Fedora 20 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 20 Security updates need testing:
 Age  URL
  28  https://admin.fedoraproject.org/updates/FEDORA-2014-5497/openstack-keystone-2013.2.3-3.fc20
  20  https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20
  13  https://admin.fedoraproject.org/updates/FEDORA-2014-6098/rubygem-actionpack-4.0.0-4.fc20
   9  https://admin.fedoraproject.org/updates/FEDORA-2014-6258/smb4k-1.1.2-1.fc20
   9  https://admin.fedoraproject.org/updates/FEDORA-2014-6276/seamonkey-2.26-1.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-6373/zabbix-2.0.12-1.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-6440/python-django15-1.5.8-1.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-6449/python-django-1.6.5-1.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-6442/python-django14-1.4.13-1.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-6472/mumble-1.2.6-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-6540/php-ZendFramework2-2.2.7-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-6586/libvirt-1.1.3.5-2.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-6551/chicken-4.8.0.6-2.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-6520/openstack-neutron-2013.2.3-7.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-6554/emacs-24.3-17.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-6583/libtiff-4.0.3-15.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-6585/moodle-2.5.6-1.fc20


The following Fedora 20 Critical Path updates have yet to be approved:
 Age URL
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-6412/taglib-1.9.1-5.fc20
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-6339/squashfs-tools-4.3-4.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-6451/libndp-1.2-2.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-6468/libxfce4ui-4.10.0-11.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-6583/libtiff-4.0.3-15.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-6572/libdrm-2.4.54-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-6584/selinux-policy-3.12.1-166.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-6554/emacs-24.3-17.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-6568/ibus-1.5.7-2.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-6534/xz-5.1.2-9alpha.fc20,supermin-5.1.8-5.fc20


The following builds have been pushed to Fedora 20 updates-testing

    apt-0.5.15lorg3.95-10.git522.1.fc20
    ardour3-3.5.380-1.fc20
    chicken-4.8.0.6-2.fc20
    cinnamon-2.2.10-1.fc20
    cinnamon-control-center-2.2.8-1.fc20
    cinnamon-desktop-2.2.3-1.fc20
    cinnamon-settings-daemon-2.2.3-1.fc20
    cinnamon-translations-2.2.2-1.fc20
    cjs-2.2.1-1.fc20
    clustal-omega-1.2.1-2.fc20
    diskimage-builder-0.1.15-1.fc20
    emacs-24.3-17.fc20
    findbugs-contrib-5.2.0-1.fc20
    git-1.9.3-1.fc20
    goaccess-0.8-1.fc20
    ibus-1.5.7-2.fc20
    ipvsadm-1.27-2.fc20
    libdrm-2.4.54-1.fc20
    libtiff-4.0.3-15.fc20
    libvirt-1.1.3.5-2.fc20
    lynis-1.5.3-1.fc20
    mate-themes-extras-1.8.1-1.fc20
    moodle-2.5.6-1.fc20
    muffin-2.2.5-1.fc20
    nemo-2.2.2-1.fc20
    nodejs-shelljs-0.3.0-1.fc20
    openlibm-0.3-6.fc20
    os-refresh-config-0.1.5-1.fc20
    owfs-2.9p5-1.fc20
    perl-Plack-Middleware-Test-StashWarnings-0.08-1.fc20
    piglit-1-0.17.20140414GIT8775223.fc20
    rubygem-openscap-0.1.0-4.fc20
    selinux-policy-3.12.1-166.fc20
    spice-0.12.5-2.fc20
    subversion-api-docs-1.8.8-1.fc20
    supermin-5.1.8-5.fc20
    syntastic-3.4.0-18.fc20
    tango-2-18.fc20
    thunderbird-lightning-2.6.5-9.fc20
    tralics-2.15.1-3.fc20
    unrtf-0.21.5-2.fc20
    xz-5.1.2-9alpha.fc20

Details about builds:


================================================================================
 apt-0.5.15lorg3.95-10.git522.1.fc20 (FEDORA-2014-6581)
 Debian's Advanced Packaging Tool with RPM support
--------------------------------------------------------------------------------
Update Information:

Fixes issue with lua patch
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 20 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 0.5.14lorg3.95-10.git522.1
- updated lua fix
--------------------------------------------------------------------------------


================================================================================
 ardour3-3.5.380-1.fc20 (FEDORA-2014-6557)
 Digital Audio Workstation
--------------------------------------------------------------------------------
Update Information:

**Ardour 3.5.380 is a CRITICAL bug fix release. ALL USERS ARE RECOMMENDED TO UPGRADE.**

It includes several absolutely vital fixes for bugs that could lead to audio and MIDI files being irreversibly deleted from disk.

