The following Fedora 20 Security updates need testing: Age URL 20 https://admin.fedoraproject.org/updates/FEDORA-2014-5497/openstack-keystone-2013.2.3-3.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2014-5918/owncloud-6.0.3-1.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2014-5972/python-fmn-web-0.2.4-3.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2014-6003/mingw-qt-4.8.6-1.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2014-5988/mingw-qt5-qtbase-5.2.1-3.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-6068/cifs-utils-6.3-2.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-6098/rubygem-actionpack-4.0.0-4.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-6120/mariadb-galera-5.5.37-2.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-6128/abrt-2.2.1-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6277/dpkg-1.16.14-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6258/smb4k-1.1.2-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6263/botan-1.10.8-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6276/seamonkey-2.26-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6288/qemu-1.6.2-5.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6303/perl-LWP-Protocol-https-6.04-4.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 7 https://admin.fedoraproject.org/updates/FEDORA-2014-5992/pcmanfm-qt-0.1.0-5.fc20,pcmanfm-1.2.0-1.fc20,libfm-1.2.0-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-6064/gupnp-0.20.11-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-6132/xorg-x11-drv-evdev-2.8.4-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-6101/policycoreutils-2.2.5-4.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-6084/selinux-policy-3.12.1-161.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-6201/vte3-0.34.9-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6309/gdb-7.7.1-12.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6241/curl-7.32.0-10.fc20 The following builds have been pushed to Fedora 20 updates-testing GraphicsMagick-1.3.19-6.fc20 OCE-0.15-2.fc20 bitlbee-3.2.1-3.fc20 devscripts-2.14.2-1.fc20 gdb-7.7.1-12.fc20 ghc-hjsmin-0.1.4.6-1.fc20 ghc-language-javascript-0.5.13-1.fc20 gitolite3-3.6-1.fc20 hplip-3.14.4-4.fc20 ibus-table-others-1.3.0.20140512-1.fc20 irrlicht-1.8.1-3.fc20 libtrash-3.2-14.fc20 perl-Image-ExifTool-9.60-1.fc20 perl-JSON-MaybeXS-1.002002-2.fc20 perl-LWP-Protocol-https-6.04-4.fc20 perl-Net-DNS-0.75-1.fc20 perl-Parse-DMIDecode-0.03-1.fc20 pyshp-1.2.1-1.fc20 python-blist-1.3.6-1.fc20 python-fn-0.2.13-1.fc20 qemu-1.6.2-5.fc20 rpmlint-1.5-9.fc20 skrooge-1.9.0-1.fc20 ssldump-0.9-0.9.b3.fc20 system-config-kdump-2.0.15-1.fc20 systemtap-2.5-2.fc20 taskcoach-1.3.38-2.fc20 telepathy-qt4-0.9.3.1-0.1.20140403git0191a6dd.fc20 tito-0.5.4-1.fc20 trinity-1.4-1.fc20 xmobar-0.20.1-1.fc20 Details about builds: ================================================================================ GraphicsMagick-1.3.19-6.fc20 (FEDORA-2014-6299) An ImageMagick fork, offering faster image generation and better quality -------------------------------------------------------------------------------- Update Information: Update to latest stable bugfix release, see also http://www.graphicsmagick.org/NEWS.html#december-31-2013 -------------------------------------------------------------------------------- ChangeLog: * Sun May 11 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.3.19-6 - handle upgrade path for introduction of -doc subpkg in 1.3.19-4 * Mon Feb 3 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.3.19-5 - upstream patch, drop debug output (#1060665) * Sat Jan 25 2014 Ville Skyttä <ville.skytta@xxxxxx> - 1.3.19-4 - Split docs into -doc subpackage, drop README.txt (#1056306). - Drop no longer needed BrowseDelegateDefault modification. - Convert docs to UTF-8. * Thu Jan 9 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.3.19-3 - ppc64le is a multilib arch (#1051208) * Wed Jan 1 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.3.19-2 - BR: jbigkit, libwebp, xdg-utils, xz * Wed Jan 1 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.3.19-1 - 1.3.19 (#1047676) * Tue Oct 15 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.3.18-5 - trim changelog -------------------------------------------------------------------------------- References: [ 1 ] Bug #1096540 - [abrt] GraphicsMagick: MagickMapDeallocateMap(): gm killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1096540 -------------------------------------------------------------------------------- ================================================================================ OCE-0.15-2.fc20 (FEDORA-2014-6320) OpenCASCADE Community Edition -------------------------------------------------------------------------------- Update Information: Initial build. -------------------------------------------------------------------------------- ================================================================================ bitlbee-3.2.1-3.fc20 (FEDORA-2014-6325) IRC to other chat networks gateway -------------------------------------------------------------------------------- Update Information: Eliminate our own bitlbee.xinetd by patching the upstream one. -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 5 2014 Matěj Cepl <mcepl@xxxxxxxxxx> - 3.2.1-3 - Eliminate our own bitlbee.xinetd by patching the upstream one. * Wed Dec 18 2013 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.2.1-2 - Some spec file cleanups and ensure that RHEL 5 builds again -------------------------------------------------------------------------------- References: [ 1 ] Bug #1061498 - Use (modified) upstream bitlbee.xinetd https://bugzilla.redhat.com/show_bug.cgi?id=1061498 -------------------------------------------------------------------------------- ================================================================================ devscripts-2.14.2-1.fc20 (FEDORA-2014-6312) Scripts for Debian Package maintainers -------------------------------------------------------------------------------- Update Information: Update to version 2.14.2, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.14.2_changelog for details. -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Sandro Mani <manisandro@xxxxxxxxx> - 2.14.2-1 - Update to 2.14.2 -------------------------------------------------------------------------------- ================================================================================ gdb-7.7.1-12.fc20 (FEDORA-2014-6309) A GNU source-level debugger for C, C++, Fortran, Go and other languages -------------------------------------------------------------------------------- Update Information: s390 build fix. F-20 contained a trunk snapshot. As there were several bugs hit by users which are fixed now in a stable release and as F-20 is the latest stable release for a longer time than others I have rebased GDB. -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Jan Kratochvil <jan.kratochvil@xxxxxxxxxx> - 7.7.1-12.fc21 - [s390*] Fix compilation error. * Fri May 9 2014 Jan Kratochvil <jan.kratochvil@xxxxxxxxxx> - 7.7.1-11.fc21 - [ppc*] Import ppc64le support (BZ 1096303, Ulrich Weigand). * Tue May 6 2014 Jan Kratochvil <jan.kratochvil@xxxxxxxxxx> - 7.7.1-10.fc21 - Rebase to FSF GDB 7.7.1. * Mon May 5 2014 Sergio Durigan Junior <sergiodj@xxxxxxxxxx> - 7.7-9.fc21 - Improve testcase message for RH BZ 981154. * Mon May 5 2014 Jan Kratochvil <jan.kratochvil@xxxxxxxxxx> - 7.7-8.fc21 - Fix TLS access for -static -pthread (BZ 1080660). * Mon May 5 2014 Jan Kratochvil <jan.kratochvil@xxxxxxxxxx> - 7.7-7.fc21 - Add GFDL License to the main package (man pages are generated from .texinfo). * Thu Apr 24 2014 Sergio Durigan Junior <sergiodj@xxxxxxxxxx> - 7.7-6.fc21 - Fix build failures for GCC 4.9 (Nick Clifton). * Thu Apr 24 2014 Sergio Durigan Junior <sergiodj@xxxxxxxxxx> - 7.7-5.fc21 - Fix 'gdb gives highly misleading error when debuginfo pkg is present, but not corresponding binary pkg' (RH BZ 981154). * Mon Feb 24 2014 Jan Kratochvil <jan.kratochvil@xxxxxxxxxx> - 7.7-4.fc21 - Fix crash of -readnow /usr/lib/debug/usr/bin/gnatbind.debug (BZ 1069211). * Sun Feb 23 2014 Jan Kratochvil <jan.kratochvil@xxxxxxxxxx> - 7.7-3.fc21 - [rhel6] DTS backward Python compatibility API (BZ 1020004, Phil Muldoon). - [rhel6] Do not install its man page if gdb-add-index is not installed. - [rhel] Do not migrate /usr/share/gdb/auto-load/ with symlinks on RHELs. - Fix gdb-7.7 auto-load from /usr/share/gdb/auto-load/ regression. * Sun Feb 9 2014 Jan Kratochvil <jan.kratochvil@xxxxxxxxxx> - 7.7-2.fc21 - [rhel] Fix rebase build regression on RHEL systems (Tobias Burnus). * Fri Feb 7 2014 Jan Kratochvil <jan.kratochvil@xxxxxxxxxx> - 7.7-1.fc21 - Rebase to FSF GDB 7.7. - New rpmbuild option: --with asan * Thu Jan 23 2014 Jan Kratochvil <jan.kratochvil@xxxxxxxxxx> - 7.6.50.20140119-20.fc20 - [s390*,ppc*] Enable secondary targets s390* and ppc* (BZ 1056259). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1080660 - [Fedora] Can't access TLS variables in statically linked binaries https://bugzilla.redhat.com/show_bug.cgi?id=1080660 -------------------------------------------------------------------------------- ================================================================================ ghc-hjsmin-0.1.4.6-1.fc20 (FEDORA-2014-6313) Haskell implementation of a javascript minifier -------------------------------------------------------------------------------- Update Information: Latest upstream releases + new deps. -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Ricky Elrod <relrod@xxxxxxxxxx> - 0.1.4.6-1 - Latest upstream release. - Add optparse-applicative dep. * Thu Apr 24 2014 Jens Petersen <petersen@xxxxxxxxxx> - 0.1.4.4-5 - rebuild * Mon Jan 20 2014 Ricky Elrod <codeblock@xxxxxxxxxxxxxxxxx> - 0.1.4.4-4 - Rebuild again. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1092434 - ghc-language-javascript-0.5.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1092434 [ 2 ] Bug #1057479 - ghc-hjsmin-0.1.4.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1057479 -------------------------------------------------------------------------------- ================================================================================ ghc-language-javascript-0.5.13-1.fc20 (FEDORA-2014-6313) Parser for JavaScript -------------------------------------------------------------------------------- Update Information: Latest upstream releases + new deps. -------------------------------------------------------------------------------- ChangeLog: * Sun May 11 2014 Ricky Elrod <relrod@xxxxxxxxxx> - 0.5.13-1 - Latest upstream release. * Thu Apr 10 2014 Ricky Elrod <codeblock@xxxxxxxxxxxxxxxxx> - 0.5.12-1 - Latest upstream release. - Remove old patch. * Mon Jan 20 2014 Ricky Elrod <codeblock@xxxxxxxxxxxxxxxxx> - 0.5.8-5 - Another rebuild. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1092434 - ghc-language-javascript-0.5.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1092434 [ 2 ] Bug #1057479 - ghc-hjsmin-0.1.4.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1057479 -------------------------------------------------------------------------------- ================================================================================ gitolite3-3.6-1.fc20 (FEDORA-2014-6316) Highly flexible server for git directory version tracker -------------------------------------------------------------------------------- Update Information: Latest upstream, minor enhancements. https://github.com/sitaramc/gitolite/commit/522cc1fc1af530ef9c82e01d89f11022adf4b355 -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 1:3.6-1 - Latest upstream. -------------------------------------------------------------------------------- ================================================================================ hplip-3.14.4-4.fc20 (FEDORA-2014-6291) HP Linux Imaging and Printing Project -------------------------------------------------------------------------------- Update Information: New upstream release. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 29 2014 Tim Waugh <twaugh@xxxxxxxxxx> - 3.14.4-4 - Fixed scan-tmp patch (bug #1076954). * Tue Apr 22 2014 Tim Waugh <twaugh@xxxxxxxxxx> - 3.14.4-3 - Fix for last fix (bug #984167). * Wed Apr 16 2014 Tim Waugh <twaugh@xxxxxxxxxx> - 3.14.4-2 - Fixed codec issue (bug #984167). * Wed Apr 9 2014 Jiri Popelka <jpopelka@xxxxxxxxxx> - 3.14.4-1 - 3.14.4 * Fri Apr 4 2014 Tim Waugh <twaugh@xxxxxxxxxx> - 3.14.3-3 - Scan to /var/tmp instead of /tmp (bug #1076954). * Mon Mar 10 2014 Jiri Popelka <jpopelka@xxxxxxxxxx> - 3.14.3-2 - BuildRequires: pkgconfig(dbus-1) instead of dbus-devel * Fri Mar 7 2014 Jiri Popelka <jpopelka@xxxxxxxxxx> - 3.14.3-1 - 3.14.3 - --enable-udev-acl-rules configure flag has been removed upstream * Thu Jan 9 2014 Jiri Popelka <jpopelka@xxxxxxxxxx> - 3.14.1-1 - 3.14.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1096485 - hplip is outdated : please upgrade to 3.14.4 https://bugzilla.redhat.com/show_bug.cgi?id=1096485 [ 2 ] Bug #1076954 - segfault and core dump in hp-scan https://bugzilla.redhat.com/show_bug.cgi?id=1076954 -------------------------------------------------------------------------------- ================================================================================ ibus-table-others-1.3.0.20140512-1.fc20 (FEDORA-2014-6302) Various tables for IBus-Table -------------------------------------------------------------------------------- Update Information: update to latest upstream 1.3.0.20140512; keyboard layout fixes; update to latest upstream 1.3.0.20140505; Don’t force “us” layout for the latex input method; The “latex” table uses “\” as a startchar -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.3.0.20140512-1 - update to latest upstream 1.3.0.20140512 - Don’t force “us” layout for cns11643, compose, ipa-x-sampa, viqr, emoji, mathwriter-ibus, translit-ua, and translit - Keep forcing “us” layout only for “rustrad”, “yawerty”, and “thai”. But ibus does not use the option “KEYBOARD_LAYOUT”, the correct name of that option is just “LAYOUT”. Fix that for all tables. * Mon May 5 2014 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.3.0.20140505-1 - update to latest upstream 1.3.0.20140505 - Don’t force “us” layout for the latex input method - The “latex” table uses “\” as a startchar - fix wrong weekday in rpm changelog -------------------------------------------------------------------------------- ================================================================================ irrlicht-1.8.1-3.fc20 (FEDORA-2014-6305) A high performance realtime 3D engine -------------------------------------------------------------------------------- Update Information: Fix incorrect variable in Makefile causing slightly incorrect soname versioning (corrected by ldconfig, but causing rpmverify to fail). -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.8.1-3 - fix VERSION_RELEASE to be correct in Makefile, resolving bz 1096792 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1096792 - Library version linking https://bugzilla.redhat.com/show_bug.cgi?id=1096792 -------------------------------------------------------------------------------- ================================================================================ libtrash-3.2-14.fc20 (FEDORA-2014-6300) Libraries to move files to a trash-folder on delete -------------------------------------------------------------------------------- Update Information: - avoid symbol clashes when loading audacious plug-ins (#1096443) -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Kamil Dudka <kdudka@xxxxxxxxxx> - 3.2-14 - avoid symbol clashes when loading audacious plug-ins (#1096443) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1096443 - [abrt] libtrash init(): audacious killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1096443 -------------------------------------------------------------------------------- ================================================================================ perl-Image-ExifTool-9.60-1.fc20 (FEDORA-2014-6293) Utility for reading and writing image meta info -------------------------------------------------------------------------------- Update Information: Update to latest stable release. -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 9.60-1 - update to 9.60 (new stable) -------------------------------------------------------------------------------- ================================================================================ perl-JSON-MaybeXS-1.002002-2.fc20 (FEDORA-2014-6319) Use Cpanel::JSON::XS with a fallback to JSON::XS and JSON::PP -------------------------------------------------------------------------------- Update Information: This is the first Fedora/EPEL release of perl-JSON-MaybeXS. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1096264 - Review Request: perl-JSON-MaybeXS - Use Cpanel::JSON::XS with a fallback to JSON::XS and JSON::PP https://bugzilla.redhat.com/show_bug.cgi?id=1096264 -------------------------------------------------------------------------------- ================================================================================ perl-LWP-Protocol-https-6.04-4.fc20 (FEDORA-2014-6303) Provide HTTPS support for LWP::UserAgent -------------------------------------------------------------------------------- Update Information: This release fixes a server certification validation when a certificate authority is defined by HTTPS_CA_DIR or HTTPS_CA_FILE environement variable. -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 6.04-4 - Fix CVE-2014-3230 (incorrect handling of SSL certificate verification if HTTPS_CA_DIR or HTTPS_CA_FILE environment variables are set) (bug #1094442) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1094440 - CVE-2014-3230 perl-libwww-perl: incorrect handling of SSL certificate verification https://bugzilla.redhat.com/show_bug.cgi?id=1094440 -------------------------------------------------------------------------------- ================================================================================ perl-Net-DNS-0.75-1.fc20 (FEDORA-2014-6307) DNS resolver modules for Perl -------------------------------------------------------------------------------- Update Information: A new version of Net::DNS is available for Fedora. Highlights of this release include a better IPv6 support and iterating through the available nameservers. -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Petr Šabata <contyk@xxxxxxxxxx> - 0.75-1 - 0.75 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1095858 - perl-Net-DNS-0.75 is available https://bugzilla.redhat.com/show_bug.cgi?id=1095858 -------------------------------------------------------------------------------- ================================================================================ perl-Parse-DMIDecode-0.03-1.fc20 (FEDORA-2014-6290) Interface to SMBIOS using dmidecode -------------------------------------------------------------------------------- Update Information: Initial release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1091144 - Review Request: perl-Parse-DMIDecode - Interface to SMBIOS using dmidecode https://bugzilla.redhat.com/show_bug.cgi?id=1091144 -------------------------------------------------------------------------------- ================================================================================ pyshp-1.2.1-1.fc20 (FEDORA-2014-6304) Pure Python read/write support for ESRI Shapefile format -------------------------------------------------------------------------------- Update Information: >From the changelog: Fixed bug which failed to properly read some dbf fields in Python 3 -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Volker Fröhlich <volker27@xxxxxx> - 1.2.1-1 - New upstream release - Properly check on Python 3 builds * Thu Jan 23 2014 Volker Fröhlich <volker27@xxxxxx> - 1.2.0-2 - Disable Python 3 builds for EPEL7 until Python 3 is available there -------------------------------------------------------------------------------- References: [ 1 ] Bug #1096738 - pyshp-1.