The following Fedora 20 Security updates need testing: Age URL 90 https://admin.fedoraproject.org/updates/FEDORA-2013-24018/varnish-3.0.5-1.fc20 71 https://admin.fedoraproject.org/updates/FEDORA-2014-0792/libinfinity-0.5.5-1.fc20 37 https://admin.fedoraproject.org/updates/FEDORA-2014-2693/openstack-glance-2013.2.2-1.fc20 36 https://admin.fedoraproject.org/updates/FEDORA-2014-2751/zabbix-2.0.11-2.fc20 34 https://admin.fedoraproject.org/updates/FEDORA-2014-2875/oath-toolkit-2.4.1-3.fc20 12 https://admin.fedoraproject.org/updates/FEDORA-2014-3915/squid-3.3.12-1.fc20 12 https://admin.fedoraproject.org/updates/FEDORA-2014-3818/udisks-1.0.4-13.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-4135/k4dirstat-2.7.0-0.14.20101010git6c0a9e6.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-4118/rubygem-rack-ssl-1.3.2-9.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-4163/moodle-2.5.5-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-4338/seamonkey-2.25-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-4351/check-mk-1.2.4-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4458/xen-4.3.2-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4455/perl-Authen-Captcha-1.024-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4437/munin-2.0.19-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4436/curl-7.32.0-8.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4443/xalan-j2-2.7.1-22.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4440/libyaml-0.1.6-1.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 135 https://admin.fedoraproject.org/updates/FEDORA-2013-21163/libproxy-0.4.11-8.fc20 12 https://admin.fedoraproject.org/updates/FEDORA-2014-3884/libosinfo-0.2.9-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4436/curl-7.32.0-8.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4432/livecd-tools-20.5-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4429/xorg-x11-drv-synaptics-1.7.4-4.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4376/initscripts-9.51-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4369/bluez-5.17-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4378/harfbuzz-0.9.27-1.fc20 The following builds have been pushed to Fedora 20 updates-testing curl-7.32.0-8.fc20 gupnp-tools-0.8.9-2.fc20 kexec-tools-2.0.4-26.fc20 lbzip2-2.5-1.fc20 libmikmod-3.3.6-2.fc20 libyaml-0.1.6-1.fc20 livecd-tools-20.5-1.fc20 mingw-webkitgtk-2.2.6-1.fc20 mingw-webkitgtk3-2.2.6-1.fc20 munin-2.0.19-2.fc20 open-vm-tools-9.4.0-8.fc20 ovirt-engine-cli-3.4.0.5-1.fc20 ovirt-engine-sdk-java-3.4.0.7-1.fc20 ovirt-engine-sdk-python-3.4.0.6-1.fc20 perl-Authen-Captcha-1.024-1.fc20 perl-IO-Interactive-0.0.6-1.fc20 perl-Net-Amazon-S3-0.59-2.fc20 perl-Rose-DB-Object-0.811-1.fc20 perl-Term-ProgressBar-Quiet-0.31-1.fc20 perl-Term-ProgressBar-Simple-0.03-1.fc20 python-django-1.6.2-2.fc20 python-phyghtmap-1.48-1.fc20 qaccessibilityclient-0.1.1-1.fc20 rubygem-mechanize-2.7.3-2.fc20 smokeping-2.6.9-3.fc20 speech-dispatcher-0.8-7.fc20 tzdata-2014b-1.fc20 vtk-6.0.0-10.fc20 xalan-j2-2.7.1-22.fc20 xen-4.3.2-2.fc20 xfdashboard-0.1.6-2.fc20 xorg-x11-drv-synaptics-1.7.4-4.fc20 Details about builds: ================================================================================ curl-7.32.0-8.fc20 (FEDORA-2014-4436) A utility for getting files from remote servers (FTP, HTTP, and others) -------------------------------------------------------------------------------- Update Information: fix connection re-use when using different log-in credentials (CVE-2014-0138) -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 Kamil Dudka <kdudka@xxxxxxxxxx> 7.32.0-8 - fix connection re-use when using different log-in credentials (CVE-2014-0138) * Mon Mar 17 2014 Paul Howarth <paul@xxxxxxxxxxxx> 7.32.0-7 - add all perl build requirements for the test suite, in a portable way -------------------------------------------------------------------------------- References: [ 1 ] Bug #1079148 - CVE-2014-0138 curl: wrong re-use of connections in libcurl https://bugzilla.redhat.com/show_bug.cgi?id=1079148 -------------------------------------------------------------------------------- ================================================================================ gupnp-tools-0.8.9-2.fc20 (FEDORA-2014-4428) A collection of dev tools utilising GUPnP and GTK+ -------------------------------------------------------------------------------- Update Information: Require gnome-icon-theme-legacy -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 0.8.9-1 - Require