Check out [the upstream announcement](https://community.ardour.org/node/8224) for detailed information.
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 14 2014 Nils Philippsen <nils@xxxxxxxxxx> - 3.5.380-1
- version 3.5.380
--------------------------------------------------------------------------------


================================================================================
 chicken-4.8.0.6-2.fc20 (FEDORA-2014-6551)
 A practical and portable Scheme system
--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2014-3776.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 20 2014 Ricky Elrod <codeblock@xxxxxxxxxxxxxxxxx> - 4.8.0.6-2
- Patch for CVE-2014-3776.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1099613 - CVE-2014-3776 chicken: buffer overflow in "read-u8vector!" procedure leads to DoS or arbitrary code exec
        https://bugzilla.redhat.com/show_bug.cgi?id=1099613
--------------------------------------------------------------------------------


================================================================================
 cinnamon-2.2.10-1.fc20 (FEDORA-2014-6418)
 Window management and application launching for GNOME
--------------------------------------------------------------------------------
Update Information:

- Latest package releases.
- Totally remove all trace of the muffin binary as people moan when it fails to work in other DE's.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 20 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.2.10-1
- update to 2.2.10
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1097542 - [abrt] muffin killed by SIGSEGV in cogl_texture_get_width at ./cogl-texture.c:220
        https://bugzilla.redhat.com/show_bug.cgi?id=1097542
  [ 2 ] Bug #1098246 - Window Alert from other Workspace Does Not Allow Click
        https://bugzilla.redhat.com/show_bug.cgi?id=1098246
  [ 3 ] Bug #1098797 - System Settings/Backgrounds - toolbars appear in random order after the first opening
        https://bugzilla.redhat.com/show_bug.cgi?id=1098797
--------------------------------------------------------------------------------


================================================================================
 cinnamon-control-center-2.2.8-1.fc20 (FEDORA-2014-6418)
 Utilities to configure the Cinnamon desktop
--------------------------------------------------------------------------------
Update Information:

- Latest package releases.
- Totally remove all trace of the muffin binary as people moan when it fails to work in other DE's.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 20 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.2.8-1
- update to 2.2.8
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1097542 - [abrt] muffin killed by SIGSEGV in cogl_texture_get_width at ./cogl-texture.c:220
        https://bugzilla.redhat.com/show_bug.cgi?id=1097542
  [ 2 ] Bug #1098246 - Window Alert from other Workspace Does Not Allow Click
        https://bugzilla.redhat.com/show_bug.cgi?id=1098246
  [ 3 ] Bug #1098797 - System Settings/Backgrounds - toolbars appear in random order after the first opening
        https://bugzilla.redhat.com/show_bug.cgi?id=1098797
--------------------------------------------------------------------------------


================================================================================
 cinnamon-desktop-2.2.3-1.fc20 (FEDORA-2014-6418)
 Shared code among cinnamon-session, nemo, etc
--------------------------------------------------------------------------------
Update Information:

- Latest package releases.
- Totally remove all trace of the muffin binary as people moan when it fails to work in other DE's.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 20 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.2.3-1
- update to 2.2.3
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1097542 - [abrt] muffin killed by SIGSEGV in cogl_texture_get_width at ./cogl-texture.c:220
        https://bugzilla.redhat.com/show_bug.cgi?id=1097542
  [ 2 ] Bug #1098246 - Window Alert from other Workspace Does Not Allow Click
        https://bugzilla.redhat.com/show_bug.cgi?id=1098246
  [ 3 ] Bug #1098797 - System Settings/Backgrounds - toolbars appear in random order after the first opening
        https://bugzilla.redhat.com/show_bug.cgi?id=1098797
--------------------------------------------------------------------------------


================================================================================
 cinnamon-settings-daemon-2.2.3-1.fc20 (FEDORA-2014-6418)
 The daemon sharing settings from CINNAMON to GTK+/KDE applications
--------------------------------------------------------------------------------
Update Information:

- Latest package releases.
- Totally remove all trace of the muffin binary as people moan when it fails to work in other DE's.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 20 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.2.3-1
- update to 2.2.3
* Mon May  5 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.2.2-2
- add patch to add support for upower critical action
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1097542 - [abrt] muffin killed by SIGSEGV in cogl_texture_get_width at ./cogl-texture.c:220
        https://bugzilla.redhat.com/show_bug.cgi?id=1097542
  [ 2 ] Bug #1098246 - Window Alert from other Workspace Does Not Allow Click
        https://bugzilla.redhat.com/show_bug.cgi?id=1098246
  [ 3 ] Bug #1098797 - System Settings/Backgrounds - toolbars appear in random order after the first opening
        https://bugzilla.redhat.com/show_bug.cgi?id=1098797
--------------------------------------------------------------------------------