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1096738 -------------------------------------------------------------------------------- ================================================================================ python-blist-1.3.6-1.fc20 (FEDORA-2014-6321) A faster list implementation for Python -------------------------------------------------------------------------------- Update Information: - latest upstream release - Python 3 packages available for supported Fedora releases -------------------------------------------------------------------------------- ChangeLog: * Thu May 8 2014 Michel Salim <salimma@xxxxxxxxxxxxxxxxx> - 1.3.6-1 - Update to 1.3.6 - Build for Python 3 as well on supported releases -------------------------------------------------------------------------------- References: [ 1 ] Bug #1076573 - python-blist-1.3.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1076573 -------------------------------------------------------------------------------- ================================================================================ python-fn-0.2.13-1.fc20 (FEDORA-2014-6294) Features to allow functional programming in Python -------------------------------------------------------------------------------- Update Information: Latest upstream release. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 18 2013 Ricky Elrod <codeblock@xxxxxxxxxxxxxxxxx> 0.2.13-1 - Latest upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1031276 - python-fn-0.2.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1031276 -------------------------------------------------------------------------------- ================================================================================ qemu-1.6.2-5.fc20 (FEDORA-2014-6288) QEMU is a FAST! processor emulator -------------------------------------------------------------------------------- Update Information: * Migration CVEs: CVE-2014-0182 etc. -------------------------------------------------------------------------------- ChangeLog: * Sun May 11 2014 Cole Robinson <crobinso@xxxxxxxxxx> - 2:1.6.2-5 - Migration CVEs: CVE-2014-0182 etc. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1088986 - CVE-2014-0182 qemu: virtio: out-of-bounds buffer write on state load with invalid config_len https://bugzilla.redhat.com/show_bug.cgi?id=1088986 [ 2 ] Bug #1066405 - CVE-2013-4534 qemu: openpic: buffer overrun on incoming migration https://bugzilla.redhat.com/show_bug.cgi?id=1066405 [ 3 ] Bug #1066404 - CVE-2013-4533 qemu: pxa2xx: buffer overrun on incoming migration https://bugzilla.redhat.com/show_bug.cgi?id=1066404 [ 4 ] Bug #1066401 - CVE-2013-4535 CVE-2013-4536 qemu: virtio: insufficient validation of num_sg when mapping https://bugzilla.redhat.com/show_bug.cgi?id=1066401 [ 5 ] Bug #1066394 - CVE-2013-4537 qemu: ssi-sd: buffer overrun on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066394 [ 6 ] Bug #1066393 - CVE-2013-4538 qemu: ssd0323: fix buffer overun on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066393 [ 7 ] Bug #1066387 - CVE-2013-4539 qemu: tsc210x: buffer overrun on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066387 [ 8 ] Bug #1066386 - CVE-2013-4540 qemu: zaurus: buffer overrun on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066386 [ 9 ] Bug #1066384 - CVE-2013-4541 qemu: usb: insufficient sanity checking of setup_index+setup_len in post_load https://bugzilla.redhat.com/show_bug.cgi?id=1066384 [ 10 ] Bug #1066382 - CVE-2013-4542 qemu: virtio-scsi: buffer overrun on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066382 [ 11 ] Bug #1066361 - CVE-2013-6399 qemu: virtio: buffer overrun on incoming migration https://bugzilla.redhat.com/show_bug.cgi?id=1066361 [ 12 ] Bug #1066357 - CVE-2013-4531 qemu: target-arm/machine.c: fix buffer overflow on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066357 [ 13 ] Bug #1066354 - CVE-2013-4530 qemu: pl022: fix buffer overun on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066354 [ 14 ] Bug #1066353 - CVE-2013-4529 qemu: hw/pci/pcie_aer.c: buffer overrun on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066353 [ 15 ] Bug #1066347 - CVE-2013-4527 qemu: hpet: buffer overrun on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066347 [ 16 ] Bug #1066345 - CVE-2013-4526 qemu: ahci: fix buffer overrun