The following Fedora 19 Security updates need testing: Age URL 297 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 109 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19 60 https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19 59 https://admin.fedoraproject.org/updates/FEDORA-2014-7570/asterisk-11.10.2-2.fc19 58 https://admin.fedoraproject.org/updates/FEDORA-2014-6774/claws-mail-3.10.1-1.fc19,claws-mail-plugins-3.10.0-1.fc19,libetpan-1.5-1.fc19 58 https://admin.fedoraproject.org/updates/FEDORA-2014-7610/perl-Email-Address-1.905-1.fc19 49 https://admin.fedoraproject.org/updates/FEDORA-2014-7939/lzo-2.08-1.fc19 44 https://admin.fedoraproject.org/updates/FEDORA-2014-8089/rubygem-activerecord-3.2.13-2.fc19 26 https://admin.fedoraproject.org/updates/FEDORA-2014-8352/cups-1.6.4-7.fc19 26 https://admin.fedoraproject.org/updates/FEDORA-2014-8771/ReviewBoard-1.7.27-1.fc19 18 https://admin.fedoraproject.org/updates/FEDORA-2014-9087/drupal7-date-2.8-1.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-9162/xulrunner-31.0-1.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2014-9277/drupal7-7.31-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-9305/krb5-1.11.3-25.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-9270/wordpress-3.9.2-3.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-9379/php-htmlpurifier-htmlpurifier-4.6.0-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-9350/sks-1.1.5-2.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-9402/fish-2.1.0-11.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-9401/ppp-2.4.5-33.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-9399/pixman-0.30.0-5.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-9493/xen-4.2.4-7.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-9427/pipelight-0.2.7.3-3.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-9548/mediawiki-1.23.2-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-9536/python-pillow-2.0.0-14.gitd1c6db8.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-9544/perl-Plack-1.0031-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-9539/jakarta-commons-httpclient-3.1-15.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-9521/subversion-1.7.18-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-9534/phpMyAdmin-4.2.7.1-1.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 245 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 171 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-9156/gnupg2-2.0.25-1.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-9162/xulrunner-31.0-1.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-9218/libbluray-0.6.1-1.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-9232/firefox-31.0-2.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-9244/xfsprogs-3.2.1-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-9305/krb5-1.11.3-25.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-9399/pixman-0.30.0-5.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-9401/ppp-2.4.5-33.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-9450/systemd-204-21.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-9456/poppler-data-0.4.7-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-9453/vim-7.4.402-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-9432/selinux-policy-3.12.1-74.29.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-9513/curl-7.29.0-22.fc19 The following builds have been pushed to Fedora 19 updates-testing bustle-0.4.7-1.fc19 ceph-0.80.5-6.fc19 fedora-review-0.5.2-1.fc19 gparted-0.18.0-2.fc19 jakarta-commons-httpclient-3.1-15.fc19 lis-1.4.57-1.fc19 makepasswd-0.5.3-6.fc19 mediawiki-1.23.2-1.fc19 mingw-postgresql-9.2.9-1.fc19 nodejs-pac-resolver-1.2.2-1.fc19 nodejs-rainbowsocks-0.1.2-1.fc19 nodejs-regenerator-0.4.9-2.fc19 openttd-1.4.2-1.fc19 pcc-1.1.0-0.2.20140817cvs.fc19.1 perl-Plack-1.0031-1.fc19 perl-Test-Warn-0.30-1.fc19 perl-XML-TreeBuilder-5.4-0.fc19 php-gliph-0.1.8-1.fc19 php-htmLawed-1.1.18-1.fc19 phpMyAdmin-4.2.7.1-1.fc19 pidgin-sipe-1.18.3-1.fc19 python-pillow-2.0.0-14.gitd1c6db8.fc19 streamtuner-2.1.3-1.fc19 subversion-1.7.18-1.fc19 texstudio-2.8.2-1.fc19 w_scan-20140727-1.fc19 wine-1.7.24-1.fc19 Details about builds: ================================================================================ bustle-0.4.7-1.fc19 (FEDORA-2014-9575) Draw pretty sequence diagrams of D-Bus traffic -------------------------------------------------------------------------------- Update Information: spec file generated by cabal-rpm-0.8.11 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1129484 - Review Request: bustle - Draw pretty sequence diagrams of D-Bus traffic https://bugzilla.redhat.com/show_bug.cgi?id=1129484 -------------------------------------------------------------------------------- ================================================================================ ceph-0.80.5-6.fc19 (FEDORA-2014-9571) User space components of the Ceph file system -------------------------------------------------------------------------------- Update Information: We need to downgrade the package to the latest stable version for fedora 19, too. This package also fixes many bugs (several of them filed against rawhide). -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 17 2014 Kalev Lember <kalevlember@xxxxxxxxx> - 1:0.80.5-6 - Obsolete ceph-libcephfs * Sat Aug 16 2014 Boris Ranto <branto@xxxxxxxxxx> - 1:0.80.5-5 - Do not require xfsprogs/xfsprogs-devel for el6 - Require gperftools-devel for non-ppc*/s390* architectures only - Do not require junit -- no need to build libcephfs-test.jar - Build without libxfs for el6 - Build without tcmalloc for ppc*/s390* architectures - Location of mkcephfs must depend on a rhel release - Use epoch in the Requires fields [1130700] * Sat Aug 16 2014 Boris Ranto <branto@xxxxxxxxxx> - 1:0.80.5-4 - Use the proper version name in Obsoletes * Fri Aug 15 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1:0.80.