================================================================================
 cinnamon-translations-2.2.2-1.fc20 (FEDORA-2014-6418)
 Translations for Cinnamon and Nemo
--------------------------------------------------------------------------------
Update Information:

- Latest package releases.
- Totally remove all trace of the muffin binary as people moan when it fails to work in other DE's.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 20 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.2.2-1
- update to 2.2.2
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1097542 - [abrt] muffin killed by SIGSEGV in cogl_texture_get_width at ./cogl-texture.c:220
        https://bugzilla.redhat.com/show_bug.cgi?id=1097542
  [ 2 ] Bug #1098246 - Window Alert from other Workspace Does Not Allow Click
        https://bugzilla.redhat.com/show_bug.cgi?id=1098246
  [ 3 ] Bug #1098797 - System Settings/Backgrounds - toolbars appear in random order after the first opening
        https://bugzilla.redhat.com/show_bug.cgi?id=1098797
--------------------------------------------------------------------------------


================================================================================
 cjs-2.2.1-1.fc20 (FEDORA-2014-6418)
 Javascript Bindings for Cinnamon
--------------------------------------------------------------------------------
Update Information:

- Latest package releases.
- Totally remove all trace of the muffin binary as people moan when it fails to work in other DE's.
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 21 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 1:2.2.1-1
- update to 2.2.1
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1097542 - [abrt] muffin killed by SIGSEGV in cogl_texture_get_width at ./cogl-texture.c:220
        https://bugzilla.redhat.com/show_bug.cgi?id=1097542
  [ 2 ] Bug #1098246 - Window Alert from other Workspace Does Not Allow Click
        https://bugzilla.redhat.com/show_bug.cgi?id=1098246
  [ 3 ] Bug #1098797 - System Settings/Backgrounds - toolbars appear in random order after the first opening
        https://bugzilla.redhat.com/show_bug.cgi?id=1098797
--------------------------------------------------------------------------------


================================================================================
 clustal-omega-1.2.1-2.fc20 (FEDORA-2014-6582)
 Clustal Omega is a command-line multiple sequence alignment tool
--------------------------------------------------------------------------------
Update Information:

clustal-omega - command line tool for multiple sequence alignment
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1057766 - Review Request: clustal-omega - command line tool for multiple sequence alignment
        https://bugzilla.redhat.com/show_bug.cgi?id=1057766
--------------------------------------------------------------------------------


================================================================================
 diskimage-builder-0.1.15-1.fc20 (FEDORA-2014-6575)
 Image building tools for OpenStack
--------------------------------------------------------------------------------
Update Information:

Update to 0.1.15
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 30 2014 Ben Nemec <bnemec@xxxxxxxxxx> - 0.1.15-1
- Update to 0.1.15
- Remove dib-run-parts from this package
- Add dependency on dib-utils (the new home of dib-run-parts)
--------------------------------------------------------------------------------


================================================================================
 emacs-24.3-17.fc20 (FEDORA-2014-6554)
 GNU Emacs text editor
--------------------------------------------------------------------------------
Update Information:

CVE-2014-3421 CVE-2014-3422 CVE-2014-3423 CVE-2014-3424 (#1095587)
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 20 2014 Petr Hracek <phracek@xxxxxxxxxx> - 1:24.3-17
- CVE-2014-3421 CVE-2014-3422 CVE-2014-3423 CVE-2014-3424 (#1095587)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1095587 - CVE-2014-3423 CVE-2014-3422 CVE-2014-3421 CVE-2014-3424 emacs: multiple temporary file issues [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1095587
--------------------------------------------------------------------------------


================================================================================
 findbugs-contrib-5.2.0-1.fc20 (FEDORA-2014-6566)
 Extra findbugs detectors
--------------------------------------------------------------------------------
Update Information:

Update to new version 5.2.0. Full changelog is available at:

http://fb-contrib.sourceforge.net/

Detectors added in v4.8.0:
* [LGO] Lingering Graphics Object
* [CCNE] Compare Class Name Equals
* [CSBTS] CommonsStringBuilderToString
* [CHTH] CommonsHashcodeBuilderToHashcode
* [BRPI] BackportReusePublicIdentifiers
* [CU] Clone Usability

Detectors added in v5.0.0:
* [CVAA] ContraVariant Array Assignment
* [CAAL] Confusing Array As List
* [UMTP] Unbound Method Template Parameter
* [NPMC] Non Productive Method Call
* [ICA] Invalid Constant Argument

Detectors added in v5.2.0:
* [CNC] Collection Naming Confusion
* [PME] Poor Mans Enum
* [UP] Unused Parameter
* [CD] Circular Dependencies
* [MUC] Modifying Unmodifiable Collection

--------------------------------------------------------------------------------
ChangeLog:

