Fedora 19 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 19 Security updates need testing:
 Age  URL
 389  https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19
 201  https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19
 152  https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19
  69  https://admin.fedoraproject.org/updates/FEDORA-2014-10640/libreoffice-4.1.6.2-8.fc19
  54  https://admin.fedoraproject.org/updates/FEDORA-2014-11544/drupal6-6.33-1.fc19
  47  https://admin.fedoraproject.org/updates/FEDORA-2014-12057/krb5-1.11.3-29.fc19
  33  https://admin.fedoraproject.org/updates/FEDORA-2014-13047/libxml2-2.9.1-2.fc19
  33  https://admin.fedoraproject.org/updates/FEDORA-2014-13018/deluge-1.3.10-1.fc19
  23  https://admin.fedoraproject.org/updates/FEDORA-2014-13551/wpa_supplicant-2.0-12.fc19
  18  https://admin.fedoraproject.org/updates/FEDORA-2014-14066/php-sabredav-Sabre_VObject-2.1.4-1.fc19,php-sabredav-Sabre_HTTP-1.7.11-1.fc19,php-sabredav-Sabre_CalDAV-1.7.9-1.fc19,php-sabredav-Sabre_DAVACL-1.7.9-1.fc19,php-sabredav-Sabre_CardDAV-1.7.9-2.fc19,php-sabredav-Sabre_DAV-1.7.13-1.fc19,owncloud-5.0.17-2.fc19
  14  https://admin.fedoraproject.org/updates/FEDORA-2014-14266/python-2.7.5-15.fc19
  14  https://admin.fedoraproject.org/updates/FEDORA-2014-14237/claws-mail-plugins-3.11.1-1.fc19,claws-mail-3.11.1-2.fc19,libetpan-1.6-1.fc19
  12  https://admin.fedoraproject.org/updates/FEDORA-2014-14359/curl-7.29.0-25.fc19
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-14738/gnutls-3.1.20-6.fc19
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-12407/sddm-0.10.0-2.fc19
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-14912/polarssl-1.2.12-1.fc19
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-14980/python-pillow-2.0.0-16.gitd1c6db8.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-15079/mantis-1.2.17-4.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-14874/arm-none-eabi-binutils-cs-2014.05.28-3.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-14838/avr-binutils-2.24-3.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-15124/kwebkitpart-1.3.4-5.fc19
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-15202/kernel-3.14.24-100.fc19
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-15248/kde-runtime-4.11.5-3.fc19
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-15307/python-django14-1.4.16-1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15373/lsyncd-2.1.4-4.fc19.1
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15378/rubygem-actionpack-3.2.13-7.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15390/nodejs-0.10.33-1.fc19,libuv-0.10.29-1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15405/wget-1.16-3.fc19


The following Fedora 19 Critical Path updates have yet to be approved:
 Age URL
 337  https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19
 263  https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19
  12  https://admin.fedoraproject.org/updates/FEDORA-2014-14359/curl-7.29.0-25.fc19
  10  https://admin.fedoraproject.org/updates/FEDORA-2014-14516/pcre-8.32-11.fc19
  10  https://admin.fedoraproject.org/updates/FEDORA-2014-14505/unzip-6.0-12.fc19
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-14738/gnutls-3.1.20-6.fc19
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-15032/man-db-2.6.3-9.fc19
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-15027/evolution-data-server-3.8.5-7.fc19
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-14807/device-mapper-persistent-data-0.4.1-2.fc19
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-14846/pciutils-3.3.0-1.fc19
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-15202/kernel-3.14.24-100.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15392/kde-workspace-4.11.14-2.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15377/gvfs-1.16.4-3.fc19


