Fedora 20 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 20 Security updates need testing:
 Age  URL
  50  https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20
   8  https://admin.fedoraproject.org/updates/FEDORA-2014-14791/mariadb-galera-5.5.40-2.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-15108/mantis-1.2.17-4.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-14963/avr-binutils-2.24-3.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-15102/moodle-2.5.9-1.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-14833/arm-none-eabi-binutils-cs-2014.05.28-3.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-15130/kwebkitpart-1.3.4-5.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-15244/wireshark-1.10.11-1.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-15266/python-django14-1.4.16-1.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionpack-4.0.0-5.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-15393/lsyncd-2.1.4-4.fc20.1
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-15379/nodejs-0.10.33-1.fc20,libuv-0.10.29-1.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-15394/erlang-R16B-03.9.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-15464/python-eyed3-0.7.4-4.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-15489/rubygem-sprockets-2.8.2-5.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15521/xen-4.3.3-5.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15541/tcpdump-4.5.1-2.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15519/drupal6-6.34-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15528/drupal7-7.34-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15538/phpMyAdmin-4.2.12-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15532/kde-runtime-4.14.3-2.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15507/wordpress-4.0.1-1.fc20


The following Fedora 20 Critical Path updates have yet to be approved:
 Age URL
   8  https://admin.fedoraproject.org/updates/FEDORA-2014-15054/perl-Pod-Usage-1.64-2.fc20,perl-Pod-Checker-1.60-292.fc20
   8  https://admin.fedoraproject.org/updates/FEDORA-2014-14798/device-mapper-persistent-data-0.4.1-2.fc20
   8  https://admin.fedoraproject.org/updates/FEDORA-2014-14964/libtdb-1.3.1-1.fc20
   8  https://admin.fedoraproject.org/updates/FEDORA-2014-14861/libpipeline-1.2.4-3.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-15120/dosfstools-3.0.27-1.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-15326/pycairo-1.10.0-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15552/selinux-policy-3.12.1-195.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15523/gdb-7.7.1-22.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15533/ca-certificates-2014.2.1-1.5.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15501/v4l-utils-1.6.0-2.fc20


The following builds have been pushed to Fedora 20 updates-testing

    ampr-ripd-1.13-1.fc20
    ca-certificates-2014.2.1-1.5.fc20
    clementine-1.2.3-2.fc20
    dnf-langpacks-0.5.1-1.fc20
    drupal6-6.34-1.fc20
    drupal7-7.34-1.fc20
    edg-mkgridmap-4.0.0-8.fc20
    gdb-7.7.1-22.fc20
    golang-github-emicklei-go-restful-0-0.1.gitad99b12.fc20
    golang-github-vishvananda-netlink-0-0.1.git2187ba6.fc20
    golang-github-vishvananda-netns-0-0.1.gite14a2d4.fc20
    gr-rds-0-0.4.20141117gitff1ca15.fc20
    kde-runtime-4.14.3-2.fc20
    libechonest-2.3.0-1.fc20
    lucene++-3.0.6-1.fc20
    mate-themes-1.9.2-1.fc20
    nano-2.3.2-5.fc20
    nodejs-filelist-0.0.3-1.fc20
    nodejs-json-localizer-0.0.2-1.fc20
    openvpn-2.3.2-7.fc20
    packagedb-cli-2.6-1.fc20
    perl-Data-Munge-0.091-1.fc20
    perl-File-ConfigDir-0.014-1.fc20
    perl-HTML-Mason-1.56-1.fc20
    perl-Net-SMTPS-0.04-1.fc20
    perl-Sub-Exporter-ForMethods-0.100051-1.fc20
    php-5.5.19-3.fc20
    php-psr-http-message-0.5.1-1.fc20
    php-symfony-2.5.7-1.fc20
    phpMyAdmin-4.2.12-1.fc20
    pidgin-2.10.10-3.fc20
    privoxy-3.0.22-1.fc20
    python-copr-1.54-1.fc20
    python-docker-py-0.6.0-1.fc20
    python-fedmsg-meta-fedora-infrastructure-0.3.6-1.fc20
    qpid-dispatch-0.2-9.fc20
    selinux-policy-3.12.1-195.fc20
    tcpdump-4.5.1-2.fc20
    tomahawk-0.8.2-1.fc20
    tzdata-2014j-1.fc20
    v4l-utils-1.6.0-2.fc20
    vtun-3.0.3-10.fc20
    websocketpp-0.4.0-2.fc20
    wmx-8-1.fc20
    wordpress-4.0.1-1.fc20
    xen-4.3.3-5.fc20
    xfce4-systemload-plugin-1.1.2-1.fc20
    xscreensaver-5.32-1.fc20

Details about builds:


================================================================================
 ampr-ripd-1.13-1.fc20 (FEDORA-2014-15551)
 Routing daemon for the ampr network
--------------------------------------------------------------------------------
Update Information:

This is new version fixing bugs and adding new features, for details see upstream changelog: http://www.yo2loj.ro/hamprojects/
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 21 2014 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 1.13-1
- New version
  Resolves: rhbz#1166335
- Updated pidfile patch
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1166335 - ampr-ripd-1.13 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1166335
--------------------------------------------------------------------------------


================================================================================
 ca-certificates-2014.2.1-1.5.fc20 (FEDORA-2014-15533)
 The Mozilla CA root certificate bundle
--------------------------------------------------------------------------------
Update Information:

This is an update to CA certificates version 2.1, as released by Mozilla in NSS versions 3.16.4 and 3.17.

Several CA certificates with a weak key size of 1024-bits have been removed by Mozilla, prior to their expiration. (It is expected that additional CA certificates with weak 1024-bit keys will be removed in future releases.)

Unfortunately we see issues with software that uses OpenSSL/GnuTLS after these removals with many popular web sites. The issue (or one out of several possible issues) is that web sites may be configured to send multiple intermediate CA certificates, intended for maximum compatibility with client software. One intermediate points to one of the removed CA certificates, and another intermediate points to a newer root. The problem is that OpenSSL/GnuTLS don't search for an alternative trusted root, after being unable to construct a trust chain for the topmost intermediate CA certificate sent by the servers.

In order to allow more time to implement enhancements or workarounds, the CA-certificates package will keep trust for the related root CA certificates, by default. See rhbz#1144808 for additional information. The related upstream bugs are: https://bugzilla.mozilla.org/show_bug.cgi?id=936304 https://bugzilla.mozilla.org/show_bug.cgi?id=986005

In addition, this update introduces the ca-legacy utility and a ca-legacy.conf configuration file. Using the new ca-legacy utility, it is possible to opt-in to disable the trust for the legacy root CA certificates, by executing the command "ca-legacy disable".

If disabled, the system will use the trust set as provided by the upstream Mozilla CA list, and as a consequence software based on OpenSSL/GnuTLS might fail to validate affected certificates. (See also: rhbz#1158197)

More information about the affected CA certificates and other recent modifications can be found in the upstream NSS release notes for version 3.16.3 at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.3_release_notes with amendments to the changes as explained in the NSS release notes for version 3.16.4 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.4_release_notes

--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 20 2014 Kai Engert <kaie@xxxxxxxxxx> - 2014.2.1-1.5
- Introduce the ca-legacy utility and a ca-legacy.conf configuration file.
  By default, legacy roots required for OpenSSL/GnuTLS compatibility
  are kept enabled. Using the ca-legacy utility, the legacy roots can be
  disabled. If disabled, the system will use the trust set as provided
  by the upstream Mozilla CA list. (See also: rhbz#1158197)
- Includes the fixes for rhbz#1158343
* Sun Sep 21 2014 Kai Engert <kaie@xxxxxxxxxx> - 2014.2.1-1.1
- Temporarily re-enable several legacy root CA certificates because of
  compatibility issues with software based on OpenSSL/GnuTLS,
  see rhbz#1144808
* Thu Aug 14 2014 Kai Engert <kaie@xxxxxxxxxx> - 2014.2.1-1.0
- Update to CKBI 2.1 from NSS 3.16.4
- Fix rhbz#1130226
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1158197 - Allow disabling of legacy root CA certificates as a system configuration
        https://bugzilla.redhat.com/show_bug.cgi?id=1158197
  [ 2 ] Bug #1130226 - Ensure neutral-trust CA certificates will be loaded by p11-kit-trust
        https://bugzilla.redhat.com/show_bug.cgi?id=1130226
--------------------------------------------------------------------------------


================================================================================
 clementine-1.2.3-2.fc20 (FEDORA-2014-15472)
 A music player and library organizer
--------------------------------------------------------------------------------
Update Information:

New tomahawk 0.8 release, with a new design, a slew of new features, and major usability improvements. See also http://blog.tomahawk-player.org/post/101838247563/tomahawk-0-8-allow-ourselves-to-reintroduce
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  5 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.2.3-2
- rebuild (libechonest)
--------------------------------------------------------------------------------


================================================================================
 dnf-langpacks-0.5.1-1.fc20 (FEDORA-2014-15524)
 Langpacks plugin for dnf
--------------------------------------------------------------------------------
Update Information:

update to 0.5.1 release
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 21 2014 Parag Nemade <pnemade AT redhat DOT com> - 0.5.1-1
- update to 0.5.1 release
* Sun Oct 12 2014 Parag Nemade <pnemade AT redhat DOT com> - 0.5.0-1
- update to 0.5.0 release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1166342 - dnf-langpacks-0.5.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1166342
--------------------------------------------------------------------------------


================================================================================
 drupal6-6.34-1.fc20 (FEDORA-2014-15519)
 An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:

https://www.drupal.org/SA-CORE-2014-006
* Update to Drupal 6.
* Drupal 6.33 release notes can be found here, https://www.drupal.org/drupal-6.33-release-notes.

--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 20 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 6.34-1
- 6.34, DRUPAL-SA-CORE-2014-006
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1166100 - CVE-2012-6662 drupal6: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1166100
  [ 2 ] Bug #1127539 - drupal6: drupal: denial of service issue (SA-CORE-2014-004) [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1127539
  [ 3 ] Bug #1166246 - CVE-2014-9015 drupal6: drupal: session hijacking vulnerability (SA-CORE-2014-006) [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1166246
  [ 4 ] Bug #1166247 - CVE-2014-9015 drupal6: drupal: session hijacking vulnerability (SA-CORE-2014-006) [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1166247
--------------------------------------------------------------------------------


================================================================================
 drupal7-7.34-1.fc20 (FEDORA-2014-15528)
 An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:

https://www.drupal.org/SA-CORE-2014-006
- Update to upstream 7.33 maintenance release with numerous bug fixes
- Update to upstream 7.33 maintenance release with numerous bug fixes
- Update to upstream 7.33 maintenance release with numerous bug fixes
- Update to upstream 7.33 maintenance release with numerous bug fixes
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 20 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 7.34-1
- 7.34, DRUPAL-SA-CORE-2014-006.
* Tue Nov 11 2014 Peter Borsa <peter.borsa@xxxxxxxxx> - 7.33-1
- Update to upstream 7.33 maintenance release with numerous bug fixes
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1166101 - CVE-2012-6662 drupal7: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1166101
  [ 2 ] Bug #1166249 - CVE-2014-9015 drupal7: drupal: session hijacking vulnerability (SA-CORE-2014-006) [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1166249
  [ 3 ] Bug #1166250 - CVE-2014-9015 drupal7: drupal: session hijacking vulnerability (SA-CORE-2014-006) [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1166250
--------------------------------------------------------------------------------


================================================================================
 edg-mkgridmap-4.0.0-8.fc20 (FEDORA-2014-15540)
 A tool to build the grid map-file from VO servers
--------------------------------------------------------------------------------
Update Information:

