The following Fedora 20 Security updates need testing: Age URL 28 https://admin.fedoraproject.org/updates/FEDORA-2014-5497/openstack-keystone-2013.2.3-3.fc20 20 https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20 13 https://admin.fedoraproject.org/updates/FEDORA-2014-6098/rubygem-actionpack-4.0.0-4.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2014-6258/smb4k-1.1.2-1.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2014-6276/seamonkey-2.26-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-6373/zabbix-2.0.12-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-6440/python-django15-1.5.8-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-6449/python-django-1.6.5-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-6442/python-django14-1.4.13-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-6472/mumble-1.2.6-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6540/php-ZendFramework2-2.2.7-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6586/libvirt-1.1.3.5-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6551/chicken-4.8.0.6-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6520/openstack-neutron-2013.2.3-7.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6554/emacs-24.3-17.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6583/libtiff-4.0.3-15.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6585/moodle-2.5.6-1.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 5 https://admin.fedoraproject.org/updates/FEDORA-2014-6412/taglib-1.9.1-5.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-6339/squashfs-tools-4.3-4.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-6451/libndp-1.2-2.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-6468/libxfce4ui-4.10.0-11.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6583/libtiff-4.0.3-15.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6572/libdrm-2.4.54-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6584/selinux-policy-3.12.1-166.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6554/emacs-24.3-17.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6568/ibus-1.5.7-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6534/xz-5.1.2-9alpha.fc20,supermin-5.1.8-5.fc20 The following builds have been pushed to Fedora 20 updates-testing apt-0.5.15lorg3.95-10.git522.1.fc20 ardour3-3.5.380-1.fc20 chicken-4.8.0.6-2.fc20 cinnamon-2.2.10-1.fc20 cinnamon-control-center-2.2.8-1.fc20 cinnamon-desktop-2.2.3-1.fc20 cinnamon-settings-daemon-2.2.3-1.fc20 cinnamon-translations-2.2.2-1.fc20 cjs-2.2.1-1.fc20 clustal-omega-1.2.1-2.fc20 diskimage-builder-0.1.15-1.fc20 emacs-24.3-17.fc20 findbugs-contrib-5.2.0-1.fc20 git-1.9.3-1.fc20 goaccess-0.8-1.fc20 ibus-1.5.7-2.fc20 ipvsadm-1.27-2.fc20 libdrm-2.4.54-1.fc20 libtiff-4.0.3-15.fc20 libvirt-1.1.3.5-2.fc20 lynis-1.5.3-1.fc20 mate-themes-extras-1.8.1-1.fc20 moodle-2.5.6-1.fc20 muffin-2.2.5-1.fc20 nemo-2.2.2-1.fc20 nodejs-shelljs-0.3.0-1.fc20 openlibm-0.3-6.fc20 os-refresh-config-0.1.5-1.fc20 owfs-2.9p5-1.fc20 perl-Plack-Middleware-Test-StashWarnings-0.08-1.fc20 piglit-1-0.17.20140414GIT8775223.fc20 rubygem-openscap-0.1.0-4.fc20 selinux-policy-3.12.1-166.fc20 spice-0.12.5-2.fc20 subversion-api-docs-1.8.8-1.fc20 supermin-5.1.8-5.fc20 syntastic-3.4.0-18.fc20 tango-2-18.fc20 thunderbird-lightning-2.6.5-9.fc20 tralics-2.15.1-3.fc20 unrtf-0.21.5-2.fc20 xz-5.1.2-9alpha.fc20 Details about builds: ================================================================================ apt-0.5.15lorg3.95-10.git522.1.fc20 (FEDORA-2014-6581) Debian's Advanced Packaging Tool with RPM support -------------------------------------------------------------------------------- Update Information: Fixes issue with lua patch -------------------------------------------------------------------------------- ChangeLog: * Tue May 20 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 0.5.14lorg3.95-10.git522.1 - updated lua fix -------------------------------------------------------------------------------- ================================================================================ ardour3-3.5.380-1.fc20 (FEDORA-2014-6557) Digital Audio Workstation -------------------------------------------------------------------------------- Update Information: **Ardour 3.5.380 is a CRITICAL bug fix release. ALL USERS ARE RECOMMENDED TO UPGRADE.** It includes several absolutely vital fixes for bugs that could lead to audio and MIDI files being irreversibly deleted from disk. Check out [the upstream announcement](https://community.ardour.org/node/8224) for detailed information. -------------------------------------------------------------------------------- ChangeLog: * Wed May 14 2014 Nils Philippsen <nils@xxxxxxxxxx> - 3.5.380-1 - version 3.5.380 -------------------------------------------------------------------------------- ================================================================================ chicken-4.8.0.6-2.fc20 (FEDORA-2014-6551) A practical and portable Scheme system -------------------------------------------------------------------------------- Update Information: Fix for CVE-2014-3776. -------------------------------------------------------------------------------- ChangeLog: * Tue May 20 2014 Ricky Elrod <codeblock@xxxxxxxxxxxxxxxxx> - 4.8.0.6-2 - Patch for CVE-2014-3776. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1099613 - CVE-2014-3776 chicken: buffer overflow in "read-u8vector!" procedure leads to DoS or arbitrary code exec https://bugzilla.redhat.com/show_bug.cgi?id=1099613 -------------------------------------------------------------------------------- ================================================================================ cinnamon-2.2.10-1.fc20 (FEDORA-2014-6418) Window management and application launching for GNOME -------------------------------------------------------------------------------- Update Information: - Latest package releases. - Totally remove all trace of the muffin binary as people moan when it fails to work in other DE's. -------------------------------------------------------------------------------- ChangeLog: * Tue May 20 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.2.10-1 - update to 2.2.10 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1097542 - [abrt] muffin killed by SIGSEGV in cogl_texture_get_width at ./cogl-texture.c:220 https://bugzilla.redhat.com/show_bug.cgi?id=1097542 [ 2 ] Bug #1098246 - Window Alert from other Workspace Does Not Allow Click https://bugzilla.redhat.com/show_bug.cgi?id=1098246 [ 3 ] Bug #1098797 - System Settings/Backgrounds - toolbars appear in random order after the first opening https://bugzilla.redhat.com/show_bug.cgi?id=1098797 -------------------------------------------------------------------------------- ================================================================================ cinnamon-control-center-2.2.8-1.fc20 (FEDORA-2014-6418) Utilities to configure the Cinnamon desktop -------------------------------------------------------------------------------- Update Information: - Latest package releases. - Totally remove all trace of the muffin binary as people moan when it fails to work in other DE's. -------------------------------------------------------------------------------- ChangeLog: * Tue May 20 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.2.8-1 - update to 2.2.8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1097542 - [abrt] muffin killed by SIGSEGV in cogl_texture_get_width at ./cogl-texture.c:220 https://bugzilla.redhat.com/show_bug.cgi?id=1097542 [ 2 ] Bug #1098246 - Window Alert from other Workspace Does Not Allow Click https://bugzilla.redhat.com/show_bug.cgi?id=1098246 [ 3 ] Bug #1098797 - System Settings/Backgrounds - toolbars appear in random order after the first opening https://bugzilla.redhat.com/show_bug.cgi?id=1098797 -------------------------------------------------------------------------------- ================================================================================ cinnamon-desktop-2.2.3-1.fc20 (FEDORA-2014-6418) Shared code among cinnamon-session, nemo, etc -------------------------------------------------------------------------------- Update Information: - Latest package releases. - Totally remove all trace of the muffin binary as people moan when it fails to work in other DE's. -------------------------------------------------------------------------------- ChangeLog: * Tue May 20 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.2.3-1 - update to 2.2.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1097542 - [abrt] muffin killed by SIGSEGV in cogl_texture_get_width at ./cogl-texture.c:220 https://bugzilla.redhat.com/show_bug.cgi?id=1097542 [ 2 ] Bug #1098246 - Window Alert from other Workspace Does Not Allow Click https://bugzilla.redhat.com/show_bug.cgi?id=1098246 [ 3 ] Bug #1098797 - System Settings/Backgrounds - toolbars appear in random order after the first opening https://bugzilla.redhat.com/show_bug.cgi?id=1098797 -------------------------------------------------------------------------------- ================================================================================ cinnamon-settings-daemon-2.2.3-1.fc20 (FEDORA-2014-6418) The daemon sharing settings from CINNAMON to GTK+/KDE applications -------------------------------------------------------------------------------- Update Information: - Latest package releases. - Totally remove all trace of the muffin binary as people moan when it fails to work in other DE's. -------------------------------------------------------------------------------- ChangeLog: * Tue May 20 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.2.3-1 - update to 2.2.3 * Mon May 5 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.2.2-2 - add patch to add support for upower critical action -------------------------------------------------------------------------------- References: [ 1 ] Bug #1097542 - [abrt] muffin killed by SIGSEGV in cogl_texture_get_width at ./cogl-texture.c:220 https://bugzilla.redhat.com/show_bug.cgi?id=1097542 [ 2 ] Bug #1098246 - Window Alert from other Workspace Does Not Allow Click https://bugzilla.redhat.com/show_bug.cgi?id=1098246 [ 3 ] Bug #1098797 - System Settings/Backgrounds - toolbars appear in random order after the first opening https://bugzilla.redhat.com/show_bug.cgi?id=1098797 -------------------------------------------------------------------------------- ================================================================================ cinnamon-translations-2.2.2-1.fc20 (FEDORA-2014-6418) Translations for Cinnamon and Nemo -------------------------------------------------------------------------------- Update Information: - Latest package releases. - Totally remove all trace of the muffin binary as people moan when it fails to work in other DE's. -------------------------------------------------------------------------------- ChangeLog: * Tue May 20 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.2.2-1 - update to 2.2.