The following builds have been pushed to Fedora 19 updates-testing

    berusky-1.7.1-1.fc19
    berusky-data-1.7-3.fc19
    dmlite-0.7.2-1.fc19
    git-review-1.24-2.fc19
    gvfs-1.16.4-3.fc19
    kde-workspace-4.11.14-2.fc19
    libuv-0.10.29-1.fc19
    lsyncd-2.1.4-4.fc19.1
    nodejs-0.10.33-1.fc19
    nomacs-2.2.0-2.fc19
    python-bugzilla2fedmsg-0.2.1-1.fc19
    quiterss-0.17.1-1.fc19
    rubygem-actionpack-3.2.13-7.fc19
    voms-2.0.12-1.fc19
    wget-1.16-3.fc19

Details about builds:


================================================================================
 berusky-1.7.1-1.fc19 (FEDORA-2014-15128)
 Sokoban clone
--------------------------------------------------------------------------------
Update Information:

Updated app file, fixed start-up crash.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 17 2014 Martin Stransky <stransky@xxxxxxxxxx> 1.7.1-1
- New upstream version (1.7.1)
* Thu Sep 25 2014 Martin Stransky <stransky@xxxxxxxxxx> 1.7-4
- Added appdata file
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Feb  8 2014 Martin Stransky <stransky@xxxxxxxxxx> 1.7-1
- New upstream version (1.7)
* Thu Dec 12 2013 Ville Skyttä <ville.skytta@xxxxxx> - 1.6-4
- Install docs to %{_pkgdocdir} where available (#993683).
- Fix bogus dates in %changelog.
* Sat Aug  3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 berusky-data-1.7-3.fc19 (FEDORA-2014-15128)
 A datafile for Berusky
--------------------------------------------------------------------------------
Update Information:

Updated app file, fixed start-up crash.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 17 2014 Martin Stransky <stransky@xxxxxxxxxx> 1.7-3
- Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Feb  8 2014 Martin Stransky <stransky@xxxxxxxxxx> 1.7-1
- Update to 1.7
* Sat Aug  3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 dmlite-0.7.2-1.fc19 (FEDORA-2014-15399)
 Lcgdm grid data management and storage framework
--------------------------------------------------------------------------------
Update Information:

Update to 0.7.2, BugFix for too much verbose logging
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Adrien Devresse <adevress at cern.ch> - 0.7.2-1
- Update to 0.7.2, BugFix for too much verbose logging
--------------------------------------------------------------------------------


================================================================================
 git-review-1.24-2.fc19 (FEDORA-2014-15381)
 A Git helper for integration with Gerrit
--------------------------------------------------------------------------------
Update Information:

This update resolves a regression that crept into the initial release of 1.24: missing a python-requests dependency.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Pete Zaitcev <zaitcev@xxxxxxxxxx> - 1.24-2
- Require python-requests (#1165468)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1165468 - [abrt] git-review: cmd.py:31:<module>:ImportError: No module named requests
        https://bugzilla.redhat.com/show_bug.cgi?id=1165468
--------------------------------------------------------------------------------


================================================================================
 gvfs-1.16.4-3.fc19 (FEDORA-2014-15377)
 Backends for the gio framework in GLib
--------------------------------------------------------------------------------
Update Information:

Fix metadata looping (#1159991)
Update to 1.16.4
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 11 2014 Ondrej Holy <oholy@xxxxxxxxxx> - 1.18.4-3
- Fix metadata looping (#1159991)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1159991 - gvfsd-metadata using 100% CPU for extended time (hours after hours)
        https://bugzilla.redhat.com/show_bug.cgi?id=1159991
--------------------------------------------------------------------------------


================================================================================
 kde-workspace-4.11.14-2.fc19 (FEDORA-2014-15392)
 KDE Workspace
--------------------------------------------------------------------------------
Update Information:

Split kwin into it's own subpackage of kde-workspace, so that we can easilly replace it by KWin from Plasma 5.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 12 2014 Daniel Vrátil <dvratil@xxxxxxxxxx> 4.11.14-2
- move kwin and kwin-libs to subpackages
--------------------------------------------------------------------------------


================================================================================
 libuv-0.10.29-1.fc19 (FEDORA-2014-15390)
 Platform layer for node.js
--------------------------------------------------------------------------------
Update Information:

This release handles the recent POODLE vulnerability by disabling SSLv2/SSLv3
by default for the most predominate uses of TLS in Node.js.