on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066345 [ 17 ] Bug #1066342 - CVE-2013-4151 qemu: virtio: out-of-bounds buffer write on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066342 [ 18 ] Bug #1066340 - CVE-2013-4150 qemu: virtio-net: out-of-bounds buffer write on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066340 [ 19 ] Bug #1066337 - CVE-2013-4149 qemu: virtio-net: out-of-bounds buffer write on load https://bugzilla.redhat.com/show_bug.cgi?id=1066337 [ 20 ] Bug #1066334 - CVE-2013-4148 qemu: virtio-net: buffer overflow on invalid state load https://bugzilla.redhat.com/show_bug.cgi?id=1066334 -------------------------------------------------------------------------------- ================================================================================ rpmlint-1.5-9.fc20 (FEDORA-2014-6306) Tool for checking common errors in RPM packages -------------------------------------------------------------------------------- Update Information: Add exclusion for non-readable file in ovirt-iso-uploader. -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.5-9 - update config to ignore non-readable /etc/ovirt-engine/isouploader.conf -------------------------------------------------------------------------------- References: [ 1 ] Bug #1094723 - ovirt-iso-uploader - rpmlint check on non-readable config files https://bugzilla.redhat.com/show_bug.cgi?id=1094723 -------------------------------------------------------------------------------- ================================================================================ skrooge-1.9.0-1.fc20 (FEDORA-2014-6322) Personal finances manager -------------------------------------------------------------------------------- Update Information: New Package Upstream 1.9.0 new upstream release 1.8.0 -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Siddharth Sharma <siddharth.kde@xxxxxxxxx> - 1.9.0-1 - New Package Upstream 1.9.0 * Tue Jan 7 2014 siddharth <siddharth.kde@xxxxxxxxx> - 1.8.0-1 - new upstream release 1.8.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1049101 - Package out of date https://bugzilla.redhat.com/show_bug.cgi?id=1049101 -------------------------------------------------------------------------------- ================================================================================ ssldump-0.9-0.9.b3.fc20 (FEDORA-2014-6296) An SSLv3/TLS network protocol analyzer -------------------------------------------------------------------------------- Update Information: - Added a patch which adds further link layer offsets - Added patch to include traffic with(out) the 802.1Q VLAN header - Added patch for TLSv1.1/TLSv1.2 application data decrypt support - Added a patch to update known cipher suites according to IANA - Added patch with new cipher suites for application data decoding -------------------------------------------------------------------------------- ChangeLog: * Sun May 11 2014 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 0.9-0.9.b3 - Added a patch which adds further link layer offsets - Added patch to include traffic with(out) the 802.1Q VLAN header - Added patch for TLSv1.1/TLSv1.2 application data decrypt support - Added a patch to update known cipher suites according to IANA - Added patch with new cipher suites for application data decoding -------------------------------------------------------------------------------- ================================================================================ system-config-kdump-2.0.15-1.fc20 (FEDORA-2014-6328) A graphical interface for configuring kernel crash dumping -------------------------------------------------------------------------------- Update Information: This release contains a couple of bugfixes. -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Martin Milata <mmilata@xxxxxxxxxx> - 2.0.15-1 - Update to 2.0.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1083007 - Allow setting dump path even if no partition is chosen https://bugzilla.redhat.com/show_bug.cgi?id=1083007 -------------------------------------------------------------------------------- ================================================================================ systemtap-2.5-2.fc20 (FEDORA-2014-6297) Programmable system-wide instrumentation system -------------------------------------------------------------------------------- Update Information: Upstream release, notes at https://sourceware.org/ml/systemtap/2014-q2/msg00103.html -------------------------------------------------------------------------------- ChangeLog: * Fri May 2 2014 Frank Ch. Eigler <fche@xxxxxxxxxx> - 2.5-2 - Include fix for upstream http://sourceware.org/PR16894 * Wed Apr 30 2014 Jonathan Lebon <jlebon@xxxxxxxxxx> - 2.5-1 - Upstream release. See wiki page below for detailed notes. http://sourceware.org/systemtap/wiki/SystemTapReleases -------------------------------------------------------------------------------- ================================================================================ taskcoach-1.3.38-2.fc20 (FEDORA-2014-6326) Your friendly task manager -------------------------------------------------------------------------------- Update Information: Updated to the latest upstream release -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Šimon Lukašík <slukasik@xxxxxxxxxx> - 1.3.38-2 - remove duplicate sources * Mon May 12 2014 Šimon Lukašík <slukasik@xxxxxxxxxx> - 1.3.38-1 - Updated to the latest upstream version -------------------------------------------------------------------------------- ================================================================================ telepathy-qt4-0.9.3.1-0.1.20140403git0191a6dd.fc20 (FEDORA-2014-6310) High-level bindings for Telepathy -------------------------------------------------------------------------------- Update Information: Pull in latest batch of upstream bugfixes, in particular includes a fix to limit local avatar cache growth/size. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 29 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.9.3.1-0.1.20140403git0191a6dd - 0.9.3.1 snapshot, fixes FTBFS -------------------------------------------------------------------------------- ================================================================================ tito-0.5.4-1.fc20 (FEDORA-2014-6324) A tool for managing rpm based git projects -------------------------------------------------------------------------------- Update Information: Support older versions of git-annex. Fix a getcwd error in releaser. Fix silently failing commands. Allow builders to run on untagged projects if --test is specified. Added scl builder option. Cleanup builders/releasers when interrupted. Removed dep on gitpython. Added rpmbuild output to error message. Significant improvements, new builders/releasers, removal of dead code and refactoring. Significant improvements, new builders/releasers, removal of dead code and refactoring. New support for writing out a templated version file during tagging. New Copr build system and OBS releasers. Fixed bug with old versions of packages still being left in the yum repodata. Small documentation updates. Fix permissions sources fedpkg modifies. Fix permissions sources fedpkg modifies. Fix permissions sources fedpkg modifies. Significant improvements, new builders/releasers, removal of dead code and refactoring. New support for writing out a templated version file during tagging. New Copr build system and OBS releasers. Fixed bug with old versions of packages still being left in the yum repodata. Small documentation updates. Fix permissions sources fedpkg modifies. Fix permissions sources fedpkg modifies. Fix permissions sources fedpkg modifies. Significant improvements, new builders/releasers, removal of dead code and refactoring. New support for writing out a templated version file during tagging. New Copr build system and OBS releasers. Fixed bug with old versions of packages still being left in the yum repodata. Small documentation updates. Fix permissions sources fedpkg modifies. Fix permissions sources fedpkg modifies. Fix permissions sources fedpkg modifies. -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Devan Goodwin <dgoodwin@xxxxxxxx> 0.5.4-1 - make version comparison compat with python2 and python3 (jumanjiman@xxxxxxxxx) * Mon May 12 2014 Devan Goodwin <dgoodwin@xxxxxxxx> 0.5.3-1 - avoid syntax error on el5 (jumanjiman@xxxxxxxxx) - Support pre-5.20131213 versions of git-annex for EL6 (dcleal@xxxxxxxxxx) - Add version comparison utility (dcleal@xxxxxxxxxx) * Fri May 9 2014 Devan Goodwin <dgoodwin@xxxxxxxx> 0.5.2-1 - Fix releaser getcwd error. (dgoodwin@xxxxxxxxxx) * Fri May 9 2014 Devan Goodwin <dgoodwin@xxxxxxxx> 0.5.1-1 - Raise error on failed run_command. (dgoodwin@xxxxxxxxxx) - Allow builder to run in test mode on untagged project (dcleal@xxxxxxxxxx) - Add 'scl' builder option for software collection name (dcleal@xxxxxxxxxx) - added rpmbuild output to an error raised by tito to easier the error's cause analysis (artur.krysiak.warszawa@xxxxxxxxx) - propagate docs to docker public registry (jumanjiman@xxxxxxxxx) - spec: remove dependency on GitPython (jumanjiman@xxxxxxxxx) - Update tito.8.asciidoc (james.slagle@xxxxxxxxx) - Cleanup releasers + builders when interrupted (dcleal@xxxxxxxxxx) - make run_command_print() compatible with python3 (msuchy@xxxxxxxxxx) - remove unused import "commands" (msuchy@xxxxxxxxxx) - Change package-specific config message to debug (dcleal@xxxxxxxxxx) * Mon Mar 24 2014 Devan Goodwin <dgoodwin@xxxxxxxx> 0.5.0-1 - Prep for python3. (jumanjiman@xxxxxxxxx) - Print output live for longer running rpmbuild commands. (dgoodwin@xxxxxxxxxx) - Add GitAnnexBuilder, using git-annex to store blobs (dcleal@xxxxxxxxxx) - Remove legacy CvsBuilder and CvsReleaser. (dgoodwin@xxxxxxxxxx) - Stop writing temp file to load tito.props from past tag. (dgoodwin@xxxxxxxxxx) - Remove deprecated support for build.py.props config filename. (dgoodwin@xxxxxxxxxx) - Remove a very old hack for assuming config from Makefiles. (dgoodwin@xxxxxxxxxx) - Refactor config overriding. (dgoodwin@xxxxxxxxxx) - Move taggers to sub-directory. (dgoodwin@xxxxxxxxxx) - Move releasers to sub-directory. (dgoodwin@xxxxxxxxxx) - Improved docs for [version_template] section of tito.props (chris.a.st.pierre@xxxxxxxxx) - allow empty dist tag in functional tests (jumanjiman@xxxxxxxxx) - docs: createrepo is needed for functional tests (jumanjiman@xxxxxxxxx) - provide config for editorconfig plugins (jumanjiman@xxxxxxxxx) - Add more missing documentation to MANIFEST.in. (dgoodwin@xxxxxxxxxx) - Assume a default fetch strategy. (dgoodwin@xxxxxxxxxx) - Add markdown docs for FetchBuilder instead of manpage. (dgoodwin@xxxxxxxxxx) - Fix releasers and respect offline flag. (dgoodwin@xxxxxxxxxx) - Support release with fetch builder. (dgoodwin@xxxxxxxxxx) - Add support for passing builder args through a releaser. (dgoodwin@xxxxxxxxxx) - MANIFEST.in: include README.mkd and asciidoc files (code@xxxxxxxxxxxxxxxxxx) - Rename --builder-arg to just --arg in build command. (dgoodwin@xxxxxxxxxx) - Fix issue with releaser temp dir. (dgoodwin@xxxxxxxxxx) - Refactor to just one config object. (dgoodwin@xxxxxxxxxx) - Make external source builder fetch strategy configurable. (dgoodwin@xxxxxxxxxx) - Fix buildroot using ~/rpmbuild/BUILDROOT. (dgoodwin@xxxxxxxxxx) - Refactor builders to allow separate modules. (dgoodwin@xxxxxxxxxx) - Restore building of specific tags. (dgoodwin@xxxxxxxxxx) - Start building with external sources and no tag. (dgoodwin@xxxxxxxxxx) - Allow possibility of building without a pre-existing tag. (dgoodwin@xxxxxxxxxx) - Print koji/brew task ID and URL during release. (dgoodwin@xxxxxxxxxx) * Thu Nov 14 2013 Devan Goodwin <dgoodwin@xxxxxxxx> 0.4.18-1 - Merge the FiledVersionTagger into the base VersionTagger. (dgoodwin@xxxxxxxxxx) - add Copr releaser (msuchy@xxxxxxxxxx) - Fix broken asciidoc. (dgoodwin@xxxxxxxxxx) - Fix old versions in yum repodata. (dgoodwin@xxxxxxxxxx) - adding the FiledVersionTagger class that we are using internally (vbatts@xxxxxxxxxx) - tito report man page missing options (admiller@xxxxxxxxxx) - Implement OBS releaser (msuchy@xxxxxxxxxx) -------------------------------------------------------------------------------- ================================================================================ trinity-1.4-1.fc20 (FEDORA-2014-6317) System call fuzz tester -------------------------------------------------------------------------------- Update Information: Upstream notes on this release: - Big changes since 1.3 include some more targeted fuzzing of VM related syscalls, which judging from the fallout over the last six months, seems to be working quite well. - Trinity should now also scale up a lot better on bigger machines with lots of cores. It should pick a reasonable default number of child processes, but you can override with -C as you could before, but now without any restrictions other than available memory. -------------------------------------------------------------------------------- ChangeLog: * Mon May 12 2014 Jerry James <loganjerry@xxxxxxxxx> - 1.4-1 - New upstream version -------------------------------------------------------------------------------- ================================================================================ xmobar-0.20.1-1.fc20 (FEDORA-2014-6327) A minimalistic text-based status bar -------------------------------------------------------------------------------- Update Information: * New features - Back to picking by default the first available screen, with a new configuration option, pickBroadest, for choosing the broadest (see issue #158). - Mouse actions now support multiple buttons, by Marcin Mikołajczyk. - Non supported monitors are ignored in configuration files (see issue #139), by Adam Vogt. * Bug fixes - Disk monitor now ignores non-existent devices (Reto Hablützel). - Weather is now non-blocking and doesn't use curl (Ben Boeckel). - Fix for Memory monitor in 3.14 kernels (Ben Boeckel). - Fix for infinite loops in AutoMPD (issue #76, issue #111). - More robust AC readings in BatteryP. - Fix for Top monitor's readings for processes whose name contains blanks. - Fixes for geometry computation on multihead (Dmitry Malikov). - Fixes for missing XDG configuration (Thiago Negri and James McCoy, see issue #133). -------------------------------------------------------------------------------- ChangeLog: * Fri May 9 2014 Ben Boeckel <mathstuf@xxxxxxxxx> - 0.20.1-1 - Update to 0.20.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1075010 - xmobar-0.20.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1075010 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