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1097542 - [abrt] muffin killed by SIGSEGV in cogl_texture_get_width at ./cogl-texture.c:220 https://bugzilla.redhat.com/show_bug.cgi?id=1097542 [ 2 ] Bug #1098246 - Window Alert from other Workspace Does Not Allow Click https://bugzilla.redhat.com/show_bug.cgi?id=1098246 [ 3 ] Bug #1098797 - System Settings/Backgrounds - toolbars appear in random order after the first opening https://bugzilla.redhat.com/show_bug.cgi?id=1098797 -------------------------------------------------------------------------------- ================================================================================ cjs-2.2.1-1.fc20 (FEDORA-2014-6418) Javascript Bindings for Cinnamon -------------------------------------------------------------------------------- Update Information: - Latest package releases. - Totally remove all trace of the muffin binary as people moan when it fails to work in other DE's. -------------------------------------------------------------------------------- ChangeLog: * Wed May 21 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 1:2.2.1-1 - update to 2.2.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1097542 - [abrt] muffin killed by SIGSEGV in cogl_texture_get_width at ./cogl-texture.c:220 https://bugzilla.redhat.com/show_bug.cgi?id=1097542 [ 2 ] Bug #1098246 - Window Alert from other Workspace Does Not Allow Click https://bugzilla.redhat.com/show_bug.cgi?id=1098246 [ 3 ] Bug #1098797 - System Settings/Backgrounds - toolbars appear in random order after the first opening https://bugzilla.redhat.com/show_bug.cgi?id=1098797 -------------------------------------------------------------------------------- ================================================================================ clustal-omega-1.2.1-2.fc20 (FEDORA-2014-6582) Clustal Omega is a command-line multiple sequence alignment tool -------------------------------------------------------------------------------- Update Information: clustal-omega - command line tool for multiple sequence alignment -------------------------------------------------------------------------------- References: [ 1 ] Bug #1057766 - Review Request: clustal-omega - command line tool for multiple sequence alignment https://bugzilla.redhat.com/show_bug.cgi?id=1057766 -------------------------------------------------------------------------------- ================================================================================ diskimage-builder-0.1.15-1.fc20 (FEDORA-2014-6575) Image building tools for OpenStack -------------------------------------------------------------------------------- Update Information: Update to 0.1.15 -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 30 2014 Ben Nemec <bnemec@xxxxxxxxxx> - 0.1.15-1 - Update to 0.1.15 - Remove dib-run-parts from this package - Add dependency on dib-utils (the new home of dib-run-parts) -------------------------------------------------------------------------------- ================================================================================ emacs-24.3-17.fc20 (FEDORA-2014-6554) GNU Emacs text editor -------------------------------------------------------------------------------- Update Information: CVE-2014-3421 CVE-2014-3422 CVE-2014-3423 CVE-2014-3424 (#1095587) -------------------------------------------------------------------------------- ChangeLog: * Tue May 20 2014 Petr Hracek <phracek@xxxxxxxxxx> - 1:24.3-17 - CVE-2014-3421 CVE-2014-3422 CVE-2014-3423 CVE-2014-3424 (#1095587) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1095587 - CVE-2014-3423 CVE-2014-3422 CVE-2014-3421 CVE-2014-3424 emacs: multiple temporary file issues [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1095587 -------------------------------------------------------------------------------- ================================================================================ findbugs-contrib-5.2.0-1.fc20 (FEDORA-2014-6566) Extra findbugs detectors -------------------------------------------------------------------------------- Update Information: Update to new version 5.2.0. Full changelog is available at: http://fb-contrib.sourceforge.net/ Detectors added in v4.8.0: * [LGO] Lingering Graphics Object * [CCNE] Compare Class Name Equals * [CSBTS] CommonsStringBuilderToString * [CHTH] CommonsHashcodeBuilderToHashcode * [BRPI] BackportReusePublicIdentifiers * [CU] Clone Usability Detectors added in v5.0.0: * [CVAA] ContraVariant Array Assignment * [CAAL] Confusing Array As List * [UMTP] Unbound Method Template Parameter * [NPMC] Non Productive Method Call * [ICA] Invalid Constant Argument Detectors added in v5.2.0: * [CNC] Collection Naming Confusion * [PME] Poor Mans Enum * [UP] Unused Parameter * [CD] Circular Dependencies * [MUC] Modifying Unmodifiable Collection -------------------------------------------------------------------------------- ChangeLog: * Mon May 5 2014 Richard Fearn <richardfearn@xxxxxxxxx> - 5.2.0-1 - Update to 5.2.