It took longer than expected to get this release accomplished in a way that
would provide appropriate default security settings, while minimizing the
surface area for the behavior change we were introducing. It was also important
that we validated that our changes were being applied in the variety of
configurations we support in our APIs.

With this release, we are confident that the only behavior change is that of
the default allowed protocols do not include SSLv2 or SSLv3. Though you are
still able to programatically consume those protocols if necessary.

Included is the documentation that you can find at
https://nodejs.org/api/tls.html#tls_protocol_support that describes how this
works going forward for client and server implementations.

---

Node.js is compiled with SSLv2 and SSLv3 protocol support by default, but these
protocols are **disabled**. They are considered insecure and could be easily
compromised as was shown by CVE-2014-3566. However, in some situations, it
may cause problems with legacy clients/servers (such as Internet Explorer 6).
If you wish to enable SSLv2 or SSLv3, run node with the `--enable-ssl2` or
`--enable-ssl3` flag respectively.  In future versions of Node.js SSLv2 and
SSLv3 will not be compiled in by default.

There is a way to force node into using SSLv3 or SSLv2 only mode by explicitly
specifying `secureProtocol` to `'SSLv3_method'` or `'SSLv2_method'`.

The default protocol method Node.js uses is `SSLv23_method` which would be more
accurately named `AutoNegotiate_method`. This method will try and negotiate
from the highest level down to whatever the client supports.  To provide a
secure default, Node.js (since v0.10.33) explicitly disables the use of SSLv3
and SSLv2 by setting the `secureOptions` to be
`SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2` (again, unless you have passed
`--enable-ssl3`, or `--enable-ssl2`, or `SSLv3_method` as `secureProtocol`).

If you have set `securityOptions` to anything, we will not override your
options.

The ramifications of this behavior change:

 * If your application is behaving as a secure server, clients who are `SSLv3`
only will now not be able to appropriately negotiate a connection and will be
refused. In this case your server will emit a `clientError` event. The error
message will include `'wrong version number'`.
 * If your application is behaving as a secure client and communicating with a
server that doesn't support methods more secure than SSLv3 then your connection
won't be able to negotiate and will fail. In this case your client will emit a
an `error` event. The error message will include `'wrong version number'`.

---

2014.10.20, node.js Version 0.10.33 (Stable)

* child_process: properly support optional args (cjihrig)

* crypto: Disable autonegotiation for SSLv2/3 by default (Fedor Indutny, Timothy J Fontaine, Alexis Campailla)

This is a behavior change, by default we will not allow the negotiation to
SSLv2 or SSLv3. If you want this behavior, run Node.js with either
`--enable-ssl2` or `--enable-ssl3` respectively.

This does not change the behavior for users specifically requesting
`SSLv2_method` or `SSLv3_method`. While this behavior is not advised, it is
assumed you know what you're doing since you're specifically asking to use
these methods.

---

2014.10.21, libuv Version 0.10.29 (Stable)

Relevant changes since version 0.10.28:

* linux: try epoll_pwait if epoll_wait is missing (Michael Hudson-Doyle)

--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 19 2014 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 1:0.10.29-1
- new upstream release 0.10.29
  https://github.com/joyent/libuv/blob/v0.10.29/ChangeLog
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
        https://bugzilla.redhat.com/show_bug.cgi?id=1152789
--------------------------------------------------------------------------------


================================================================================
 lsyncd-2.1.4-4.fc19.1 (FEDORA-2014-15373)
 File change monitoring and synchronization daemon
--------------------------------------------------------------------------------
Update Information:

Fix bad shell argument escaping
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Lubomir Rintel <lkundrak@xxxxx> - 2.1.4-4.1
- Fix bad shell argument escaping
* Sat Aug  3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.1.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1165078 - lsyncd: command injection through backticks in a filename
        https://bugzilla.redhat.com/show_bug.cgi?id=1165078
--------------------------------------------------------------------------------


================================================================================
 nodejs-0.10.33-1.fc19 (FEDORA-2014-15390)
 JavaScript runtime
--------------------------------------------------------------------------------
Update Information:

This release handles the recent POODLE vulnerability by disabling SSLv2/SSLv3
by default for the most predominate uses of TLS in Node.js.

It took longer than expected to get this release accomplished in a way that
would provide appropriate default security settings, while minimizing the
surface area for the behavior change we were introducing. It was also important
that we validated that our changes were being applied in the variety of
configurations we support in our APIs.

With this release, we are confident that the only behavior change is that of
the default allowed protocols do not include SSLv2 or SSLv3. Though you are
still able to programatically consume those protocols if necessary.

Included is the documentation that you can find at
https://nodejs.org/api/tls.html#tls_protocol_support that describes how this
works going forward for client and server implementations.

---

Node.js is compiled with SSLv2 and SSLv3 protocol support by default, but these
protocols are **disabled**. They are considered insecure and could be easily
compromised as was shown by CVE-2014-3566. However, in some situations, it
may cause problems with legacy clients/servers (such as Internet Explorer 6).
If you wish to enable SSLv2 or SSLv3, run node with the `--enable-ssl2` or
`--enable-ssl3` flag respectively.  In future versions of Node.js SSLv2 and
SSLv3 will not be compiled in by default.

There is a way to force node into using SSLv3 or SSLv2 only mode by explicitly
specifying `secureProtocol` to `'SSLv3_method'` or `'SSLv2_method'`.

The default protocol method Node.js uses is `SSLv23_method` which would be more
accurately named `AutoNegotiate_method`. This method will try and negotiate
from the highest level down to whatever the client supports.  To provide a
secure default, Node.js (since v0.10.33) explicitly disables the use of SSLv3
and SSLv2 by setting the `secureOptions` to be
`SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2` (again, unless you have passed
`--enable-ssl3`, or `--enable-ssl2`, or `SSLv3_method` as `secureProtocol`).

If you have set `securityOptions` to anything, we will not override your
options.

The ramifications of this behavior change:

 * If your application is behaving as a secure server, clients who are `SSLv3`
only will now not be able to appropriately negotiate a connection and will be
refused. In this case your server will emit a `clientError` event. The error
message will include `'wrong version number'`.
 * If your application is behaving as a secure client and communicating with a
server that doesn't support methods more secure than SSLv3 then your connection
won't be able to negotiate and will fail. In this case your client will emit a
an `error` event. The error message will include `'wrong version number'`.

---

2014.10.20, node.js Version 0.10.33 (Stable)

* child_process: properly support optional args (cjihrig)

* crypto: Disable autonegotiation for SSLv2/3 by default (Fedor Indutny, Timothy J Fontaine, Alexis Campailla)

This is a behavior change, by default we will not allow the negotiation to
SSLv2 or SSLv3. If you want this behavior, run Node.js with either
`--enable-ssl2` or `--enable-ssl3` respectively.

This does not change the behavior for users specifically requesting
`SSLv2_method` or `SSLv3_method`. While this behavior is not advised, it is
assumed you know what you're doing since you're specifically asking to use
these methods.

---

2014.10.21, libuv Version 0.10.29 (Stable)

Relevant changes since version 0.10.28:

* linux: try epoll_pwait if epoll_wait is missing (Michael Hudson-Doyle)

--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 19 2014 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 0.10.33-1
- new upstream release 0.10.33
  http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/
- This release disables SSLv3 to secure Node.js services against the POODLE
  attack.  (CVE-2014-3566; RHBZ#1152789)  For more information or to learn how
  to re-enable SSLv3 in order to support legacy clients, please see the upstream
  release announcement linked above.
* Tue Oct 21 2014 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 0.10.32-2
- add Provides nodejs-punycode (RHBZ#1151811)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
        https://bugzilla.redhat.com/show_bug.cgi?id=1152789
--------------------------------------------------------------------------------


