fedotov <anyremote at mail.ru> - 6.4 - Support for keyboard and mouse emulation events for Android client. -------------------------------------------------------------------------------- ================================================================================ api-sanity-checker-1.98.6-1.fc19 (FEDORA-2014-3474) An automatic generator of basic unit tests for a shared C/C++ library -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 4 2014 Richard Shaw <hobbes1069@xxxxxxxxx> - 1.98.6-1 - Update to latest upstrem release. * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Jul 17 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 1.98-3 - Perl 5.18 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1026668 - api-sanity-checker-12.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1026668 -------------------------------------------------------------------------------- ================================================================================ asterisk-11.8.0-1.fc19 (FEDORA-2014-3478) The Open Source PBX -------------------------------------------------------------------------------- Update Information: The Asterisk Development Team has announced the release of Asterisk 11.8.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk The release of Asterisk 11.8.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following are the issues resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-22544 - Italian prompt vm-options has advertisement in it (Reported by Rusty Newton) * ASTERISK-21383 - STUN Binding Requests Not Being Sent Back from Asterisk to Chrome (Reported by Shaun Clark) * ASTERISK-22478 - [patch]Can't use pound(hash) symbol for custom DTMF menus in ConfBridge (processed as directive) (Reported by Nicolas Tanski) * ASTERISK-12117 - chan_sip creates a new local tag (from-tag) for every register message (Reported by Pawel Pierscionek) * ASTERISK-20862 - Asterisk min and max member penalties not honored when set with 0 (Reported by Schmooze Com) * ASTERISK-22746 - [patch]Crash in chan_dahdi during caller id read (Reported by Michael Walton) * ASTERISK-22788 - [patch] main/translate.c: access to variable f after free in ast_translate() (Reported by Corey Farrell) * ASTERISK-21242 - Segfault when T.38 re-invite retransmission receives 200 OK (Reported by Ashley Winters) * ASTERISK-22590 - BufferOverflow in unpacksms16() when receiving 16 bit multipart SMS with app_sms (Reported by Jan Juergens) * ASTERISK-22905 - Prevent Asterisk functions that are 'dangerous' from being executed from external interfaces (Reported by Matt Jordan) * ASTERISK-23021 - Typos in code : "avaliable" instead of "available" (Reported by Jeremy Lainé) * ASTERISK-22970 - [patch]Documentation fix for QUOTE() (Reported by Gareth Palmer) * ASTERISK-21960 - ooh323 channels stuck (Reported by Dmitry Melekhov) * ASTERISK-22350 - DUNDI - core dump on shutdown - segfault in sqlite3_reset from /usr/lib/libsqlite3.so.0 (Reported by Birger "WIMPy" Harzenetter) * ASTERISK-22942 - [patch] - Asterisk crashed after Set(FAXOPT(faxdetect)=t38) (Reported by adomjan) * ASTERISK-22856 - [patch]SayUnixTime in polish reads minutes instead of seconds (Reported by Robert Mordec) * ASTERISK-22854 - [patch] - Deadlock between cel_pgsql unload and core_event_dispatcher taskprocessor thread (Reported by Etienne Lessard) * ASTERISK-22910 - [patch] - REPLACE() calls strcpy on overlapping memory when <replace-char> is empty (Reported by Gareth Palmer) * ASTERISK-22871 - cel_pgsql module not loading after "reload" or "reload cel_pgsql.so" command (Reported by Matteo) * ASTERISK-23084 - [patch]rasterisk needlessly prints the AST-2013-007 warning (Reported by Tzafrir Cohen) * ASTERISK-17138 - [patch] Asterisk not re-registering after it receives "Forbidden - wrong password on authentication" (Reported by Rudi) * ASTERISK-23011 - [patch]configure.ac and pbx_lua don't support lua 5.2 (Reported by George Joseph) * ASTERISK-22834 - Parking by blind transfer when lot full orphans channels (Reported by rsw686) * ASTERISK-23047 - Orphaned (stuck) channel occurs during a failed SIP transfer to parking space (Reported by Tommy Thompson) * ASTERISK-22946 - Local From tag regression with sipgate.de (Reported by Stephan Eisvogel) * ASTERISK-23010 - No BYE message sent when sip INVITE is received (Reported by Ryan Tilton) * ASTERISK-23135 - Crash - segfault in ast_channel_hangupcause_set - probably introduced in 11.7.0 (Reported by OK) Improvements made in this release: ----------------------------------- * ASTERISK-22728 - [patch] Improve Understanding Of 'Forcerport' When Running "sip show peers" (Reported by Michael L. Young) * ASTERISK-22659 - Make a new core and extra sounds release (Reported by Rusty Newton) * ASTERISK-22919 - core show channeltypes slicing (Reported by outtolunc) * ASTERISK-22918 - dahdi show channels slices PRI channel dnid on output (Reported by outtolunc) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.8.0 -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 4 2014 Jeffrey Ollie <jeff@xxxxxxxxxx> - 11.8.0-1: - The Asterisk Development Team has announced the release of Asterisk 11.8.0. - This release is available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk - - The release of Asterisk 11.8.0 resolves several issues reported by the - community and would have not been possible without your participation. - Thank you! - - The following are the issues resolved in this release: - - Bugs fixed in this release: - ----------------------------------- - * ASTERISK-22544 - Italian prompt vm-options has advertisement in - it (Reported by Rusty Newton) - * ASTERISK-21383 - STUN Binding Requests Not Being Sent Back from - Asterisk to Chrome (Reported by Shaun Clark) - * ASTERISK-22478 - [patch]Can't use pound(hash) symbol for custom - DTMF menus in ConfBridge (processed as directive) (Reported by - Nicolas Tanski) - * ASTERISK-12117 - chan_sip creates a new local tag (from-tag) for - every register message (Reported by Pawel Pierscionek) - * ASTERISK-20862 - Asterisk min and max member penalties not - honored when set with 0 (Reported by Schmooze Com) - * ASTERISK-22746 - [patch]Crash in chan_dahdi during caller id - read (Reported by Michael Walton) - * ASTERISK-22788 - [patch] main/translate.c: access to variable f - after free in ast_translate() (Reported by Corey Farrell) - * ASTERISK-21242 - Segfault when T.38 re-invite retransmission - receives 200 OK (Reported by Ashley Winters) - * ASTERISK-22590 - BufferOverflow in unpacksms16() when receiving - 16 bit multipart SMS with app_sms (Reported by Jan Juergens) - * ASTERISK-22905 - Prevent Asterisk functions that are 'dangerous' - from being executed from external interfaces (Reported by Matt - Jordan) - * ASTERISK-23021 - Typos in code : "avaliable" instead of - "available" (Reported by Jeremy Lainé) - * ASTERISK-22970 - [patch]Documentation fix for QUOTE() (Reported - by Gareth Palmer) - * ASTERISK-21960 - ooh323 channels stuck (Reported by Dmitry - Melekhov) - * ASTERISK-22350 - DUNDI - core dump on shutdown - segfault in - sqlite3_reset from /usr/lib/libsqlite3.so.0 (Reported by Birger - "WIMPy" Harzenetter) - * ASTERISK-22942 - [patch] - Asterisk crashed after - Set(FAXOPT(faxdetect)=t38) (Reported by adomjan) - * ASTERISK-22856 - [patch]SayUnixTime in polish reads minutes - instead of seconds (Reported by Robert Mordec) - * ASTERISK-22854 - [patch] - Deadlock between cel_pgsql unload and - core_event_dispatcher taskprocessor thread (Reported by Etienne - Lessard) - * ASTERISK-22910 - [patch] - REPLACE() calls strcpy on overlapping - memory when <replace-char> is empty (Reported by Gareth Palmer) - * ASTERISK-22871 - cel_pgsql module not loading after "reload" or - "reload cel_pgsql.so" command (Reported by Matteo) - * ASTERISK-23084 - [patch]rasterisk needlessly prints the - AST-2013-007 warning (Reported by Tzafrir Cohen) - * ASTERISK-17138 - [patch] Asterisk not re-registering after it - receives "Forbidden - wrong password on authentication" - (Reported by Rudi) - * ASTERISK-23011 - [patch]configure.ac and pbx_lua don't support - lua 5.2 (Reported by George Joseph) - * ASTERISK-22834 - Parking by blind transfer when lot full orphans - channels (Reported by rsw686) - * ASTERISK-23047 - Orphaned (stuck) channel occurs during a failed - SIP transfer to parking space (Reported by Tommy Thompson) - * ASTERISK-22946 - Local From tag regression with sipgate.de - (Reported by Stephan Eisvogel) - * ASTERISK-23010 - No BYE message sent when sip INVITE is received - (Reported by Ryan Tilton) - * ASTERISK-23135 - Crash - segfault in ast_channel_hangupcause_set - - probably introduced in 11.7.0 (Reported by OK) - - Improvements made in this release: - ----------------------------------- - * ASTERISK-22728 - [patch] Improve Understanding Of 'Forcerport' - When Running "sip show peers" (Reported by Michael L. Young) - * ASTERISK-22659 - Make a new core and extra sounds release - (Reported by Rusty Newton) - * ASTERISK-22919 - core show channeltypes slicing (Reported by - outtolunc) - * ASTERISK-22918 - dahdi show channels slices PRI channel dnid on - output (Reported by outtolunc) - - For a full list of changes in this release, please see the ChangeLog: - - http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.8.0 -------------------------------------------------------------------------------- ================================================================================ avr-gcc-4.8.2-2.fc19 (FEDORA-2014-3496) Cross Compiling GNU GCC targeted at avr -------------------------------------------------------------------------------- Update Information: - silent false positive warnings about misspelled __vector_NN -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 5 2014 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 4.8.2-2 - silent false positive warnings about misspelled __vector_NN -------------------------------------------------------------------------------- ================================================================================ bind-9.9.3-15.P2.fc19 (FEDORA-2014-3450) The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server -------------------------------------------------------------------------------- Update Information: Two bugs fixed: - dlz_dlopen driver could return the wrong error leading to a segfault (#1052781) - Fix race condition when freeing fetch object (ISC-Bugs #35385) -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 5 2014 Tomas Hozza <thozza@xxxxxxxxxx> 32:9.9.3-15.P2 - dlz_dlopen driver could return the wrong error leading to a segfault (#1052781) - Fix race condition when freeing fetch object (ISC-Bugs #35385) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1052781 - [abrt] bind: dlopen_dlz_configure(): Process /usr/sbin/named was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=1052781 -------------------------------------------------------------------------------- ================================================================================ canl-java-1.3.1-1.fc19 (FEDORA-2014-3494) EMI Common Authentication library - bindings for Java -------------------------------------------------------------------------------- Update Information: This update contains a single bugfix: https://github.com/eu-emi/canl-java/issues/62 which is relevant for proxy certificate users. -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 28 2014 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 1.3.1-1 - New Upstream version -------------------------------------------------------------------------------- ================================================================================ catfish-0.4.0.2-4.fc19 (FEDORA-2014-3453) A handy file search tool -------------------------------------------------------------------------------- Update Information: In the previous rpm, catfish used a wrapper launching script using some bad logic for searching paths, which might lead to arbitrary code execution exploit by malicious local user. This vulnerability is now assigned as CVE-2014-2093 through CVE-2014-2096. This new rpm should fix this issue. -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 2 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 0.4.0.2-4 - Fix insecure loading of script at startup (CVE-2014-2093 through CVE-2014-2096, bug 1069398) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1069398 - catfish: insecure loading of python script [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1069398 -------------------------------------------------------------------------------- ================================================================================ curl-7.29.0-15.fc19 (FEDORA-2014-3455) A utility for getting files from remote servers (FTP, HTTP, and others) -------------------------------------------------------------------------------- Update Information: - avoid spurious failure of test1086 on s390(x) koji builders (#1072273) - refresh expired cookie in test172 from upstream test-suite (#1068967) - use proxy name in error messages when proxy is used (#1066484) -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 5 2014 Kamil Dudka <kdudka@xxxxxxxxxx> 7.29.0-15 - avoid spurious failure of test1086 on s390(x) koji builders (#1072273) * Tue Feb 25 2014 Kamil Dudka <kdudka@xxxxxxxxxx> 7.29.0-14 - refresh expired cookie in test172 from upstream test-suite (#1068967) - use proxy name in error messages when proxy is used (#1066484) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1072273 - test 1086 failing on s390(x) https://bugzilla.redhat.com/show_bug.cgi?id=1072273 [ 2 ] Bug #1068967 - FTBFS: self check 172 failing https://bugzilla.redhat.com/show_bug.cgi?id=1068967 [ 3 ] Bug #1066484 - wrong hostname used in (proxy) error reporting https://bugzilla.redhat.com/show_bug.cgi?id=1066484 -------------------------------------------------------------------------------- ================================================================================ fldigi-3.21.78-1.fc19 (FEDORA-2014-3471) Digital modem program for Linux -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 13 2014 Richard Shaw <hobbes1069@xxxxxxxxx> - 3.21.78-1 - Update to latest bugfix release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1063008 - fldigi-3.21.78 is available https://bugzilla.redhat.com/show_bug.cgi?id=1063008 -------------------------------------------------------------------------------- ================================================================================ gnome-chemistry-utils-0.14.7-3.fc19 (FEDORA-2014-3467) A set of chemical utilities -------------------------------------------------------------------------------- Update Information: This is an update to the latest upstream releases of gnumeric and goffice: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.12.html -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 4 2014 Julian Sikorski <belegdol@xxxxxxxxxxxxxxxxx> - 0.14.7-3 - Rebuilt for gnumeric-1.12.12 -------------------------------------------------------------------------------- ================================================================================ gnulib-0-7.20140225git.fc19 (FEDORA-2014-3487) GNU Portability Library -------------------------------------------------------------------------------- Update Information: Update to latest git. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 3 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> - 0-7.20140225git - Update to latest git. -------------------------------------------------------------------------------- ================================================================================ gnumeric-1.12.12-1.fc19 (FEDORA-2014-3467) Spreadsheet program for GNOME -------------------------------------------------------------------------------- Update Information: This is an update to the latest upstream releases of gnumeric and goffice: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.12.html -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 4 2014 Julian Sikorski <belegdol@xxxxxxxxxxxxxxxxx> - 1:1.12.12-1 - Updated to 1.12.12 -------------------------------------------------------------------------------- ================================================================================ goffice-0.10.12-1.fc19 (FEDORA-2014-3467) G Office support libraries -------------------------------------------------------------------------------- Update Information: This is an update to the latest upstream releases of gnumeric and goffice: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.12.html -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 4 2014 Julian Sikorski <belegdol@xxxxxxxxxxxxxxxxx> - 0.10.12-1 - Updated to 0.10.12 - Added libxslt-devel to BuildRequires - Added %{_datadir}/goffice to %files - Patched the bogus DESTDIR out -------------------------------------------------------------------------------- ================================================================================ imapsync-1.584-2.fc19 (FEDORA-2014-3491) Tool to migrate email between IMAP servers -------------------------------------------------------------------------------- Update Information: Disable releasecheck - CVE-2013-4279 -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 4 2014 Nick Bebout <nb@xxxxxxxxxxxxxxxxx> - 1.584-2 - Disable releasecheck - CVE-2013-4279 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1000215 - CVE-2013-4279 imapsync default version check with http://imapsync.lamiral.info information leakage https://bugzilla.redhat.com/show_bug.cgi?id=1000215 -------------------------------------------------------------------------------- ================================================================================ ksh-20120801-15.fc19 (FEDORA-2014-1044) The Original ATT Korn Shell -------------------------------------------------------------------------------- Update Information: - fix overflow in subshell loop - fix lexical parser crash - fix man page hang - reading a file via command substitution did not work when any of stdin, stdout or stderr were closed -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 5 2014 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 20120801-15 - reading a file via command substitution did not work when any of stdin, stdout or stderr were closed * Mon Mar 3 2014 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 20120801-14 - fix man page hang (#1071574) * Thu Feb 6 2014 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 20120801-13 - fix lexical parser crash (#960371) * Fri Jan 17 2014 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 20120801-12 - fix overflow in subshell loop * Tue Jan 14 2014 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 20120801-11 - fix argv rewrite (#1047508) - ksh stops on read when monitor mode is enabled * Wed Jun 12 2013 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 20120801-10 - fix memory leak * Mon Jun 10 2013 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 20120801-9 - monitor mode in scripts wasn't working -------------------------------------------------------------------------------- References: [ 1 ] Bug #1053938 - [abrt] ksh: sh_assignok(): ksh killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1053938 -------------------------------------------------------------------------------- ================================================================================ libreoffice-4.1.5.3-4.fc19 (FEDORA-2014-3458) Free Software Productivity Suite -------------------------------------------------------------------------------- Update Information: Fix for a notorious difficult to reproduce but common crash in writer -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 4 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.1.5.3-4 - Related: rhbz#1065807 search for "wizards" in the different template dirs * Mon Mar 3 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.1.5.3-3 - Resolves: rhbz#1065807 search XDG defined "Templates" - Resolves: rhbz#1057977 do not crash when fonts are updated - Resolves: rhbz#1007697 Update on a Window deletes itself * Tue Feb 18 2014 David Tardon <dtardon@xxxxxxxxxx> - 1:4.1.5.3-2 - Resolves: rhbz#1065925 [abrt] libreoffice-core: Divide(): soffice.bin killed by SIGFPE -------------------------------------------------------------------------------- References: [ 1 ] Bug #1057977 - [abrt] libreoffice-core: ServerFont::Release(): soffice.bin killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1057977 [ 2 ] Bug #1007697 - [abrt] libreoffice-core-4.1.1.2-3.fc19: Window::GetWindow: Process /usr/lib64/libreoffice/program/soffice.bin was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=1007697 -------------------------------------------------------------------------------- ================================================================================ libssh-0.6.3-1.fc19 (FEDORA-2014-3485) A library implementing the SSH protocol -------------------------------------------------------------------------------- Update Information: Fix CVE-2014-0017. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 4 2014 - Andreas Schneider <asn@xxxxxxxxxx> - 0.6.3-1 - Fix CVE-2014-0017. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1072191 - CVE-2014-0017 libssh: Improper initialization of PRNG after fork() https://bugzilla.redhat.com/show_bug.cgi?id=1072191 -------------------------------------------------------------------------------- ================================================================================ mingw-gnutls-3.1.22-1.fc19 (FEDORA-2014-3493) MinGW GnuTLS TLS/SSL encryption library -------------------------------------------------------------------------------- Update Information: Version 3.1.22 (released 2014-03-03) * libgnutls: Corrected certificate verification issue (GNUTLS-SA-2014-2) * libgnutls: Corrected issue in gnutls_pcert_list_import_x509_raw when provided with invalid data. Reported by Dmitriy Anisimkov. * libgnutls: Corrected timeout issue in subsequent to the first DTLS handshakes. * libgnutls: Removed unconditional not-trusted message in gnutls_certificate_verification_status_print() when used with OpenPGP certificates. Reported by Michel Briand. * libgnutls: All ciphersuites that were available in TLS1.0 or later are now made available in SSL3.0 or later to prevent any incompatibilities with servers that negotiate them in SSL 3.0. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 4 2014 Michael Cronenworth <mike@xxxxxxxxxx> - 3.1.22-1 - Update to 3.1.22 - Fixes CVE-2014-0092 and CVE-2014-1959 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1069865 - CVE-2014-0092 gnutls: incorrect error handling in certificate verification (GNUTLS-SA-2014-2) https://bugzilla.redhat.com/show_bug.cgi?id=1069865 -------------------------------------------------------------------------------- ================================================================================ pogo-0.8.1-4.fc19 (FEDORA-2014-3495) Probably the simplest and fastest audio player for Linux -------------------------------------------------------------------------------- Update Information: Fixing typo in the zeitgeist subpackage group membership : "Mutimedia" -> "Multimedia". -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 4 2014 Jaromir Capik <jcapik@xxxxxxxxxx> - 0.8.1-4 - Fixing typo in the zeitgeist subpackage group membership (#1068996) * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.8.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1068996 - Typo in group membership of pogo-zeitgeist: Has "Mulmedia" should be (I think) "Multimedia" https://bugzilla.redhat.com/show_bug.cgi?id=1068996 -------------------------------------------------------------------------------- ================================================================================ quota-4.01-9.fc19 (FEDORA-2014-3484) System administration tools for monitoring users' disk usage -------------------------------------------------------------------------------- Update Information: This release fixes grace time reported on an NFS client, especially after expiring the grace time. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 5 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 1:4.01-9 - Prevent from grace period overflow in RPC transport (bug #1072769) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1072769 - Wrong value for expired grace period retrieved over network https://bugzilla.redhat.com/show_bug.cgi?id=1072769 -------------------------------------------------------------------------------- ================================================================================ rubygem-cinch-2.1.0-1.fc19 (FEDORA-2014-3476) An IRC Bot Building Framework -------------------------------------------------------------------------------- Update Information: Rebased on Cinch 2.1.0. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 5 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 2.1.0-1 - Rebased on Cinch 2.1.0. - Updated project URL. -------------------------------------------------------------------------------- ================================================================================ sandbox-runner-data-0.3.5-1.fc19 (FEDORA-2014-3489) Basic directories for Sandbox Runners miscellaneous data -------------------------------------------------------------------------------- Update Information: replenished "network" icon set (added "network-xml" icon); added "utilities-log-viewer" from oxygen; added "virtual-engineering" icon; -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 4 2014 Fl@sh <kaperang07@xxxxxxxxx> - 0.3.5-1 - version updated; -------------------------------------------------------------------------------- ================================================================================ shogun-data-0.8.1-0.2.git20140303.6615cf0.fc19 (FEDORA-2014-3482) Data-files for the SHOGUN machine learning toolbox -------------------------------------------------------------------------------- Update Information: * updated to new snapshot git20140303.6615cf007634595d459853bf4dc6f1a227d2450c * added a macro for use in other spec-files -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 5 2014 Björn Esser <bjoern.esser@xxxxxxxxx> - 0.8.1-0.2.git20140303.6615cf0 - added a macro for use in other spec-files * Tue Mar 4 2014 Björn Esser <bjoern.esser@xxxxxxxxx> - 0.8.1-0.1.git20140303.6615cf0 - updated to new snapshot git20140303.6615cf007634595d459853bf4dc6f1a227d2450c -------------------------------------------------------------------------------- References: [ 1 ] Bug #1068941 - shogun-data 0.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1068941 -------------------------------------------------------------------------------- ================================================================================ wget-1.14-10.fc19 (FEDORA-2014-3498) A utility for retrieving files using the HTTP or FTP protocols -------------------------------------------------------------------------------- Update Information: One bug fixed -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 5 2014 Tomas Hozza <thozza@xxxxxxxxxx> - 1.14-10 - Bump release * Thu Oct 10 2013 Tomas Hozza <thozza@xxxxxxxxxx> - 1.14-9 - remove excessive line for '-nv' option in the manpage (#1017106) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1017106 - excessive line for '-nv' option in 'wget' manpage https://bugzilla.redhat.com/show_bug.cgi?id=1017106 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