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1068959 - Update fb-contrib to 5.2.0 https://bugzilla.redhat.com/show_bug.cgi?id=1068959 -------------------------------------------------------------------------------- ================================================================================ git-1.9.3-1.fc20 (FEDORA-2014-6556) Fast Version Control System -------------------------------------------------------------------------------- Update Information: Minor upstream bugfixes. https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/1.9.3.txt https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/1.9.2.txt https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/1.9.1.txt -------------------------------------------------------------------------------- ChangeLog: * Mon May 19 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 1.9.3-1 - Update to 1.9.3 -------------------------------------------------------------------------------- ================================================================================ goaccess-0.8-1.fc20 (FEDORA-2014-6565) Apache Log Analyzer -------------------------------------------------------------------------------- Update Information: Changes to GoAccess 0.8 - Tuesday, May 20, 2014 * Added APT-HTTP to the list of browsers. * Added data persistence and ability to load data from disk. * Added IE11 to the list of browsers. * Added IEMobile to the list of browsers. * Added multiple command line options. * Added Nagios check_http to the list of browsers. * Added parsing progress metrics - total requests / requests per second. * Added the ability to parse a GeoLiteCity.dat to get the city given an IPv4. * Change the way the configuration file is parsed. This will parse all configuration options under ~/.goaccessrc or the specified config file and will feed getopt_long with the extracted key/value pairs. This also allows the ability to have comments on the config file which won't be overwritten. * Ensure autoconf determines the location of ncurses headers. * Fixed issue where geo_location_data was NULL. * Fixed issue where GoAccess did not run without a tty allocated to it. * Fixed potential memory leak on --log-file realpath(). * Fixed Solaris build errors. * Implemented an on-memory hash database using Tokyo Cabinet. This implementation allows GoAccess not to rely on GLib's hash table if one is needed. * Implemented large file support using an on-disk B+ Tree database. This implementation allows GoAccess not to hold everything in memory but instead it uses an on-disk B+ Tree database. * Trimmed leading and trailing whitespaces from keyphrases module. -------------------------------------------------------------------------------- ChangeLog: * Wed May 21 2014 Christopher Meng <rpm@xxxxxxxx> - 0.8-1 - Update to 0.8 -------------------------------------------------------------------------------- ================================================================================ ibus-1.5.7-2.fc20 (FEDORA-2014-6568) Intelligent Input Bus for Linux OS -------------------------------------------------------------------------------- Update Information: This update fixes the width of ibus-setup GUI. -------------------------------------------------------------------------------- ChangeLog: * Tue May 20 2014 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.7-2 - Updated ibus-HEAD.patch for width of ibus-setup. -------------------------------------------------------------------------------- ================================================================================ ipvsadm-1.27-2.fc20 (FEDORA-2014-6561) Utility to administer the Linux Virtual Server -------------------------------------------------------------------------------- Update Information: Fix ipvsadm list_daemon to show backup sync daemon -------------------------------------------------------------------------------- ChangeLog: * Wed May 21 2014 Ryan O'Hara <rohara@xxxxxxxxxx> - 1.27-2 - Fix ipvsadm list_daemon to show backup sync daemon -------------------------------------------------------------------------------- References: [ 1 ] Bug #1099688 - ipvsadm does not show backup daemon https://bugzilla.redhat.com/show_bug.cgi?id=1099688 -------------------------------------------------------------------------------- ================================================================================ libdrm-2.4.54-1.fc20 (FEDORA-2014-6572) Direct Rendering Manager runtime library -------------------------------------------------------------------------------- Update Information: libdrm 2.4.54 -------------------------------------------------------------------------------- ChangeLog: * Sat May 3 2014 Dennis Gilmore <dennis@xxxxxxxx> 2.4.54-1 - libdrm 2.4.54 -------------------------------------------------------------------------------- ================================================================================ libtiff-4.0.3-15.fc20 (FEDORA-2014-6583) Library of functions for manipulating TIFF format image files -------------------------------------------------------------------------------- Update Information: Add upstream patches for CVE-2013-4243 (#996832) -------------------------------------------------------------------------------- ChangeLog: * Wed May 21 2014 Petr Hracek <phracek@xxxxxxxxxx> - 4.0.3-15 - Add upstream patches for CVE-2013-4243 (#996832) -------------------------------------------------------------------------------- References: [ 1 ] Bug #996832 - CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 libtiff various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=996832 -------------------------------------------------------------------------------- ================================================================================ libvirt-1.1.3.5-2.fc20 (FEDORA-2014-6586) Library providing a simple virtualization API -------------------------------------------------------------------------------- Update Information: * Fix xen hvm VNC port (bz #1094262) * CVE-2014-0179: Unsafe XML parsing (bz #1094792, bz #1088290) * Fix failure to start xen instances (rackspace in particular) (bz #1098376) -------------------------------------------------------------------------------- ChangeLog: * Mon May 19 2014 Cole Robinson <crobinso@xxxxxxxxxx> - 1.1.3.5-2 - Fix xen hvm VNC port (bz #1094262) - CVE-2014-0179: Unsafe XML parsing (bz #1094792, bz #1088290) - Fix failure to start xen instances (rackspace in particular) (bz #1098376) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1088290 - CVE-2014-0179 libvirt: unsafe parsing of XML documents allows libvirt DoS and/or arbitrary file read https://bugzilla.redhat.com/show_bug.cgi?id=1088290 -------------------------------------------------------------------------------- ================================================================================ lynis-1.5.3-1.fc20 (FEDORA-2014-6564) Security and system auditing tool -------------------------------------------------------------------------------- Update Information: * 1.5.3 (2014-05-19) New: - Support for zypper package manager - Gather installed packages with Zypper on SuSE systems [PKGS-728] - Check for vulnerable packages with Zypper package manager [PKGS-7330] Changes: - Check for aide.conf also in /etc [FINT-4315] - Adjusted screen output for unreliable NTP peers [TIME-3120] - Adjusted check kernel test for non-Linux systems [KRNL-5730] - Improved screen output on AIX systems with echo command * 1.5.2 (2014-05-05) New: - Support for runlevel in binaries test Changes: - Added suggestion for kernel availability check [KRNL-5788] - Added suggestion for services at startup and proper binary call [BOOT-5180] - Added suggestion to configure accounting on FreeBSD [ACCT-2754] - Added suggestion to configure Linux process accounting [ACCT-9622] - Several new controls listed on website - Adjusted hardening index if total score was zero - Added suggestion for auditd.conf file [ACCT-9632] - Removed suggestion for audit log file [ACCT-9634] - Removed warning from NTP falsetickers test, added data to report [TIME-3132] - Removed warning from NTP selected time source test [TIME-3124] * 1.5.1 (2014-04-22) Changes: - Extended reporting with running databases and frameworks - Adjusted Oracle status in test [DBS-1840] - Extended grsecurity test [RBAC-6272] - Redirect rpcinfo errors to /dev/null - Adjusted color scheme -------------------------------------------------------------------------------- ChangeLog: * Wed May 21 2014 Christopher Meng <rpm@xxxxxxxx> - 1.5.3-1 - Update to 1.5.3 -------------------------------------------------------------------------------- ================================================================================ mate-themes-extras-1.8.1-1.fc20 (FEDORA-2014-6560) Extra gtk-2/3 themes for gtk based desktops -------------------------------------------------------------------------------- Update Information: - update to 1.8.1 - Blue-Submarine: update to GTK 3.12 - Green-Submarine: update to GTK 3.12 - Gnome-Cupertino: update to GTK 3.10 - Smoothly: update to GTK 3.10 - Smootly-Black: update to GTK 3.10 - GnomishBeige: complete GTK3-3.10 - DeloreanDark: update to GTK3-3.10 - drop Cologne theme, get rid of xfce theme engine - several improvements -------------------------------------------------------------------------------- ChangeLog: * Mon May 19 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.8.1-1 - update to 1.8.1 release * Sun May 18 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.8.0.2 - drop forgoten gtk-xfce-engine requires * Sun May 18 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.8.0.1 - update to 1.8.0 release - Blue-Submarine: update to GTK 3.12 - Green-Submarine: update to GTK 3.12 - Gnome-Cupertino: update to GTK 3.10 - Smoothly: update to GTK 3.10 - Smootly-Black: update to GTK 3.10 - GnomishBeige: complete GTK3-3.10 - DeloreanDark: update to GTK3-3.10 - drop Cologne theme, get rid of xfce theme engine - several improvements -------------------------------------------------------------------------------- ================================================================================ moodle-2.5.6-1.fc20 (FEDORA-2014-6585) A Course Management System -------------------------------------------------------------------------------- Update Information: Moodle upstream has released versions 2.7, 2.6.3, 2.5.6, and 2.4.10 to fix the following security flaws: CVE-2014-0213 MSA-14-0014: Cross-site request forgery possible in Assignment CVE-2014-0214 MSA-14-0015: Web service token expiry issue for MoodleMobile CVE-2014-0215 MSA-14-0016: Anonymous student identity revealed in assignment CVE-2014-0216 MSA-14-0017: File access issue in HTML block CVE-2014-0217 MSA-14-0018: Information leak in courses CVE-2014-0218 MSA-14-0019: Reflected XSS in URL downloader repository For a full summary and patch links, refer to the following: http://seclists.org/oss-sec/2014/q2/329 -------------------------------------------------------------------------------- ChangeLog: * Wed May 21 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 2.5.6-1 - CVE-2014-0213, CVE-2014-0214, CVE-2014-0215, CVE-2014-0216, - CVE-2014-0217, CVE-2014-0218 - Drop upstreamed tinymce patch. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1099766 - CVE-2014-0218 CVE-2014-0213 CVE-2014-0215 CVE-2014-0214 CVE-2014-0217 CVE-2014-0216 moodle: upstream 2.7, 2.6.3, 2.5.6, and 2.4.10 security fixes [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1099766 [ 2 ] Bug #1099765 - CVE-2014-0218 CVE-2014-0213 CVE-2014-0215 CVE-2014-0214 CVE-2014-0217 CVE-2014-0216 moodle: upstream 2.7, 2.6.3, 2.5.6, and 2.4.10 security fixes [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1099765 -------------------------------------------------------------------------------- ================================================================================ muffin-2.2.5-1.fc20 (FEDORA-2014-6418) Window and compositing manager based on Clutter -------------------------------------------------------------------------------- Update Information: - Latest package releases. - Totally remove all trace of the muffin binary as people moan when it fails to work in other DE's. -------------------------------------------------------------------------------- ChangeLog: * Wed May 21 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.2.5-1 - update to 2.2.5 * Tue May 20 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.2.4-1 - update to 2.2.4 * Thu May 15 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.2.3-3 - patch to remove unused binaries to clean debug package * Wed May 14 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.2.3-2 - remove unused binaries (bz 1097542) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1097542 - [abrt] muffin killed by SIGSEGV in cogl_texture_get_width at ./cogl-texture.c:220 https://bugzilla.redhat.com/show_bug.cgi?id=1097542 [ 2 ] Bug #1098246 - Window Alert from other Workspace Does Not Allow Click https://bugzilla.redhat.com/show_bug.cgi?id=1098246 [ 3 ] Bug #1098797 - System Settings/Backgrounds - toolbars appear in random order after the first opening https://bugzilla.redhat.com/show_bug.cgi?id=1098797 -------------------------------------------------------------------------------- ================================================================================ nemo-2.2.2-1.fc20 (FEDORA-2014-6418) File manager for Cinnamon -------------------------------------------------------------------------------- Update Information: - Latest package releases. - Totally remove all trace of the muffin binary as people moan when it fails to work in other DE's. -------------------------------------------------------------------------------- ChangeLog: * Wed May 21 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.2.2-1 - update to 2.2.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1097542 - [abrt] muffin killed by SIGSEGV in cogl_texture_get_width at ./cogl-texture.c:220 https://bugzilla.redhat.com/show_bug.cgi?id=1097542 [ 2 ] Bug #1098246 - Window Alert from other Workspace Does Not Allow Click https://bugzilla.redhat.com/show_bug.cgi?id=1098246 [ 3 ] Bug #1098797 - System Settings/Backgrounds - toolbars appear in random order after the first opening https://bugzilla.redhat.com/show_bug.cgi?id=1098797 -------------------------------------------------------------------------------- ================================================================================ nodejs-shelljs-0.3.0-1.fc20 (FEDORA-2014-6549) Portable Unix shell commands for Node.js -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- ================================================================================ openlibm-0.3-6.fc20 (FEDORA-2014-6589) High quality system independent, open source libm -------------------------------------------------------------------------------- Update Information: New package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1089500 - Review Request: openlibm - High quality system independent, open source libm https://bugzilla.redhat.com/show_bug.cgi?id=1089500 -------------------------------------------------------------------------------- ================================================================================ os-refresh-config-0.1.5-1.fc20 (FEDORA-2014-6550) Refresh system configuration -------------------------------------------------------------------------------- Update Information: Update to 0.1.5 -------------------------------------------------------------------------------- ChangeLog: * Fri May 9 2014 Ben Nemec <bnemec@xxxxxxxxxx> - 0.1.5-1 - Update to 0.1.5 - Add dependency on new dib-utils package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1086476 - /opt/stack/os-config-refresh is searched for scripts https://bugzilla.redhat.com/show_bug.cgi?id=1086476 [ 2 ] Bug #1086494 - os-refresh-config calls dib-run-parts, which is not installed https://bugzilla.redhat.com/show_bug.cgi?id=1086494 -------------------------------------------------------------------------------- ================================================================================ owfs-2.9p5-1.fc20 (FEDORA-2014-6555) 1-Wire Virtual File System -------------------------------------------------------------------------------- Update Information: This update brings following changes: - improved support of DS2409 (Microlan) hubs - owserver-to-owserver communication is not longer susceptible to loops -------------------------------------------------------------------------------- ChangeLog: * Thu May 15 2014 Tomasz Torcz <ttorcz@xxxxxxxxxxxxxxxxx> - 2.9p5-1 - latest upstream release -------------------------------------------------------------------------------- ================================================================================ perl-Plack-Middleware-Test-StashWarnings-0.08-1.fc20 (FEDORA-2014-6591) Test your application's warnings -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Tue May 20 2014 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 0.08-1 - Upstream update. -------------------------------------------------------------------------------- ================================================================================ piglit-1-0.17.20140414GIT8775223.fc20 (FEDORA-2014-6579) Collection of automated tests for OpenGL implementations -------------------------------------------------------------------------------- Update Information: Except I have created condition incorrectly. importlib is since python 2.7 in the standard library, no need to import it. Put ExcludeArch back for ppc64 and missing python-importlib Require -------------------------------------------------------------------------------- ChangeLog: * Mon May 19 2014 Matěj Cepl <mcepl@xxxxxxxxxx> - 1-0.17.20140414GIT8775223 - Except I have created condition incorrectly. * Fri May 16 2014 Matěj Cepl <mcepl@xxxxxxxxxx> - 1-0.16.20140414GIT8775223 - importlib is since python 2.7 in the standard library, no need to import it. * Thu May 15 2014 Matěj Cepl <mcepl@xxxxxxxxxx> - 1-0.15.20140414GIT8775223 - Put ExcludeArch back for ppc64. - Add python-importlib Require -------------------------------------------------------------------------------- References: [ 1 ] Bug #1098113 - missing lib/ include https://bugzilla.redhat.com/show_bug.cgi?id=1098113 [ 2 ] Bug #1098170 - summary.py tries to access the "templates" dir in current dir https://bugzilla.redhat.com/show_bug.cgi?id=1098170 -------------------------------------------------------------------------------- ================================================================================ rubygem-openscap-0.1.0-4.fc20 (FEDORA-2014-6574) A FFI wrapper around the OpenSCAP library -------------------------------------------------------------------------------- Update Information: A new package born! -------------------------------------------------------------------------------- References: [ 1 ] Bug #1090188 - Review Request: rubygem-openscap - A FFI wrapper around the OpenSCAP library https://bugzilla.redhat.com/show_bug.cgi?id=1090188 -------------------------------------------------------------------------------- ================================================================================ selinux-policy-3.12.1-166.fc20 (FEDORA-2014-6584) SELinux policy configuration -------------------------------------------------------------------------------- Update Information: Allow cockpit to bind to its port -------------------------------------------------------------------------------- ChangeLog: * Wed May 21 2014 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.12.1-166 - Allow cockpit to bind to its port - Add fixes for squid which is configured to run with more than one worker. - geard seems to do a lot of relabeling - Allow system_mail_t to append to munin_var_lib_t - Allow mozilla_plugin to read alsa_rw_ content - Dontaudit attempts to read fixed disk - Add MCS/MLS Constraints to kernel keyring, also add MCS Constraints to ipc, sem.msgq, shm - Allow seunshare domains to getattr on all executables * Fri May 16 2014 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.12.1-165 - More fixes for OpenStack * Fri May 16 2014 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.12.1-164 - Add openstack fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1097531 - SELinux is preventing /usr/bin/bash from 'getattr' accesses on the file . https://bugzilla.redhat.com/show_bug.cgi?id=1097531 [ 2 ] Bug #1088753 - SELinux boolean: secure_mode_policyload can be disabled when it was turned on https://bugzilla.redhat.com/show_bug.cgi?id=1088753 [ 3 ] Bug #1096490 - SELinux breaks ulogd at system startup, but manually start ulogd works https://bugzilla.redhat.com/show_bug.cgi?id=1096490 -------------------------------------------------------------------------------- ================================================================================ spice-0.12.5-2.fc20 (FEDORA-2014-6559) Implements the SPICE protocol -------------------------------------------------------------------------------- Update Information: Update to latest spice-server stable release -------------------------------------------------------------------------------- ChangeLog: * Mon May 19 2014 Christophe Fergeau <cfergeau@xxxxxxxxxx> 0.12.5-2 - Add missing BuildRequires in order to enable Opus support * Mon May 19 2014 Christophe Fergeau <cfergeau@xxxxxxxxxx> 0.12.5-1 - Update to new 0.12.5 release -------------------------------------------------------------------------------- ================================================================================ subversion-api-docs-1.8.8-1.fc20 (FEDORA-2014-6593) Subversion API documentation -------------------------------------------------------------------------------- Update Information: Rebuild against current stable. -------------------------------------------------------------------------------- ChangeLog: * Tue May 20 2014 Bojan Smojver <bojan@xxxxxxxxxxxxx> 1.8.8-1 - bump up to 1.8.8 -------------------------------------------------------------------------------- ================================================================================ supermin-5.1.8-5.fc20 (FEDORA-2014-6534) Tool for creating supermin appliances -------------------------------------------------------------------------------- Update Information: New upstream version 5.1.8. Enable support for xz-compressed kernel modules. Fix handling of filenames with spaces. -------------------------------------------------------------------------------- ChangeLog: * Wed May 21 2014 Richard W.M. Jones <rjones@xxxxxxxxxx> - 5.1.8-5 - Add patch to fix RPM handler when filenames may contain spaces. * Mon May 19 2014 Richard W.M. Jones <rjones@xxxxxxxxxx> - 5.1.8-4 - Skip execstack test on Fedora 20 (ARM only). * Fri May 16 2014 Richard W.M. Jones <rjones@xxxxxxxxxx> - 5.1.8-3 - BR xz-static & xz-devel packages, to support xz-compressed kernel modules. * Fri May 9 2014 Richard W.M. Jones <rjones@xxxxxxxxxx> - 5.1.8-1 - New upstream version 5.1.8. - Remove patches which are now upstream. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1099862 - supermin: internal error: assertion failed at rpm.ml, line 227, char 11 https://bugzilla.redhat.com/show_bug.cgi?id=1099862 -------------------------------------------------------------------------------- ================================================================================ syntastic-3.4.0-18.fc20 (FEDORA-2014-6576) A vim plugins to check syntax for programming languages -------------------------------------------------------------------------------- Update Information: Update to rev 3.4.0 -------------------------------------------------------------------------------- ChangeLog: * Tue May 20 2014 jonathan MERCIER <bioinfornatics@xxxxxxxxx> - 3.4.0-18 - Update to rev 3.4.0 -------------------------------------------------------------------------------- ================================================================================ tango-2-18.fc20 (FEDORA-2014-6570) The Developer's Library for D -------------------------------------------------------------------------------- Update Information: update to latest rev -------------------------------------------------------------------------------- ChangeLog: * Tue May 20 2014 jonathan MERCIER <bioinfornatics@xxxxxxxxx> - 2-18 - update to latest rev * Sun Mar 9 2014 jonathan MERCIER <bioinfornatics@xxxxxxxxx> - 2-17 - Update to latest rev * Wed Oct 30 2013 Jonathan MERCIER <bioinfornatics@xxxxxxxxx> - 2-16 - exclude arm * Thu Oct 24 2013 Jonathan MERCIER <bioinfornatics@xxxxxxxxx> - 2-15 - Update to rev ff2b1d3 * Sun Aug 4 2013 "Jonathan Mercier" <"Jonathan Mercier at gmail dot org"> - 2-14 - Update to rev 667c566 * Mon Jun 10 2013 Jonathan MERCIER <bioinfornatics at fedoraproject dot org> - 2-13 - Update to rev 96fea24 -------------------------------------------------------------------------------- ================================================================================ thunderbird-lightning-2.6.5-9.fc20 (FEDORA-2014-6563) The calendar extension to Thunderbird -------------------------------------------------------------------------------- Update Information: Update to 2.6.5 -------------------------------------------------------------------------------- ChangeLog: * Wed May 14 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 2.6.5-9 - Update to 2.6.5 * Fri Jan 31 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 2.6.4-8 - Fix build with -Werror=format-security (bug #1037355) -------------------------------------------------------------------------------- ================================================================================ tralics-2.15.1-3.fc20 (FEDORA-2014-6580) LaTeX to XML translator -------------------------------------------------------------------------------- Update Information: LaTeX to XML translator -------------------------------------------------------------------------------- References: [ 1 ] Bug #1000445 - Review Request: tralics - LaTeX to XML translator https://bugzilla.redhat.com/show_bug.cgi?id=1000445 -------------------------------------------------------------------------------- ================================================================================ unrtf-0.21.5-2.fc20 (FEDORA-2014-6547) RTF (Rich Text Format) to other formats converter -------------------------------------------------------------------------------- Update Information: don't alter conf file location. -------------------------------------------------------------------------------- ChangeLog: * Sun May 18 2014 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.21.5-2 - don't alter conf file location (rhbz#1060513) * Mon Apr 7 2014 Ken Dreyer <ktdreyer@xxxxxxxxxxxx> - 0.21.5-1 - Upstream release 0.21.5 (RHBZ #979619) - Update URL for HTTPS - Enable tests in %check -------------------------------------------------------------------------------- References: [ 1 ] Bug #1060513 - conf files are not found https://bugzilla.redhat.com/show_bug.cgi?id=1060513 -------------------------------------------------------------------------------- ================================================================================ xz-5.1.2-9alpha.fc20 (FEDORA-2014-6534) LZMA compression utilities -------------------------------------------------------------------------------- Update Information: New upstream version 5.1.8. Enable support for xz-compressed kernel modules. Fix handling of filenames with spaces. -------------------------------------------------------------------------------- ChangeLog: * Fri May 16 2014 Richard W.M. Jones <rjones@xxxxxxxxxx> - 5.1.2-9alpha - Add a -static subpackage (see RHBZ#547011). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1099862 - supermin: internal error: assertion failed at rpm.ml, line 227, char 11 https://bugzilla.redhat.com/show_bug.cgi?id=1099862 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