================================================================================
 nomacs-2.2.0-2.fc19 (FEDORA-2014-15386)
 Lightweight image viewer
--------------------------------------------------------------------------------
Update Information:

Use system libwebp and quazip.
Version bump.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Nov 16 2014 TI_Eugene <ti.eugene@xxxxxxxxx> 2.2.0-2
- Use system libwebp and quazip.
* Thu Nov 13 2014 TI_Eugene <ti.eugene@xxxxxxxxx> 2.2.0-1
- Version bump.
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.0.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 python-bugzilla2fedmsg-0.2.1-1.fc19 (FEDORA-2014-15388)
 Consume BZ messages over STOMP and republish to fedmsg
--------------------------------------------------------------------------------
Update Information:

Accomodate rhbz#1139955.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Ralph Bean <rbean@xxxxxxxxxx> - 0.2.1-1
- Latest upstream handles timezones for rhbz#1139955.
--------------------------------------------------------------------------------


================================================================================
 quiterss-0.17.1-1.fc19 (FEDORA-2014-15406)
 RSS/Atom aggregator
--------------------------------------------------------------------------------
Update Information:

Version bump
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 TI_Eugene <ti.eugene@xxxxxxxxx> - 0.17.1-1
- Version bump
--------------------------------------------------------------------------------


================================================================================
 rubygem-actionpack-3.2.13-7.fc19 (FEDORA-2014-15378)
 Web-flow and rendering framework putting the VC in MVC
--------------------------------------------------------------------------------
Update Information:

Fixes for CVE-2014-7818 (rhbz#1163511) and CVE-2014-7829 (rhbz#1165077)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Josef Stribny <jstribny@xxxxxxxxxx> - 1:3.2.13-7
- Fix CVE-2014-7818 (rhbz#1163511) and CVE-2014-7829 (rhbz#1165077)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1161499 - CVE-2014-7818 rubygem-actionpack: arbitrary file existence disclosure
        https://bugzilla.redhat.com/show_bug.cgi?id=1161499
  [ 2 ] Bug #1164659 - CVE-2014-7829 rubygem-actionpack: incomplete fix for CVE-2014-7818, arbitrary file existence disclosure
        https://bugzilla.redhat.com/show_bug.cgi?id=1164659
--------------------------------------------------------------------------------


================================================================================
 voms-2.0.12-1.fc19 (FEDORA-2014-15382)
 Virtual Organization Membership Service
--------------------------------------------------------------------------------
Update Information:

VOMS update
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 17 2014 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 2.0.12-1
- Update to version 2.0.12
- Drop patches voms-gsoap.patch, voms-sha2-proxy.patch and voms-strndup.patch
  (accepted upstream)
- Add alternatives to the client package to allow parallel installation of
  the java implementation of the client tools
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.0.11-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jul 13 2014 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 2.0.11-9
- Rebuild properly
* Sun Jul 13 2014 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 2.0.11-8
- Rebuild for gsoap 2.8.17 (Fedora 22)
--------------------------------------------------------------------------------


================================================================================
 wget-1.16-3.fc19 (FEDORA-2014-15405)
 A utility for retrieving files using the HTTP or FTP protocols
--------------------------------------------------------------------------------
Update Information:

add fix for arches with unsigned char
security update
Fix the progress bar issue (#1159643)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Tomas Hozza <thozza@xxxxxxxxxx> - 1.16-3
- Fix the progress bar issue (#1159643)
* Mon Nov  3 2014 Jakub Čajka <jcajka@xxxxxxxxxx> - 1.16-2
- fix failing tests idn-cmd-utf8 and idn-robots-utf8
- re-enabled tests
* Fri Oct 31 2014 Tomas Hozza <thozza@xxxxxxxxxx> - 1.16-1
- update to 1.16
- fixes CVE-2014-4877
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1139181 - CVE-2014-4877 wget: FTP symlink arbitrary filesystem access
        https://bugzilla.redhat.com/show_bug.cgi?id=1139181
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test





[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux