The following Fedora 19 Security updates need testing: Age URL 238 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 50 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19 39 https://admin.fedoraproject.org/updates/FEDORA-2014-6233/dpkg-1.16.14-1.fc19 30 https://admin.fedoraproject.org/updates/FEDORA-2014-6553/chicken-4.8.0.6-2.fc19 28 https://admin.fedoraproject.org/updates/FEDORA-2014-6597/drupal7-views-3.8-1.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-7274/tor-0.2.4.22-2.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-7333/ReviewBoard-1.7.26-2.fc19,python-django-evolution-0.6.9-4.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-7322/thunderbird-24.6.0-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-7399/python-jinja2-2.6-7.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-7413/rb_libtorrent-0.16.8-2.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-7408/xen-4.2.4-5.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-7426/kernel-3.14.8-100.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-7490/sos-3.1-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-7572/kdelibs-4.11.5-4.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-7570/asterisk-11.10.2-2.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 186 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 112 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2014-7157/libbluray-0.6.0-1.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2014-7178/perl-Filter-1.50-1.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2014-7192/linux-firmware-20140605-36.gita4f3bc03.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-7270/qt-4.8.6-9.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-7285/gupnp-av-0.12.6-1.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-7322/thunderbird-24.6.0-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-7395/squashfs-tools-4.3-6.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-7462/btrfs-progs-3.14.2-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-7453/kde-workspace-4.11.10-2.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-7498/pcre-8.32-9.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-7559/polkit-qt-0.103.0-10.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-7572/kdelibs-4.11.5-4.fc19 The following builds have been pushed to Fedora 19 updates-testing asterisk-11.10.2-2.fc19 claws-mail-plugins-3.10.1-1.fc19 efibootmgr-0.7.0-2.fc19 efivar-0.10-2.fc19 java-1.7.0-openjdk-1.7.0.60-2.5.0.1.fc19 kdelibs-4.11.5-4.fc19 mate-menus-1.6.0-6.fc19 pdns-recursor-3.6.0-1.fc19 perl-MooX-Types-MooseLike-Numeric-1.02-2.fc19 polkit-qt-0.103.0-10.fc19 python-fedmsg-meta-fedora-infrastructure-0.2.14-1.fc19 python-wikitools-1.2-1.fc19 wine-1.7.20-1.fc19 Details about builds: ================================================================================ asterisk-11.10.2-2.fc19 (FEDORA-2014-7570) The Open Source PBX -------------------------------------------------------------------------------- Update Information: The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The available security releases are released as versions 1.8.15-cert7, 11.6-cert4, 1.8.28.2, 11.10.2, and 12.3.2. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases These releases resolve security vulnerabilities that were previously fixed in 1.8.15-cert6, 11.6-cert3, 1.8.28.1, 11.10.1, and 12.3.1. Unfortunately, the fix for AST-2014-007 inadvertently introduced a regression in Asterisk's TCP and TLS handling that prevented Asterisk from sending data over these transports. This regression and the security vulnerabilities have been fixed in the versions specified in this release announcement. The security patches for AST-2014-007 have been updated with the fix for the regression, and are available at http://downloads.asterisk.org/pub/security Please note that the release of these versions resolves the following security vulnerabilities: * AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework * AST-2014-006: Permission Escalation via Asterisk Manager User Unauthorized Shell Access * AST-2014-007: Denial of Service via Exhaustion of Allowed Concurrent HTTP Connections * AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions For more information about the details of these vulnerabilities, please read security advisories AST-2014-005, AST-2014-006, AST-2014-007, and AST-2014-008, which were released with the previous versions that addressed these vulnerabilities. For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert7 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.28.2 http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert4 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.10.2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.3.2 The security advisories are available at: * http://downloads.asterisk.org/pub/security/AST-2014-005.pdf * http://downloads.asterisk.org/pub/security/AST-2014-006.pdf * http://downloads.asterisk.org/pub/security/AST-2014-007.pdf * http://downloads.asterisk.org/pub/security/AST-2014-008.pdf The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The available security releases are released as versions 1.8.15-cert6, 11.6-cert3, 1.8.28.1, 11.10.1, and 12.3.1. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of these versions resolves the following issue: * AST-2014-007: Denial of Service via Exhaustion of Allowed Concurrent HTTP Connections Establishing a TCP or TLS connection to the configured HTTP or HTTPS port respectively in http.conf and then not sending or completing a HTTP request will tie up a HTTP session. By doing this repeatedly until the maximum number of open HTTP sessions is reached, legitimate requests are blocked. Additionally, the release of 11.6-cert3, 11.10.1, and 12.3.1 resolves the following issue: * AST-2014-006: Permission Escalation via Asterisk Manager User Unauthorized Shell Access Manager users can execute arbitrary shell commands with the MixMonitor manager action. Asterisk does not require system class authorization for a manager user to use the MixMonitor action, so any manager user who is permitted to use manager commands can potentially execute shell commands as the user executing the Asterisk process. Additionally, the release of 12.3.1 resolves the following issues: * AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework A remotely exploitable crash vulnerability exists in the PJSIP channel driver's pub/sub framework. If an attempt is made to unsubscribe when not currently subscribed and the endpoint's “sub_min_expiry” is set to zero, Asterisk tries to create an expiration timer with zero seconds, which is not allowed, so an assertion raised. * AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions When a SIP transaction timeout caused a subscription to be terminated, the action taken by Asterisk was guaranteed to deadlock the thread on which SIP requests are serviced. Note that this behavior could only happen on established subscriptions, meaning that this could only be exploited if an attacker bypassed authentication and successfully subscribed to a real resource on the Asterisk server. These issues and their resolutions are described in the security advisories. For more information about the details of these vulnerabilities, please read security advisories AST-2014-005, AST-2014-006, AST-2014-007, and AST-2014-008, which were released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert6 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.28.1 http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert3 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.10.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.3.1 The Asterisk Development Team has announced the release of Asterisk 11.10.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk The release of Asterisk 11.10.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following are the issues resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-23547 - [patch] app_queue removing callers from queue when reloading (Reported by Italo Rossi) * ASTERISK-23559 - app_voicemail fails to load after fix to dialplan functions (Reported by Corey Farrell) * ASTERISK-22846 - testsuite: masquerade super test fails on all branches (still) (Reported by Matt Jordan) * ASTERISK-23545 - Confbridge talker detection settings configuration load bug (Reported by John Knott) * ASTERISK-23546 - CB_ADD_LEN does not do what you'd think (Reported by Walter Doekes) * ASTERISK-23620 - Code path in app_stack fails to unlock list (Reported by Bradley Watkins) * ASTERISK-23616 - Big memory leak in logger.c (Reported by ibercom) * ASTERISK-23576 - Build failure on SmartOS / Illumos / SunOS (Reported by Sebastian Wiedenroth) * ASTERISK-23550 - Newer sound sets don't show up in menuselect (Reported by Rusty Newton) * ASTERISK-18331 - app_sms failure (Reported by David Woodhouse) * ASTERISK-19465 - P-Asserted-Identity Privacy (Reported by Krzysztof Chmielewski) * ASTERISK-23605 - res_http_websocket: Race condition in shutting down websocket causes crash (Reported by Matt Jordan) * ASTERISK-23707 - Realtime Contacts: Apparent mismatch between PGSQL database state and Asterisk state (Reported by Mark Michelson) * ASTERISK-23381 - [patch]ChanSpy- Barge only works on the initial 'spy', if the spied-on channel makes a new call, unable to barge. (Reported by Robert Moss) * ASTERISK-23665 - Wrong mime type for codec H263-1998 (h263+) (Reported by Guillaume Maudoux) * ASTERISK-23664 - Incorrect H264 specification in SDP. (Reported by Guillaume Maudoux) * ASTERISK-22977 - chan_sip+CEL: missing ANSWER and PICKUP event for INVITE/w/replaces pickup (Reported by Walter Doekes) * ASTERISK-23709 - Regression in Dahdi/Analog/waitfordialtone (Reported by Steve Davies) Improvements made in this release: ----------------------------------- * ASTERISK-23649 - [patch]Support for DTLS retransmission (Reported by NITESH BANSAL) * ASTERISK-23564 - [patch]TLS/SRTP status of channel not currently available in a CLI command (Reported by Patrick Laimbock) * ASTERISK-23754 - [patch] Use var/lib directory for log file configured in asterisk.conf (Reported by Igor Goncharovsky) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.10.