* Mon May  5 2014 Richard Fearn <richardfearn@xxxxxxxxx> - 5.2.0-1
- Update to 5.2.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1068959 - Update fb-contrib to 5.2.0
        https://bugzilla.redhat.com/show_bug.cgi?id=1068959
--------------------------------------------------------------------------------


================================================================================
 git-1.9.3-1.fc20 (FEDORA-2014-6556)
 Fast Version Control System
--------------------------------------------------------------------------------
Update Information:

Minor upstream bugfixes.

https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/1.9.3.txt
https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/1.9.2.txt
https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/1.9.1.txt
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 19 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 1.9.3-1
- Update to 1.9.3
--------------------------------------------------------------------------------


================================================================================
 goaccess-0.8-1.fc20 (FEDORA-2014-6565)
 Apache Log Analyzer
--------------------------------------------------------------------------------
Update Information:

Changes to GoAccess 0.8 - Tuesday, May 20, 2014
* Added APT-HTTP to the list of browsers.
* Added data persistence and ability to load data from disk.
* Added IE11 to the list of browsers.
* Added IEMobile to the list of browsers.
* Added multiple command line options.
* Added Nagios check_http to the list of browsers.
* Added parsing progress metrics - total requests / requests per second.
* Added the ability to parse a GeoLiteCity.dat to get the city given an IPv4.
* Change the way the configuration file is parsed. This will parse all configuration options under ~/.goaccessrc or the specified config file and will feed getopt_long with the extracted key/value pairs. This also allows the ability to have comments on the config file which won't be overwritten.
* Ensure autoconf determines the location of ncurses headers.
* Fixed issue where geo_location_data was NULL.
* Fixed issue where GoAccess did not run without a tty allocated to it.
* Fixed potential memory leak on --log-file realpath().
* Fixed Solaris build errors.
* Implemented an on-memory hash database using Tokyo Cabinet. This implementation allows GoAccess not to rely on GLib's hash table if one is needed.
* Implemented large file support using an on-disk B+ Tree database. This implementation allows GoAccess not to hold everything in memory but instead it uses an on-disk B+ Tree database.
* Trimmed leading and trailing whitespaces from keyphrases module.
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 21 2014 Christopher Meng <rpm@xxxxxxxx> - 0.8-1
- Update to 0.8
--------------------------------------------------------------------------------


================================================================================
 ibus-1.5.7-2.fc20 (FEDORA-2014-6568)
 Intelligent Input Bus for Linux OS
--------------------------------------------------------------------------------
Update Information:

This update fixes the width of ibus-setup GUI.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 20 2014 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.7-2
- Updated ibus-HEAD.patch for width of ibus-setup.
--------------------------------------------------------------------------------


================================================================================
 ipvsadm-1.27-2.fc20 (FEDORA-2014-6561)
 Utility to administer the Linux Virtual Server
--------------------------------------------------------------------------------
Update Information:

Fix ipvsadm list_daemon to show backup sync daemon
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 21 2014 Ryan O'Hara <rohara@xxxxxxxxxx> - 1.27-2
- Fix ipvsadm list_daemon to show backup sync daemon
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1099688 - ipvsadm does not show backup daemon
        https://bugzilla.redhat.com/show_bug.cgi?id=1099688
--------------------------------------------------------------------------------


================================================================================
 libdrm-2.4.54-1.fc20 (FEDORA-2014-6572)
 Direct Rendering Manager runtime library
--------------------------------------------------------------------------------
Update Information:

libdrm 2.4.54
--------------------------------------------------------------------------------
ChangeLog:

* Sat May  3 2014 Dennis Gilmore <dennis@xxxxxxxx> 2.4.54-1
- libdrm 2.4.54
--------------------------------------------------------------------------------


================================================================================
 libtiff-4.0.3-15.fc20 (FEDORA-2014-6583)
 Library of functions for manipulating TIFF format image files
--------------------------------------------------------------------------------
Update Information:

Add upstream patches for CVE-2013-4243 (#996832)
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 21 2014 Petr Hracek <phracek@xxxxxxxxxx> - 4.0.3-15
- Add upstream patches for CVE-2013-4243 (#996832)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #996832 - CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 libtiff various flaws [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=996832
--------------------------------------------------------------------------------


================================================================================
 libvirt-1.1.3.5-2.fc20 (FEDORA-2014-6586)
 Library providing a simple virtualization API
--------------------------------------------------------------------------------
Update Information:

* Fix xen hvm VNC port (bz #1094262)
* CVE-2014-0179: Unsafe XML parsing (bz #1094792, bz #1088290)
* Fix failure to start xen instances (rackspace in particular) (bz #1098376)
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 19 2014 Cole Robinson <crobinso@xxxxxxxxxx> - 1.1.3.5-2
- Fix xen hvm VNC port (bz #1094262)
- CVE-2014-0179: Unsafe XML parsing (bz #1094792, bz #1088290)
- Fix failure to start xen instances (rackspace in particular) (bz #1098376)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1088290 - CVE-2014-0179 libvirt: unsafe parsing of XML documents allows libvirt DoS and/or arbitrary file read
        https://bugzilla.redhat.com/show_bug.cgi?id=1088290
--------------------------------------------------------------------------------


================================================================================
 lynis-1.5.3-1.fc20 (FEDORA-2014-6564)
 Security and system auditing tool
--------------------------------------------------------------------------------
Update Information:

* 1.5.3 (2014-05-19)

New:
- Support for zypper package manager
- Gather installed packages with Zypper on SuSE systems [PKGS-728]
- Check for vulnerable packages with Zypper package manager [PKGS-7330]

Changes:
- Check for aide.conf also in /etc [FINT-4315]
- Adjusted screen output for unreliable NTP peers [TIME-3120]
- Adjusted check kernel test for non-Linux systems [KRNL-5730]
- Improved screen output on AIX systems with echo command

* 1.5.2 (2014-05-05)

New:
- Support for runlevel in binaries test

Changes:
- Added suggestion for kernel availability check [KRNL-5788]
- Added suggestion for services at startup and proper binary call [BOOT-5180]
- Added suggestion to configure accounting on FreeBSD [ACCT-2754]
- Added suggestion to configure Linux process accounting [ACCT-9622]
- Several new controls listed on website
- Adjusted hardening index if total score was zero
- Added suggestion for auditd.conf file [ACCT-9632]
- Removed suggestion for audit log file [ACCT-9634]
- Removed warning from NTP falsetickers test, added data to report [TIME-3132]
- Removed warning from NTP selected time source test [TIME-3124]

* 1.5.1 (2014-04-22)

Changes:
- Extended reporting with running databases and frameworks
- Adjusted Oracle status in test [DBS-1840]
- Extended grsecurity test [RBAC-6272]
- Redirect rpcinfo errors to /dev/null
- Adjusted color scheme
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 21 2014 Christopher Meng <rpm@xxxxxxxx> - 1.5.3-1
- Update to 1.5.3
--------------------------------------------------------------------------------


================================================================================
 mate-themes-extras-1.8.1-1.fc20 (FEDORA-2014-6560)
 Extra gtk-2/3 themes for gtk based desktops
--------------------------------------------------------------------------------
Update Information:

- update to 1.8.1
- Blue-Submarine: update to GTK 3.12
- Green-Submarine: update to GTK 3.12
- Gnome-Cupertino: update to GTK 3.10
- Smoothly: update to GTK 3.10
- Smootly-Black: update to GTK 3.10
- GnomishBeige: complete GTK3-3.10
- DeloreanDark: update to GTK3-3.10
- drop Cologne theme, get rid of xfce theme engine
- several improvements
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 19 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.8.1-1
- update to 1.8.1 release
* Sun May 18 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.8.0.2
- drop forgoten gtk-xfce-engine requires
* Sun May 18 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.8.0.1
- update to 1.8.0 release
- Blue-Submarine: update to GTK 3.12
- Green-Submarine: update to GTK 3.12
- Gnome-Cupertino: update to GTK 3.10
- Smoothly: update to GTK 3.10
- Smootly-Black: update to GTK 3.10
- GnomishBeige: complete GTK3-3.10
- DeloreanDark: update to GTK3-3.10
- drop Cologne theme, get rid of xfce theme engine
- several improvements
--------------------------------------------------------------------------------


================================================================================
 moodle-2.5.6-1.fc20 (FEDORA-2014-6585)
 A Course Management System
--------------------------------------------------------------------------------
Update Information:

Moodle upstream has released versions 2.7, 2.6.3, 2.5.6, and 2.4.10 to fix the following security flaws:

CVE-2014-0213 MSA-14-0014: Cross-site request forgery possible in Assignment
CVE-2014-0214 MSA-14-0015: Web service token expiry issue for MoodleMobile
CVE-2014-0215 MSA-14-0016: Anonymous student identity revealed in assignment
CVE-2014-0216 MSA-14-0017: File access issue in HTML block
CVE-2014-0217 MSA-14-0018: Information leak in courses
CVE-2014-0218 MSA-14-0019: Reflected XSS in URL downloader repository