gnome-icon-theme-legacy -------------------------------------------------------------------------------- References: [ 1 ] Bug #1081213 - [abrt] gupnp-tools: _g_log_abort(): gupnp-av-cp killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1081213 -------------------------------------------------------------------------------- ================================================================================ kexec-tools-2.0.4-26.fc20 (FEDORA-2014-4430) The kexec/kdump userspace component -------------------------------------------------------------------------------- Update Information: fix issue when dump path is mounted on nfs. Warn user about save vmcore path mounted by another disk Pass disable_cpu_apicid to kexec of capture kernel add kdump-in-cluster-environment.txt to rpm pkg ssh dump: create random-seed manually makedumpfile: Improve progress information for huge memory system a few backports and script fixes -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 WANG Chao <chaowang@xxxxxxxxxx> - 2.0.4-26 - fix issue when dump path is mounted on nfs. - vmcore-dmesg: stack smashing fix - get_ssh_size fix for localized df output * Mon Mar 10 2014 WANG Chao <chaowang@xxxxxxxxxx> - 2.0.4-25 - Warn user about save vmcore path mounted by another disk - omit dracut resume module * Wed Mar 5 2014 WANG Chao <chaowang@xxxxxxxxxx> - 2.0.4-24 - Pass disable_cpu_apicid to kexec of capture kernel - Relax restriction of dumping on encrypted target - Regression fix on wdt kernel drivers install * Mon Feb 17 2014 WANG Chao <chaowang@xxxxxxxxxx> - 2.0.4-23 - add kdump-in-cluster-environment.txt to rpm pkg - Secure Boot status check warning - Some watchdog driver support * Wed Jan 29 2014 WANG Chao <chaowang@xxxxxxxxxx> - 2.0.4-22 - ssh dump: create random-seed manually - Add fence kdump support * Wed Jan 22 2014 WANG Chao <chaowang@xxxxxxxxxx> - 2.0.4-21 - makedumpfile: Improve progress information for huge memory system - s390: use nr_cpus=1 instead of maxcpus=1 * Fri Jan 17 2014 WANG Chao <chaowang@xxxxxxxxxx> - 2.0.4-20 - vmcore-dmesg: fix timestamp error in vmcore-dmesg.txt - makedumpfile: re-enable mmap() and introduce --non-mmap - kdump.conf uncomment default core_collector line - fix an issue when 'ssh' directive appearing in kdump.conf, the rest part of lines in this file are ignored -------------------------------------------------------------------------------- ================================================================================ lbzip2-2.5-1.fc20 (FEDORA-2014-4331) Fast, multi-threaded bzip2 utility -------------------------------------------------------------------------------- Update Information: This update rebases to upstream version 2.5, which fixes several bugs and adds some improvements. Full release notes are available at upstream website: http://lbzip2.org/news This release is strictly backwards-compatible with all previous releases in 2.x line. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2014 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 2.5-1 - Update to upstream version 2.5 * Wed Mar 26 2014 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 2.4-4 - Add patch for performance regression during compression * Wed Mar 26 2014 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 2.4-3 - Fix a typo in compression order block patch * Wed Mar 26 2014 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 2.4-2 - Add patch fixing block ordering during compression * Mon Mar 24 2014 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 2.4-1 - Update to upstream version 2.4 * Sun Dec 22 2013 Ville Skyttä <ville.skytta@xxxxxx> - 2.3-3 - Drop INSTALL from docs. - Fix bogus dates in %changelog. - Use bzipped source tarball. -------------------------------------------------------------------------------- ================================================================================ libmikmod-3.3.6-2.fc20 (FEDORA-2014-4447) A MOD music file player library -------------------------------------------------------------------------------- Update Information: - Add missing requires pulseaudio-libs-devel to the -devel pkg (rhbz#1081142) -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2014 Hans de Goede <hdegoede@xxxxxxxxxx> - 3.3.6-2 - Add missing requires pulseaudio-libs-devel to the -devel pkg (rhbz#1081142) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1081142 - FTBFS against libmikmod-3.3.6 (works with libmikmod-3.3.5) https://bugzilla.redhat.com/show_bug.cgi?id=1081142 -------------------------------------------------------------------------------- ================================================================================ libyaml-0.1.6-1.fc20 (FEDORA-2014-4440) YAML 1.1 parser and emitter written in C -------------------------------------------------------------------------------- Update Information: New upstream release 0.1.6, fixes CVE-2014-2525 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 John Eckersberg <jeckersb@xxxxxxxxxx> - 0.1.6-1 - New upstream release 0.1.6 (bz1081492) - Fixes CVE-2014-2525 (bz1078083) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1078083 - CVE-2014-2525 libyaml: heap-based buffer overflow when parsing URLs https://bugzilla.redhat.com/show_bug.cgi?id=1078083 -------------------------------------------------------------------------------- ================================================================================ livecd-tools-20.5-1.fc20 (FEDORA-2014-4432) Tools for building live CDs -------------------------------------------------------------------------------- Update Information: Check to make sure the kickstart exists and cleanup the README a little. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 Brian C. Lane <bcl@xxxxxxxxxx> 20.5-1 - Version 20.5 (bcl) - Cleanup paths in README (bcl) - livecd-creator: Make sure kickstart file exists (#1074295) (bcl) -------------------------------------------------------------------------------- ================================================================================ mingw-webkitgtk-2.2.6-1.fc20 (FEDORA-2014-4444) MinGW Windows web content engine library -------------------------------------------------------------------------------- Update Information: * Update to 2.2.6 * Fix use-after-free in WTF threading code (WebKit bug #130122) -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 2.2.6-1 - Update to 2.2.6 - Fix use-after-free in WTF threading code (WebKit bug #130122) -------------------------------------------------------------------------------- ================================================================================ mingw-webkitgtk3-2.2.6-1.fc20 (FEDORA-2014-4433) MinGW Windows GTK+ Web content engine library -------------------------------------------------------------------------------- Update Information: * Update to 2.2.6 * Fix use-after-free in WTF threading code (WebKit bug #130122) -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 2.2.6-1 - Update to 2.2.6 - Fix use-after-free in WTF threading code (WebKit bug #130122) -------------------------------------------------------------------------------- ================================================================================ munin-2.0.19-2.fc20 (FEDORA-2014-4437) Network-wide graphing framework (grapher/gatherer) -------------------------------------------------------------------------------- Update Information: minor bugfix release: - BZ# 1081254: Start asyncd after node - BZ# 1028075: munin-node doesn't get added to chkconfig Upstream update to 2.0.18, fixes CVE-2013-6359 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 D. Johnson <fenris02@xxxxxxxxxxxxxxxxx> - 2.0.19-2 - BZ# 1081254: Start asyncd after node - BZ# 1028075: munin-node doesn't get added to chkconfig -------------------------------------------------------------------------------- References: [ 1 ] Bug #1037888 - CVE-2013-6048 CVE-2013-6359 munin: two denial of service flaws fixed in 2.0.18 https://bugzilla.redhat.com/show_bug.cgi?id=1037888 -------------------------------------------------------------------------------- ================================================================================ open-vm-tools-9.4.0-8.fc20 (FEDORA-2014-4425) Open Virtual Machine Tools for virtual machines hosted on VMware -------------------------------------------------------------------------------- Update Information: Added missing package dependency on 'which' (BZ#1045709) -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 Ravindra Kumar <ravindrakumar@xxxxxxxxxx> - 9.4.0-8 - Add missing package dependency on 'which' (BZ#1045709) * Tue Mar 25 2014 Ravindra Kumar <ravindrakumar@xxxxxxxxxx> - 9.4.0-7 - Add -D_DEFAULT_SOURCE to suppress warning as suggested in https://sourceware.org/bugzilla/show_bug.cgi?id=16632 * Fri Mar 21 2014 Ravindra Kumar <ravindrakumar@xxxxxxxxxx> - 9.4.0-6 - Add missing package dependencies (BZ#1045709, BZ#1077320) * Tue Feb 18 2014 Igor Gnatenko <i.gnatenko.brain@xxxxxxxxx> - 9.4.0-5 - Fix FTBFS g_info redefine (RHBZ #1063847) * Fri Feb 14 2014 David Tardon <dtardon@xxxxxxxxxx> - 9.4.0-4 - rebuild for new ICU * Tue Feb 11 2014 Richard W.M. Jones <rjones@xxxxxxxxxx> - 9.4.0-3 - Only build on x86-64 for RHEL 7 (RHBZ#1054608). * Wed Dec 4 2013 Richard W.M. Jones <rjones@xxxxxxxxxx> - 9.4.0-2 - Rebuild for procps SONAME bump. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1045709 - open-vm-tools should depend on which https://bugzilla.redhat.com/show_bug.cgi?id=1045709 -------------------------------------------------------------------------------- ================================================================================ ovirt-engine-cli-3.4.0.5-1.fc20 (FEDORA-2014-4445) oVirt Engine Command Line Interface -------------------------------------------------------------------------------- Update Information: Update to upstream 3.4.0.5 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2014 Juan Hernandez <juan.hernandez@xxxxxxxxxx> - 3.4.0.5-1 - Update to upstream 3.4.0.5 in order to support version 3.4 of the oVirt project. -------------------------------------------------------------------------------- ================================================================================ ovirt-engine-sdk-java-3.4.0.7-1.fc20 (FEDORA-2014-4419) oVirt Engine Software Development Kit (Java) -------------------------------------------------------------------------------- Update Information: Update to upstream 3.4.0.7 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2014 Juan Hernandez <juan.hernandez@xxxxxxxxxx> - 3.4.0.7-1 - Update to upstream 3.4.0.7 in order to suport version 3.4 of the oVirt project. -------------------------------------------------------------------------------- ================================================================================ ovirt-engine-sdk-python-3.4.0.6-1.fc20 (FEDORA-2014-4446) oVirt Engine Software Development Kit (Python) -------------------------------------------------------------------------------- Update Information: Update to upstream version 3.4.0.6 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2014 Juan Hernandez <juan.hernandez@xxxxxxxxxx> - 3.4.0.6-1 - Update to upstream version 3.4.0.6 in order to support release 3.4 of the oVirt project. -------------------------------------------------------------------------------- ================================================================================ perl-Authen-Captcha-1.024-1.fc20 (FEDORA-2014-4455) Perl extension for creating captchas -------------------------------------------------------------------------------- Update Information: An issue in previous versions of perl-Authen-Captcha is that the generated public string (file name of the picture) for the captcha is merely a checksum of the secret string. It is trivial to break such short strings even using google instead of a rainbow table. Version 1.024 of the module fixes this. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2014 Emmanuel Seyman <emmanuel@xxxxxxxxx> - 1.024-1 - Update to 1.024 -------------------------------------------------------------------------------- ================================================================================ perl-IO-Interactive-0.0.6-1.fc20 (FEDORA-2014-4441) Utilities for interactive I/O -------------------------------------------------------------------------------- Update Information: These new perl modules provide nifty progress bar and are needed to enable an S3 client. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1081447 - Review Request: perl-IO-Interactive - Utilities for interactive I/O https://bugzilla.redhat.com/show_bug.cgi?id=1081447 [ 2 ] Bug #1081465 - Review Request: perl-Term-ProgressBar-Quiet - Provide a progress meter if run interactively https://bugzilla.redhat.com/show_bug.cgi?id=1081465 [ 3 ] Bug #1081468 - Review Request: perl-Term-ProgressBar-Simple - Simpler progress bars https://bugzilla.redhat.com/show_bug.cgi?id=1081468 [ 4 ] Bug #995748 - perl-Net-Amazon-S3-0.59-1.fc20 does not include s3cl script and manpage https://bugzilla.redhat.com/show_bug.cgi?id=995748 -------------------------------------------------------------------------------- ================================================================================ perl-Net-Amazon-S3-0.59-2.fc20 (FEDORA-2014-4441) Use the Amazon Simple Storage Service (S3) -------------------------------------------------------------------------------- Update Information: These new perl modules provide nifty progress bar and are needed to enable an S3 client. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 0.59-2 - Enable s3cl tool (bug #995748) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1081447 - Review Request: perl-IO-Interactive - Utilities for interactive I/O https://bugzilla.redhat.com/show_bug.cgi?id=1081447 [ 2 ] Bug #1081465 - Review Request: perl-Term-ProgressBar-Quiet - Provide a progress meter if run interactively https://bugzilla.redhat.com/show_bug.cgi?id=1081465 [ 3 ] Bug #1081468 - Review Request: perl-Term-ProgressBar-Simple - Simpler progress bars https://bugzilla.redhat.com/show_bug.cgi?id=1081468 [ 4 ] Bug #995748 - perl-Net-Amazon-S3-0.59-1.fc20 does not include s3cl script and manpage https://bugzilla.redhat.com/show_bug.cgi?id=995748 -------------------------------------------------------------------------------- ================================================================================ perl-Rose-DB-Object-0.811-1.fc20 (FEDORA-2014-4421) Extensible, high performance object-relational mapper (ORM) -------------------------------------------------------------------------------- Update Information: update to version 0.811 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 Bill Pemberton <wfp5p@xxxxxxxxxxxxxxx> - 0.811-1 - update to version 0.811 - fixes a bug that prevented many-to-many map records from being saved to the database -------------------------------------------------------------------------------- References: [ 1 ] Bug #1055297 - perl-Rose-DB-Object-0.811 is available https://bugzilla.redhat.com/show_bug.cgi?id=1055297 -------------------------------------------------------------------------------- ================================================================================ perl-Term-ProgressBar-Quiet-0.31-1.fc20 (FEDORA-2014-4441) Provide a progress meter if run interactively -------------------------------------------------------------------------------- Update Information: These new perl modules provide nifty progress bar and are needed to enable an S3 client. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1081447 - Review Request: perl-IO-Interactive - Utilities for interactive I/O https://bugzilla.redhat.com/show_bug.cgi?id=1081447 [ 2 ] Bug #1081465 - Review Request: perl-Term-ProgressBar-Quiet - Provide a progress meter if run interactively https://bugzilla.redhat.com/show_bug.cgi?id=1081465 [ 3 ] Bug #1081468 - Review Request: perl-Term-ProgressBar-Simple - Simpler progress bars https://bugzilla.redhat.com/show_bug.cgi?id=1081468 [ 4 ] Bug #995748 - perl-Net-Amazon-S3-0.59-1.fc20 does not include s3cl script and manpage https://bugzilla.redhat.com/show_bug.cgi?id=995748 -------------------------------------------------------------------------------- ================================================================================ perl-Term-ProgressBar-Simple-0.03-1.fc20 (FEDORA-2014-4441) Simpler progress bars -------------------------------------------------------------------------------- Update Information: These new perl modules provide nifty progress bar and are needed to enable an S3 client. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1081447 - Review Request: perl-IO-Interactive - Utilities for interactive I/O https://bugzilla.redhat.com/show_bug.cgi?id=1081447 [ 2 ] Bug #1081465 - Review Request: perl-Term-ProgressBar-Quiet - Provide a progress meter if run interactively https://bugzilla.redhat.com/show_bug.cgi?id=1081465 [ 3 ] Bug #1081468 - Review Request: perl-Term-ProgressBar-Simple - Simpler progress bars https://bugzilla.redhat.com/show_bug.cgi?id=1081468 [ 4 ] Bug #995748 - perl-Net-Amazon-S3-0.59-1.fc20 does not include s3cl script and manpage https://bugzilla.redhat.com/show_bug.cgi?id=995748 -------------------------------------------------------------------------------- ================================================================================ python-django-1.6.2-2.fc20 (FEDORA-2014-4393) A high-level Python Web framework -------------------------------------------------------------------------------- Update Information: update to 1.6.2 (rhbz#1027766) Please note, it is required to update python-django and python3-django as well in one transaction. yum update or dnf update will do that for you. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2014 Matthias Runge <mrunge@xxxxxxxxxx> - 1.6.2-2 - remove simplejson requirement - make bash-completion a sub-package, both main packages can require * Thu Feb 13 2014 Matthias Runge <mrunge@xxxxxxxxxx> - 1.6.2-1 - update to 1.6.2 (rhbz#1027766) - bash completion for python3-django-admin (rhbz#1035987) * Sun Nov 24 2013 Matěj Cepl <mcepl@xxxxxxxxxx> - 1.6-1 - update to 1.6 (rhbz#1027766) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1027766 - python-django-1.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1027766 [ 2 ] Bug #1035987 - bash_completion for python3-django-admin https://bugzilla.redhat.com/show_bug.cgi?id=1035987 [ 3 ] Bug #1073773 - FTBFS due sphinx upgrade https://bugzilla.redhat.com/show_bug.cgi?id=1073773 -------------------------------------------------------------------------------- ================================================================================ python-phyghtmap-1.48-1.fc20 (FEDORA-2014-4450) Generate OSM contour lines from NASA SRTM data -------------------------------------------------------------------------------- Update Information: This update fixes minor bugs related to index generation and missing file downloads when using viewfinder 3 arc second data. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 Volker Fröhlich <volker27@xxxxxx> - 1.48-1 - New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1080888 - python-phyghtmap-1.48 is available https://bugzilla.redhat.com/show_bug.cgi?id=1080888 -------------------------------------------------------------------------------- ================================================================================ qaccessibilityclient-0.1.1-1.fc20 (FEDORA-2014-4460) Accessibility client library for Qt -------------------------------------------------------------------------------- Update Information: New stable release to replace previous snapshot build, see also: http://lists.kde.org/?l=kde-accessibility&m=139207620411895&w=2 -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 12 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 0.1.1-1 - 1.1.1 release - support QT4_BUILD option - fix dso patch - Provides: libqaccessibilityclient(-devel) -------------------------------------------------------------------------------- ================================================================================ rubygem-mechanize-2.7.3-2.fc20 (FEDORA-2014-4457) A handy web browsing ruby object -------------------------------------------------------------------------------- Update Information: Also modify mime-type dependency on spec -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 2.7.3-2 - Also modify mime-type dependency on spec (bug 1080855) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1080855 - rubygem-mechanize requires a higher version of rubygem-mime-types than supplied https://bugzilla.redhat.com/show_bug.cgi?id=1080855 -------------------------------------------------------------------------------- ================================================================================ smokeping-2.6.9-3.fc20 (FEDORA-2014-4439) Latency Logging and Graphing System -------------------------------------------------------------------------------- Update Information: Smokeping was adding improper date header in email reports. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 Terje Rosten <terje.rosten@xxxxxxx> - 2.6.9-3 - Fix build * Wed Mar 26 2014 Terje Rosten <terje.rosten@xxxxxxx> - 2.6.9-2 - Let MTA add date header (bz #1080949) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1080949 - wrong date header with locale in alert mails https://bugzilla.redhat.com/show_bug.cgi?id=1080949 -------------------------------------------------------------------------------- ================================================================================ speech-dispatcher-0.8-7.fc20 (FEDORA-2014-4427) To provide a high-level device independent layer for speech synthesis -------------------------------------------------------------------------------- Update Information: Fix a crash in the festival module -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 0.8-7 - Rebuild * Fri Nov 1 2013 Matthias Clasen <mclasen@xxxxxxxxxx> 0.8-6 - Avoid a crash in the festival module (#995639) -------------------------------------------------------------------------------- ================================================================================ tzdata-2014b-1.fc20 (FEDORA-2014-4451) Timezone data -------------------------------------------------------------------------------- Update Information: Rebase to tzdata-2014b which includes the following update: - Crimea changes to Moscow time on March, 30, 2014. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 Patsy Franklin <pfrankli@xxxxxxxxxx> 2014b-1 - Rebase to 2014b - Crimea changes to Moscow time on March 30, 2014. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1080928 - tzdata-2014b is available https://bugzilla.redhat.com/show_bug.cgi?id=1080928 -------------------------------------------------------------------------------- ================================================================================ vtk-6.0.0-10.fc20 (FEDORA-2014-4422) The Visualization Toolkit - A high level 3D visualization library -------------------------------------------------------------------------------- Update Information: Add Requires: qtwebkit-devel and hdf5-devel to vtk-devel (bug #1080781) -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 6.0.0-10 - Add Requires: qtwebkit-devel and hdf5-devel to vtk-devel (bug #1080781) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1080781 - vtk-devel is missing dependencies on qtwebkit-devel and hdf5-devel https://bugzilla.redhat.com/show_bug.cgi?id=1080781 -------------------------------------------------------------------------------- ================================================================================ xalan-j2-2.7.1-22.fc20 (FEDORA-2014-4443) Java XSLT processor -------------------------------------------------------------------------------- Update Information: This update fixes a remote code execution security vulnerability (CVE-2014-0107). -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2014 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 0:2.7.1-22 - Add patch to fix remote code execution vulnerability - Resolves: CVE-2014-0107 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1080248 - CVE-2014-0107 Xalan-Java: insufficient constraints in secure processing feature (oCERT-2014-002) https://bugzilla.redhat.com/show_bug.cgi?id=1080248 -------------------------------------------------------------------------------- ================================================================================ xen-4.3.2-2.fc20 (FEDORA-2014-4458) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2014 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.3.2-2 - HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1075499 - CVE-2014-2599 xen: HVMOP_set_mem_access is not preemptible https://bugzilla.redhat.com/show_bug.cgi?id=1075499 -------------------------------------------------------------------------------- ================================================================================ xfdashboard-0.1.6-2.fc20 (FEDORA-2014-4453) GNOME shell like dashboard for Xfce -------------------------------------------------------------------------------- Update Information: Update to 0.1.6 containing bugfixes and new enhancements -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 23 2014 Mukundan Ragavan <nonamedotc@xxxxxxxxxxxxxxxxx> - 0.1.6-2 - Updated to 0.1.6 - Added xfdashboard.xml to files section * Sun Mar 23 2014 Mukundan Ragavan <nonamedotc@xxxxxxxxxxxxxxxxx> - 0.1.6-1 - Updated to 0.1.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1081122 - version 0.1.6 https://bugzilla.redhat.com/show_bug.cgi?id=1081122 -------------------------------------------------------------------------------- ================================================================================ xorg-x11-drv-synaptics-1.7.4-4.fc20 (FEDORA-2014-4429) Xorg X11 Synaptics touchpad input driver -------------------------------------------------------------------------------- Update Information: Backport patches to support the T440 series laptops and generally improve clickpad behaviour Fix stuck touch points when receiving SYN_DROPPED events (#877464) Unset ClickPad for Cypress touchpads, they do everything in firmware and we get flaky button events if we try to enable software buttons on top of that. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 27 2014 Peter Hutterer <peter.hutterer@xxxxxxxxxx> 1.7.4-4 - Add patches to support the T440 series laptops * Mon Mar 24 2014 Peter Hutterer <peter.hutterer@xxxxxxxxxx> 1.7.4-3 - Fix stuck touch points when receving SYN_DROPPED events (#877464) * Fri Mar 21 2014 Peter Hutterer <peter.hutterer@xxxxxxxxxx> 1.7.4-2 - Unset ClickPad for Cypress touchpads, they do everything in firmware, we can't compete with that. (fdo bug 76341 and 70819) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1060885 - New ThinkPad touchpad soft buttons are misconfigured https://bugzilla.redhat.com/show_bug.cgi?id=1060885 [ 2 ] Bug #877464 - BUG: triggered 'if (priv->num_active_touches > priv->num_slots)' https://bugzilla.redhat.com/show_bug.cgi?id=877464 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