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 19 2014 Jeffrey Ollie <jeff@xxxxxxxxxx> - 11.10.2-2: - Drop the 389 directory server schema (1061414) * Thu Jun 19 2014 Jeffrey Ollie <jeff@xxxxxxxxxx> - 11.10.2-1: - The Asterisk Development Team has announced security releases for Certified - Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The available security - releases are released as versions 1.8.15-cert7, 11.6-cert4, 1.8.28.2, 11.10.2, - and 12.3.2. - - These releases are available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk/releases - - These releases resolve security vulnerabilities that were previously fixed in - 1.8.15-cert6, 11.6-cert3, 1.8.28.1, 11.10.1, and 12.3.1. Unfortunately, the fix - for AST-2014-007 inadvertently introduced a regression in Asterisk's TCP and TLS - handling that prevented Asterisk from sending data over these transports. This - regression and the security vulnerabilities have been fixed in the versions - specified in this release announcement. - - The security patches for AST-2014-007 have been updated with the fix for the - regression, and are available at http://downloads.asterisk.org/pub/security - - Please note that the release of these versions resolves the following security - vulnerabilities: - - * AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe - Framework - - * AST-2014-006: Permission Escalation via Asterisk Manager User Unauthorized - Shell Access - - * AST-2014-007: Denial of Service via Exhaustion of Allowed Concurrent HTTP - Connections - - * AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions - - For more information about the details of these vulnerabilities, please read - security advisories AST-2014-005, AST-2014-006, AST-2014-007, and AST-2014-008, - which were released with the previous versions that addressed these - vulnerabilities. - - For a full list of changes in the current releases, please see the ChangeLogs: - - http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert7 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.28.2 - http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert4 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.10.2 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.3.2 - - The security advisories are available at: - - * http://downloads.asterisk.org/pub/security/AST-2014-005.pdf - * http://downloads.asterisk.org/pub/security/AST-2014-006.pdf - * http://downloads.asterisk.org/pub/security/AST-2014-007.pdf - * http://downloads.asterisk.org/pub/security/AST-2014-008.pdf * Thu Jun 19 2014 Jeffrey Ollie <jeff@xxxxxxxxxx> - 11.10.1-1: - The Asterisk Development Team has announced security releases for Certified - Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The available security - releases are released as versions 1.8.15-cert6, 11.6-cert3, 1.8.28.1, 11.10.1, - and 12.3.1. - - These releases are available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk/releases - - The release of these versions resolves the following issue: - - * AST-2014-007: Denial of Service via Exhaustion of Allowed Concurrent HTTP - Connections - - Establishing a TCP or TLS connection to the configured HTTP or HTTPS port - respectively in http.conf and then not sending or completing a HTTP request - will tie up a HTTP session. By doing this repeatedly until the maximum number - of open HTTP sessions is reached, legitimate requests are blocked. - - Additionally, the release of 11.6-cert3, 11.10.1, and 12.3.1 resolves the - following issue: - - * AST-2014-006: Permission Escalation via Asterisk Manager User Unauthorized - Shell Access - - Manager users can execute arbitrary shell commands with the MixMonitor manager - action. Asterisk does not require system class authorization for a manager - user to use the MixMonitor action, so any manager user who is permitted to use - manager commands can potentially execute shell commands as the user executing - the Asterisk process. - - Additionally, the release of 12.3.1 resolves the following issues: - - * AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe - Framework - - A remotely exploitable crash vulnerability exists in the PJSIP channel - driver's pub/sub framework. If an attempt is made to unsubscribe when not - currently subscribed and the endpoint's “sub_min_expiry” is set to zero, - Asterisk tries to create an expiration timer with zero seconds, which is not - allowed, so an assertion raised. - - * AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions - - When a SIP transaction timeout caused a subscription to be terminated, the - action taken by Asterisk was guaranteed to deadlock the thread on which SIP - requests are serviced. Note that this behavior could only happen on - established subscriptions, meaning that this could only be exploited if an - attacker bypassed authentication and successfully subscribed to a real - resource on the Asterisk server. - - These issues and their resolutions are described in the security advisories. - - For more information about the details of these vulnerabilities, please read - security advisories AST-2014-005, AST-2014-006, AST-2014-007, and AST-2014-008, - which were released at the same time as this announcement. - - For a full list of changes in the current releases, please see the ChangeLogs: - - http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert6 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.28.1 - http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert3 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.10.1 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.3.1 - - The security advisories are available at: - - * http://downloads.asterisk.org/pub/security/AST-2014-005.pdf - * http://downloads.asterisk.org/pub/security/AST-2014-006.pdf - * http://downloads.asterisk.org/pub/security/AST-2014-007.pdf - * http://downloads.asterisk.org/pub/security/AST-2014-008.pdf * Thu Jun 19 2014 Jeffrey Ollie <jeff@xxxxxxxxxx> - 11.10.0-1: - The Asterisk Development Team has announced the release of Asterisk 11.10.0. - This release is available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk - - The release of Asterisk 11.10.0 resolves several issues reported by the - community and would have not been possible without your participation. - Thank you! - - The following are the issues resolved in this release: - - Bugs fixed in this release: - ----------------------------------- - * ASTERISK-23547 - [patch] app_queue removing callers from queue - when reloading (Reported by Italo Rossi) - * ASTERISK-23559 - app_voicemail fails to load after fix to - dialplan functions (Reported by Corey Farrell) - * ASTERISK-22846 - testsuite: masquerade super test fails on all - branches (still) (Reported by Matt Jordan) - * ASTERISK-23545 - Confbridge talker detection settings - configuration load bug (Reported by John Knott) - * ASTERISK-23546 - CB_ADD_LEN does not do what you'd think - (Reported by Walter Doekes) - * ASTERISK-23620 - Code path in app_stack fails to unlock list - (Reported by Bradley Watkins) - * ASTERISK-23616 - Big memory leak in logger.c (Reported by - ibercom) - * ASTERISK-23576 - Build failure on SmartOS / Illumos / SunOS - (Reported by Sebastian Wiedenroth) - * ASTERISK-23550 - Newer sound sets don't show up in menuselect - (Reported by Rusty Newton) - * ASTERISK-18331 - app_sms failure (Reported by David Woodhouse) - * ASTERISK-19465 - P-Asserted-Identity Privacy (Reported by - Krzysztof Chmielewski) - * ASTERISK-23605 - res_http_websocket: Race condition in shutting - down websocket causes crash (Reported by Matt Jordan) - * ASTERISK-23707 - Realtime Contacts: Apparent mismatch between - PGSQL database state and Asterisk state (Reported by Mark - Michelson) - * ASTERISK-23381 - [patch]ChanSpy- Barge only works on the initial - 'spy', if the spied-on channel makes a new call, unable to - barge. (Reported by Robert Moss) - * ASTERISK-23665 - Wrong mime type for codec H263-1998 (h263+) - (Reported by Guillaume Maudoux) - * ASTERISK-23664 - Incorrect H264 specification in SDP. (Reported - by Guillaume Maudoux) - * ASTERISK-22977 - chan_sip+CEL: missing ANSWER and PICKUP event - for INVITE/w/replaces pickup (Reported by Walter Doekes) - * ASTERISK-23709 - Regression in Dahdi/Analog/waitfordialtone - (Reported by Steve Davies) - - Improvements made in this release: - ----------------------------------- - * ASTERISK-23649 - [patch]Support for DTLS retransmission - (Reported by NITESH BANSAL) - * ASTERISK-23564 - [patch]TLS/SRTP status of channel not currently - available in a CLI command (Reported by Patrick Laimbock) - * ASTERISK-23754 - [patch] Use var/lib directory for log file - configured in asterisk.conf (Reported by Igor Goncharovsky) - - For a full list of changes in this release, please see the ChangeLog: - - http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.10.0 * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 11.9.0-2.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu May 15 2014 Dennis Gilmore <dennis@xxxxxxxx> - 11.9.0-2 - build against gmime-devel not gmime22-devel - do not use -m64 on aarch64 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1109284 - CVE-2014-4047 asterisk: DoS due to Exhaustion of Allowed Concurrent HTTP Connections (AST-2014-007) https://bugzilla.redhat.com/show_bug.cgi?id=1109284 -------------------------------------------------------------------------------- ================================================================================ claws-mail-plugins-3.10.1-1.fc19 (FEDORA-2014-7574) Additional plugins for Claws Mail -------------------------------------------------------------------------------- Update Information: New in this release: ~~~~~~~~~~~~~~~~~~~~ * Add an account preference to allow automatically accepting unknown and changed SSL certificates, if they're valid that is, if the root CA is trusted by the distro). * RFE 3196, 'When changing quicksearch Search Type, set focus to search input box' * PGP/Core plugin: Generate 2048 bit RSA keys. * Major code cleanup. * Extended claws-mail.desktop with Compose and Receive actions. * Updated Bulgarian, Brazilian Portuguese, Czech, Dutch, Esperanto, Finnish, French, German,Hebrew, Hungarian, Indonesian, Lithuanian, Slovak, Spanish, and Swedish translations. * Bug fixes -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 19 2014 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 3.10.1-1 - bump * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.10.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Mon May 26 2014 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 3.10.0-1 - bump - add libravatar plugin -------------------------------------------------------------------------------- ================================================================================ efibootmgr-0.7.0-2.fc19 (FEDORA-2014-7556) EFI Boot Manager -------------------------------------------------------------------------------- Update Information: Reinstate an accidentally dropped hack to avoid apple brain damage. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 19 2014 Peter Jones <pjones@xxxxxxxxxx> - 0.7.0-2 - Reinstate an accidentally dropped hack to avoid apple brain damage. * Tue Apr 1 2014 Peter Jones <pjones@xxxxxxxxxx> - 0.7.0-1{?dist} - Release 0.7 * Mon Jan 13 2014 Peter Jones <pjones@xxxxxxxxxx> - 0.6.1-1 - Release 0.6.1 * Mon Jan 13 2014 Jared Dominguez <Jared_Dominguez@xxxxxxxx> - new home https://github.com/vathpela/efibootmgr -------------------------------------------------------------------------------- References: [ 1 ] Bug #873629 - Malformed variable content during system installation https://bugzilla.redhat.com/show_bug.cgi?id=873629 -------------------------------------------------------------------------------- ================================================================================ efivar-0.10-2.fc19 (FEDORA-2014-7556) Tools to manage UEFI variables -------------------------------------------------------------------------------- Update Information: Reinstate an accidentally dropped hack to avoid apple brain damage. -------------------------------------------------------------------------------- References: [ 1 ] Bug #873629 - Malformed variable content during system installation https://bugzilla.redhat.com/show_bug.cgi?id=873629 -------------------------------------------------------------------------------- ================================================================================ java-1.7.0-openjdk-1.7.0.60-2.5.0.1.fc19 (FEDORA-2014-7555) OpenJDK Runtime Environment -------------------------------------------------------------------------------- Update Information: Updated to u60b30 http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-June/028187.html This release have reverted controversial fix of http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=729 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 19 2014 Jiri Vanek <jvanek@xxxxxxxxxx> - 1.7.0.60-2.5.0.1.f19 - added and applied as reverted patch404 gtk3ToBeReverted.patch - reverting controversial fix of http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=729 * Wed Jun 18 2014 Jiri Vanek <jvanek@xxxxxxxxxx> - 1.7.0.60-2.5.0.f19 - updated to icedtea7-forest 2.5.0 -------------------------------------------------------------------------------- ================================================================================ kdelibs-4.11.5-4.fc19 (FEDORA-2014-7572) KDE Libraries -------------------------------------------------------------------------------- Update Information: Fix security issue where POP3 kioslave silently accepted invalid SSL certificates. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 19 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 6:4.11.5-4 - Provides: kdelibs4-webkit ... * Thu Jun 19 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 6:4.11.5-3 - POP3 kiosloave silently accepted invalid SSL certificates (#1111022, #1111023, CVE-2014-3494) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1111022 - CVE-2014-3494 kdelibs: POP3 kioslave silently accepted invalid SSL certificates https://bugzilla.redhat.com/show_bug.cgi?id=1111022 -------------------------------------------------------------------------------- ================================================================================ mate-menus-1.6.0-6.fc19 (FEDORA-2014-7580) Displays menus for MATE Desktop -------------------------------------------------------------------------------- Update Information: - backport some 1.8.x upstream commits - support for games-menus - fix rhbz (#1097454) -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 20 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.0-6 - backport some 1.8.x upstream commits - support for games-menus - fix rhbz (#1097454) * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.6.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1097454 - games-menus not displayed under mate https://bugzilla.redhat.com/show_bug.cgi?id=1097454 -------------------------------------------------------------------------------- ================================================================================ pdns-recursor-3.6.0-1.fc19 (FEDORA-2014-7571) Modern, advanced and high performance recursing/non authoritative name server -------------------------------------------------------------------------------- Update Information: - Update to 3.6.0 This is a performance, feature and bugfix update to 3.5/3.5.3. It contains important fixes for slightly broken domain names, which your users expect to work anyhow. It also brings robust resilience against certain classes of attacks. -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 20 2014 Morten Stevens <mstevens@xxxxxxxxxxxxxxx> - 3.6.0-1 - Update to 3.6.0 * Fri May 30 2014 Morten Stevens <mstevens@xxxxxxxxxxxxxxx> - 3.6.0-0.1.rc1 - Update to 3.6.0-rc1 * Fri May 23 2014 Petr Machata <pmachata@xxxxxxxxxx> - 3.5.3-3 - Rebuild for boost 1.55.0 -------------------------------------------------------------------------------- ================================================================================ perl-MooX-Types-MooseLike-Numeric-1.02-2.fc19 (FEDORA-2014-7563) Moo types for numbers -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1106364 - Review Request: perl-MooX-Types-MooseLike-Numeric - Moo types for numbers https://bugzilla.redhat.com/show_bug.cgi?id=1106364 -------------------------------------------------------------------------------- ================================================================================ polkit-qt-0.103.0-10.fc19 (FEDORA-2014-7559) Qt bindings for PolicyKit -------------------------------------------------------------------------------- Update Information: Backport some upstream fixes that may help some memory leaks for long-running sessions. -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 1 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 0.103.0-10 - -devel: use %_rpmconfigdir/macros.d (where supported) - .spec cleanup * Thu Dec 19 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.103.0-9 - pull in some more upstream fixes (from mbriza) * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.103.0-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ python-fedmsg-meta-fedora-infrastructure-0.2.14-1.fc19 (FEDORA-2014-7583) Metadata providers for Fedora Infrastructure's fedmsg deployment -------------------------------------------------------------------------------- Update Information: New github message types supported. New cloudy, releng handler from David Gay. Switch from gravatar to libravatar. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 19 2014 Ralph Bean <rbean@xxxxxxxxxx> - 0.2.14-1 - Updates to the github processor. - New fedimg cloudy releng processor from David Gay. - Switch to libravatar full-time. * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.2.13-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ python-wikitools-1.2-1.fc19 (FEDORA-2014-7565) Python package for interacting with a MediaWiki wiki -------------------------------------------------------------------------------- Update Information: This is a new packages that provides python API for mediawiki. -------------------------------------------------------------------------------- ================================================================================ wine-1.7.20-1.fc19 (FEDORA-2014-7573) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information: * X11 drag & drop fixes. * A few more C/C++ runtime functions. * Fixes for various memory issues found by Valgrind. * Some OLE storage fixes. * Various bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 19 2014 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 1.7.20-1 - version upgrade * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.7.19-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