For a full summary and patch links, refer to the following:

http://seclists.org/oss-sec/2014/q2/329
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 21 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 2.5.6-1
- CVE-2014-0213, CVE-2014-0214, CVE-2014-0215, CVE-2014-0216,
- CVE-2014-0217, CVE-2014-0218
- Drop upstreamed tinymce patch.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1099766 - CVE-2014-0218 CVE-2014-0213 CVE-2014-0215 CVE-2014-0214 CVE-2014-0217 CVE-2014-0216 moodle: upstream 2.7, 2.6.3, 2.5.6, and 2.4.10 security fixes [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1099766
  [ 2 ] Bug #1099765 - CVE-2014-0218 CVE-2014-0213 CVE-2014-0215 CVE-2014-0214 CVE-2014-0217 CVE-2014-0216 moodle: upstream 2.7, 2.6.3, 2.5.6, and 2.4.10 security fixes [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1099765
--------------------------------------------------------------------------------


================================================================================
 muffin-2.2.5-1.fc20 (FEDORA-2014-6418)
 Window and compositing manager based on Clutter
--------------------------------------------------------------------------------
Update Information:

- Latest package releases.
- Totally remove all trace of the muffin binary as people moan when it fails to work in other DE's.
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 21 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.2.5-1
- update to 2.2.5
* Tue May 20 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.2.4-1
- update to 2.2.4
* Thu May 15 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.2.3-3
- patch to remove unused binaries to clean debug package
* Wed May 14 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.2.3-2
- remove unused binaries (bz 1097542)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1097542 - [abrt] muffin killed by SIGSEGV in cogl_texture_get_width at ./cogl-texture.c:220
        https://bugzilla.redhat.com/show_bug.cgi?id=1097542
  [ 2 ] Bug #1098246 - Window Alert from other Workspace Does Not Allow Click
        https://bugzilla.redhat.com/show_bug.cgi?id=1098246
  [ 3 ] Bug #1098797 - System Settings/Backgrounds - toolbars appear in random order after the first opening
        https://bugzilla.redhat.com/show_bug.cgi?id=1098797
--------------------------------------------------------------------------------


================================================================================
 nemo-2.2.2-1.fc20 (FEDORA-2014-6418)
 File manager for Cinnamon
--------------------------------------------------------------------------------
Update Information:

- Latest package releases.
- Totally remove all trace of the muffin binary as people moan when it fails to work in other DE's.
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 21 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.2.2-1
- update to 2.2.2
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1097542 - [abrt] muffin killed by SIGSEGV in cogl_texture_get_width at ./cogl-texture.c:220
        https://bugzilla.redhat.com/show_bug.cgi?id=1097542
  [ 2 ] Bug #1098246 - Window Alert from other Workspace Does Not Allow Click
        https://bugzilla.redhat.com/show_bug.cgi?id=1098246
  [ 3 ] Bug #1098797 - System Settings/Backgrounds - toolbars appear in random order after the first opening
        https://bugzilla.redhat.com/show_bug.cgi?id=1098797
--------------------------------------------------------------------------------


================================================================================
 nodejs-shelljs-0.3.0-1.fc20 (FEDORA-2014-6549)
 Portable Unix shell commands for Node.js
--------------------------------------------------------------------------------
Update Information:

Initial package.
--------------------------------------------------------------------------------


================================================================================
 openlibm-0.3-6.fc20 (FEDORA-2014-6589)
 High quality system independent, open source libm
--------------------------------------------------------------------------------
Update Information:

New package.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1089500 - Review Request: openlibm - High quality system independent, open source libm
        https://bugzilla.redhat.com/show_bug.cgi?id=1089500
--------------------------------------------------------------------------------


================================================================================
 os-refresh-config-0.1.5-1.fc20 (FEDORA-2014-6550)
 Refresh system configuration
--------------------------------------------------------------------------------
Update Information:

Update to 0.1.5
--------------------------------------------------------------------------------
ChangeLog:

* Fri May  9 2014 Ben Nemec <bnemec@xxxxxxxxxx> - 0.1.5-1
- Update to 0.1.5
- Add dependency on new dib-utils package
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1086476 - /opt/stack/os-config-refresh is searched for scripts
        https://bugzilla.redhat.com/show_bug.cgi?id=1086476
  [ 2 ] Bug #1086494 - os-refresh-config calls dib-run-parts, which is not installed
        https://bugzilla.redhat.com/show_bug.cgi?id=1086494
--------------------------------------------------------------------------------


================================================================================
 owfs-2.9p5-1.fc20 (FEDORA-2014-6555)
 1-Wire Virtual File System
--------------------------------------------------------------------------------
Update Information:

This update brings following changes:
- improved support of DS2409 (Microlan) hubs
- owserver-to-owserver communication is not longer susceptible to loops
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 15 2014 Tomasz Torcz <ttorcz@xxxxxxxxxxxxxxxxx> - 2.9p5-1
- latest upstream release
--------------------------------------------------------------------------------


================================================================================
 perl-Plack-Middleware-Test-StashWarnings-0.08-1.fc20 (FEDORA-2014-6591)
 Test your application's warnings
--------------------------------------------------------------------------------
Update Information:

 
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 20 2014 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 0.08-1
- Upstream update.
--------------------------------------------------------------------------------


================================================================================
 piglit-1-0.17.20140414GIT8775223.fc20 (FEDORA-2014-6579)
 Collection of automated tests for OpenGL implementations
--------------------------------------------------------------------------------
Update Information:

Except I have created condition incorrectly.
importlib is since python 2.7 in the standard library, no need to import it.
Put ExcludeArch back for ppc64 and missing python-importlib Require
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 19 2014 Matěj Cepl <mcepl@xxxxxxxxxx> - 1-0.17.20140414GIT8775223
- Except I have created condition incorrectly.
* Fri May 16 2014 Matěj Cepl <mcepl@xxxxxxxxxx> - 1-0.16.20140414GIT8775223
- importlib is since python 2.7 in the standard library, no need to
  import it.
* Thu May 15 2014 Matěj Cepl <mcepl@xxxxxxxxxx> - 1-0.15.20140414GIT8775223
- Put ExcludeArch back for ppc64.
- Add python-importlib Require
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1098113 - missing lib/ include
        https://bugzilla.redhat.com/show_bug.cgi?id=1098113
  [ 2 ] Bug #1098170 - summary.py tries to access the "templates" dir in current dir
        https://bugzilla.redhat.com/show_bug.cgi?id=1098170
--------------------------------------------------------------------------------


================================================================================
 rubygem-openscap-0.1.0-4.fc20 (FEDORA-2014-6574)
 A FFI wrapper around the OpenSCAP library
--------------------------------------------------------------------------------
Update Information:

A new package born!
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1090188 - Review Request: rubygem-openscap - A FFI wrapper around the OpenSCAP library
        https://bugzilla.redhat.com/show_bug.cgi?id=1090188
--------------------------------------------------------------------------------


================================================================================
 selinux-policy-3.12.1-166.fc20 (FEDORA-2014-6584)
 SELinux policy configuration
--------------------------------------------------------------------------------
Update Information:

Allow cockpit to bind to its port
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 21 2014 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.12.1-166
- Allow cockpit to bind to its port
- Add fixes for squid which is configured to run with more than one worker.
- geard seems to do a lot of relabeling
- Allow system_mail_t to append to munin_var_lib_t
- Allow mozilla_plugin to read alsa_rw_ content
- Dontaudit attempts to read fixed disk
- Add MCS/MLS Constraints to kernel keyring, also add MCS Constraints to ipc, sem.msgq, shm
- Allow seunshare domains to getattr on all executables
* Fri May 16 2014 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.12.1-165
- More fixes for OpenStack
* Fri May 16 2014 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.12.1-164
- Add openstack fixes
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1097531 - SELinux is preventing /usr/bin/bash from 'getattr' accesses on the file .
        https://bugzilla.redhat.com/show_bug.cgi?id=1097531
  [ 2 ] Bug #1088753 - SELinux boolean: secure_mode_policyload can be disabled when it was turned on
        https://bugzilla.redhat.com/show_bug.cgi?id=1088753
  [ 3 ] Bug #1096490 - SELinux breaks ulogd at system startup, but manually start ulogd works
        https://bugzilla.redhat.com/show_bug.cgi?id=1096490
--------------------------------------------------------------------------------


================================================================================
 spice-0.12.5-2.fc20 (FEDORA-2014-6559)
 Implements the SPICE protocol
--------------------------------------------------------------------------------
Update Information:

Update to latest spice-server stable release
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 19 2014 Christophe Fergeau <cfergeau@xxxxxxxxxx> 0.12.5-2
- Add missing BuildRequires in order to enable Opus support
* Mon May 19 2014 Christophe Fergeau <cfergeau@xxxxxxxxxx> 0.12.5-1
- Update to new 0.12.5 release
--------------------------------------------------------------------------------


================================================================================
 subversion-api-docs-1.8.8-1.fc20 (FEDORA-2014-6593)
 Subversion API documentation
--------------------------------------------------------------------------------
Update Information:

Rebuild against current stable.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 20 2014 Bojan Smojver <bojan@xxxxxxxxxxxxx> 1.8.8-1
- bump up to 1.8.8
--------------------------------------------------------------------------------


================================================================================
 supermin-5.1.8-5.fc20 (FEDORA-2014-6534)
 Tool for creating supermin appliances
--------------------------------------------------------------------------------
Update Information:

New upstream version 5.1.8.

Enable support for xz-compressed kernel modules.