Added missing dependency on "perl(LWP::Protocol::https)"
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 21 2014 Alejandro Alvarez Ayllon <aalvarez@xxxxxxx> - 4.0.0-8
- Added Requires perl(LWP::Protocol::https)
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.0.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1165991 - edg-mkgridmap missing dependency
        https://bugzilla.redhat.com/show_bug.cgi?id=1165991
--------------------------------------------------------------------------------


================================================================================
 gdb-7.7.1-22.fc20 (FEDORA-2014-15523)
 A GNU source-level debugger for C, C++, Fortran, Go and other languages
--------------------------------------------------------------------------------
Update Information:

This fix makes the GDB RPM aware of the /usr/include/gdb directory, which is created during the RPM installation.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 20 2014 Sergio Durigan Junior <sergiodj@xxxxxxxxxx> - 7.7.1-22.fc20
- Fix 'Unowned dir /usr/include/gdb/' (RH BZ 1164991).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1164991 - Unowned dir /usr/include/gdb/
        https://bugzilla.redhat.com/show_bug.cgi?id=1164991
--------------------------------------------------------------------------------


================================================================================
 golang-github-emicklei-go-restful-0-0.1.gitad99b12.fc20 (FEDORA-2014-15496)
 Package for building REST-style Web Services using Google Go
--------------------------------------------------------------------------------
Update Information:

First package for Fedora
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1164152 - Review Request: golang-github-emicklei-go-restful - Package for building REST-style Web Services using Google Go
        https://bugzilla.redhat.com/show_bug.cgi?id=1164152
--------------------------------------------------------------------------------


================================================================================
 golang-github-vishvananda-netlink-0-0.1.git2187ba6.fc20 (FEDORA-2014-15518)
 Simple netlink library for go
--------------------------------------------------------------------------------
Update Information:

First package for Fedora
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1164176 - Review Request: golang-github-vishvananda-netlink - Simple netlink library for go
        https://bugzilla.redhat.com/show_bug.cgi?id=1164176
--------------------------------------------------------------------------------


================================================================================
 golang-github-vishvananda-netns-0-0.1.gite14a2d4.fc20 (FEDORA-2014-15527)
 Simple network namespace handling for go
--------------------------------------------------------------------------------
Update Information:

First package for Fedora
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1164170 - Review Request: golang-github-vishvananda-netns - Simple network namespace handling for go
        https://bugzilla.redhat.com/show_bug.cgi?id=1164170
--------------------------------------------------------------------------------


================================================================================
 gr-rds-0-0.4.20141117gitff1ca15.fc20 (FEDORA-2014-15513)
 GNU Radio FM RDS Receiver
--------------------------------------------------------------------------------
Update Information:

new package
--------------------------------------------------------------------------------


================================================================================
 kde-runtime-4.14.3-2.fc20 (FEDORA-2014-15532)
 KDE Runtime
--------------------------------------------------------------------------------
Update Information:

New security fix release, insufficient Input Validation By IO Slaves, see also https://www.kde.org/info/security/advisory-20141113-1.txt
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 17 2014 Than Ngo <than@xxxxxxxxxx> - 4.14.3-2
- fix bz#1164609, CVE-2014-8600, Insufficient Input Validation By IO Slaves
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1164293 - CVE-2014-8600 kwebkitpart, kde-runtime: Insufficient Input Validation By IO Slaves and Webkit Part
        https://bugzilla.redhat.com/show_bug.cgi?id=1164293
--------------------------------------------------------------------------------


================================================================================
 libechonest-2.3.0-1.fc20 (FEDORA-2014-15472)
 C++ wrapper for the Echo Nest API
--------------------------------------------------------------------------------
Update Information:

New tomahawk 0.8 release, with a new design, a slew of new features, and major usability improvements. See also http://blog.tomahawk-player.org/post/101838247563/tomahawk-0-8-allow-ourselves-to-reintroduce
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  5 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.3.0-1
- 2.3.0, add -qt5 support
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.1.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.1.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 lucene++-3.0.6-1.fc20 (FEDORA-2014-15472)
 A high-performance, full-featured text search engine written in C++
--------------------------------------------------------------------------------
Update Information:

New tomahawk 0.8 release, with a new design, a slew of new features, and major usability improvements. See also http://blog.tomahawk-player.org/post/101838247563/tomahawk-0-8-allow-ourselves-to-reintroduce
--------------------------------------------------------------------------------


================================================================================
 mate-themes-1.9.2-1.fc20 (FEDORA-2014-15547)
 MATE Desktop themes
--------------------------------------------------------------------------------
Update Information:

- update to 1.9.2 release
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 20 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.9.2-1
- update to 1.9.2 release
--------------------------------------------------------------------------------


================================================================================
 nano-2.3.2-5.fc20 (FEDORA-2014-15520)
 A small text editor
--------------------------------------------------------------------------------
Update Information:

- fix intermittent crashes with undo/redo (#1166666)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 21 2014 Kamil Dudka <kdudka@xxxxxxxxxx> - 2.3.2-5
- fix intermittent crashes with undo/redo (#1166666)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1166666 - [abrt] nano: delete_node(): nano killed by SIGABRT
        https://bugzilla.redhat.com/show_bug.cgi?id=1166666
--------------------------------------------------------------------------------


================================================================================
 nodejs-filelist-0.0.3-1.fc20 (FEDORA-2014-15536)
 Lazy-evaluating list of files, based on globs or regexes
--------------------------------------------------------------------------------
Update Information:

New node modules - filelist and json-localizer
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1164478 - Review Request: nodejs-json-localizer - Utility to localize a JSON object
        https://bugzilla.redhat.com/show_bug.cgi?id=1164478
  [ 2 ] Bug #1164483 - Review Request: nodejs-filelist - Lazy-evaluating list of files, based on globs or regexes
        https://bugzilla.redhat.com/show_bug.cgi?id=1164483
--------------------------------------------------------------------------------


