The following Fedora 19 Security updates need testing: Age URL 227 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 39 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19 28 https://admin.fedoraproject.org/updates/FEDORA-2014-6233/dpkg-1.16.14-1.fc19 27 https://admin.fedoraproject.org/updates/FEDORA-2014-6331/dovecot-2.2.13-1.fc19 19 https://admin.fedoraproject.org/updates/FEDORA-2014-6553/chicken-4.8.0.6-2.fc19 17 https://admin.fedoraproject.org/updates/FEDORA-2014-6597/drupal7-views-3.8-1.fc19 14 https://admin.fedoraproject.org/updates/FEDORA-2014-6716/readline-6.2-7.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-6938/mod_wsgi-3.5-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-7095/sendmail-8.14.7-2.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-7090/chkrootkit-0.49-9.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-7228/php-horde-Horde-Ldap-2.0.6-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-7224/python-djblets-0.7.30-2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-7168/kernel-3.14.6-100.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6904/php-doctrine-orm-2.4.2-2.fc19,php-phpunit-PHPUnit-MockObject-1.2.3-4.fc19,php-5.5.13-3.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 175 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 101 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2014-6898/openldap-2.4.39-3.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-6988/curl-7.29.0-20.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-7095/sendmail-8.14.7-2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-7157/libbluray-0.6.0-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-7195/crda-1.1.3_2014.06.02-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-7201/audit-2.3.7-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-7178/perl-Filter-1.50-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-7192/linux-firmware-20140605-36.gita4f3bc03.fc19 The following builds have been pushed to Fedora 19 updates-testing R-qtl-1.31.9-1.fc19 ape-2.2.0-1.fc19 audit-2.3.7-1.fc19 ceph-0.81.0-1.fc19 cherrytree-0.33.4-1.fc19 coin-or-lemon-1.3-3.fc19 cptutils-1.54-1.fc19 crda-1.1.3_2014.06.02-1.fc19 davix-0.3.1-1.fc19 dblatex-0.3.5-1.fc19 docker-registry-0.7.1-2.fc19 elk-2.3.22-7.fc19 ghostscript-9.14-3.fc19 golang-github-coreos-go-systemd-2-1.fc19 gpaw-0.10.0.11364-5.fc19 ht-2.0.18-7.fc19 ibus-table-1.8.2-1.fc19 ibus-table-chinese-1.8.1-1.fc19 kernel-3.14.6-100.fc19 libbluray-0.6.0-1.fc19 libfep-0.1.0-1.fc19 linux-firmware-20140605-36.gita4f3bc03.fc19 lz4-r117-2.fc19 mandelbulber-1.21-2.fc19 meld-1.8.5-1.fc19 nec2c-1.3-1.fc19 perl-Filter-1.50-1.fc19 perl-Fsdb-2.50-1.fc19 perl-WWW-Shorten-3.05-1.fc19 perl-XML-Writer-0.625-1.fc19 php-5.5.13-3.fc19 php-Faker-1.4.0-1.fc19 php-Monolog-1.10.0-1.fc19 php-PsrLog-1.0.0-6.fc19 php-Raven-0.9.0-1.fc19 php-doctrine-orm-2.4.2-2.fc19 php-horde-Horde-Ldap-2.0.6-1.fc19 php-phpunit-PHPUnit-MockObject-1.2.3-4.fc19 pidgin-sipe-1.18.2-1.fc19 python-datanommer-models-0.6.3-1.fc19 python-djblets-0.7.30-2.fc19 python-flask-wtf-0.9.5-1.fc19 roxterm-2.8.3-1.fc19 rubygem-htmlentities-4.3.2-1.fc19 rubygem-sequel-4.11.0-1.fc19 shogun-data-0.8.1-0.10.git20140519.19230ef.fc19 spatialite-tools-4.1.1-3.fc19 xemacs-21.5.34-6.20140605hgacf1c26e3019.fc19 xnec2c-2.8-1.fc19 xscreensaver-5.29-1.fc19 youtube-dl-2014.06.07-1.fc19 yumex-3.0.15-1.fc19 Details about builds: ================================================================================ R-qtl-1.31.9-1.fc19 (FEDORA-2014-7217) Tools for analyzing QTL experiments -------------------------------------------------------------------------------- Update Information: New upstream release. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ ape-2.2.0-1.fc19 (FEDORA-2014-7180) A tool for generating atomic pseudopotentials within a DFT framework -------------------------------------------------------------------------------- Update Information: Several bug fixes, and new features: new pseudopotential test, support for LATEPP output, and XC density correction scheme. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 9 2014 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 2.2.0-1 - Update to 2.2.0. * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.1.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.1.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Thu May 16 2013 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 2.1.0-2 - Update to new tarball with aarch64 support. -------------------------------------------------------------------------------- ================================================================================ audit-2.3.7-1.fc19 (FEDORA-2014-7201) User space tools for 2.6 kernel auditing -------------------------------------------------------------------------------- Update Information: Add support for PROCTITLE events. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 3 2014 Steve Grubb <sgrubb@xxxxxxxxxx> 2.3.7-1 - New upstream bugfix release -------------------------------------------------------------------------------- ================================================================================ ceph-0.81.0-1.fc19 (FEDORA-2014-7122) User space components of the Ceph file system -------------------------------------------------------------------------------- Update Information: ceph-0.81.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 5 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 0.81.0-1 - ceph-0.81.0 * Wed Jun 4 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 0.80.1-5 - gperftools now available on aarch64/ppc64 * Fri May 23 2014 Petr Machata <pmachata@xxxxxxxxxx> - 0.80.1-4 - Rebuild for boost 1.55.0 * Fri May 23 2014 David Tardon <dtardon@xxxxxxxxxx> - 0.80.1-3 - rebuild for boost 1.55.0 -------------------------------------------------------------------------------- ================================================================================ cherrytree-0.33.4-1.fc19 (FEDORA-2014-7179) Hierarchical note taking application -------------------------------------------------------------------------------- Update Information: Update to 0.33.4 -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 8 2014 Robin Lee <cheeselee@xxxxxxxxxxxxxxxxx> - 0.33.4-1 - Update to 0.33.4 * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.32.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ coin-or-lemon-1.3-3.fc19 (FEDORA-2014-7184) A C++ template library providing many common graph algorithms -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1061985 - Review Request: coin-or-lemon - A C++ template library providing many common graph algorithms https://bugzilla.redhat.com/show_bug.cgi?id=1061985 -------------------------------------------------------------------------------- ================================================================================ cptutils-1.54-1.fc19 (FEDORA-2014-7140) Utilities to manipulate and translate color gradients -------------------------------------------------------------------------------- Update Information: - Fixed error parsing geometry strings - Fixed null-deference in grd5read (when given a grd3 file) - Removed ggr searching (unused and crufty) -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 5 2014 Volker Fröhlich <volker27@xxxxxx> 1.54-1 - New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1105106 - cptutils-1.54 is available https://bugzilla.redhat.com/show_bug.cgi?id=1105106 -------------------------------------------------------------------------------- ================================================================================ crda-1.1.3_2014.06.02-1.fc19 (FEDORA-2014-7195) Regulatory compliance daemon for 802.11 wireless networking -------------------------------------------------------------------------------- Update Information: Update wireless-regdb to version 2014.06.02 -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 6 2014 John W. Linville <linville@xxxxxxxxxx> - 1.1.3_2014.06.02-1 - Update wireless-regdb to version 2014.06.02 - fixed wrong dates - new home for sources -------------------------------------------------------------------------------- References: [ 1 ] Bug #1105644 - Update for wireless-regdb from 2014-06-02 https://bugzilla.redhat.com/show_bug.cgi?id=1105644 -------------------------------------------------------------------------------- ================================================================================ davix-0.3.1-1.fc19 (FEDORA-2014-7144) Toolkit for Http-based file management -------------------------------------------------------------------------------- Update Information: davix 0.3.1 release, see RELEASE-NOTES for changes -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 4 2014 Adrien Devresse <adevress at cern.ch> - 0.3.1-1 - davix 0.3.1 release, see RELEASE-NOTES for changes * Tue Jun 3 2014 Adrien Devresse <adevress at cern.ch> - 0.3.0-1 - davix 0.3.0 release, see RELEASE-NOTES for changes * Tue Jan 28 2014 Adrien Devresse <adevress at cern.ch> - 0.2.10-1 - davix 0.2.10 release, see RELEASE-NOTES for details -------------------------------------------------------------------------------- ================================================================================ dblatex-0.3.5-1.fc19 (FEDORA-2014-7132) DocBook to LaTeX/ConTeXt Publishing -------------------------------------------------------------------------------- Update Information: Update to 0.3.5. -------------------------------------------------------------------------------- ChangeLog: * Mon May 26 2014 jchaloup <jchaloup@xxxxxxxxxx> - 0.3.5-1 - Update to 0.3.5. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1101177 - dblatex-0.3.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1101177 -------------------------------------------------------------------------------- ================================================================================ docker-registry-0.7.1-2.fc19 (FEDORA-2014-7170) Registry server for Docker -------------------------------------------------------------------------------- Update Information: Fixes issue on EL6 where python-importlib package is required. Upstream release 0.7.1 Upstream release 0.7.1 Upstream release 0.7.1 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 5 2014 Marek Goldmann <mgoldman@xxxxxxxxxx> - 0.7.1-2 - Require python-importlib for EPEL 6 * Thu Jun 5 2014 Marek Goldmann <mgoldman@xxxxxxxxxx> - 0.7.1-1 - Upstream release 0.7.1 -------------------------------------------------------------------------------- ================================================================================ elk-2.3.22-7.fc19 (FEDORA-2014-7229) FP-LAPW Code -------------------------------------------------------------------------------- Update Information: elk 2.3.22 -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 7 2014 Marcin Dulak <Marcin.Dulak@xxxxxxxxx> - 2.3.22-7 - upstream update - fix mpi build - tests/test-018 hangs - disabled * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.3.16-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1100397 - elk-2.3.22 is available https://bugzilla.redhat.com/show_bug.cgi?id=1100397 [ 2 ] Bug #1106208 - elk: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1106208 -------------------------------------------------------------------------------- ================================================================================ ghostscript-9.14-3.fc19 (FEDORA-2014-7158) A PostScript interpreter and renderer -------------------------------------------------------------------------------- Update Information: This updates ghostscript to the latest upstream version, and fixes a problem with duplex printing, a build issue, an unowned directory, and a memory handling issue. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 4 2014 Tim Waugh <twaugh@xxxxxxxxxx> 9.14-3 - Applied patch from upstream to fix memory handling issue that could lead to crashes (bug #1087071). * Tue Jun 3 2014 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> 9.14-2 - Add %{_datadir}/ghostscript/%{gs_dot_ver}/Resource/IdiomSet (RHBZ #1100338). * Thu Mar 27 2014 Tim Waugh <twaugh@xxxxxxxxxx> 9.14-1 - 9.14. * Wed Mar 26 2014 Tim Waugh <twaugh@xxxxxxxxxx> 9.12-1 - 9.12 (bug #1080814). - Fix build when using system zlib. * Thu Feb 27 2014 Tim Waugh <twaugh@xxxxxxxxxx> 9.10-6 - Use upstream patch to fix duplex for some devices (bug #1068896). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1068896 - CUPS pdftops: duplex to duplex-capable Postscript printer prints single-sided https://bugzilla.redhat.com/show_bug.cgi?id=1068896 [ 2 ] Bug #1080814 - ghostscript-9.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=1080814 [ 3 ] Bug #1086428 - [abrt] ghostscript: i_free_object(): gs killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1086428 [ 4 ] Bug #1087071 - [abrt] ghostscript: chunk_mem_node_remove(): gs killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1087071 [ 5 ] Bug #1100338 - Unowned dir /usr/share/ghostscript/*/Resource/IdiomSet https://bugzilla.redhat.com/show_bug.cgi?id=1100338 -------------------------------------------------------------------------------- ================================================================================ golang-github-coreos-go-systemd-2-1.fc19 (FEDORA-2014-7212) Go bindings to systemd socket activation, journal and D-BUS APIs -------------------------------------------------------------------------------- Update Information: upstream version bump to v2 -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 9 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 2-1 - upstream version bump to v2 - change in NVR format since numbered versions are available * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0-0.5.git8514b9f - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ gpaw-0.10.0.11364-5.fc19 (FEDORA-2014-7154) A grid-based real-space PAW method DFT code -------------------------------------------------------------------------------- Update Information: A grid-based real-space PAW method DFT code A grid-based real-space PAW method DFT code A grid-based real-space PAW method DFT code A grid-based real-space PAW method DFT code -------------------------------------------------------------------------------- References: [ 1 ] Bug #1087812 - Review Request: gpaw - A grid-based real-space PAW method DFT code https://bugzilla.redhat.com/show_bug.cgi?id=1087812 -------------------------------------------------------------------------------- ================================================================================ ht-2.0.18-7.fc19 (FEDORA-2014-7147) File editor/viewer/analyzer for executables -------------------------------------------------------------------------------- Update Information: Rename ht binary to hte to avoid file conflict with tex4ht -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 9 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.0.18-7 - rename ht binary to hte, avoids conflict with tex4ht (#959696) * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.0.18-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.0.18-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #959696 - /usr/bin/ht file conflicts between ht / texlive-tex4ht-bin , with no Conflicts: tag https://bugzilla.redhat.com/show_bug.cgi?id=959696 -------------------------------------------------------------------------------- ================================================================================ ibus-table-1.8.2-1.fc19 (FEDORA-2014-7188) The Table engine for IBus platform -------------------------------------------------------------------------------- Update Information: update to 1.8.2; Better sorting of the lookup table in the mixed Chinese modes; Do not create useless indexes update to 1.8.1; Added support for wildcards (both in table and in pinyin mode); Don’t show the prompt characters defined in the table in pinyin mode in hte auxiliary text update to 1.8.0 -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 9 2014 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.8.2-1 - update to 1.8.2 - Better sorting of the lookup table in the mixed Chinese modes - Do not create useless indexes - Resolves: rhbz#1105465 * Wed Jun 4 2014 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.8.1-1 - update to 1.8.1 - Added support for wildcards (both in table and in pinyin mode) - Don’t show the prompt characters defined in the table in pinyin mode in the auxiliary text * Tue Jun 3 2014 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.8.0-1 - update to 1.8.0 - adapt tools/ibus-table-query tothe new database format * Wed May 28 2014 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.5.0.20140528-1 - update to 1.5.0.20140528 - Use Unicode code point as a last ditch sort key for the candidates - Fix bug in Unihan_Variants.txt, 同 is both simplified *and* traditional Chinese - Update Unihan_Variants.txt from “2011-08-08 Unicode 6.1.0” to “2013-02-25 Unicode 6.3.0” and regenerate engine/chinese_variants.py * Tue May 27 2014 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.5.0.20140527-1 - update to 1.5.0.20140527 - Put exact matches always at the top of the candidate list - Fix typo in the filtering for Chinese mode 3 (All characters with traditional Chinese first) - Support prompt characters (e.g. for cangjie and stroke5) * Mon May 19 2014 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.5.0.20140519-1 - update to 1.5.0.20140519 - rewrite major parts of ibus-table, fix many bugs. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1105465 - Please avoid to create sqlite table index in ibus-table https://bugzilla.redhat.com/show_bug.cgi?id=1105465 -------------------------------------------------------------------------------- ================================================================================ ibus-table-chinese-1.8.1-1.fc19 (FEDORA-2014-7137) Chinese input tables for IBus -------------------------------------------------------------------------------- Update Information: - Add summary and description translation back. bump release number to build against updated ibus-table bump release number to build against updated ibus-table - Update for ibus-table-1.8.0 - Fixed Bug 1099380 - The stroke5 table should not use "AUTO_SELECT = TRUE" but "AUTO_SELECT = FALSE" -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 8 2014 Ding-Yi Chen <dchen@xxxxxxxxxx> - 1.8.1-1 - Add summary and description translation back. * Sat Jun 7 2014 Ding-Yi Chen <dchen@xxxxxxxxxx> - 1.8.0-1 - Update for ibus-table-1.8.0 - Fixed Bug 1099380 - The stroke5 table should not use "AUTO_SELECT = TRUE" but "AUTO_SELECT = FALSE" * Tue May 27 2014 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.4.6-3 - bump release number to build against updated ibus-table -------------------------------------------------------------------------------- References: [ 1 ] Bug #1099380 - The stroke5 table should not use “AUTO_SELECT = TRUE” but “AUTO_SELECT = FALSE” https://bugzilla.redhat.com/show_bug.cgi?id=1099380 -------------------------------------------------------------------------------- ================================================================================ kernel-3.14.6-100.fc19 (FEDORA-2014-7168) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 3.14.6 stable update contains a number of important fixes across the tree. The 3.14.5 stable update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 7 2014 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - 3.14.6-100 - Linux v3.14.6 * Fri Jun 6 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - CVE-2014-3153 futex: pi futexes requeue issue (rhbz 1103626 1105609) - CVE-2014-3940 missing check during hugepage migration (rhbz 1104097 1105042) * Tue Jun 3 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Add fix for team MTU settings from Jiri Pirko (rhbz 1099857) - Backport fix for issues with Quagga introduced by CVE fixes (rhbz 1097684) * Mon Jun 2 2014 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - 3.14.5-100 - Linux v3.14.5 * Thu May 29 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - CVE-2014-3917 DoS with syscall auditing (rhbz 1102571 1102715) * Tue May 20 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Backport patch to add new elantech touchpad support (rhbz 1051668) * Wed May 14 2014 Hans de Goede <hdegoede@xxxxxxxxxx> - Add synaptics min/max quirk patch for the ThinkPad W540 (rhbz 1096436) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1103626 - CVE-2014-3153 kernel: futex: pi futexes requeue issue https://bugzilla.redhat.com/show_bug.cgi?id=1103626 [ 2 ] Bug #1104097 - CVE-2014-3940 Kernel: missing check during hugepage migration https://bugzilla.redhat.com/show_bug.cgi?id=1104097 [ 3 ] Bug #1102571 - CVE-2014-3917 kernel: DoS with syscall auditing https://bugzilla.redhat.com/show_bug.cgi?id=1102571 -------------------------------------------------------------------------------- ================================================================================ libbluray-0.6.0-1.fc19 (FEDORA-2014-7157) Library to access Blu-Ray disks for video playback -------------------------------------------------------------------------------- Update Information: libbluray 0.6.0, with much improved BD-J support. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 4 2014 Xavier Bachelot <xavier@xxxxxxxxxxxx> 0.6.0-1 - Update to 0.6.0. * Sat Apr 26 2014 Xavier Bachelot <xavier@xxxxxxxxxxxx> 0.5.0-5 - Tweak the Release: tag to accomodate rpmdev-bumpspec. * Fri Feb 21 2014 Xavier Bachelot <xavier@xxxxxxxxxxxx> 0.5.0-4 - Requires: java-headless for Fedora 21+ (RHBZ#1068351). - Modernize specfile. * Fri Jan 10 2014 Xavier Bachelot <xavier@xxxxxxxxxxxx> 0.5.0-3 - Disable BD-J support for ppc64le arch (RHBZ#1051604). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1079629 - BD-J discs do not work https://bugzilla.redhat.com/show_bug.cgi?id=1079629 -------------------------------------------------------------------------------- ================================================================================ libfep-0.1.0-1.fc19 (FEDORA-2014-7214) Library to implement FEP (front end processor) on ANSI terminals -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 4 2014 Daiki Ueno <dueno@xxxxxxxxxx> - 0.1.0-1 - new upstream release - drop intltool from BR * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.0.9-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ linux-firmware-20140605-36.gita4f3bc03.fc19 (FEDORA-2014-7192) Firmware files used by the Linux kernel -------------------------------------------------------------------------------- Update Information: Update to latest upstream git snapshot. Fixes for Intel, radeon, realtek and various other firmwares. Note: The bugs listed for this update require both kernel and firmware changes. The kernel changes are not integrated yet, and we will close the bugs once both updates are pushed to stable. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 5 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - 20140605-36.gita4f3bc03 - Updates for Intel 3160/7260/7265 firmware (1087717) - Add firmware for rtl8723be (rhbz 1091753) - Updates for radeon CIK, SI/CI, and Mullins/Beema GPUs (rhbz 1094153) - Various other firmware updates -------------------------------------------------------------------------------- References: [ 1 ] Bug #1087717 - iwl7260 wifi poor connection https://bugzilla.redhat.com/show_bug.cgi?id=1087717 [ 2 ] Bug #1091753 - Firmware(rtl8723befw.bin) for the Realtek 8723BE 802.11n PCI wireless(rtl8723be) https://bugzilla.redhat.com/show_bug.cgi?id=1091753 [ 3 ] Bug #1094153 - Regression: Screen corruption and system freezes with kernel 3.14.2 and Radeon 260x (BONAIRE) https://bugzilla.redhat.com/show_bug.cgi?id=1094153 -------------------------------------------------------------------------------- ================================================================================ lz4-r117-2.fc19 (FEDORA-2014-7173) Extremely fast compression algorithm -------------------------------------------------------------------------------- Update Information: - removed static library from installation. - new release r117. - added lz4c & lz4cat manual pages. - removed install-info calls from spec file. - moved .so files to the base package from -devel. - new release r117. - added lz4c & lz4cat manual pages. - removed install-info calls from spec file. - moved .so files to the base package from -devel. -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 7 2014 pjp <pjp@xxxxxxxxxxxxxxxxx> - r117-2 - Skip static library from installation. * Fri Jun 6 2014 pjp <pjp@xxxxxxxxxxxxxxxxx> - r117-1 - new release - added lz4c & lz4cat manual pages. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1105110 - /usr/lib/liblz4.so don#t belong into lz4-devel https://bugzilla.redhat.com/show_bug.cgi?id=1105110 [ 2 ] Bug #1100980 - lz4 attempts to install a non-existent file https://bugzilla.redhat.com/show_bug.cgi?id=1100980 -------------------------------------------------------------------------------- ================================================================================ mandelbulber-1.21-2.fc19 (FEDORA-2014-7205) Advanced 3D fractal generator -------------------------------------------------------------------------------- Update Information: Advanced 3D fractal generator. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1065610 - Review Request: mandelbulber - Advanced 3D fractal generator https://bugzilla.redhat.com/show_bug.cgi?id=1065610 -------------------------------------------------------------------------------- ================================================================================ meld-1.8.5-1.fc19 (FEDORA-2014-7176) Visual diff and merge tool -------------------------------------------------------------------------------- Update Information: This update brings the latest Meld 1.8 release in version 1.8.5 to you. -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 8 2014 Dominic Hopf <dmaphy@xxxxxxxxxxxxxxxxx> - 1.8.5-1 - New upstream release: Meld 1.8.5 -------------------------------------------------------------------------------- ================================================================================ nec2c-1.3-1.fc19 (FEDORA-2014-7202) Translation of NEC2 antenna modeling tool from FORTRAN to C -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri May 23 2014 Richard Shaw <hobbes1069@xxxxxxxxx> - 1.3-1 - Update to latest upstream release. -------------------------------------------------------------------------------- ================================================================================ perl-Filter-1.50-1.fc19 (FEDORA-2014-7178) Perl source filters -------------------------------------------------------------------------------- Update Information: This releases does not re-bless already blessed filter_add arguments. It fixes Perl compiler detection in Filter::decrypt. It corrects internal tests. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 5 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 1.50-1 - 1.50 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1105167 - perl-Filter-1.50 is available https://bugzilla.redhat.com/show_bug.cgi?id=1105167 -------------------------------------------------------------------------------- ================================================================================ perl-Fsdb-2.50-1.fc19 (FEDORA-2014-7186) A set of commands for manipulating flat-text databases from the shell -------------------------------------------------------------------------------- Update Information: See http://www.isi.edu/~johnh/SOFTWARE/FSDB/ -------------------------------------------------------------------------------- References: [ 1 ] Bug #877096 - Review Request: perl-Fsdb - A set of commands for manipulating flat-text databases from the shell https://bugzilla.redhat.com/show_bug.cgi?id=877096 -------------------------------------------------------------------------------- ================================================================================ perl-WWW-Shorten-3.05-1.fc19 (FEDORA-2014-7209) Interface to URL shortening sites -------------------------------------------------------------------------------- Update Information: Upgrade to 3.05 (bz#1095263) -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 7 2014 Julian C. Dunn <jdunn@xxxxxxxxxxxx> - 3.05-1 - Upgrade to 3.05 (bz#1095263) * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.04-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1095263 - perl-WWW-Shorten-3.05 is available https://bugzilla.redhat.com/show_bug.cgi?id=1095263 -------------------------------------------------------------------------------- ================================================================================ perl-XML-Writer-0.625-1.fc19 (FEDORA-2014-7125) A simple Perl module for writing XML documents -------------------------------------------------------------------------------- Update Information: This release allows xml-model processing instructions and fixes a warning when unfed is passed to setOutput. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 9 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 0.625-1 - 0.625 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1105814 - perl-XML-Writer-0.625 is available https://bugzilla.redhat.com/show_bug.cgi?id=1105814 -------------------------------------------------------------------------------- ================================================================================ php-5.5.13-3.fc19 (FEDORA-2014-6904) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: 29 May 2014, PHP 5.5.13 CLI server: * Fixed bug #67079 (Missing MIME types for XML/XSL files). (Anatol) COM: * Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol) Core: * Fixed bug #65701 (copy() doesn't work when destination filename is created by tempnam()). (Boro Sitnikovski) * Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol) * Fixed bug #67245 (usage of memcpy() with overlapping src and dst in zend_exceptions.c). (Bob) * Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas) * Fixed bug #67249 (printf out-of-bounds read). (Stas) * Fixed bug #67250 (iptcparse out-of-bounds read). (Stas) * Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas) Curl: * Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike) Date: * Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol) * Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas) * Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas) DOM: * Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset). (Anatol) Fileinfo: * Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol) * Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238). * Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation) (CVE-2014-0237). FPM: * Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor). (Julio Pintos) GD: * Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas) PCRE: * Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch from the upstream). (Anatol) Phar: * Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent in its name). (PR #588) Backported from 5.5.14: * Fileinfo: Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). * Core: workaround regression introduce in fix for #67072 * Date: Fixed regression in fix for bug #67118 (constructor can't be called twice). -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 5 2014 Remi Collet <rcollet@xxxxxxxxxx> 5.5.13-3 - fix regression introduce in fix for #67118 * Tue Jun 3 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.5.13-2 - fileinfo: fix insufficient boundary check - workaround regression introduce in fix for 67072 in serialize/unzerialize functions * Fri May 30 2014 Remi Collet <rcollet@xxxxxxxxxx> 5.5.13-1 - Update to 5.5.13 http://www.php.net/releases/5_5_13.php -------------------------------------------------------------------------------- References: [ 1 ] Bug #1098155 - CVE-2014-0238 file: CDF property info parsing nelements infinite loop https://bugzilla.redhat.com/show_bug.cgi?id=1098155 [ 2 ] Bug #1098193 - CVE-2014-0237 file: cdf_unpack_summary_info() excessive looping DoS https://bugzilla.redhat.com/show_bug.cgi?id=1098193 -------------------------------------------------------------------------------- ================================================================================ php-Faker-1.4.0-1.fc19 (FEDORA-2014-7131) A PHP library that generates fake data -------------------------------------------------------------------------------- Update Information: ## v1.4.0 (2014-06-04) https://github.com/fzaninotto/Faker/releases/tag/v1.4.0 ### New Features * Added strict option to randomNumber to force number of digits (fzaninotto) * Added slug provider (fzaninotto) * Added firstname gender method to all Person providers (csanquer) * Added local IP and MAC address providers (kielabokkie) * Added default value to optional modifier (joshuajabbour) * Added fileCopy to File provider to simulate file upload (stefanosala) * Added Maximum Timestamp option to get always same unix timestamp when using a fixed seed (csanquer) * Added ean barcode provider (nineinchnick) * Added fullPath parameter to Image provider (stefanosala) * Added randomElements provider (terite) * Added realText provider for English and German, based on Markov Chains Generator (TimWolla) ### New / Improved Locales * Fixed typo in Slovak person names (cinan) * Added tests for uk_UA providers (serge-kuharev) * Fixed address provider for latvian language (MatissJA) * Added Czech Republic (cs_CZ) address, company, datetime and text providers (Mikulas) * Fixed da_DK Person provider data containing an 'unnamed' person (tolnem) * Fixed tr_TR email service, city name, person, and phone number formats (ogunkarakus) * Fixed US_en state list (fzaninotto) * Fixed en_US address provider so state abbr are ISO 3166 codes (Garbee) * Fixed Portuguese phonenumbers have 9 digits (hugofonseca) * Added pt_PT providers (hugofonseca) * Added tin (NIF) generator for pt_PT provider (hugofonseca) * Added pt_PT phone number provider (hugofonseca) * Added new ro_RO Personal Numerical Code (CNP) and phone number providers (avataru) * Fixed Internet provider for sk_SK locale (cinan) * Fixed typo in en_ZA Internet provider (bjorntheart) * Added Montenegrian (me_ME) providers * Added more Polish company formats (nineinchnick) * Added Polish realText provider (nineinchnick) * Added French realText provider (fzaninotto) * Fixed missing data in en_US Address provider (Garbee) * Added Bengali (bn_BD) providers (masnun) * Added French Canadian (fr_CA) Address and Person providers (marcaube) * Added Canadian English (en_CA) address and phone number providers (cviebrock) * Fixed Polish (pl_PL) Person provider data (czogori) * Added Hungarian (hu_HU) providers (sagikazarmark) * Added 'kana' (ja_JP) name formatters (kzykhys) ### Bug Fixes * Fixed numerify() performance by making it 30% faster (fzaninotto) * Fixed randomNumber usage duplicating numberBetween (fzaninotto) * Fixed IDE insights for new local IP and MAC address providers (hugofonseca) * Fixed typo in century list affecting the century provider (fzaninotto) * Fixed dead code in text provider (hugofonseca) * Fixed IDE insights for magic properties (hugofonseca) * Fixed numberBetween max default value handling (fzaninotto) * Fixed PSR-2 standards and add make task to force it on Travis (terite) * Fixed phpdoc for DateTime magic methods (stof) * Added doc about seeding with maximum timestamp using dateTime formatters (fzaninotto) * Fixed remaining non-seedable random generators (terite) * Fixed realText provider bootstrap slowness (fzaninotto) * Fixed address format in nl_NL provider (doenietzomoeilijk) * Fixed potentially offensive word from last name list (joshuajabbour) * Fixed reamde documentation about the optional modifier (cryode) * Fixed Image provider and documentor routine (fzaninotto) * Fixed IDE insights for methods (PedroTroller) * Fixed warning on test file when short tags are on (bateller) * Fixed Doctrine populator undefined index warning (dbojdo) * Fixed typo in NullGenerator (mhanson01) * Fixed Doctrine populator issue with one-to-one nullable relationship (jpetitcolas) * Fixed duplicated Payment example in readme (Garbee) * Added allow_failure for hhvm to travis-ci and test against php 5.5 (toin0u) -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 8 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 1.4.0-1 - Updated to 1.4.0 (BZ #1105815) - Added php-composer(fzaninotto/faker) virtual provide - Made Doctrine pkg optional instead of required - Added option to build without tests * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1105815 - php-Faker-1.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1105815 -------------------------------------------------------------------------------- ================================================================================ php-Monolog-1.10.0-1.fc19 (FEDORA-2014-7191) Sends your logs to files, sockets, inboxes, databases and various web services -------------------------------------------------------------------------------- Update Information: ### 1.10.0 (2014-06-04) https://github.com/Seldaek/monolog/releases/tag/1.10.0 * Added Logger::getHandlers() and Logger::getProcessors() methods * Added $passthruLevel argument to FingersCrossedHandler to let it always pass some records through even if the trigger level is not reached * Added support for extra data in NewRelicHandler * Added $expandNewlines flag to the ErrorLogHandler to create multiple log entries when a message has multiple lines -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 7 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 1.10.0-1 - Updated to 1.10.0 (BZ #1105816) - Removed max PHPUnit dependency - Added php-composer(monolog/monolog) virtual provide * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.9.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1105816 - php-Monolog-1.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1105816 -------------------------------------------------------------------------------- ================================================================================ php-PsrLog-1.0.0-6.fc19 (FEDORA-2014-7112) Common interface for logging libraries -------------------------------------------------------------------------------- Update Information: RPM-only release. Added `php-composer(psr/log)` virtual provide. -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 7 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 1.0.0-6 - Replaced single-use %composer_vendor and %composer_project * Fri Jun 6 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 1.0.0-5 - Updated URL - Requires php-common => php(language) - Added php-composer(%{composer_vendor}/%{composer_project}) virtual provide * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ php-Raven-0.9.0-1.fc19 (FEDORA-2014-7114) A PHP client for Sentry -------------------------------------------------------------------------------- Update Information: Updated to 0.9.0 Diffs: * Previous RPM release: 0.8.0 dac9333 (2013-12-10) => 0.9.0 (2014-06-04): https://github.com/getsentry/raven-php/compare/dac9333...0.9.0 * Previous version: 0.8.0 (2013-12-03) => 0.9.0 (2014-06-04): https://github.com/getsentry/raven-php/compare/0.8.0...0.9.0 -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 7 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 0.9.0-1 - Updated to 0.9.0 (BZ #1104557) - Added php-composer(raven/raven) virtual provide - Added option to build without tests * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.8.0-4.20140519git2351d97 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri May 30 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 0.8.0-3.20140519git2351d97 - Updated to latest snapshot - Removed max PHPUnit dependency -------------------------------------------------------------------------------- References: [ 1 ] Bug #1104557 - php-Raven-0.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1104557 -------------------------------------------------------------------------------- ================================================================================ php-doctrine-orm-2.4.2-2.fc19 (FEDORA-2014-6904) Doctrine Object-Relational-Mapper (ORM) -------------------------------------------------------------------------------- Update Information: 29 May 2014, PHP 5.5.13 CLI server: * Fixed bug #67079 (Missing MIME types for XML/XSL files). (Anatol) COM: * Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol) Core: * Fixed bug #65701 (copy() doesn't work when destination filename is created by tempnam()). (Boro Sitnikovski) * Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol) * Fixed bug #67245 (usage of memcpy() with overlapping src and dst in zend_exceptions.c). (Bob) * Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas) * Fixed bug #67249 (printf out-of-bounds read). (Stas) * Fixed bug #67250 (iptcparse out-of-bounds read). (Stas) * Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas) Curl: * Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike) Date: * Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol) * Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas) * Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas) DOM: * Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset). (Anatol) Fileinfo: * Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol) * Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238). * Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation) (CVE-2014-0237). FPM: * Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor). (Julio Pintos) GD: * Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas) PCRE: * Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch from the upstream). (Anatol) Phar: * Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent in its name). (PR #588) Backported from 5.5.14: * Fileinfo: Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). * Core: workaround regression introduce in fix for #67072 * Date: Fixed regression in fix for bug #67118 (constructor can't be called twice). -------------------------------------------------------------------------------- ChangeLog: * Fri May 30 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 2.4.2-2 - upstream fix for latest PHP (#1103219) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1098155 - CVE-2014-0238 file: CDF property info parsing nelements infinite loop https://bugzilla.redhat.com/show_bug.cgi?id=1098155 [ 2 ] Bug #1098193 - CVE-2014-0237 file: cdf_unpack_summary_info() excessive looping DoS https://bugzilla.redhat.com/show_bug.cgi?id=1098193 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Ldap-2.0.6-1.fc19 (FEDORA-2014-7228) Horde LDAP libraries -------------------------------------------------------------------------------- Update Information: * [jan] SECURITY: Stricter parameter check in bind() to detect empty passwords. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 3 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.0.6-1 - Update to 2.0.6 (security) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1104961 - stricter checking for bind()'s with empty passwords https://bugzilla.redhat.com/show_bug.cgi?id=1104961 -------------------------------------------------------------------------------- ================================================================================ php-phpunit-PHPUnit-MockObject-1.2.3-4.fc19 (FEDORA-2014-6904) Mock Object library for PHPUnit -------------------------------------------------------------------------------- Update Information: 29 May 2014, PHP 5.5.13 CLI server: * Fixed bug #67079 (Missing MIME types for XML/XSL files). (Anatol) COM: * Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol) Core: * Fixed bug #65701 (copy() doesn't work when destination filename is created by tempnam()). (Boro Sitnikovski) * Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol) * Fixed bug #67245 (usage of memcpy() with overlapping src and dst in zend_exceptions.c). (Bob) * Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas) * Fixed bug #67249 (printf out-of-bounds read). (Stas) * Fixed bug #67250 (iptcparse out-of-bounds read). (Stas) * Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas) Curl: * Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike) Date: * Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol) * Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas) * Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas) DOM: * Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset). (Anatol) Fileinfo: * Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol) * Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238). * Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation) (CVE-2014-0237). FPM: * Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor). (Julio Pintos) GD: * Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas) PCRE: * Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch from the upstream). (Anatol) Phar: * Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent in its name). (PR #588) Backported from 5.5.14: * Fileinfo: Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). * Core: workaround regression introduce in fix for #67072 * Date: Fixed regression in fix for bug #67118 (constructor can't be called twice). -------------------------------------------------------------------------------- ChangeLog: * Fri May 30 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.2.3-4 - upstream fix for latest PHP (#1103223) * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1098155 - CVE-2014-0238 file: CDF property info parsing nelements infinite loop https://bugzilla.redhat.com/show_bug.cgi?id=1098155 [ 2 ] Bug #1098193 - CVE-2014-0237 file: cdf_unpack_summary_info() excessive looping DoS https://bugzilla.redhat.com/show_bug.cgi?id=1098193 -------------------------------------------------------------------------------- ================================================================================ pidgin-sipe-1.18.2-1.fc19 (FEDORA-2014-7181) Pidgin protocol plugin to connect to MS Office Communicator -------------------------------------------------------------------------------- Update Information: New upstream release: * fixes crash when PersistentChat sends BYE * fixes joining of conference for some users * fixes conference call ending in error message * fixes EWS autodiscover for some Office 365 users * UCS now honors email URL set by user -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 7 2014 Stefan Becker <chemobejk@xxxxxxxxx> - 1.18.2-1 - update to 1.18.2: - fixes crash when PersistentChat sends BYE - fixes joining of conference for some users - fixes conference call ending in error message - fixes EWS autodiscover for some Office 365 users - UCS now honors email URL set by user -------------------------------------------------------------------------------- ================================================================================ python-datanommer-models-0.6.3-1.fc19 (FEDORA-2014-7218) SQLAlchemy models for datanommer -------------------------------------------------------------------------------- Update Information: Optimized inserts. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 4 2014 Ralph Bean <rbean@xxxxxxxxxx> - 0.6.3-1 - Optimized inserts. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1100729 - python-datanommer-models-0.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1100729 -------------------------------------------------------------------------------- ================================================================================ python-djblets-0.7.30-2.fc19 (FEDORA-2014-7224) A collection of useful classes and functions for Django -------------------------------------------------------------------------------- Update Information: Fixes two XSS vulnerabilities in Djblets (used by Review Board) -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 7 2014 Stephen Gallagher <sgallagh@xxxxxxxxxx> 0.7.30-2 - Drop upstreamed patch * Fri Jun 6 2014 Stephen Gallagher <sgallagh@xxxxxxxxxx> 0.7.30-1 - New upstream security release 0.7.30 - http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.30.NEWS -------------------------------------------------------------------------------- References: [ 1 ] Bug #1106845 - CVE-2014-3994 python-djblets: XSS Vulnerability in Djblets json_dumps() https://bugzilla.redhat.com/show_bug.cgi?id=1106845 -------------------------------------------------------------------------------- ================================================================================ python-flask-wtf-0.9.5-1.fc19 (FEDORA-2014-7160) Simple integration of Flask and WTForms -------------------------------------------------------------------------------- Update Information: Updated to new source -------------------------------------------------------------------------------- ChangeLog: * Wed May 21 2014 Praveen Kumar <kumarpraveen.nitdgp@xxxxxxxxx> 0.9.5-1 - Updated to new source - Add python3 support * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.8-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1099495 - Update to 0.9.3 https://bugzilla.redhat.com/show_bug.cgi?id=1099495 -------------------------------------------------------------------------------- ================================================================================ roxterm-2.8.3-1.fc19 (FEDORA-2014-7145) A fast terminal emulator -------------------------------------------------------------------------------- Update Information: * Correct profile editor pages when bg disabled -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 9 2014 Christopher Meng <rpm@xxxxxxxx> - 2.8.3-1 - Update to 2.8.3 * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.8.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri Feb 21 2014 Christopher Meng <rpm@xxxxxxxx> - 2.8.2-2 - Add deprecated VTK3 option support. -------------------------------------------------------------------------------- ================================================================================ rubygem-htmlentities-4.3.2-1.fc19 (FEDORA-2014-7142) A module for encoding and decoding (X)HTML entities -------------------------------------------------------------------------------- Update Information: New version 4.3.2 is released. -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.3.1-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rubygem-sequel-4.11.0-1.fc19 (FEDORA-2014-7237) The Database Toolkit for Ruby -------------------------------------------------------------------------------- Update Information: Update to sequel 4.11.0 -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 6 2014 Alejandro Pérez <aeperezt@xxxxxxxxxxxxxxxxx> - 4.11.0-1 - Initial package -------------------------------------------------------------------------------- ================================================================================ shogun-data-0.8.1-0.10.git20140519.19230ef.fc19 (FEDORA-2014-7236) Data-files for the SHOGUN machine learning toolbox -------------------------------------------------------------------------------- Update Information: updated to new snapshot git20140519.19230ef56933c7c34d5e31bb28d977d081616707 -------------------------------------------------------------------------------- ChangeLog: * Mon May 19 2014 Björn Esser <bjoern.esser@xxxxxxxxx> - 0.8.1-0.10.git20140519.19230ef - updated to new snapshot git20140519.19230ef56933c7c34d5e31bb28d977d081616707 * Sat May 17 2014 Björn Esser <bjoern.esser@xxxxxxxxx> - 0.8.1-0.9.git20140428.328f363 - updated to new snapshot git20140428.328f363ad358813b2e600d2f56b20d349b239db0 * Thu Apr 24 2014 Björn Esser <bjoern.esser@xxxxxxxxx> - 0.8.1-0.8.git20140420.8652c9c - updated to new snapshot git20140420.8652c9c8f81742a80ee9b999ea182fd9624dd4f2 * Mon Apr 14 2014 Björn Esser <bjoern.esser@xxxxxxxxx> - 0.8.1-0.7.git20140414.9a8b634 - updated to new snapshot git20140414.9a8b634ebdbc013ae020191bf1f5fe9846168087 * Mon Apr 14 2014 Björn Esser <bjoern.esser@xxxxxxxxx> - 0.8.1-0.6.git20140408.1e5eb17 - updated to new snapshot git20140408.1e5eb17040965b5ffe7f6c13ab3d7eae41fd7a25 - removed %config from macro-files * Tue Mar 18 2014 Björn Esser <bjoern.esser@xxxxxxxxx> - 0.8.1-0.5.git20140317.082eeb5 - updated to new snapshot git20140317.082eeb56ea20fc55085950e6114ef4e7849d438d -------------------------------------------------------------------------------- ================================================================================ spatialite-tools-4.1.1-3.fc19 (FEDORA-2014-7221) A set of useful CLI tools for SpatiaLite -------------------------------------------------------------------------------- Update Information: This build adds an explicit requirement on the current sqlite version. Sqlite updates caused failure when starting spatialite, built against the previous version. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 5 2014 Volker Fröhlich <volker27@xxxxxx> - 4.1.1-3 - Solve BZ 1048587 (spatialite command complains about sqlite version) * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.1.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1048587 - spatialite should be recompiled when sqlite version changes. https://bugzilla.redhat.com/show_bug.cgi?id=1048587 -------------------------------------------------------------------------------- ================================================================================ xemacs-21.5.34-6.20140605hgacf1c26e3019.fc19 (FEDORA-2014-7123) Different version of Emacs -------------------------------------------------------------------------------- Update Information: This update moves to a recent snapshot to fix bug 1095405 and allow diagnosis of bug 1078159. For Fedora 19, this update additionally drops the texinfo info files, allows utf-8 fonts to be used in more places, adds an AppData file, and disables XIM (which is broken anyway). -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 5 2014 Jerry James <loganjerry@xxxxxxxxx> - 21.5.34-6.20140605hgacf1c26e3019 - Update to snapshot: fixes bz 1095405 and allows diagnosis of bz 1078159 - Update snapshot creating script to use bitbucket and maximally compress - Don't need to exclude texinfo info files; upstream has dropped them * Wed Feb 5 2014 Jerry James <loganjerry@xxxxxxxxx> - 21.5.34-5 - Disable XIM by default. It hasn't worked since the release of Fedora 19 due to a fixed size buffer inside libX11 that is too small (see _XimProtoCreateIC in modules/im/ximcp/imDefIc.c), and nobody has complained. - Update location of rpm macro file for rpm >= 4.11 * Tue Nov 12 2013 Jerry James <loganjerry@xxxxxxxxx> - 21.5.34-4 - Add an AppData file * Fri Oct 25 2013 Jerry James <loganjerry@xxxxxxxxx> - 21.5.34-3 - Update the -utf8-fonts patch to remove more references to iso8859 fonts * Wed Oct 2 2013 Jerry James <loganjerry@xxxxxxxxx> - 21.5.34-2 - Don't package the texinfo info files; they clash with texinfo 5.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1095405 - [abrt] xemacs-xft: __find_specmb(): xemacs-xft-21.5-b34 killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1095405 -------------------------------------------------------------------------------- ================================================================================ xnec2c-2.8-1.fc19 (FEDORA-2014-7202) GTK based graphical wrapper for nec2c -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri May 23 2014 Richard Shaw <hobbes1069@xxxxxxxxx> - 2.8-1 - Update to latest upstream release. -------------------------------------------------------------------------------- ================================================================================ xscreensaver-5.29-1.fc19 (FEDORA-2014-7127) X screen saver and locker -------------------------------------------------------------------------------- Update Information: New version 5.29 is released. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 9 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1:5.29-1 - Update to 5.29 * Thu Jun 5 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1:5.28-1 - Update to 5.28 * Fri May 30 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1:5.27-2 - Remove GLib and invalid-source-encoding warnings on clang - Re-generate driver/XScreenSaver_ad.h correctly -------------------------------------------------------------------------------- ================================================================================ youtube-dl-2014.06.07-1.fc19 (FEDORA-2014-7129) A small command-line program to download online videos -------------------------------------------------------------------------------- Update Information: Update to 2014.06.07 -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 9 2014 Christopher Meng <rpm@xxxxxxxx> - 2014.06.07-1 - Update to 2014.06.07 * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2014.05.05-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Tue May 6 2014 Christopher Meng <rpm@xxxxxxxx> - 2014.05.05-1 - Update to 2014.05.05 -------------------------------------------------------------------------------- ================================================================================ yumex-3.0.15-1.fc19 (FEDORA-2014-7155) Yum Extender graphical package management tool -------------------------------------------------------------------------------- Update Information: bugfix release -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 4 2014 Tim Lauridsen <timlau@xxxxxxxxxxxxxxxxx> 3.0.15-1 - bumped version to 3.0.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1076454 - yumex hangs if user cancel the authorization dialog https://bugzilla.redhat.com/show_bug.cgi?id=1076454 [ 2 ] Bug #1089408 - Yumex should honour gpgcheck=0 in repo file https://bugzilla.redhat.com/show_bug.cgi?id=1089408 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