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Fri Aug 15 2014 Boris Ranto <branto@xxxxxxxxxx> - 1:0.80.5-2 - Add the arm pthread hack * Fri Aug 15 2014 Boris Ranto <branto@xxxxxxxxxx> - 1:0.80.5-1 - Bump the Epoch, we need to keep the latest stable, not development, ceph version in fedora - Use the upstream spec file with the ceph-libs split - Add libs-compat subpackage [1116546] - use fedora in rhel 7 checks - obsolete libcephfs [1116614] - depend on redhat-lsb-core for the initscript [1108696] * Wed Aug 13 2014 Kalev Lember <kalevlember@xxxxxxxxx> - 0.81.0-6 - Add obsoletes to keep the upgrade path working (#1118510) * Mon Jul 7 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 0.81.0-5 - revert to old spec until after f21 branch * Fri Jul 4 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - temporary exclude f21/armv7hl. N.B. it builds fine on f20/armv7hl. * Fri Jul 4 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 0.81.0-4 - upstream ceph.spec file * Tue Jul 1 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 0.81.0-3 - upstream ceph.spec file * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.81.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu Jun 5 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - el6 ppc64 likewise for tcmalloc, merge from origin/el6 * Thu Jun 5 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - el6 ppc64 does not have gperftools, merge from origin/el6 * Thu Jun 5 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 0.81.0-1 - ceph-0.81.0 * Wed Jun 4 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 0.80.1-5 - gperftools now available on aarch64/ppc64 * Fri May 23 2014 Petr Machata <pmachata@xxxxxxxxxx> - 0.80.1-4 - Rebuild for boost 1.55.0 * Fri May 23 2014 David Tardon <dtardon@xxxxxxxxxx> - 0.80.1-3 - rebuild for boost 1.55.0 * Wed May 14 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 0.80.1-2 - build epel-6 - exclude %{_libdir}/ceph/erasure-code in base package * Tue May 13 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 0.80.1-1 - Update to latest stable upstream release, BZ 1095201 - PIE, _hardened_build, BZ 955174 * Thu Feb 6 2014 Ken Dreyer <ken.dreyer@xxxxxxxxxxx> - 0.72.2-2 - Move plugins from -devel into -libs package (#891993). Thanks Michael Schwendt. * Mon Jan 6 2014 Ken Dreyer <ken.dreyer@xxxxxxxxxxx> 0.72.2-1 - Update to latest stable upstream release - Use HTTPS for URLs - Submit Automake 1.12 patch upstream - Move unversioned shared libs from ceph-libs into ceph-devel * Wed Dec 18 2013 Marcin Juszkiewicz <mjuszkiewicz@xxxxxxxxxx> 0.67.3-4 - build without tcmalloc on aarch64 (no gperftools) * Sat Nov 30 2013 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 0.67.3-3 - gperftools not currently available on aarch64 * Mon Oct 7 2013 Dan Horák <dan[at]danny.cz> - 0.67.3-2 - fix build on non-x86_64 64-bit arches * Wed Sep 11 2013 Josef Bacik <josef@xxxxxxxxxxxxxx> - 0.67.3-1 - update to 0.67.3 * Wed Sep 11 2013 Michael Schwendt <mschwendt@xxxxxxxxxxxxxxxxx> - 0.61.7-3 - let base package include all its documentation files via %doc magic, so for Fedora 20 Unversioned Docdirs no files are included accidentally - include the sample config files again (instead of just an empty docdir that has been added for #846735) - don't include librbd.so.1 also in -devel package (#1003202) - move one misplaced rados plugin from -devel into -libs package (#891993) - include missing directories in -devel and -libs packages - move librados-config into the -devel pkg where its manual page is, too - add %_isa to subpackage dependencies - don't use %defattr anymore - add V=1 to make invocation for verbose build output * Wed Jul 31 2013 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 0.61.7-2 - re-enable tmalloc on arm now gperftools is fixed * Mon Jul 29 2013 Josef Bacik <josef@xxxxxxxxxxxxxx> - 0.61.7-1 - Update to 0.61.7 * Sat Jul 27 2013 pmachata@xxxxxxxxxx - 0.56.4-2 - Rebuild for boost 1.54.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1109594 - ceph package is missing erasure code libraries https://bugzilla.redhat.com/show_bug.cgi?id=1109594 -------------------------------------------------------------------------------- ================================================================================ fedora-review-0.5.2-1.fc19 (FEDORA-2014-9549) Review tool for fedora rpm packages -------------------------------------------------------------------------------- Update Information: Update to latest bugfix release -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 14 2014 Stanislav Ochotnicky <sochotnicky@xxxxxxxxxx> - 0.5.2-1 - Update to latest upstream bugfix release * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ gparted-0.18.0-2.fc19 (FEDORA-2014-9546) Gnome Partition Editor -------------------------------------------------------------------------------- Update Information: disabled online-resize - bugfix update -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 17 2014 Mukundan Ragavan <nonamedotc@xxxxxxxxxxxxxxxxx> - 0.18.0-2 - Removed enable-online-resize option since parted <3.2 does not support this - Fixes bz #1121350 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1121350 - GParted compiled with online resize support when when libparted doesn't support it https://bugzilla.redhat.com/show_bug.cgi?id=1121350 -------------------------------------------------------------------------------- ================================================================================ jakarta-commons-httpclient-3.1-15.fc19 (FEDORA-2014-9539) Jakarta Commons HTTPClient implements the client side of HTTP standards -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2014-3577, CVE-2012-6153 -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 18 2014 Michal Srb <msrb@xxxxxxxxxx> - 1:3.1-15 - Fix MITM security vulnerability - Resolves: CVE-2014-3577 * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1:3.1-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1129074 - CVE-2014-3577 Apache HttpComponents client: Hostname verification susceptible to MITM attack https://bugzilla.redhat.com/show_bug.cgi?id=1129074 [ 2 ] Bug #1129916 - CVE-2012-6153 Apache HttpComponents client: Hostname verification susceptible to MITM attack https://bugzilla.redhat.com/show_bug.cgi?id=1129916 -------------------------------------------------------------------------------- ================================================================================ lis-1.4.57-1.fc19 (FEDORA-2014-9565) A library for solving linear equations and eigenvalue problems -------------------------------------------------------------------------------- Update Information: Update to 1.4.57 -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 18 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.4.57-1 - Update to 1.4.57 * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.56-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Tue Aug 12 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.4.56-1 - Update to 1.4.56 - Drop group-tag - Fix permission for AUTHORS and COPYING * Mon Aug 11 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.4.55-1 - Update to 1.4.55 - Add noarch to subpackage doc - Remove requires from subpackage doc * Sun Aug 10 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.4.53-2 - Remove defattr at the beginning of the files-section - Use default buildroot instead of making its own - Remove unnecessary clean-section - Use pushd and popd instead of cd * Sat Aug 9 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.4.53-1 - Update to 1.4.53 * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.20-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sun Dec 15 2013 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 1.4.20-1 - Update to 1.4.20. * Mon Sep 9 2013 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 1.4.13-1 - Update to 1.4.13. * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.32-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ makepasswd-0.5.3-6.fc19 (FEDORA-2014-9529) Generates (pseudo-)random passwords of a desired length -------------------------------------------------------------------------------- Update Information: Fix for BZ#1126076 -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 17 2014 Johan Swensson <kupo@xxxxxxx> - 0.5.3-6 - Fix for BZ#1126076 * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1126076 - [abrt] makepasswd: _makepasswd_password(): makepasswd killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1126076 -------------------------------------------------------------------------------- ================================================================================ mediawiki-1.23.2-1.fc19 (FEDORA-2014-9548) A wiki engine -------------------------------------------------------------------------------- Update Information: This is a major update from the 1.21 branch to the 1.23 long term support branch. * (bug 68187) SECURITY: Prepend jsonp callback with comment. - CVE-2014-5241 * (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used for loading a new page in Javascript,instead of relying on the URL in the link that has been clicked. - CVE-2014-5242 * (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and ParserOutput. - CVE-2014-5243 -------------------------------------------------------------------------------- ChangeLog: * Sat Aug 16 2014 Michael Cronenworth <mike@xxxxxxxxxx> - 1.23.2-1 - Update to 1.23.2 (long term support branch) - (bug 68187) SECURITY: Prepend jsonp callback with comment. - (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used for loading a new page in Javascript,instead of relying on the URL in the link that has been clicked. - (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and ParserOutput. - (bug 68313) Preferences: Turn stubthreshold back into a combo box. - (bug 65214) Fix initSiteStats.php maintenance script. - (bug 67594) Special:ActiveUsers: Fix to work with PostgreSQL. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1125111 - CVE-2014-5241,CVE-2014-5242,CVE-2014-5243 mediawiki: security issues fixed in the 1.19.18, 1.22.9, and 1.23.2 releases https://bugzilla.redhat.com/show_bug.cgi?id=1125111 -------------------------------------------------------------------------------- ================================================================================ mingw-postgresql-9.2.9-1.fc19 (FEDORA-2014-9577) MinGW Windows PostgreSQL library -------------------------------------------------------------------------------- Update Information: Update to PostgreSQL 9.2.9 per release notes http://www.postgresql.org/docs/9.2/static/release-9-2-9.html -------------------------------------------------------------------------------- ChangeLog: * Sat Aug 16 2014 Michael Cronenworth <mike@xxxxxxxxxx> - 9.2.9-1 - New upstream release. -------------------------------------------------------------------------------- ================================================================================ nodejs-pac-resolver-1.2.2-1.fc19 (FEDORA-2014-9559) Generates an asynchronous resolver function from a PAC file -------------------------------------------------------------------------------- Update Information: Initial packaging -------------------------------------------------------------------------------- References: [ 1 ] Bug #1122229 - Review Request: nodejs-pac-resolver - Generates an asynchronous resolver function from a PAC file https://bugzilla.redhat.com/show_bug.cgi?id=1122229 -------------------------------------------------------------------------------- ================================================================================ nodejs-rainbowsocks-0.1.2-1.fc19 (FEDORA-2014-9547) SOCKS4a proxy client -------------------------------------------------------------------------------- Update Information: Initial packaging -------------------------------------------------------------------------------- References: [ 1 ] Bug #1122232 - Review Request: nodejs-rainbowsocks - SOCKS4a proxy client https://bugzilla.redhat.com/show_bug.cgi?id=1122232 -------------------------------------------------------------------------------- ================================================================================ nodejs-regenerator-0.4.9-2.fc19 (FEDORA-2014-9558) Source transformer enabling ECMAScript 6 generators -------------------------------------------------------------------------------- Update Information: Initial packaging -------------------------------------------------------------------------------- References: [ 1 ] Bug #1122235 - Review Request: nodejs-regenerator - Source transformer enabling ECMAScript 6 generators https://bugzilla.redhat.com/show_bug.cgi?id=1122235 -------------------------------------------------------------------------------- ================================================================================ openttd-1.4.2-1.fc19 (FEDORA-2014-9532) Transport system simulation game -------------------------------------------------------------------------------- Update Information: Update to 1.4.2 containing a few minor bugfixes -------------------------------------------------------------------------------- ChangeLog: * Sat Aug 16 2014 Felix Kaechele <heffer@xxxxxxxxxxxxxxxxx> - 1.4.2-1 - update to 1.4.2 -------------------------------------------------------------------------------- ================================================================================ pcc-1.1.0-0.2.20140817cvs.fc19.1 (FEDORA-2014-9564) The Portable C Compiler -------------------------------------------------------------------------------- Update Information: Update to 20140817 by request of upstream. -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 17 2014 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 1.1.0-0.1.20140817cvs - Update to 20140817. * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1.0-0.2.20140420cvs.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Fri Jun 6 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1.0-0.1.20140420cvs.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ perl-Plack-1.0031-1.fc19 (FEDORA-2014-9544) Perl Superglue for Web frameworks and Web Servers (PSGI toolkit) -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 8 2014 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 1.0031-1 - Upstream update. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1128978 - CVE-2014-5269 perl-Plack: trailing slashes removed leading to source code disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1128978 -------------------------------------------------------------------------------- ================================================================================ perl-Test-Warn-0.30-1.fc19 (FEDORA-2014-9561) Perl extension to test methods for warnings -------------------------------------------------------------------------------- Update Information: This is the current upstream maintenance release. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 5 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 0.30-1 - Update to 0.30 - Important note in documentation how check for warning category is done; if you use Test::Warn with categories, you should check that it does what you expect - Category tree is now dynamic and does not use Tree::DAG_Node * Tue Feb 18 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 0.24-8 - Specify all dependencies * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.24-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Sun Jul 21 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 0.24-6 - Perl 5.18 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1130870 - Please update to upstream version >= 0.30 https://bugzilla.redhat.com/show_bug.cgi?id=1130870 -------------------------------------------------------------------------------- ================================================================================ perl-XML-TreeBuilder-5.4-0.fc19 (FEDORA-2014-9580) Parser that builds a tree of XML::Element objects -------------------------------------------------------------------------------- Update Information: New upstream: Thu May 29 2014 Jeff Fearn <Jeff.Fearn@xxxxxxxxx> Release 5.4 Do not escape CDATA content. Tue May 27 2014 Jeff Fearn <Jeff.Fearn@xxxxxxxxx> Release 5.3 Fix CDATA not being printed properly by as_XML. RT #95970 Fix Devel::Cover declared as build_requires but not used RT #93155 Fix XML::Catalog version number mismatch. RT #93154 Mon Dec 9 2013 Jeff Fearn <Jeff.Fearn@xxxxxxxxx> Release 5.2 Fix local path resolution. RT #90464 -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 6 2014 Rüdiger Landmann <rlandmann@xxxxxxxxxx> - 5.4-0 - New upstream -------------------------------------------------------------------------------- ================================================================================ php-gliph-0.1.8-1.fc19 (FEDORA-2014-9525) A graph library for PHP -------------------------------------------------------------------------------- Update Information: [0.1.8](https://github.com/sdboyer/gliph/releases/tag/0.1.8) ------- * Detach the right splos [0.1.7](https://github.com/sdboyer/gliph/releases/tag/0.1.7) ------- * Add _cleanupSplosTraversal() for callability in closures. -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 17 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 0.1.8-1 - Updated to 0.1.8 (BZ #1125361) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1125361 - php-gliph-0.1.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1125361 -------------------------------------------------------------------------------- ================================================================================ php-htmLawed-1.1.18-1.fc19 (FEDORA-2014-9566) PHP code to purify and filter HTML -------------------------------------------------------------------------------- Update Information: Version 1.1.18 - 2 August 2014. * Fix for a potential security vulnerability arising from specially encoded text with serial opening tags -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 17 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.1.18-1 - update to 1.1.18 (security) - fix license handling -------------------------------------------------------------------------------- ================================================================================ phpMyAdmin-4.2.7.1-1.fc19 (FEDORA-2014-9534) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information: phpMyAdmin 4.2.7.1 (2014-08-17) =============================== - [security] XSS in table browse page - [security] Self-XSS in enum value editor - [security] Self-XSSes in monitor - [security] Self-XSS in query charts - [security] XSS in view operations page - [security] XSS in relation view -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 18 2014 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 4.2.7.1-1 - Upgrade to 4.2.7.1 (#1130865, #1130866, #1131104) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1130865 - CVE-2014-5273 phpMyAdmin: multiple cross-site scripting issues (PMASA-2014-8) https://bugzilla.redhat.com/show_bug.cgi?id=1130865 [ 2 ] Bug #1130866 - CVE-2014-5274 phpMyAdmin: cross-site scripting flaw on view operations page (PMASA-2014-9) https://bugzilla.redhat.com/show_bug.cgi?id=1130866 -------------------------------------------------------------------------------- ================================================================================ pidgin-sipe-1.18.3-1.fc19 (FEDORA-2014-9552) Pidgin protocol plugin to connect to MS Office Communicator -------------------------------------------------------------------------------- Update Information: New upstream release: * fixes audio/video call if host has IPv6 address (bz #1124510) * fixes assert triggered by EWS autodiscover in older libxml2 versions * fixes crash triggered by EWS autodiscover when glib2 < 2.30.0 -------------------------------------------------------------------------------- ChangeLog: * Sat Aug 16 2014 Stefan Becker <chemobejk@xxxxxxxxx> - 1.18.3-1 - update to 1.18.3: - fixes audio/video call if host has IPv6 address (bz #1124510) - fixes assert triggered by EWS autodiscover in older libxml2 versions - fixes crash triggered by EWS autodiscover when glib2 < 2.30.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1124510 - upgrade to 1.18.2 breaks voice calls https://bugzilla.redhat.com/show_bug.cgi?id=1124510 -------------------------------------------------------------------------------- ================================================================================ python-pillow-2.0.0-14.gitd1c6db8.fc19 (FEDORA-2014-9536) Python image processing library -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2014-3589 -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 17 2014 Sandro Mani <manisandro@xxxxxxxxx> - 2.0.0-14.gitd1c6db8 - Fix CVE-2014-3589 (rhbz #1130712) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1130711 - CVE-2014-3589 python-pillow: DoS in IcnsImagePlugin https://bugzilla.redhat.com/show_bug.cgi?id=1130711 -------------------------------------------------------------------------------- ================================================================================ streamtuner-2.1.3-1.fc19 (FEDORA-2014-9545) An internet radio browser -------------------------------------------------------------------------------- Update Information: - update to 2.1.3 (fixed shoutcast plugin) - readd live365 plugin -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 17 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.1.3-1 - update to 2.1.3 - drop upstream patch - readd live365 plugin - drop requires gtk-doc * Thu Jul 3 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.1.1-8 - add requires youtube-dl (required for youtube record) * Thu Jul 3 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.1.1-7 - fix issue with totem playing youtube video * Thu Jul 3 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.1.1-6 - fix myoggradio plugin -------------------------------------------------------------------------------- ================================================================================ subversion-1.7.18-1.fc19 (FEDORA-2014-9521) A Modern Concurrent Version Control System -------------------------------------------------------------------------------- Update Information: This update includes the latest stable release of **Apache Subversion** 1.7, version **1.7.18**, fixing a minor security issue. **Client-side bugfixes:** * guard against md5 hash collisions when finding cached credentials (CVE-2014-3528). See: http://subversion.apache.org/security/CVE-2014-3528-advisory.txt **Developer-visible changes** **General:** * fix ocassional failure in checkout_tests.py test 12. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 18 2014 Joe Orton <jorton@xxxxxxxxxx> - 1.7.18-1 - update to 1.7.18 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1125799 - CVE-2014-3528 subversion: credentials leak via MD5 collision https://bugzilla.redhat.com/show_bug.cgi?id=1125799 -------------------------------------------------------------------------------- ================================================================================ texstudio-2.8.2-1.fc19 (FEDORA-2014-9567) A feature-rich editor for LaTeX documents -------------------------------------------------------------------------------- Update Information: - update to 2.8.2 -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 26 2014 Johannes Lips <hannes@xxxxxxxxxxxxxxxxx> 2.8.2-1 - Update to latest upstream version 2.8.2 * Fri Jun 20 2014 Johannes Lips <hannes@xxxxxxxxxxxxxxxxx> 2.8.0-1 - Update to latest upstream version 2.8.0 -------------------------------------------------------------------------------- ================================================================================ w_scan-20140727-1.fc19 (FEDORA-2014-9550) Tool for scanning DVB transponders -------------------------------------------------------------------------------- Update Information: Contains some minor bugfixes, especially for users of DVB-T/T2 in Finland -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 17 2014 Felix Kaechele <heffer@xxxxxxxxxxxxxxxxx> - 20140727-1 - update to 20140727 * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 20140118-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ wine-1.7.24-1.fc19 (FEDORA-2014-9589) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information: * Wine fonts are no longer installed in the system folder. Version 1.7.24 * Beginning of some DirectWrite classes implementation. * Initial wrapper dll for the packet capture library. * Some crypto improvements. * Various bug fixes. Version 1.7.23 * Better support for files drag & drop. * Improvements to the HTTP cookie management. * Initial support for 64-bit Android builds. * Fixes to crypto certificates management. * Various bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 15 2014 Michael Cronenworth <mike@xxxxxxxxxx> - 1.7.24-1 - version upgrade - No longer install Wine fonts into system directory (rhbz#1039763) * Thu Jul 17 2014 Björn Esser <bjoern.esser@xxxxxxxxx> - 1.7.22-4 - prevent accidential build with compholio-patchset on EPEL - rebuild for pulseaudio (bug #1117683) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1124297 - wine-1.7.24 is available https://bugzilla.redhat.com/show_bug.cgi?id=1124297 [ 2 ] Bug #1039763 - wine-courier-fonts overrides system courier font with limited .fon file https://bugzilla.redhat.com/show_bug.cgi?id=1039763 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