================================================================================
 nodejs-json-localizer-0.0.2-1.fc20 (FEDORA-2014-15536)
 Utility to localize a JSON object
--------------------------------------------------------------------------------
Update Information:

New node modules - filelist and json-localizer
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1164478 - Review Request: nodejs-json-localizer - Utility to localize a JSON object
        https://bugzilla.redhat.com/show_bug.cgi?id=1164478
  [ 2 ] Bug #1164483 - Review Request: nodejs-filelist - Lazy-evaluating list of files, based on globs or regexes
        https://bugzilla.redhat.com/show_bug.cgi?id=1164483
--------------------------------------------------------------------------------


================================================================================
 openvpn-2.3.2-7.fc20 (FEDORA-2014-15525)
 A full-featured SSL VPN solution
--------------------------------------------------------------------------------
Update Information:

 
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 21 2014 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 2.3.2-7
- Rework package doc handling (RHBZ #1165004).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1165004 - Unowned dir /usr/share/doc/openvpn
        https://bugzilla.redhat.com/show_bug.cgi?id=1165004
--------------------------------------------------------------------------------


================================================================================
 packagedb-cli-2.6-1.fc20 (FEDORA-2014-15500)
 A CLI for pkgdb
--------------------------------------------------------------------------------
Update Information:

* Update to packagedb-cli 2.6
* New structure: use the traditional python module structure instead of two python files
* Do one API call for `orphan --retire`
* Prevent user from retiring packages that have no dead.package file
* Add support for obsoleting ACL requests (Stanislav Ochotnicky)
* Enable restricting orphan to a specific user (while specifying more branches)
* Enable restricting give to a specific user (while specifying more branches)
* Let the unorphan action call the unorphan API endpoint
* When listing packages, encode the output as UTF-8 before printing
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 21 2014 Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> - 2.6-1
- Update to 2.6
- New structure: use the traditional python module structure instead of two
  python files
- Do one API call for `orphan --retire`
- Prevent user from retiring packages that have no dead.package file
- Add support for obsoleting ACL requests (Stanislav Ochotnicky)
- Enable restricting orphan to a specific user (while specifying more branches)
- Enable restricting give to a specific user (while specifying more branches)
- Let the unorphan action call the unorphan API endpoint
- When listing packages, encode the output as UTF-8 before printing
--------------------------------------------------------------------------------


================================================================================
 perl-Data-Munge-0.091-1.fc20 (FEDORA-2014-15531)
 Utility functions for working with perl data structures and code references
--------------------------------------------------------------------------------
Update Information:

Work around regex bug in perls < 5.18 that causes spurious test failures.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Nov 22 2014 David Dick <ddick@xxxxxxxx> - 0.091-1
- Work around regex bug in perls < 5.18 that causes spurious test failures.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1166382 - perl-Data-Munge-0.091 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1166382
--------------------------------------------------------------------------------


================================================================================
 perl-File-ConfigDir-0.014-1.fc20 (FEDORA-2014-15530)
 Get directories of configuration files
--------------------------------------------------------------------------------
Update Information:

Fix typo in pod, update README
--------------------------------------------------------------------------------
ChangeLog:

* Sat Nov 22 2014 David Dick <ddick@xxxxxxxx> - 0.014-1
- Fix typo in pod, update README
* Fri Aug 29 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.013-2
- Perl 5.20 rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1163231 - perl-File-ConfigDir-0.014 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1163231
--------------------------------------------------------------------------------


================================================================================
 perl-HTML-Mason-1.56-1.fc20 (FEDORA-2014-15511)
 Powerful Perl-based web site development and delivery engine
--------------------------------------------------------------------------------
Update Information:

This release restores compatibility with recent CGI Perl module. It also declares all needed dependencies.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 21 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 1:1.56-1
- 1.56 bump
* Sun Mar  2 2014 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 1:1.54-1
- Upstream update.
- Filter duplicate Requires:.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1164460 - perl-HTML-Mason-1.56 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1164460
--------------------------------------------------------------------------------


================================================================================
 perl-Net-SMTPS-0.04-1.fc20 (FEDORA-2014-15537)
 SSL/STARTTLS support for Net::SMTP
--------------------------------------------------------------------------------
Update Information:

Update to Authen::SASL version requirements
--------------------------------------------------------------------------------
ChangeLog:

* Sat Nov 22 2014 David Dick <ddick@xxxxxxxx> - 0.04-1
- Update to Authen::SASL version requirements
* Thu Aug 28 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.03-3
- Perl 5.20 rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.03-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1159516 - perl-Net-SMTPS-0.04 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1159516
--------------------------------------------------------------------------------


================================================================================
 perl-Sub-Exporter-ForMethods-0.100051-1.fc20 (FEDORA-2014-15546)
 Helper routines for using Sub::Exporter to build methods
--------------------------------------------------------------------------------
Update Information:

This release updates upstream's bug tracker and repository contacts.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 21 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 0.100051-1
- 0.100051 bump
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1163304 - perl-Sub-Exporter-ForMethods-0.100051 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1163304
--------------------------------------------------------------------------------


================================================================================
 php-5.5.19-3.fc20 (FEDORA-2014-15061)
 PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:

13 Nov 2014, PHP 5.5.19

Core:
* Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in php_getopt()). (Stas)
* Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined). (Nikita)
* Fixed bug #68129 (parse_url() - incomplete support for empty usernames and passwords) (Tjerk)
* Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy). (Dmitry)

Fileinfo:
* Fixed bug #66242 (libmagic: don't assume char is signed). (ArdB)
* Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710) (Remi)

FPM:
* Implemented FR #55508 (listen and listen.allowed_clients should take IPv6 addresses). (Robin Gloster)

GD:
* Fixed bug #65171 (imagescale() fails without height param). (Remi)

GMP:
* Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP). (Remi)

Mysqli:
* Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support) (Keyur Govande)

ODBC:
* Fixed bug #68087 (ODBC not correctly reading DATE column when preceded by a VARCHAR column) (Keyur Govande)

SPL:
* Fixed bug #68128 (Regression in RecursiveRegexIterator) (Tjerk)

CURL:
* Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and CURL_SSLVERSION_TLSv1_2 constants if supported by libcurl (Rasmus)

Backported from 5.5.20

FPM:
* Fixed bug #68420 (listen=9000 listens to ipv6 localhost instead of all addresses). (Remi)
* Fixed bug #68421 (access.format='%R' doesn't log ipv6 address). (Remi)
* Fixed bug #68423 (PHP-FPM will no longer load all pools). (Remi)
* Fixed bug #68428 (listen.allowed_clients is IPv4 only). (Remi)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 21 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.5.19-3
- FPM: add upstream patch for https://bugs.php.net/68428
  listen.allowed_clients is IPv4 only
- refresh upstream patch for 68421
* Sun Nov 16 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.5.19-2
- FPM: add upstream patch for https://bugs.php.net/68421
  access.format=R doesn't log ipv6 address
- FPM: add upstream patch for https://bugs.php.net/68420
  listen=9000 listens to ipv6 localhost instead of all addresses
- FPM: add upstream patch for https://bugs.php.net/68423
  will no longer load all pools
* Thu Nov 13 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.5.19-1
- Update to 5.5.19
  http://www.php.net/releases/5_5_19.php
- new version of systzdata patch, fix case sensitivity
--------------------------------------------------------------------------------


================================================================================
 php-psr-http-message-0.5.1-1.fc20 (FEDORA-2014-15510)
 Common interface for HTTP messages (PSR-7)
--------------------------------------------------------------------------------
Update Information:

## 0.5.1

* null is no longer allowed (per the ML; see also php-fig/fig-standards#367).

## 0.5.0

* Refactors MessageInterface to only provide getters.
* MessageInterface now defines getBody() to require that it return a StreamableInterface instance.
* Removes Request and Response interfaces
* Provides server-side interfaces:
    * IncomingRequestInterface, which provides accessors for HTTP properties and environment-specific items ($_SERVER, $_GET, $_POST, $_FILES, $_COOKIE, etc), and support for mutable "attributes".
    * OutgoingResponseInterface, which provides both accessors and mutators for all HTTP properties.
* Provides client-side interfaces:
    * OutgoingRequestInterface, which provides accessors and mutators for all HTTP properties.
    * IncomingResponseInterface, which provides accessors for HTTP properties.
* StreamableInterface removes attach().
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 20 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 0.5.1-1
- Updated to 0.5.1 (BZ #1163322)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1163322 - php-psr-http-message-0.5.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1163322
--------------------------------------------------------------------------------


================================================================================
 php-symfony-2.5.7-1.fc20 (FEDORA-2014-15504)
 PHP framework for web projects
--------------------------------------------------------------------------------
Update Information:

## 2.5.7 (2014-11-20)

* bug #12525 [Bundle][FrameworkBundle] be smarter when guessing the document root (xabbuh)
* bug #12296 [SecurityBundle] Authentication entry point is only registered with firewall exception listener, not with authentication listeners (rjkip)
* bug #12489 [FrameworkBundle] Fix server run in case the router script does not exist (romainneutron)
* bug #12443 [HttpKernel] Adding support for invokable controllers in the RequestDataCollector (jameshalsall)
* bug #12393 [DependencyInjection] inlined factory not referenced (boekkooi)
* bug #12436 [Filesystem] Fixed case for empty folder (yosmanyga)
* bug #12397 [Routing] fix BC (nicolas-grekas)
* bug #12382 [Routing] removed errors from git (HeinZawHtet)
* bug #12370 [Yaml] improve error message for multiple documents (xabbuh)
* bug #12170 [Form] fix form handling with OPTIONS request method (Tobion)
* bug #12235 [Validator] Fixed Regex::getHtmlPattern() to work with complex and negated patterns (webmozart)
* bug #12326 [Session] remove invalid hack in session regenerate (Tobion)
* bug #12341 [Kernel] ensure session is saved before sending response (Tobion)
* bug #12329 [Routing] serialize the compiled route to speed things up (Tobion)
* bug #12291 [Form] Fixed usage of "name" variable in form_start block (webmozart)
* bug #12316 Break infinite loop while resolving aliases (chx)
* bug #12313 [Security][listener] change priority of switchuser (aitboudad)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 20 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 2.5.7-1
- Updated to 2.5.7 (BZ #1166396)
- Added php-composer(egulias/email-validator) dependency
* Sun Nov  2 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 2.5.6-2
- Exclude "intl-data" test group instead of removing test files
* Sun Nov  2 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 2.5.6-1
- Updated to 2.5.6 (BZ #1157502)
- "php-twig-Twig" dependency updated to "php-composer(twig/twig)"
- Obsoleted php-symfony-icu (data now in intl component)
* Mon Sep 29 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.5.5-1
- update to 2.5.5
- hack PHPUnit autoloader to not use old system symfony
- don't skip any Yaml test
* Wed Sep  3 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 2.5.4-1
- Updated to 2.5.4 (CVE-2014-6072, CVE-2014-5245, CVE-2014-4931, CVE-2014-6061,
  CVE-2014-5244, BZ #1138285)
- Removed test files from PropertyAccess and Stopwatch components
- Updated skipped tests
* Tue Aug 12 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.5.3-1
- update to 2.5.3
- fix test bootstrap for PHPUnit 4.2
* Sat Jul 19 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.5.2-2
- fix license handling
* Fri Jul 18 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 2.5.2-1
- Updated to 2.5.2 (BZ #1100720)
- Added php-composer() virtual provides
- Updated most dependencies to use available php-composer virtual provides
- php-password-compat conditional changed from "0%{?el6}%{?el7}" to
  ""%{php_version}" < "5.5""
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.4.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed Apr 30 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 2.4.4-1
- Updated to 2.4.4 (BZ #1038134)
- Updated Doctrine dependencies
- Sub-pkg phpcompatinfo without Tests directory since they are not pkged
* Mon Feb 17 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 2.4.2-1
- Updated to 2.4.2 (BZ #1038134)
- Re-enabled tests
- Added expressionlanguage component sub-pkg
- Added provides for security component composer sub-pkgs
* Mon Jan 13 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.3.9-0
- EPEL-7 bootstrap build
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1166396 - php-symfony-2.5.7 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1166396
--------------------------------------------------------------------------------


================================================================================
 phpMyAdmin-4.2.12-1.fc20 (FEDORA-2014-15538)
 Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:

phpMyAdmin 4.2.12.0 (2014-11-20)
================================

  - Blank/white page when JavaScript disabled
  - Multi row actions cause full page reloads
  - ReferenceError: targeurl is not defined
  - Incorrect text/icon display in Tracking report
  - Recordset return from procedure display nothing
  - Edit dialog for routines is too long for smaller displays
  - JavaScript error after moving a column
  - Issue with long comments on table columns
  - Input field unnecessarily selected on focus
  - Exporting selected rows exports all rows of the query
  - No insert statement produced in SQL export for queries with alias
  - Field disabled when internal relations used
  - [security] XSS through exception stack
  - [security] Path traversal can lead to leakage of line count
  - [security] XSS vulnerability in table print view
  - [security] XSS vulnerability in zoom search page
  - [security] Path traversal in file inclusion of GIS factory
  - [security] XSS in multi submit
  - [security] XSS through pma_fontsize cookie
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 20 2014 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 4.2.12-1
- Upgrade to 4.2.12 (#1166397)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1166619 - CVE-2014-8958 phpMyAdmin: Multiple XSS vulnerabilities (PMASA-2014-13)
        https://bugzilla.redhat.com/show_bug.cgi?id=1166619
  [ 2 ] Bug #1166626 - CVE-2014-8959 phpMyAdmin: Local file inclusion vulnerability (PMASA-2014-14)
        https://bugzilla.redhat.com/show_bug.cgi?id=1166626
  [ 3 ] Bug #1166634 - CVE-2014-8960 phpMyAdmin: XSS vulnerability in error reporting functionality (PMASA-2014-15)
        https://bugzilla.redhat.com/show_bug.cgi?id=1166634
  [ 4 ] Bug #1166637 - CVE-2014-8961 phpMyAdmin: leakage of line count of an arbitrary file (PMASA-2014-16)
        https://bugzilla.redhat.com/show_bug.cgi?id=1166637
--------------------------------------------------------------------------------


================================================================================
 pidgin-2.10.10-3.fc20 (FEDORA-2014-15497)
 A Gtk+ based multiprotocol instant messaging client
--------------------------------------------------------------------------------
Update Information:

Fix: Bump MSN ApplicationID again (#1165066)
Fix: Pidgin 2.10.10 can't connect to MSN (#1165066)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 20 2014 Jan Synáček <jsynacek@xxxxxxxxxx> - 2.10.10-3
- Fix: Bump MSN ApplicationID again (#1165066)
* Tue Nov 18 2014 Jan Synáček <jsynacek@xxxxxxxxxx> - 2.10.10-2
- Fix: Pidgin 2.10.10 can't connect to MSN (#1165066)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1165066 - Pidgin 2.10.10 can't connect to MSN
        https://bugzilla.redhat.com/show_bug.cgi?id=1165066
--------------------------------------------------------------------------------


================================================================================
 privoxy-3.0.22-1.fc20 (FEDORA-2014-15512)
 Privacy enhancing proxy
--------------------------------------------------------------------------------
Update Information:

Latest upstream bugfix release.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 21 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 3.0.22-1
- Latest upstream, BZ 166398.
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.0.21-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.0.21-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1166398 - privoxy-3.0.22 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1166398
--------------------------------------------------------------------------------


================================================================================
 python-copr-1.54-1.fc20 (FEDORA-2014-15514)
 Python interface for Copr
--------------------------------------------------------------------------------
Update Information:

update python-copr to 1.54
api enhancement: 
- Client constructor accepts kwargs arguments instead of config dict; 
- all custom exceptions inherited from CoprException

--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 20 2014 Valentin Gologuzov <vgologuz@xxxxxxxxxx> 1.54-1
- fixed poor decision abou CoprClient constructor, now it accepts
  kwargs arguments instead of config dict
* Mon Nov  3 2014 Valentin Gologuzov <vgologuz@xxxxxxxxxx> 1.53-1
- [python-copr] syntax bugfix
* Mon Nov  3 2014 Valentin Gologuzov <vgologuz@xxxxxxxxxx> 1.52-1
- [python-copr] removed log config from client
* Tue Oct  7 2014 Valentin Gologuzov <vgologuz@xxxxxxxxxx> 1.51-1
- [python-copr, cli] test coverage 
- [python-copr, cli] updating copr-cli to use python-copr
- [python-copr] minor fixes, added usage examples to docs
--------------------------------------------------------------------------------


================================================================================
 python-docker-py-0.6.0-1.fc20 (FEDORA-2014-15534)
 An API client for docker written in Python
--------------------------------------------------------------------------------
Update Information:

Resolves: rhbz#1160293 - update to 0.6.0
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 21 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 0.6.0-1
- Resolves: rhbz#1160293 - update to 0.6.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1160293 - python-docker-py-0.6.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1160293
--------------------------------------------------------------------------------


================================================================================
 python-fedmsg-meta-fedora-infrastructure-0.3.6-1.fc20 (FEDORA-2014-15545)
 Metadata providers for Fedora Infrastructure's fedmsg deployment
--------------------------------------------------------------------------------
Update Information:

New pkgdb conglomerator, new 'hotness' processor.  Some bugfixes to fas and mailman messages.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 21 2014 Ralph Bean <rbean@xxxxxxxxxx> - 0.3.6-1
- Latest upstream with some bugfixes.
- Disable network test with patch.
--------------------------------------------------------------------------------


================================================================================
 qpid-dispatch-0.2-9.fc20 (FEDORA-2014-15529)
 Dispatch router for Qpid
--------------------------------------------------------------------------------
Update Information:

Fixed a merge issue that resulted in two patches not being applied.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 20 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.2-9
- Fixed a merge issue that resulted in two patches not being applied.
- Resolves: BZ#1165691
* Wed Nov 19 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.2-8
- DISPATCH-75 - Removed reference to qdstat.conf from qdstat manpage.
- Include systemd service file for EPEL7 packages.
- Brought systemd support up to current Fedora packaging guidelines.
- Resolves: BZ#1165691
- Resolves: BZ#1165681
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1165691 - Man page for qdstat.conf is missing
        https://bugzilla.redhat.com/show_bug.cgi?id=1165691
--------------------------------------------------------------------------------


================================================================================
 selinux-policy-3.12.1-195.fc20 (FEDORA-2014-15552)
 SELinux policy configuration
--------------------------------------------------------------------------------
Update Information:

More info: http://koji.fedoraproject.org/koji/buildinfo?buildID=594778
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 21 2014 Lukas Vrabec <lvrabec@xxxxxxxxxx> 3.12.1-195
- Allow all systemd domains to search file systems
- Label sock file charon.vici as ipsec_var_run_t. BZ(1165065)
- Allow mongodb to bind to the mongo port and mongos to run as mongod_t
- Allow networkmanager manage also openvpn sock pid files.
- Allow openvpn to create uuid connections in /var/run/NetworkManager with NM labeling.
- Allow sendmail to create dead.letter. BZ(1165443)
- Allow bumblebee to use nsswitch. BZ(1155339)
* Fri Nov 14 2014 Lukas Vrabec <lvrabec@xxxxxxxxxx> 3.12.1-194
- New interface dev_rw_uhid_dev
- Allow systemd-logind to mount /run/user/1000 to get gdm working
- Remove label for /var/lib/glpi/ in cron policy. BZ(1033025)
- Allow bluetooth read/write uhid devices. BZ (1161169
- Label /var/log/horizon as an apache log
- Add fixes to allow docker to create more content in tmpfs ,and donaudit reading /proc
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1033025 - Please include policy for GLPI
        https://bugzilla.redhat.com/show_bug.cgi?id=1033025
  [ 2 ] Bug #1133121 - SELinux is preventing systemd-readahe from read, open access on the directory .
        https://bugzilla.redhat.com/show_bug.cgi?id=1133121
  [ 3 ] Bug #1165443 - SELinux is preventing /usr/sbin/ssmtp from 'create' accesses on the file .
        https://bugzilla.redhat.com/show_bug.cgi?id=1165443
--------------------------------------------------------------------------------


================================================================================
 tcpdump-4.5.1-2.fc20 (FEDORA-2014-15541)
 A network traffic monitoring tool
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2014-8767 CVE-2014-8768 CVE-2014-8769
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 20 2014 Michal Sekletar <msekleta@xxxxxxxxxx> - 14:4.5.1-2
- fix for CVE-2014-8767 (#1165160)
- fix for CVE-2014-8768 (#1165161)
- fix for CVE-2014-8768 (#1165162)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1165160 - CVE-2014-8767 tcpdump: denial of service in verbose mode using malformed OLSR payload
        https://bugzilla.redhat.com/show_bug.cgi?id=1165160
  [ 2 ] Bug #1165161 - CVE-2014-8768 tcpdump: denial of service in verbose mode using malformed Geonet payload
        https://bugzilla.redhat.com/show_bug.cgi?id=1165161
  [ 3 ] Bug #1165162 - CVE-2014-8769 tcpdump: unreliable output using malformed AOVD payload
        https://bugzilla.redhat.com/show_bug.cgi?id=1165162
--------------------------------------------------------------------------------


================================================================================
 tomahawk-0.8.2-1.fc20 (FEDORA-2014-15472)
 The Social Media Player
--------------------------------------------------------------------------------
Update Information:

New tomahawk 0.8 release, with a new design, a slew of new features, and major usability improvements. See also http://blog.tomahawk-player.org/post/101838247563/tomahawk-0-8-allow-ourselves-to-reintroduce
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 20 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.8.2-1
- tomahawk-0.8.2 (#1166418)
* Tue Nov 18 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.8.1-1
- tomahawk-0.8.1 (#1154274)
* Wed Nov  5 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.7.0-12
- rebuild (libechonest)
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.7.0-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 28 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.7.0-10
- expclitly disable breakpad,crashreporter for aarch64 too
* Sun Jun  8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.7.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri May 23 2014 Petr Machata <pmachata@xxxxxxxxxx> - 0.7.0-8
- Rebuild for boost 1.55.0
* Tue May 13 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.7.0-7
- rebuild (jreen)
* Wed Mar 19 2014 Ville Skyttä <ville.skytta@xxxxxx> - 0.7.0-6
- Use system qxt instead of bundled one
--------------------------------------------------------------------------------


================================================================================
 tzdata-2014j-1.fc20 (FEDORA-2014-15543)
 Timezone data
--------------------------------------------------------------------------------
Update Information:

Rebase to 2014j
- Turks & Caicos' switch from US eastern time to UTC-4 year-round
  did not occur on 2014-11-02 at 02:00.  It's currently scheduled
  for 2015-11-01 at 02:00.

--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 19 2014 Patsy Franklin <pfrankli@xxxxxxxxxx> - 2014j-1
- Rebase to 2014j
  - Turks & Caicos' switch from US eastern time to UTC-4 year-round
    did not occur on 2014-11-02 at 02:00.  It's currently scheduled
    for 2015-11-01 at 02:00.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1163352 - tzdata-2014j is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1163352
--------------------------------------------------------------------------------


================================================================================
 v4l-utils-1.6.0-2.fc20 (FEDORA-2014-15501)
 Utilities for video4linux and DVB devices
--------------------------------------------------------------------------------
Update Information:

- Fix crash when decoding 1920x1080 jpeg to YUV420

--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 20 2014 Hans de Goede <hdegoede@xxxxxxxxxx> - 1.6.0-2
- Fix crash when decoding 1920x1080 jpeg to YUV420
* Sun Oct  5 2014 Mauro Carvalho Chehab - 1.6.0-1
- Upgrade to version 1.6.0
* Mon Sep  8 2014 Mauro Carvalho Chehab - 1.4.0-1
- Upgrade to version 1.4.0
* Fri Aug 22 2014 Mauro Carvalho Chehab - 1.2.1-3
- Add ALSA support on qv4l2 and fix a couple issues at spec file
* Thu Aug 21 2014 Mauro Carvalho Chehab - 1.2.1-2
- Update to version 1.2.1 and add package for libdvbv5
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun  8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 vtun-3.0.3-10.fc20 (FEDORA-2014-15554)
 Virtual tunnel over TCP/IP networks
--------------------------------------------------------------------------------
Update Information:

enhanced service file (-n to prevent daemonizing vtund)
added /etc/sysconfig/vtun environment file; updated unit files
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 20 2014 Gabriel Somlo <somlo at cmu.edu> 3.0.3-10
- enhanced service file (-n to prevent daemonizing vtund)
* Fri Nov 14 2014 Gabriel Somlo <somlo at cmu.edu> 3.0.3-9
- added /etc/sysconfig/vtun environment file
- updated unit files
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.0.3-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun  8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.0.3-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 websocketpp-0.4.0-2.fc20 (FEDORA-2014-15472)
 C++ WebSocket Protocol Library
--------------------------------------------------------------------------------
Update Information:

New tomahawk 0.8 release, with a new design, a slew of new features, and major usability improvements. See also http://blog.tomahawk-player.org/post/101838247563/tomahawk-0-8-allow-ourselves-to-reintroduce
--------------------------------------------------------------------------------


================================================================================
 wmx-8-1.fc20 (FEDORA-2014-15544)
 A really simple window manager for X
--------------------------------------------------------------------------------
Update Information:

update to version 8
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 20 2014 Gabriel Somlo <somlo@xxxxxxx> 8-1
- update to 8
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 7-14.20120109svn
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun  8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 7-13.20120109svn
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 wordpress-4.0.1-1.fc20 (FEDORA-2014-15507)
 Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:

WordPress 4.0.1 Security Release

See: https://wordpress.org/news/2014/11/wordpress-4-0-1/
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 21 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 4.0.1-1
- WordPress 4.0.1 Security Release
- use system php-getid3 when available #1145574
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1166468 - wordpress: security flaws fixed in the 4.0.1 release
        https://bugzilla.redhat.com/show_bug.cgi?id=1166468
--------------------------------------------------------------------------------


================================================================================
 xen-4.3.3-5.fc20 (FEDORA-2014-15521)
 Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:

Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling
Insufficient restrictions on certain MMU update hypercalls,
Missing privilege level checks in x86 emulation of far branches,
Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't
exploitable from xen
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 20 2014 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.3.3-5
- Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling
	[XSA-113] (#1166261)
* Wed Nov 19 2014 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.3.3-4
- Insufficient restrictions on certain MMU update hypercalls [XSA-109,
	CVE-2014-8594] (#1165205)
- Missing privilege level checks in x86 emulation of far branches [XSA-110,
	CVE-2014-8595] (#1165204)
- Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't
	exploitable from xen (#1086776)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1160664 - CVE-2014-8594 kernel: xen: Insufficient restrictions on certain MMU update hypercalls (xsa109)
        https://bugzilla.redhat.com/show_bug.cgi?id=1160664
  [ 2 ] Bug #1160643 - CVE-2014-8595 kernel: xen: Missing privilege level checks in x86 emulation of far branches (xsa110)
        https://bugzilla.redhat.com/show_bug.cgi?id=1160643
  [ 3 ] Bug #1078846 - CVE-2014-0150 qemu: virtio-net: buffer overflow in virtio_net_handle_mac() function
        https://bugzilla.redhat.com/show_bug.cgi?id=1078846
--------------------------------------------------------------------------------


================================================================================
 xfce4-systemload-plugin-1.1.2-1.fc20 (FEDORA-2014-15550)
 Systemload monitor for the Xfce panel
--------------------------------------------------------------------------------
Update Information:

Update to 1.1.2. Fixes bugs #1165421 and #1166890
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 21 2014 Kevin Fenzi <kevin@xxxxxxxxx> 1.1.2-1
- Update to 1.1.2. Fixes bugs #1165421 and #1166890
* Mon Aug 18 2014 Kalev Lember <kalevlember@xxxxxxxxx> - 1.1.1-8
- Rebuilt for upower 0.99.1 soname bump
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun  8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed Oct 30 2013 Kevin Fenzi <kevin@xxxxxxxxx> 1.1.1-5
- Rebuild for new upower
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1165421 - Bug fixes & improvements up to date
        https://bugzilla.redhat.com/show_bug.cgi?id=1165421
  [ 2 ] Bug #1166890 - broken tooltip for uptime
        https://bugzilla.redhat.com/show_bug.cgi?id=1166890
--------------------------------------------------------------------------------


================================================================================
 xscreensaver-5.32-1.fc20 (FEDORA-2014-15517)
 X screen saver and locker
--------------------------------------------------------------------------------
Update Information:

New version 5.32 is released.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 20 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1:5.32-1
- Update to 5.32
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test





[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux