The following Fedora 20 Security updates need testing: Age URL 83 https://admin.fedoraproject.org/updates/FEDORA-2013-24018/varnish-3.0.5-1.fc20 65 https://admin.fedoraproject.org/updates/FEDORA-2014-0792/libinfinity-0.5.5-1.fc20 30 https://admin.fedoraproject.org/updates/FEDORA-2014-2693/openstack-glance-2013.2.2-1.fc20 29 https://admin.fedoraproject.org/updates/FEDORA-2014-2751/zabbix-2.0.11-2.fc20 27 https://admin.fedoraproject.org/updates/FEDORA-2014-2875/oath-toolkit-2.4.1-3.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2014-3778/jansson-2.6-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-3887/lighttpd-1.4.35-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-3874/perltidy-20130922-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-3860/imapsync-1.584-2.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-3915/squid-3.3.12-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-3818/udisks-1.0.4-13.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4112/tigervnc-1.3.0-14.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4106/thunderbird-24.4.0-1.fc20,firefox-28.0-3.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4135/k4dirstat-2.7.0-0.14.20101010git6c0a9e6.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4118/rubygem-rack-ssl-1.3.2-9.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4163/moodle-2.5.5-1.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 128 https://admin.fedoraproject.org/updates/FEDORA-2013-21163/libproxy-0.4.11-8.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-3884/libosinfo-0.2.9-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-4019/lcms2-2.6-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-3999/dnf-0.4.18-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-4021/gnome-shell-3.10.4-2.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-4052/fftw-3.3.4-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-4064/audit-2.3.5-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-4085/libevdev-0.6-4.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4115/pango-1.36.1-3.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4112/tigervnc-1.3.0-14.fc20 The following builds have been pushed to Fedora 20 updates-testing MySQL-zrm-3.0-2.fc20 am-utils-6.1.5-30.fc20 armadillo-4.100.2-1.fc20 boinc-client-7.2.42-1.gitdd0d630.fc20 docker-registry-0.6.6-1.fc20 firefox-28.0-3.fc20 gdal-1.10.1-2.fc20 gettext-commons-0.9.6-10.fc20 gimagereader-2.92-1.fc20 gnonlin-1.2.0-1.fc20 gstreamer1-plugins-good-1.2.3-2.fc20 guile-2.0.10-1.fc20 httpress-1.1.0-1.fc20 java-1.8.0-openjdk-1.8.0.0-0.34.b132.fc20 jlatexmath-1.0.3-1.fc20 jna-4.1.0-4.fc20 k4dirstat-2.7.0-0.14.20101010git6c0a9e6.fc20 kakasi-2.3.6-1.fc20 libkgapi-2.1.0-1.fc20 libykneomgr-0.0.2-3.fc20 mate-document-viewer-1.6.2-2.fc20 mirall-1.5.3-2.fc20 mlpack-1.0.8-2.fc20 moodle-2.5.5-1.fc20 openscap-1.0.7-1.fc20 pango-1.36.1-3.fc20 parboiled-1.1.6-2.fc20 pcp-3.9.1-1.fc20 perl-Exporter-Tiny-0.036-2.fc20 perl-GDGraph-1.48-1.fc20 perl-Import-Into-1.002001-1.fc20 perl-Set-Tiny-0.01-1.fc20 perl-Test-API-0.004-2.fc20 perl-Test-Deep-0.112-1.fc20 php-pecl-redis-2.2.5-1.fc20 postgresql-9.3.4-1.fc20 python-behave-1.2.3-11.fc20 python-bugzilla2fedmsg-0.1.3-1.fc20 python-pyramid-mako-1.0a2-2.fc20 qemu-1.6.2-1.fc20 qtkeychain-0.3.0-1.fc20 quiterss-0.15.2-1.fc20 rubygem-kramdown-1.3.3-1.fc20 rubygem-rack-ssl-1.3.2-9.fc20 spamassassin-3.4.0-3.fc20 telepathy-gabble-0.18.2-1.fc20 thunderbird-24.4.0-1.fc20 tigervnc-1.3.0-14.fc20 xsane-0.999-10.fc20 xtv-1.0-2.fc20 Details about builds: ================================================================================ MySQL-zrm-3.0-2.fc20 (FEDORA-2014-4108) MySQL backup manager -------------------------------------------------------------------------------- Update Information: - Update to 3.0 - Abort if out of space on restore Update to 2.2.0: - Add mail-policy option - Add windows-backup/restore-port options - Add exclude-pattern option -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 19 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.0-2 - Abort if out of space on restore * Tue Mar 18 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.0-1 - Update to 3.0 -------------------------------------------------------------------------------- ================================================================================ am-utils-6.1.5-30.fc20 (FEDORA-2014-4162) Automount utilities including an updated version of Amd -------------------------------------------------------------------------------- Update Information: - make am-utils work with autofs (since NFSv2 client is disabled) and add misc bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 20 2014 Ian Kent <ikent@xxxxxxxxxx> - 5:6.1.5-30 - bz1074376 - am-utils will no longer start due to missing NFSv2 - dont background autofs umount. - check fh on umount succeeded. - handle ENOENT umount return for autofs mounts. - fix get_nfs_version() message. - fix debug log deadlock. - linux umount wait on ebusy. - make sure to remove nodes in the proper order when going down. - fix handle failed umount on exit. - fix autofs proto version define. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1074376 - am-utils will no longer start due to missing NFSv2 https://bugzilla.redhat.com/show_bug.cgi?id=1074376 -------------------------------------------------------------------------------- ================================================================================ armadillo-4.100.2-1.fc20 (FEDORA-2014-4125) Fast C++ matrix library with interfaces to LAPACK and ATLAS -------------------------------------------------------------------------------- Update Information: Update armadillo to the latest stable version. It has new features, like a better support for sparse matrices. For further details about the improvements in this version see the news section in the website regarding versions 4.000, 4.000.4, 4.100 and 4.100.2. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 14 2014 José Matos <jamatos@xxxxxxxxxxxxxxxxx> - 4.100.2-1 - update to 4.100.2 * Sun Mar 2 2014 José Matos <jamatos@xxxxxxxxxxxxxxxxx> - 4.100.0-1 - update to 4.100.0 * Sat Jan 25 2014 José Matos <jamatos@xxxxxxxxxxxxxxxxx> - 4.000.2-1 - update to 4.000.2 * Fri Jan 10 2014 José Matos <jamatos@xxxxxxxxxxxxxxxxx> - 4.000.0-2 - add mex_interface to documentation (demonstration of how to connect Armadillo with MATLAB/Octave mex functions) * Thu Jan 9 2014 José Matos <jamatos@xxxxxxxxxxxxxxxxx> - 4.000.0-1 - update to 4.000.0 - dropped boost dependency and added arpack - remove reference to boost in the comments -------------------------------------------------------------------------------- ================================================================================ boinc-client-7.2.42-1.gitdd0d630.fc20 (FEDORA-2014-4174) The BOINC client core -------------------------------------------------------------------------------- Update Information: Update to 7.2.42 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 19 2014 Mattia Verga <mattia.verga@xxxxxxxxxx> - 7.2.42-1.gitdd0d630 - Upgrade to 7.2.42 -------------------------------------------------------------------------------- ================================================================================ docker-registry-0.6.6-1.fc20 (FEDORA-2014-4154) Registry server for Docker -------------------------------------------------------------------------------- Update Information: - Upstream release 0.6.6 - jinja2 fix -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 20 2014 Marek Goldmann <mgoldman@xxxxxxxxxx> - 0.6.6-1 - Upstream release 0.6.6 - docker-registry cannot import module jinja2, RHBZ#1077630 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1076483 - docker-registry-0.6.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1076483 [ 2 ] Bug #1077630 - docker-registry cannot import module jinja2 https://bugzilla.redhat.com/show_bug.cgi?id=1077630 -------------------------------------------------------------------------------- ================================================================================ firefox-28.0-3.fc20 (FEDORA-2014-4106) Mozilla Firefox Web browser -------------------------------------------------------------------------------- Update Information: New upstream version - Firefox 28.0, Thunderbird 24.4.0. It needs a new nspr-4.10.4 package, so please give karma to those updates: https://admin.fedoraproject.org/updates/FEDORA-2014-4071/nspr-4.10.4-1.fc19 https://admin.fedoraproject.org/updates/FEDORA-2014-4067/nspr-4.10.4-1.fc20 Thanks! -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 19 2014 Martin Stransky <stransky@xxxxxxxxxx> - 28.0-3 - Arm build fix * Wed Mar 19 2014 Martin Stransky <stransky@xxxxxxxxxx> - 28.0-2 - NSS version up, disable arm for now * Tue Mar 18 2014 Martin Stransky <stransky@xxxxxxxxxx> - 28.0-1 - Update to 28.0 * Thu Mar 6 2014 Martin Stransky <stransky@xxxxxxxxxx> - 27.0.1-2 - Removed needless build patch -------------------------------------------------------------------------------- ================================================================================ gdal-1.10.1-2.fc20 (FEDORA-2014-4125) GIS file format library -------------------------------------------------------------------------------- Update Information: Update armadillo to the latest stable version. It has new features, like a better support for sparse matrices. For further details about the improvements in this version see the news section in the website regarding versions 4.000, 4.000.4, 4.100 and 4.100.2. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 15 2014 Volker Fröhlich <volker27@xxxxxx> - 1.10.1-2 - Rebuild for Armadillo 4 -------------------------------------------------------------------------------- ================================================================================ gettext-commons-0.9.6-10.fc20 (FEDORA-2014-4144) Java internationalization (i18n) library -------------------------------------------------------------------------------- Update Information: Fixed bugs #1022100,#1068087 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 20 2014 Anish Patil <apatil@xxxxxxxxxx> - 0.9.6-10 - Fixed bugs #1022100,#1068087 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1022100 - gettext-commons: remove versioned jars from %{_javadir} https://bugzilla.redhat.com/show_bug.cgi?id=1022100 [ 2 ] Bug #1068087 - gettext-commons: Switch to java-headless (build)requires https://bugzilla.redhat.com/show_bug.cgi?id=1068087 -------------------------------------------------------------------------------- ================================================================================ gimagereader-2.92-1.fc20 (FEDORA-2014-4126) OCR application -------------------------------------------------------------------------------- Update Information: Update to release 2.92, see https://github.com/manisandro/gImageReader/blob/master/NEWS for details. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 19 2014 Sandro Mani <manisandro@xxxxxxxxx> - 2.92-1 - Update to 2.92 -------------------------------------------------------------------------------- ================================================================================ gnonlin-1.2.0-1.fc20 (FEDORA-2014-4153) GStreamer extension library for non-linear editing -------------------------------------------------------------------------------- Update Information: Latest upstream. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 19 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 1.2.0-1 - 1.2.0. -------------------------------------------------------------------------------- ================================================================================ gstreamer1-plugins-good-1.2.3-2.fc20 (FEDORA-2014-4113) GStreamer plugins with good code and licensing -------------------------------------------------------------------------------- Update Information: Rebuild for libvpx ABI break. See #1068664 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 13 2014 Wim Taymans <wtaymans@xxxxxxxxxx> - 1.2.3-2 - Rebuild for libvpx ABI break. See #1068664 - fix doc build -------------------------------------------------------------------------------- References: [ 1 ] Bug #1068664 - Upgrading libvpx from 1.2.0 to 1.3.0 causes buffer overflow in "vp8enc" GStreamer 0.10 element https://bugzilla.redhat.com/show_bug.cgi?id=1068664 -------------------------------------------------------------------------------- ================================================================================ guile-2.0.10-1.fc20 (FEDORA-2014-4114) A GNU implementation of Scheme for application extensibility -------------------------------------------------------------------------------- Update Information: This is update to the latest upstream stable release. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 19 2014 Miroslav Lichvar <mlichvar@xxxxxxxxxx> - 5:2.0.10-1 - update to 2.0.10 - update slibcat building for slib 3b4 - disable auto-compilation when building slibcat -------------------------------------------------------------------------------- References: [ 1 ] Bug #1076513 - [abrt] gnucash: vm_error_stack_overflow(): gnucash killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1076513 -------------------------------------------------------------------------------- ================================================================================ httpress-1.1.0-1.fc20 (FEDORA-2014-4124) HTTP stress & benchmark utility -------------------------------------------------------------------------------- Update Information: Initial version of the 1.1.0 version of the package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1062282 - Review Request: httpress - HTTP stress & benchmark utility https://bugzilla.redhat.com/show_bug.cgi?id=1062282 -------------------------------------------------------------------------------- ================================================================================ java-1.8.0-openjdk-1.8.0.0-0.34.b132.fc20 (FEDORA-2014-4111) OpenJDK Runtime Environment -------------------------------------------------------------------------------- Update Information: This OpenJDK package corresponds to the official Java 8 release. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 11 2014 Omair Majid <omajid@xxxxxxxxxx> - 1:1.8.0.0-0.34.b132 - Include jdeps and jjs for aarch64. These are present in b128. * Mon Mar 10 2014 Omair Majid <omajid@xxxxxxxxxx> - 1:1.8.0.0-0.33.b132 - Update aarch64 tarball to the latest upstream release * Fri Mar 7 2014 Omair Majid <omajid@xxxxxxxxxx> - 1:1.8.0.0-0.32.b132 - Fix `java -version` output * Fri Mar 7 2014 Jiri Vanek <jvanek@xxxxxxxxxx> - 1:1.8.0.0-0.31.b132 - updated to rc4 aarch64 tarball - outdated removed: patch2031 system-lcmsAARCH64.patch patch2011 system-libjpeg-aarch64.patch patch2021 system-libpng-aarch64.patch * Thu Mar 6 2014 Omair Majid <omajid@xxxxxxxxxx> - 1:1.8.0.0-0.30.b132 - Update to b132 * Thu Mar 6 2014 Omair Majid <omajid@xxxxxxxxxx> - 1:1.8.0.0-0.29.b129 - Fix typo in STRIP_POLICY * Mon Mar 3 2014 Omair Majid <omajid@xxxxxxxxxx> - 1:1.8.0.0-0.28.b129 - Remove redundant debuginfo files - Generate complete debug information for libjvm * Tue Feb 25 2014 Omair Majid <omajid@xxxxxxxxxx> - 1:1.8.0.0-0.27.b129 - Fix non-headless libraries * Tue Feb 25 2014 Jiri Vanek <jvanek@xxxxxxxxxx> - 1:1.8.0.0-0.26.b129 - Fix incorrect Requires * Thu Feb 13 2014 Omair Majid <omajid@xxxxxxxxxx> - 1:1.8.0.0-0.26.b129 - Add -headless subpackage based on java-1.7.0-openjdk - Add abrt connector support - Add -accessibility subpackage * Thu Feb 13 2014 Omair Majid <omajid@xxxxxxxxxx> - 1:1.8.0.0-0.26.b129 - Update to b129. -------------------------------------------------------------------------------- ================================================================================ jlatexmath-1.0.3-1.fc20 (FEDORA-2014-4141) Java API to display mathematical formulas written in LaTeX -------------------------------------------------------------------------------- Update Information: Update version to 1.0.3 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 19 2014 Clément David <c.david86@xxxxxxxxx> - 1.0.3-1 - Update version to 1.0.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1063745 - jlatexmath-1.0.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1063745 -------------------------------------------------------------------------------- ================================================================================ jna-4.1.0-4.fc20 (FEDORA-2014-4178) Pure Java access to native libraries -------------------------------------------------------------------------------- Update Information: update to 4.1.0 -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 10 2014 Roland Grunberg <rgrunber@xxxxxxxxxx> - 4.0.0-4 - fix updated depmap * Fri Jan 10 2014 Roland Grunberg <rgrunber@xxxxxxxxxx> - 4.0.0-3 - Update depmap calls and fix tests compilation issue. * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.0.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Sat Jul 6 2013 Levente Farkas <lfarkas@xxxxxxxxxxx> - 4.0-1 - Update to 4.0 -------------------------------------------------------------------------------- ================================================================================ k4dirstat-2.7.0-0.14.20101010git6c0a9e6.fc20 (FEDORA-2014-4135) Graphical Directory Statistics for Used Disk Space -------------------------------------------------------------------------------- Update Information: Fix CVE-2014-2527 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 20 2014 Dmitrij S. Kryzhevich <krege@xxxxxxx> - 2.7.0-0.14.20101010git6c0a9e6 - kdebase-devel turn into kde-baseapps-devel (BR). * Thu Mar 20 2014 Dmitrij S. Kryzhevich <krege@xxxxxxx> - 2.7.0-0.13.20101010git6c0a9e6 - Add (now) mandatory cmake BuildRequires. * Wed Mar 19 2014 Dmitrij S. Kryzhevich <krege@xxxxxxx> - 2.7.0-0.12.20101010git6c0a9e6 - Fix bogus date (Tue Dec 16 2010 -> Thu Dec 16 2010). * Wed Mar 19 2014 Dmitrij S. Kryzhevich <krege@xxxxxxx> - 2.7.0-0.11.20101010git6c0a9e6 - Fix CVE-2014-2527. - Delete defatr entry in files section. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1077059 - CVE-2014-2527 CVE-2014-2528 kdirstat: insufficient quote escaping leading to arbitrary command execution https://bugzilla.redhat.com/show_bug.cgi?id=1077059 -------------------------------------------------------------------------------- ================================================================================ kakasi-2.3.6-1.fc20 (FEDORA-2014-4170) A Japanese character set conversion filter -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 19 2014 Akira TAGOH <tagoh@xxxxxxxxxx> - 2.3.6-1 - New upstream release. (#1077558) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1077558 - kakasi-2.3.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1077558 -------------------------------------------------------------------------------- ================================================================================ libkgapi-2.1.0-1.fc20 (FEDORA-2014-4145) Library to access to Google services -------------------------------------------------------------------------------- Update Information: New stable release of LibKGAPI. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 19 2014 Dan Vrátil <dvratil@xxxxxxxxxx> - 2.1.0-1 - 2.1.0 -------------------------------------------------------------------------------- ================================================================================ libykneomgr-0.0.2-3.fc20 (FEDORA-2014-4157) YubiKey NEO Manager C Library -------------------------------------------------------------------------------- Update Information: Initial package of libykneomgr -------------------------------------------------------------------------------- ================================================================================ mate-document-viewer-1.6.2-2.fc20 (FEDORA-2014-4148) Document viewer -------------------------------------------------------------------------------- Update Information: - djvu: Fix case sensitive search -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 19 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.2-2 - fix rhbz (#999912) -------------------------------------------------------------------------------- References: [ 1 ] Bug #999912 - MATE document viewer (Atril): case-sensitive search impossible, DjVu search broken https://bugzilla.redhat.com/show_bug.cgi?id=999912 -------------------------------------------------------------------------------- ================================================================================ mirall-1.5.3-2.fc20 (FEDORA-2014-3985) The ownCloud Client -------------------------------------------------------------------------------- Update Information: Update to latest upstream version -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 19 2014 Joseph Marrero <jmarrero@xxxxxxxxxxxxxxxxx> - 1.5.3-2 - Updated Obsoletes for each subpackage * Sun Mar 16 2014 Joseph Marrero <jmarrero@xxxxxxxxxxxxxxxxx> - 1.5.3-1 - Update to latest Upstream version - Merge owncloud-csync and mirall as upstream has done -------------------------------------------------------------------------------- References: [ 1 ] Bug #1077803 - [abrt] mirall: QString::free(): owncloud killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1077803 -------------------------------------------------------------------------------- ================================================================================ mlpack-1.0.8-2.fc20 (FEDORA-2014-4125) Scalable, fast C++ machine learning library -------------------------------------------------------------------------------- Update Information: Update armadillo to the latest stable version. It has new features, like a better support for sparse matrices. For further details about the improvements in this version see the news section in the website regarding versions 4.000, 4.000.4, 4.100 and 4.100.2. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 19 2014 José Matos <jamatos@xxxxxxxxxxxxxxxxx> - 1.0.8-2 - Rebuild for Armadillo 4.1 on Fedora 19, 20 and rawhide. -------------------------------------------------------------------------------- ================================================================================ moodle-2.5.5-1.fc20 (FEDORA-2014-4163) A Course Management System -------------------------------------------------------------------------------- Update Information: Fixes for CVE-2014-0122, CVE-2014-0123, CVE-2014-0124, CVE-2014-0125, CVE-2014-0126, CVE-2014-0127, CVE-2014-0129. http://docs.moodle.org/dev/Moodle_2.6.2_release_notes http://docs.moodle.org/dev/Moodle_2.5.5_release_notes http://docs.moodle.org/dev/Moodle_2.4.9_release_notes -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 19 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 2.5.5-1 - Fix for CVE-2014-0122, CVE-2014-0123, CVE-2014-0124, - CVE-2014-0125, CVE-2014-0126, CVE-2014-0127, CVE-2014-0129 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1077823 - CVE-2014-0129 CVE-2014-0127 CVE-2014-0126 CVE-2014-0125 CVE-2014-0124 CVE-2014-0123 CVE-2014-0122 moodle: upstream 2.6.2, 2.5.5, and 2.4.9 fixes [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1077823 [ 2 ] Bug #1077824 - CVE-2014-0129 CVE-2014-0127 CVE-2014-0126 CVE-2014-0125 CVE-2014-0124 CVE-2014-0123 CVE-2014-0122 moodle: upstream 2.6.2, 2.5.5, and 2.4.9 fixes [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1077824 -------------------------------------------------------------------------------- ================================================================================ openscap-1.0.7-1.fc20 (FEDORA-2014-4130) Set of open source libraries enabling integration of the SCAP line of standards -------------------------------------------------------------------------------- Update Information: upgrade upgrade upgrade -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 20 2014 Šimon Lukašík <slukasik@xxxxxxxxxx> - 1.0.7-1 - upgrade * Wed Mar 19 2014 Šimon Lukašík <slukasik@xxxxxxxxxx> - 1.0.6-1 - upgrade * Fri Mar 14 2014 Šimon Lukašík <slukasik@xxxxxxxxxx> - 1.0.5-1 - upgrade -------------------------------------------------------------------------------- ================================================================================ pango-1.36.1-3.fc20 (FEDORA-2014-4115) System for layout and rendering of internationalized text -------------------------------------------------------------------------------- Update Information: Fix a crash in pango_ot_info_get() -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 20 2014 Akira TAGOH <tagoh@xxxxxxxxxx> - 1.36.1-3 - Backport a patch to fix a crash in pango_ot_info_get() (#1053798) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1053798 - [abrt] gimp: pango_ot_info_get(): gimp-2.8 killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1053798 -------------------------------------------------------------------------------- ================================================================================ parboiled-1.1.6-2.fc20 (FEDORA-2014-4166) Java/Scala library providing parsing of input text based on PEGs -------------------------------------------------------------------------------- Update Information: add scala support -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 20 2014 gil cattaneo <puntogil@xxxxxxxxx> 1.1.6-2 - add scala support * Tue Nov 26 2013 gil cattaneo <puntogil@xxxxxxxxx> 1.1.6-1 - update to 1.1.6 rhbz#1034875 -------------------------------------------------------------------------------- ================================================================================ pcp-3.9.1-1.fc20 (FEDORA-2014-4172) System-level performance monitoring and performance management -------------------------------------------------------------------------------- Update Information: New upstream feature release. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 19 2014 Nathan Scott <nathans@xxxxxxxxxx> - 3.9.1-1 - Update to latest PCP sources. -------------------------------------------------------------------------------- ================================================================================ perl-Exporter-Tiny-0.036-2.fc20 (FEDORA-2014-4164) An exporter with the features of Sub::Exporter but only core dependencies -------------------------------------------------------------------------------- Update Information: This is the first Fedora/EPEL release of perl-Exporter-Tiny. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1077295 - Review Request: perl-Exporter-Tiny - An exporter with the features of Sub::Exporter but only core dependencies https://bugzilla.redhat.com/show_bug.cgi?id=1077295 -------------------------------------------------------------------------------- ================================================================================ perl-GDGraph-1.48-1.fc20 (FEDORA-2014-4116) Graph generation package for Perl -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 18 2014 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 1:1.48-1 - Upstream update. - Reflect Source0: having changed. - Modernize spec. - Fix bogus %changelog entry. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1078010 - perl-GDGraph is outdated https://bugzilla.redhat.com/show_bug.cgi?id=1078010 -------------------------------------------------------------------------------- ================================================================================ perl-Import-Into-1.002001-1.fc20 (FEDORA-2014-4175) Import packages into other packages -------------------------------------------------------------------------------- Update Information: This update provides additional functionality required by some other modules, such as Test::Modern. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 12 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 1.002001-1 - Update to 1.002001 - Allow specifying by caller level, as well as specifying file, line, and version - Fix tests and Makefile.PL to support perl 5.6 - This release by HAARG -> update source URL - Specify all dependencies - Make %files list more explicit -------------------------------------------------------------------------------- ================================================================================ perl-Set-Tiny-0.01-1.fc20 (FEDORA-2014-4123) Simple sets of strings -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1078074 - Review Request: perl-Set-Tiny - Simple sets of strings https://bugzilla.redhat.com/show_bug.cgi?id=1078074 -------------------------------------------------------------------------------- ================================================================================ perl-Test-API-0.004-2.fc20 (FEDORA-2014-4149) Test a list of subroutines provided by a module -------------------------------------------------------------------------------- Update Information: This is the first Fedora/EPEL release of perl-Test-API. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1077192 - Review Request: perl-Test-API - Test a list of subroutines provided by a module https://bugzilla.redhat.com/show_bug.cgi?id=1077192 -------------------------------------------------------------------------------- ================================================================================ perl-Test-Deep-0.112-1.fc20 (FEDORA-2014-4143) Extremely flexible deep comparison -------------------------------------------------------------------------------- Update Information: This update provides additional functionality, as required by some modules such as Test::Modern. There are also some documentation fixes. -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 30 2013 Paul Howarth <paul@xxxxxxxxxxxx> - 0.112-1 - Update to 0.112 - When printing diagnostics, differentiate the type of a blessed object from the name of the class itself (CPAN RT#78288) - Typo fixes - Fixes to clarity and accuracy of documentation - Add metadata links to repo and issue tracker - Added obj_isa for testing ->isa without falling back to ref($x) - Added the *experimental* ":v1" export group to skip importing Isa, isa, and blessed -------------------------------------------------------------------------------- ================================================================================ php-pecl-redis-2.2.5-1.fc20 (FEDORA-2014-4147) Extension for communicating with the Redis key-value store -------------------------------------------------------------------------------- Update Information: Upstream release notes, phpredis 2.2.5: This is a minor release with several bug fixes as well as additions to support new commands that have been introduced to Redis since our last release. A special thanks to everyone who helps the project by commenting on issues and submitting pull requests! * [NEW] Support for the BITPOS command * [NEW] Connection timeout option for RedisArray (@MikeToString) * [NEW] A _serialize method, to complement our existing _unserialize method * [NEW] Support for the PUBSUB command * [NEW] Support for SCAN, SSCAN, HSCAN, and ZSCAN * [NEW] Support for the WAIT command * [FIX] Handle the COPY and REPLACE arguments for the MIGRATE command * [DOC] Fix syntax error in documentation for the SET command (@mithunsatheesh) * [DOC] Homebrew documentation instructions (@mathias) -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 19 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.2.5-1 - Update to 2.2.5 * Thu Mar 13 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.2.4-2 - cleanups - move doc in pecl_docdir - run upstream tests only with --with tests option -------------------------------------------------------------------------------- ================================================================================ postgresql-9.3.4-1.fc20 (FEDORA-2014-4140) PostgreSQL client programs -------------------------------------------------------------------------------- Update Information: update to 9.3.4 minor version per release notes: -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 20 2014 Jozef Mlich <jmlich@xxxxxxxxxx> - 9.3.4-1 - update to 9.3.4 minor version per release notes: http://www.postgresql.org/docs/9.3/static/release-9-3-4.html -------------------------------------------------------------------------------- ================================================================================ python-behave-1.2.3-11.fc20 (FEDORA-2014-4156) Tools for the behavior-driven development, Python style -------------------------------------------------------------------------------- Update Information: Another fix for RHBZ# 1067388 by Vadim Rutkovsky Add two patches provided by Vadim Rutkovsky (fix #1058371 and #1067388) -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 19 2014 Matěj Cepl <mcepl@xxxxxxxxxx> - 1.2.3-11 - Another fix for RHBZ# 1067388 by Vadim Rutkovsky -------------------------------------------------------------------------------- References: [ 1 ] Bug #1067388 - Python-behave crashes when html report is created with invalid chars are present in error message https://bugzilla.redhat.com/show_bug.cgi?id=1067388 [ 2 ] Bug #1058371 - RFE: Support embedding of videos and custom captions https://bugzilla.redhat.com/show_bug.cgi?id=1058371 -------------------------------------------------------------------------------- ================================================================================ python-bugzilla2fedmsg-0.1.3-1.fc20 (FEDORA-2014-4122) Consume BZ messages over STOMP and republish to fedmsg -------------------------------------------------------------------------------- Update Information: New package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1078946 - Review Request: python-bugzilla2fedmsg - Consume BZ messages over STOMP and republish to fedmsg https://bugzilla.redhat.com/show_bug.cgi?id=1078946 -------------------------------------------------------------------------------- ================================================================================ python-pyramid-mako-1.0a2-2.fc20 (FEDORA-2014-4107) Mako template bindings for the Pyramid web framework -------------------------------------------------------------------------------- Update Information: New package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1078315 - Review Request: python-pyramid-mako - Mako template bindings for the Pyramid web framework https://bugzilla.redhat.com/show_bug.cgi?id=1078315 -------------------------------------------------------------------------------- ================================================================================ qemu-1.6.2-1.fc20 (FEDORA-2014-4134) QEMU is a FAST! processor emulator -------------------------------------------------------------------------------- Update Information: * Fix bogus libcacard dep on gluster (bz #987441) * Fix mouse with -display gtk -vga qxl (bz #1051724) * Change gtk quit accelerator to ctrl+shift+q (bz #1062393) * Fix crash during virtio-scsi hotplug (bz #1051611) -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 19 2014 Cole Robinson <crobinso@xxxxxxxxxx> - 2:1.6.2-1 - Fix bogus libcacard dep on gluster (bz #987441) - Fix mouse with -display gtk -vga qxl (bz #1051724) - Change gtk quit accelerator to ctrl+shift+q (bz #1062393) - Fix crash during virtio-scsi hotplug (bz #1051611) -------------------------------------------------------------------------------- References: [ 1 ] Bug #987441 - libcacard has bogus dependency on glusterfs https://bugzilla.redhat.com/show_bug.cgi?id=987441 [ 2 ] Bug #1051724 - "qemu-kvm -vga qxl" pushes mouse pointer to top/left outside of qemu console window https://bugzilla.redhat.com/show_bug.cgi?id=1051724 [ 3 ] Bug #1062393 - switch to new default gtk gui brings hypersensitivity to ^Q => quit https://bugzilla.redhat.com/show_bug.cgi?id=1062393 [ 4 ] Bug #1051611 - [abrt] qemu-system-x86: virtio_scsi_push_event(): qemu-system-x86_64 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1051611 -------------------------------------------------------------------------------- ================================================================================ qtkeychain-0.3.0-1.fc20 (FEDORA-2014-3985) A password store library -------------------------------------------------------------------------------- Update Information: Update to latest upstream version -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 16 2014 <jmarrero@xxxxxxxxxxxxxxxxx> 0.3.0-1 - Update to latest upstream version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1077803 - [abrt] mirall: QString::free(): owncloud killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1077803 -------------------------------------------------------------------------------- ================================================================================ quiterss-0.15.2-1.fc20 (FEDORA-2014-4155) RSS/Atom aggregator -------------------------------------------------------------------------------- Update Information: Version bump -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 20 2014 TI_Eugene <ti.eugene@xxxxxxxxx> - 0.15.2-1 - Version bump -------------------------------------------------------------------------------- ================================================================================ rubygem-kramdown-1.3.3-1.fc20 (FEDORA-2014-4181) Fast, pure-Ruby Markdown-superset converter -------------------------------------------------------------------------------- Update Information: New version 1.3.3 is relesed. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 19 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.3.3-1 - 1.3.3 -------------------------------------------------------------------------------- ================================================================================ rubygem-rack-ssl-1.3.2-9.fc20 (FEDORA-2014-4118) Force SSL/TLS in your app -------------------------------------------------------------------------------- Update Information: Handle bad URIs gracefully (CVE-2014-2538). -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 20 2014 Vít Ondruch <vondruch@xxxxxxxxxx> - 1.3.2-9 - Handle bad URIs gracefully (CVE-2014-2538). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1078612 - CVE-2014-2538 rubygem rack-ssl: URL error display XSS https://bugzilla.redhat.com/show_bug.cgi?id=1078612 -------------------------------------------------------------------------------- ================================================================================ spamassassin-3.4.0-3.fc20 (FEDORA-2014-4171) Spam filter for email which can be invoked from mail delivery agents -------------------------------------------------------------------------------- Update Information: Update to 3.4.0 upstream release with more rules and checks. Also fixes various bugs. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 19 2014 Kevin Fenzi <kevin@xxxxxxxxx> 3.4.0-3 - Cleaned up spec, added conditionals to build on el again. * Sun Feb 16 2014 Kevin Fenzi <kevin@xxxxxxxxx> 3.4.0-2 - Simplify systemd unit file. Thanks misc. Fixes bug #1065762 * Tue Feb 11 2014 Kevin Fenzi <kevin@xxxxxxxxx> 3.4.0-1 - Update to 3.4.0 * Sun Feb 2 2014 Kevin Fenzi <kevin@xxxxxxxxx> 3.3.2-19 - Use pgrep -f for full command line. Fixes bug #1057926 - Patch to use gnupg2 instead of gnupg1. Fixes bug #1055593 - Use pgrep for spampd as well. Fixes bug #1058976 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1055593 - Installing spamassassin breaks gnome-keyring PGP integration due to dependency on old gnupg https://bugzilla.redhat.com/show_bug.cgi?id=1055593 [ 2 ] Bug #1058976 - Adjust /usr/share/spamassassin/sa-update.cron to changes in spampd https://bugzilla.redhat.com/show_bug.cgi?id=1058976 [ 3 ] Bug #1057926 - sa-update does not run with amavisd https://bugzilla.redhat.com/show_bug.cgi?id=1057926 -------------------------------------------------------------------------------- ================================================================================ telepathy-gabble-0.18.2-1.fc20 (FEDORA-2014-4158) A Jabber/XMPP connection manager -------------------------------------------------------------------------------- Update Information: Update to 0.18.2. Changes include: * don't try to cancel a source ID twice, which issues a critical warning in GLib 2.39 * fix failure to build with recent (Markdown-based) gtk-doc * plugin loader: don't crash if g_dir_open() fails twice. * fix a crash in 1-1 Tubes on 64-bit machines * fix enum cast warnings under clang * add a regression test for fd.o #68829 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 20 2014 Brian Pepple <bpepple@xxxxxxxxxxxxxxxxx> - 0.18.2-1 - Update to 0.18.2. * Tue Nov 5 2013 Debarshi Ray <rishi@xxxxxxxxxxxxxxxxx> - 0.18.1-2 - Explicitly state python in the shebang -------------------------------------------------------------------------------- ================================================================================ thunderbird-24.4.0-1.fc20 (FEDORA-2014-4106) Mozilla Thunderbird mail/newsgroup client -------------------------------------------------------------------------------- Update Information: New upstream version - Firefox 28.0, Thunderbird 24.4.0. It needs a new nspr-4.10.4 package, so please give karma to those updates: https://admin.fedoraproject.org/updates/FEDORA-2014-4071/nspr-4.10.4-1.fc19 https://admin.fedoraproject.org/updates/FEDORA-2014-4067/nspr-4.10.4-1.fc20 Thanks! -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 18 2014 Jan Horak <jhorak@xxxxxxxxxx> - 24.4.0-1 - Update to 24.4.0 -------------------------------------------------------------------------------- ================================================================================ tigervnc-1.3.0-14.fc20 (FEDORA-2014-4112) A TigerVNC remote display system -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2014-0011, a ZRLE decoding heap-based buffer overflow in vncviewer. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 19 2014 Tim Waugh <twaugh@xxxxxxxxxx> 1.3.0-14 - Fixed heap-based buffer overflow (CVE-2014-0011, bug #1050928). * Mon Feb 10 2014 Tim Waugh <twaugh@xxxxxxxxxx> 1.3.0-13 - Clearer xstartup file (bug #923655). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1050928 - CVE-2014-0011 tigervnc: ZRLE decoding heap-based buffer overflow in vncviewer https://bugzilla.redhat.com/show_bug.cgi?id=1050928 -------------------------------------------------------------------------------- ================================================================================ xsane-0.999-10.fc20 (FEDORA-2014-4128) X Window System front-end for the SANE scanner interface -------------------------------------------------------------------------------- Update Information: This update fixes a crash that could occur when receiving signals in short succession. Additionally, it fixes issues found during source code analysis. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 19 2014 Nils Philippsen <nils@xxxxxxxxxx> - 0.999-10 - fix signal handling (#1073698) - fix issues found during static analysis that don't require far-reaching refactoring -------------------------------------------------------------------------------- References: [ 1 ] Bug #1073698 - [abrt] xsane: sane_dll_close(): xsane killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1073698 -------------------------------------------------------------------------------- ================================================================================ xtv-1.0-2.fc20 (FEDORA-2014-4167) A file manager for the Linux console/xterm -------------------------------------------------------------------------------- Update Information: Added Properties dialog box -------------------------------------------------------------------------------- References: [ 1 ] Bug #1052040 - Review Request: xtv - A file manager for the Linux console/xterm https://bugzilla.redhat.com/show_bug.cgi?id=1052040 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
