The following Fedora 20 Security updates need testing: Age URL 126 https://admin.fedoraproject.org/updates/FEDORA-2013-24018/varnish-3.0.5-1.fc20 31 https://admin.fedoraproject.org/updates/FEDORA-2014-4691/a2ps-4.14-23.fc20 18 https://admin.fedoraproject.org/updates/FEDORA-2014-5018/smb4k-1.1.1-2.fc20 18 https://admin.fedoraproject.org/updates/FEDORA-2014-5198/openstack-glance-2013.2.3-3.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2014-5497/openstack-keystone-2013.2.3-3.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-5710/qt5-qtbase-5.2.1-8.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-5684/mediawiki-1.21.9-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-5767/mumble-1.2.5-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-5765/cups-filters-1.0.53-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-5794/fish-2.1.0-9.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-5797/dmlite-0.6.2-2.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-5880/mutt-1.5.23-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-5939/rxvt-unicode-9.20-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-5915/xen-4.3.2-3.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-5918/owncloud-6.0.3-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-5972/python-fmn-web-0.2.4-3.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-5962/python-fedora-0.3.34-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-5960/php-5.5.12-1.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 0 https://admin.fedoraproject.org/updates/FEDORA-2014-5924/libtasn1-3.5-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-5943/libevdev-1.2-04compat.1.fc20 The following builds have been pushed to Fedora 20 updates-testing armadillo-4.300.0-1.fc20 chmsee-2.0.2-9.git86d101c9.fc20 clamtk-5.06-1.fc20 dib-utils-0.0.0-1.fc20 drupal7-variable-2.5-1.fc20 gretl-1.9.90-1.fc20 gst-entrans-1.0.2-1.fc20 jmapviewer-1.03-1.fc20 jortho-1.0-2.fc20 libtimezonemap-0.4.2-1.fc20 libuv-0.10.27-1.fc20 lua-term-0.03-3.fc20 nodejs-0.10.28-1.fc20 opendbx-1.4.6-1.fc20 openfst-1.4.1-1.fc20 opengrm-ngram-1.2.1-1.fc20 openmsx-0.10.1-1.fc20 openspecfun-0.3-1.fc20 openstack-sahara-2014.1.0-8.fc20 perl-Cpanel-JSON-XS-3.0104-1.fc20 php-5.5.12-1.fc20 puddletag-1.0.3-1.fc20 python-django-sahara-2014.1.0-2.fc20 python-fedora-0.3.34-1.fc20 python-fmn-web-0.2.4-3.fc20 python-lazy-1.2-1.fc20 simple-scan-3.10.3-1.fc20 sphinxtrain-1.0.8-12.fc20 v8-3.14.5.10-8.fc20 Details about builds: ================================================================================ armadillo-4.300.0-1.fc20 (FEDORA-2014-5951) Fast C++ matrix library with interfaces to LAPACK and ATLAS -------------------------------------------------------------------------------- Update Information: This release is the latest stable release with the following improvements: * faster find() * added find_finite() and find_nonfinite() for finding indices of finite and non-finite elements * expressions X=inv(A)*B*C and X=A.i()*B*C are automatically converted to X=solve(A,B*C) * enables use of C++11 random number generator when using gcc 4.9+ in C++11 mode -------------------------------------------------------------------------------- ChangeLog: * Fri May 2 2014 José Matos <jamatos@xxxxxxxxxxxxxxxxx> - 4.300.0-1 - update to 4.300.0 -------------------------------------------------------------------------------- ================================================================================ chmsee-2.0.2-9.git86d101c9.fc20 (FEDORA-2014-5966) HTML Help viewer for Unix/Linux -------------------------------------------------------------------------------- Update Information: rebuild for xulrunner 29 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 29 2014 Yijun Yuan <bbbush.yuan@xxxxxxxxx> - 2.0.2-9.git86d101c9 - rebuild for xulrunner 29 * Fri Mar 28 2014 Yijun Yuan <bbbush.yuan@xxxxxxxxx> - 2.0.2-8.git86d101c9 - rebuild for xulrunner 28 -------------------------------------------------------------------------------- ================================================================================ clamtk-5.06-1.fc20 (FEDORA-2014-5973) Easy to use graphical user interface for Clam anti virus -------------------------------------------------------------------------------- Update Information: Update to 5.06. -------------------------------------------------------------------------------- ChangeLog: * Sat May 3 2014 Dave M. <dave.nerd@xxxxxxxxx> - 5.06-1 - Updated to release 5.06. - Remove zenity from dependencies. -------------------------------------------------------------------------------- ================================================================================ dib-utils-0.0.0-1.fc20 (FEDORA-2014-5981) Pieces of diskimage-builder that are useful standalone -------------------------------------------------------------------------------- Update Information: Initial package creation -------------------------------------------------------------------------------- References: [ 1 ] Bug #1086494 - os-refresh-config calls dib-run-parts, which is not installed https://bugzilla.redhat.com/show_bug.cgi?id=1086494 -------------------------------------------------------------------------------- ================================================================================ drupal7-variable-2.5-1.fc20 (FEDORA-2014-5961) Provides a registry for meta-data about Drupal variables -------------------------------------------------------------------------------- Update Information: - Updated to 2.5 (BZ #1090883; release notes https://drupal.org/node/2247839) -------------------------------------------------------------------------------- ChangeLog: * Sat May 3 2014 Peter Borsa <peter.borsa@xxxxxxxxx> - 2.5-1 - Updated to 2.5 (BZ #1090883; release notes https://drupal.org/node/2247839) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1090883 - drupal7-variable-2.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1090883 -------------------------------------------------------------------------------- ================================================================================ gretl-1.9.90-1.fc20 (FEDORA-2014-5977) A tool for econometric analysis -------------------------------------------------------------------------------- Update Information: - Update to 1.9.90 - http://sourceforge.net/projects/gretl/files/gretl/1.9.90/ -------------------------------------------------------------------------------- ChangeLog: * Sat May 3 2014 Johannes Lips <hannes@xxxxxxxxxxxxxxxxx> - 1.9.90-1 - Update to 1.9.90 -------------------------------------------------------------------------------- ================================================================================ gst-entrans-1.0.2-1.fc20 (FEDORA-2014-5949) Plug-ins and tools for transcoding and recording with GStreamer -------------------------------------------------------------------------------- Update Information: This update includes various bug fixes and improves compatibility with GStreamer 1.x. -------------------------------------------------------------------------------- ChangeLog: * Sat May 3 2014 Theodore Lee <theo148@xxxxxxxxx> - 1.0.2-1 - Update to 1.0.2 release - Update man file path -------------------------------------------------------------------------------- References: [ 1 ] Bug #925500 - gst-entrans: Does not support aarch64 in f19 and rawhide https://bugzilla.redhat.com/show_bug.cgi?id=925500 -------------------------------------------------------------------------------- ================================================================================ jmapviewer-1.03-1.fc20 (FEDORA-2014-5955) A java component to integrate an OSM map view into your Java application -------------------------------------------------------------------------------- Update Information: Initial version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1092629 - Review Request: jmapviewer https://bugzilla.redhat.com/show_bug.cgi?id=1092629 -------------------------------------------------------------------------------- ================================================================================ jortho-1.0-2.fc20 (FEDORA-2014-5979) A spell checker for Java -------------------------------------------------------------------------------- Update Information: Initial version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1092096 - Review Request: jortho - A spell checker for Java https://bugzilla.redhat.com/show_bug.cgi?id=1092096 -------------------------------------------------------------------------------- ================================================================================ libtimezonemap-0.4.2-1.fc20 (FEDORA-2014-5978) Time zone map widget for Gtk+ -------------------------------------------------------------------------------- Update Information: New upstream release libtimezonemap-0.4.2 -------------------------------------------------------------------------------- ChangeLog: * Fri May 2 2014 David Shea <dshea@xxxxxxxxxx> - 0.4.2-1 - New upstream release libtimezonemap-0.4.2 -------------------------------------------------------------------------------- ================================================================================ libuv-0.10.27-1.fc20 (FEDORA-2014-5971) Platform layer for node.js -------------------------------------------------------------------------------- Update Information: There were no changes in nodejs 0.10.28 or libuv 0.10.27 that affected Fedora. The latest nodejs update contained a fixed npm, which is shipped seperately in Fedora. The latest libuv update contains only fixes for Windows. Nonetheless, the latest version of both has been packaged to avoid confusion. However, only these changelog entries from the previous releases are relevant: 2014.05.01, Version 0.10.27 (Stable) * dns: fix certain txt entries (Fedor Indutny) * assert: Ensure reflexivity of deepEqual (Mike Pennisi) * child_process: fix deadlock when sending handles (Fedor Indutny) * child_process: fix sending handle twice (Fedor Indutny) * crypto: do not lowercase cipher/hash names (Fedor Indutny) * http: do not emit EOF non-readable socket (Fedor Indutny) * http: invoke createConnection when no agent (Nathan Rajlich) * stream: remove useless check (Brian White) * timer: don't reschedule timer bucket in a domain (Greg Brail) * url: treat the same as / (isaacs) * util: format as Error if instanceof Error (Rod Vagg) 2014.04.07, Version 0.10.26 (Stable) * process: don't close stdio fds during spawn (Tonis Tiigi) * kqueue: invalidate fd in uv_fs_event_t (Fedor Indutny) * linux: always deregister closing fds from epoll (Geoffry Song) * error: add ENXIO for O_NONBLOCK FIFO open() (Fedor Indutny) -------------------------------------------------------------------------------- ChangeLog: * Fri May 2 2014 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 1:0.10.27-1 - new upstream release 0.10.27 https://github.com/joyent/libuv/blob/v0.10.27/ChangeLog -------------------------------------------------------------------------------- ================================================================================ lua-term-0.03-3.fc20 (FEDORA-2014-5950) Terminal functions for Lua -------------------------------------------------------------------------------- Update Information: Lua module for manipulating a terminal. -------------------------------------------------------------------------------- ================================================================================ nodejs-0.10.28-1.fc20 (FEDORA-2014-5971) JavaScript runtime -------------------------------------------------------------------------------- Update Information: There were no changes in nodejs 0.10.28 or libuv 0.10.27 that affected Fedora. The latest nodejs update contained a fixed npm, which is shipped seperately in Fedora. The latest libuv update contains only fixes for Windows. Nonetheless, the latest version of both has been packaged to avoid confusion. However, only these changelog entries from the previous releases are relevant: 2014.05.01, Version 0.10.27 (Stable) * dns: fix certain txt entries (Fedor Indutny) * assert: Ensure reflexivity of deepEqual (Mike Pennisi) * child_process: fix deadlock when sending handles (Fedor Indutny) * child_process: fix sending handle twice (Fedor Indutny) * crypto: do not lowercase cipher/hash names (Fedor Indutny) * http: do not emit EOF non-readable socket (Fedor Indutny) * http: invoke createConnection when no agent (Nathan Rajlich) * stream: remove useless check (Brian White) * timer: don't reschedule timer bucket in a domain (Greg Brail) * url: treat the same as / (isaacs) * util: format as Error if instanceof Error (Rod Vagg) 2014.04.07, Version 0.10.26 (Stable) * process: don't close stdio fds during spawn (Tonis Tiigi) * kqueue: invalidate fd in uv_fs_event_t (Fedor Indutny) * linux: always deregister closing fds from epoll (Geoffry Song) * error: add ENXIO for O_NONBLOCK FIFO open() (Fedor Indutny) -------------------------------------------------------------------------------- ChangeLog: * Sat May 3 2014 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 0.10.28-1 - new upstream release 0.10.28 There is no dfference between 0.10.27 and 0.10.28 for Fedora, as the only thing updated was npm, which is shipped seperately. The latest was only packaged to avoid confusion. Please see the v0.10.27 changelog for relevant changes in this update: http://blog.nodejs.org/2014/05/01/node-v0-10-27-stable/ -------------------------------------------------------------------------------- ================================================================================ opendbx-1.4.6-1.fc20 (FEDORA-2014-5976) Lightweight but extensible database access library written in C -------------------------------------------------------------------------------- Update Information: * Bugfix: Fixed memory leak in mysql backend when connecting to the server failed (thanks to Stefan Meinecke) * Bugfix: Fixed handling of NULL indicator in MSSQL backend if NULL is returned in a row * Bugfix: Added workaround for PostgreSQL in case of an error (e.g. if the server is gone) to give back a correct error status * Bugfix: Return ODBX_ROW_DONE in sqlite3_odbx_row_fetch() when calling this function after no more rows are available (due to SQLite3 change) * Bugfix: Added -lintl if required for fixing build problems when using MinGW on Windows platforms * Bugfix: Added ENABLE_BROKEN to Oracle descriptor for enabling keep-alive * Bugfix: Added unbind() to Conn::finish() if it's not called before * Bugfix: Increased buffer for time stamps in ODBC backend to allow fractions of seconds to be stored without an error * Feature: Enhanced determination of column types in SQLite3 backend when SQLite returns a NULL value * Feature: Improved recovery from errors in odbx-sql utility * Change: Updated libtool to 2.2.6b -------------------------------------------------------------------------------- ChangeLog: * Sat May 3 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 1.4.6-1 - Update to 1.4.6 -------------------------------------------------------------------------------- ================================================================================ openfst-1.4.1-1.fc20 (FEDORA-2014-5968) Weighted finite-state transducer library -------------------------------------------------------------------------------- Update Information: See http://www.openfst.org/twiki/bin/view/News/FstNews for changes in this version of openfst. See http://openfst.cs.nyu.edu/twiki/bin/view/News/NGramNews for changes in this version of opengrm-ngram. Sphinxtrain was rebuilt against the new openfst and opengrm-ngram libraries, but is otherwise unchanged. -------------------------------------------------------------------------------- ChangeLog: * Thu May 1 2014 Jerry James <loganjerry@xxxxxxxxx> - 1.4.1-1 - New upstream version -------------------------------------------------------------------------------- ================================================================================ opengrm-ngram-1.2.1-1.fc20 (FEDORA-2014-5968) Library for making and modifying n-gram language models -------------------------------------------------------------------------------- Update Information: See http://www.openfst.org/twiki/bin/view/News/FstNews for changes in this version of openfst. See http://openfst.cs.nyu.edu/twiki/bin/view/News/NGramNews for changes in this version of opengrm-ngram. Sphinxtrain was rebuilt against the new openfst and opengrm-ngram libraries, but is otherwise unchanged. -------------------------------------------------------------------------------- ChangeLog: * Thu May 1 2014 Jerry James <loganjerry@xxxxxxxxx> - 1.2.1-1 - New upstream release - Drop -warning patch; upstream code changed so it is no longer needed -------------------------------------------------------------------------------- ================================================================================ openmsx-0.10.1-1.fc20 (FEDORA-2014-5980) An emulator for the MSX home computer system -------------------------------------------------------------------------------- Update Information: - New upstream bugfix release 0.10.1 -------------------------------------------------------------------------------- ChangeLog: * Fri May 2 2014 Hans de Goede <hdegoede@xxxxxxxxxx> - 0.10.1-1 - New upstream release 0.10.1 (rhbz#1093671) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1093671 - openmsx-0.10.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1093671 -------------------------------------------------------------------------------- ================================================================================ openspecfun-0.3-1.fc20 (FEDORA-2014-5947) Library providing a collection of special mathematical functions -------------------------------------------------------------------------------- Update Information: New upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1062901 - Review Request: openspecfun - Library providing a collection of special mathematical functions https://bugzilla.redhat.com/show_bug.cgi?id=1062901 -------------------------------------------------------------------------------- ================================================================================ openstack-sahara-2014.1.0-8.fc20 (FEDORA-2014-5970) Apache Hadoop cluster management on OpenStack -------------------------------------------------------------------------------- Update Information: Removing python-sqlalchemy and python-paste-deploy from BuildRequires Changing parallel build require for python-sqlalchemy0.7 Adding sahara user ownership to log dir Adding alembic migration files Correcting bug with rhel6 init script 2014.1 release merging in el6 spec, with conditionals -------------------------------------------------------------------------------- References: [ 1 ] Bug #1085441 - Review Request: openstack-sahara - Apache Hadoop cluster management on OpenStack https://bugzilla.redhat.com/show_bug.cgi?id=1085441 -------------------------------------------------------------------------------- ================================================================================ perl-Cpanel-JSON-XS-3.0104-1.fc20 (FEDORA-2014-5965) JSON::XS for Cpanel, fast and correct serializing -------------------------------------------------------------------------------- Update Information: This update adds compatibility with JSON::XS 3.x booleans and support for LZMA compression using Compress::LZF. -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 26 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 3.0104-1 - Update to 3.0104 - Add t/z_leaktrace.t - Restore build on C89 - Fix small cxt->sv_json leak on interp exit * Tue Apr 22 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 3.0103-1 - Update to 3.0103 - Change booleans interop logic (again) for JSON-XS-3.01 - Check now for Types::Serialiser::Boolean i.e. JSON::PP::Boolean refs (https://github.com/rurban/Cpanel-JSON-XS/issues/18) to avoid allow_blessed for JSON-XS-3.01 booleans - Fix boolean representation for JSON-XS-3.01/Types::Serialiser::Boolean interop (arrayref, not hashref) - Add t/52_object.t from JSON::XS - Backport encode_hv HE sort on stack < 64 or heap to avoid stack overflows from JSON-XS-3.01; do not use alloca - Backport allow_tags, decode_tag, FREEZE/THAW callbacks from JSON-XS-3.01 - Added pod for OBJECT SERIALISATION (allow_tags, FREEZE/THAW) * Thu Apr 17 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 3.0102-1 - Update to 3.0102 - Added PERL_NO_GET_CONTEXT for better performance on threaded Perls - MANIFEST: added t/96_interop.t - Document deprecated functions - Change booleans interop logic for JSON-XS-3.01 - Enable CLZF support via Compress::LZF * Wed Apr 16 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 3.0101-1 - Update to 3.0101 - Added ithreads support: Cpanel::JSON::XS is now thread-safe - const'ed a translation table for memory savings - Fixed booleans for JSON 2.9 and JSON-XS-3.01 interop; JSON does not support JSON::XS booleans anymore, so I cannot think of any reason to still use JSON::XS -------------------------------------------------------------------------------- ================================================================================ php-5.5.12-1.fc20 (FEDORA-2014-5960) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: Notice: to fix CVE-2014-0185 this version change default php-fpm unix domain socket permission to 660 (instead of 666). Check your configuration if php-fpm use UDS (default configuration use a network socket). Upstream Changelog: 01 May 2014, PHP 5.5.12 Core: * Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike) * Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace UNIX sockets). (Mike) * Fixed bug #66182 (exit in stream filter produces segfault). (Mike) * Fixed bug #66736 (fpassthru broken). (Mike) * Fixed bug #67024 (getimagesize should recognize BMP files with negative height). (Gabor Buella) * Fixed bug #67043 (substr_compare broke by previous change) (Tjerk) cURL: * Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent). (Freek Lijten) Date: * Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is supplied). (Boro Sitnikovski) Embed: * Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol). Fileinfo: * Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian). (Remi) FPM: * Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf). * Fixed bug #67060 (possible privilege escalation due to insecure default configuration). (CVE-2014-0185) (christian at hoffie dot info) LDAP: * Fixed issue with null bytes in LDAP bindings. (Matthew Daley) mysqli: * Fixed problem in mysqli_commit()/mysqli_rollback() with second parameter (extra comma) and third parameters (lack of escaping). (Andrey) OpenSSL: * Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma) * Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma) SimpleXML: * Fixed bug #66084 (simplexml_load_string() mangles empty node name) (Anatol) SQLite: * Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3). (Anatol) XSL: * Fixed bug #53965 (<xsl:include> cannot find files with relative paths when loaded with "file://"). (Anatol) Apache2 Handler SAPI: * Fixed Apache log issue caused by APR's lack of support for %zu (APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120). (Jeff Trawick) -------------------------------------------------------------------------------- ChangeLog: * Sat May 3 2014 Remi Collet <rcollet@xxxxxxxxxx> 5.5.12-1 - Update to 5.5.12 http://www.php.net/releases/5_5_12.php - php-fpm: change default unix socket permission CVE-2014-0185 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1092815 - CVE-2014-0185 php: PHP script execution by default via PHP FPM https://bugzilla.redhat.com/show_bug.cgi?id=1092815 -------------------------------------------------------------------------------- ================================================================================ puddletag-1.0.3-1.fc20 (FEDORA-2014-5983) Feature rich, easy to use tag editor -------------------------------------------------------------------------------- Update Information: Update to latest upstream release puddletag 1.0.3. -------------------------------------------------------------------------------- ChangeLog: * Sat May 3 2014 Terje Rosten <terje.rosten@xxxxxxx> - 1.0.3-1 - 1.0.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1091741 - puddletag-1.0.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1091741 -------------------------------------------------------------------------------- ================================================================================ python-django-sahara-2014.1.0-2.fc20 (FEDORA-2014-5952) Sahara project dashboard -------------------------------------------------------------------------------- Update Information: Copying html templates to final output 2014.1 release 2014.1.rc1 release and rename from python-django-savanna Adding backward compatibility for __python2 macro -------------------------------------------------------------------------------- References: [ 1 ] Bug #1085132 - Review Request: python-django-sahara - Sahara plugin for OpenStack dashboard https://bugzilla.redhat.com/show_bug.cgi?id=1085132 -------------------------------------------------------------------------------- ================================================================================ python-fedora-0.3.34-1.fc20 (FEDORA-2014-5962) Python modules for talking to Fedora Infrastructure Services -------------------------------------------------------------------------------- Update Information: Fix two security issues for services using python-fedora's TG1 and flask helpers. The TG1 fix quotes variables that could have been used to launch an XSS attack. The flask fix addresses OpenID Covert Redirect for web services which use flask_fas_openid to authenticate against the Fedora Account System. -------------------------------------------------------------------------------- ChangeLog: * Fri May 2 2014 Toshio Kuratomi <toshio@xxxxxxxxxxxxxxxxx> - 0.3.34-1 - Upstream 0.3.34 release with security fixes for TG and flask services built with python-fedora * Fri Mar 14 2014 Toshio Kuratomi <toshio@xxxxxxxxxxxxxxxxx> - 0.3.33-3 - Do not build the TG1 subpackage on EPEL7. Infrastructure is going to port its applications away from TG1 by the time they switch to RHEL7. So we want to get rid of TurboGears1 packages before RHEL7. - Fix conditionals so that they include the proper packages on epel7 * Fri Jan 10 2014 Dennis Gilmore <dennis@xxxxxxxx> - 0.3.33-2 - clean up some rhel logic in the spec -------------------------------------------------------------------------------- ================================================================================ python-fmn-web-0.2.4-3.fc20 (FEDORA-2014-5972) Frontend Web Application for Fedora Notifications -------------------------------------------------------------------------------- Update Information: Fix for Covert Redirect. -------------------------------------------------------------------------------- ChangeLog: * Fri May 2 2014 Ralph Bean <rbean@xxxxxxxxxx> - 0.2.4-3 - Actually apply that patch. * Fri May 2 2014 Ralph Bean <rbean@xxxxxxxxxx> - 0.2.4-2 - Patch for Covert Redirect. -------------------------------------------------------------------------------- ================================================================================ python-lazy-1.2-1.fc20 (FEDORA-2014-5958) Lazy attributes for Python objects -------------------------------------------------------------------------------- Update Information: New upstream release lazy-1.2 -------------------------------------------------------------------------------- ChangeLog: * Fri May 2 2014 David Shea <dshea@xxxxxxxxxx> - 1.2-1 - New upstream release lazy-1.2 -------------------------------------------------------------------------------- ================================================================================ simple-scan-3.10.3-1.fc20 (FEDORA-2014-5964) Simple scanning utility -------------------------------------------------------------------------------- Update Information: Update to 3.10.3 -------------------------------------------------------------------------------- ChangeLog: * Fri May 2 2014 David King <amigadave@xxxxxxxxxxxxx> - 3.10.2-2 - Update to 3.10.3 - Drop unnecessary sqlite3 BuildRequires -------------------------------------------------------------------------------- ================================================================================ sphinxtrain-1.0.8-12.fc20 (FEDORA-2014-5968) Acoustic model trainer for CMU's Sphinx tools -------------------------------------------------------------------------------- Update Information: See http://www.openfst.org/twiki/bin/view/News/FstNews for changes in this version of openfst. See http://openfst.cs.nyu.edu/twiki/bin/view/News/NGramNews for changes in this version of opengrm-ngram. Sphinxtrain was rebuilt against the new openfst and opengrm-ngram libraries, but is otherwise unchanged. -------------------------------------------------------------------------------- ChangeLog: * Thu May 1 2014 Jerry James <loganjerry@xxxxxxxxx> - 1.0.8-12 - Rebuild for openfst 1.4.1 and opengrm-ngram 1.2.1 -------------------------------------------------------------------------------- ================================================================================ v8-3.14.5.10-8.fc20 (FEDORA-2014-5982) JavaScript Engine -------------------------------------------------------------------------------- Update Information: This update modifies the way V8 queries the system time, greatly improving performance on virtual machines where the real time clock is virtualized. For more information, see: https://github.com/joyent/node/commit/f9ced08de30c37838756e8227bd091f80ad9cafa -------------------------------------------------------------------------------- ChangeLog: * Sat May 3 2014 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 1:3.14.5.10-8 - use clock_gettime() instead of gettimeofday(), which increases V8 performance dramatically on virtual machines -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