Fix handling of filenames with spaces.
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 21 2014 Richard W.M. Jones <rjones@xxxxxxxxxx> - 5.1.8-5
- Add patch to fix RPM handler when filenames may contain spaces.
* Mon May 19 2014 Richard W.M. Jones <rjones@xxxxxxxxxx> - 5.1.8-4
- Skip execstack test on Fedora 20 (ARM only).
* Fri May 16 2014 Richard W.M. Jones <rjones@xxxxxxxxxx> - 5.1.8-3
- BR xz-static & xz-devel packages, to support xz-compressed kernel modules.
* Fri May  9 2014 Richard W.M. Jones <rjones@xxxxxxxxxx> - 5.1.8-1
- New upstream version 5.1.8.
- Remove patches which are now upstream.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1099862 - supermin: internal error: assertion failed at rpm.ml, line 227, char 11
        https://bugzilla.redhat.com/show_bug.cgi?id=1099862
--------------------------------------------------------------------------------


================================================================================
 syntastic-3.4.0-18.fc20 (FEDORA-2014-6576)
 A vim plugins to check syntax for programming languages
--------------------------------------------------------------------------------
Update Information:

Update to rev 3.4.0
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 20 2014 jonathan MERCIER <bioinfornatics@xxxxxxxxx> - 3.4.0-18
- Update to rev 3.4.0
--------------------------------------------------------------------------------


================================================================================
 tango-2-18.fc20 (FEDORA-2014-6570)
 The Developer's Library for D
--------------------------------------------------------------------------------
Update Information:

update to latest rev
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 20 2014 jonathan MERCIER <bioinfornatics@xxxxxxxxx> - 2-18
- update to latest rev
* Sun Mar  9 2014 jonathan MERCIER <bioinfornatics@xxxxxxxxx> - 2-17
- Update to latest rev
* Wed Oct 30 2013 Jonathan MERCIER <bioinfornatics@xxxxxxxxx> - 2-16
- exclude arm
* Thu Oct 24 2013 Jonathan MERCIER <bioinfornatics@xxxxxxxxx> - 2-15
- Update to rev ff2b1d3
* Sun Aug  4 2013 "Jonathan Mercier" <"Jonathan Mercier at gmail dot org"> - 2-14
- Update to rev 667c566
* Mon Jun 10 2013 Jonathan MERCIER <bioinfornatics at fedoraproject dot org> - 2-13
- Update to rev 96fea24
--------------------------------------------------------------------------------


================================================================================
 thunderbird-lightning-2.6.5-9.fc20 (FEDORA-2014-6563)
 The calendar extension to Thunderbird
--------------------------------------------------------------------------------
Update Information:

Update to 2.6.5
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 14 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 2.6.5-9
- Update to 2.6.5
* Fri Jan 31 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 2.6.4-8
- Fix build with -Werror=format-security (bug #1037355)
--------------------------------------------------------------------------------


================================================================================
 tralics-2.15.1-3.fc20 (FEDORA-2014-6580)
 LaTeX to XML translator
--------------------------------------------------------------------------------
Update Information:

LaTeX to XML translator
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1000445 - Review Request: tralics - LaTeX to XML translator
        https://bugzilla.redhat.com/show_bug.cgi?id=1000445
--------------------------------------------------------------------------------


================================================================================
 unrtf-0.21.5-2.fc20 (FEDORA-2014-6547)
 RTF (Rich Text Format) to other formats converter
--------------------------------------------------------------------------------
Update Information:

don't alter conf file location.
--------------------------------------------------------------------------------
ChangeLog:

* Sun May 18 2014 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.21.5-2
- don't alter conf file location (rhbz#1060513)
* Mon Apr  7 2014 Ken Dreyer <ktdreyer@xxxxxxxxxxxx> - 0.21.5-1
- Upstream release 0.21.5 (RHBZ #979619)
- Update URL for HTTPS
- Enable tests in %check
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1060513 - conf files are not found
        https://bugzilla.redhat.com/show_bug.cgi?id=1060513
--------------------------------------------------------------------------------


================================================================================
 xz-5.1.2-9alpha.fc20 (FEDORA-2014-6534)
 LZMA compression utilities
--------------------------------------------------------------------------------
Update Information:

New upstream version 5.1.8.

Enable support for xz-compressed kernel modules.

Fix handling of filenames with spaces.
--------------------------------------------------------------------------------
ChangeLog:

* Fri May 16 2014 Richard W.M. Jones <rjones@xxxxxxxxxx> - 5.1.2-9alpha
- Add a -static subpackage (see RHBZ#547011).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1099862 - supermin: internal error: assertion failed at rpm.ml, line 227, char 11
        https://bugzilla.redhat.com/show_bug.cgi?id=1099862
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test





[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux