Fedora 19 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 19 Security updates need testing:
 Age  URL
 401  https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19
 213  https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19
 164  https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19
  59  https://admin.fedoraproject.org/updates/FEDORA-2014-12057/krb5-1.11.3-29.fc19
  45  https://admin.fedoraproject.org/updates/FEDORA-2014-13018/deluge-1.3.10-1.fc19
  35  https://admin.fedoraproject.org/updates/FEDORA-2014-13551/wpa_supplicant-2.0-12.fc19
  26  https://admin.fedoraproject.org/updates/FEDORA-2014-14237/claws-mail-plugins-3.11.1-1.fc19,claws-mail-3.11.1-2.fc19,libetpan-1.6-1.fc19
  19  https://admin.fedoraproject.org/updates/FEDORA-2014-14738/gnutls-3.1.20-6.fc19
  17  https://admin.fedoraproject.org/updates/FEDORA-2014-12407/sddm-0.10.0-2.fc19
  16  https://admin.fedoraproject.org/updates/FEDORA-2014-15079/mantis-1.2.17-4.fc19
  16  https://admin.fedoraproject.org/updates/FEDORA-2014-14874/arm-none-eabi-binutils-cs-2014.05.28-3.fc19
  16  https://admin.fedoraproject.org/updates/FEDORA-2014-14838/avr-binutils-2.24-3.fc19
  16  https://admin.fedoraproject.org/updates/FEDORA-2014-15124/kwebkitpart-1.3.4-5.fc19
  13  https://admin.fedoraproject.org/updates/FEDORA-2014-15248/kde-runtime-4.11.5-3.fc19
  12  https://admin.fedoraproject.org/updates/FEDORA-2014-15378/rubygem-actionpack-3.2.13-7.fc19
  12  https://admin.fedoraproject.org/updates/FEDORA-2014-15390/nodejs-0.10.33-1.fc19,libuv-0.10.29-1.fc19
  10  https://admin.fedoraproject.org/updates/FEDORA-2014-15466/rubygem-sprockets-2.8.2-4.fc19
   9  https://admin.fedoraproject.org/updates/FEDORA-2014-15549/tcpdump-4.4.0-4.fc19
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-15717/kernel-3.14.25-100.fc19
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-15740/facter-1.6.18-8.fc19
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-15730/asterisk-11.14.1-1.fc19
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-15733/teeworlds-0.6.3-1.fc19
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-15743/curl-7.29.0-26.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-15838/libksba-1.3.2-1.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-15811/graphviz-2.30.1-13.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-15833/hivex-1.3.8-2.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-15848/docker-io-1.3.2-2.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16017/xen-4.2.5-6.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15990/mariadb-5.5.40-1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15999/libreoffice-4.1.6.2-10.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16020/mediawiki-1.23.7-1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16045/util-linux-2.23.2-6.fc19


The following Fedora 19 Critical Path updates have yet to be approved:
 Age URL
 349  https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19
 276  https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19
  12  https://admin.fedoraproject.org/updates/FEDORA-2014-15392/kde-workspace-4.11.14-2.fc19
  12  https://admin.fedoraproject.org/updates/FEDORA-2014-15377/gvfs-1.16.4-3.fc19
   9  https://admin.fedoraproject.org/updates/FEDORA-2014-15506/ca-certificates-2014.2.1-1.5.fc19
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-15743/curl-7.29.0-26.fc19
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-15717/kernel-3.14.25-100.fc19
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-15732/cups-1.6.4-12.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-15832/lvm2-2.02.98-16.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16021/tracker-0.16.5-1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16009/unzip-6.0-13.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16045/util-linux-2.23.2-6.fc19


The following builds have been pushed to Fedora 19 updates-testing

    ansible-1.8.1-1.fc19
    armadillo-4.550.0-1.fc19
    ddd-3.3.12-20.fc19
    icecream-1.0.1-9.20140822git.fc19
    icedtea-web-1.5.2-0.fc19
    imapsync-1.607-1.fc19
    libreoffice-4.1.6.2-10.fc19
    libykneomgr-0.1.6-1.fc19
    lis-1.5.24-1.fc19
    liveusb-creator-3.13.1-1.fc19
    mariadb-5.5.40-1.fc19
    mate-panel-1.6.2-3.fc19
    mate-themes-extras-3.8.2-1.fc19
    mediawiki-1.23.7-1.fc19
    munin-2.0.25-1.fc19
    pam_mount-2.14-4.fc19
    perl-Fsdb-2.53-1.fc19
    phpMyAdmin-4.2.13-1.fc19
    python-larch-1.20131130-1.fc19
    rlwrap-0.42-1.fc19
    sip-redirect-0.2.0-1.fc19
    tracker-0.16.5-1.fc19
    unzip-6.0-13.fc19
    util-linux-2.23.2-6.fc19
    xen-4.2.5-6.fc19
    xpa-2.1.15-3.fc19

Details about builds:


================================================================================
 ansible-1.8.1-1.fc19 (FEDORA-2014-15997)
 SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:

Update to 1.8.1
Update to 1.8
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 27 2014 Kevin Fenzi <kevin@xxxxxxxxx> 1.8.1-1
- Update to 1.8.1
* Tue Nov 25 2014 Kevin Fenzi <kevin@xxxxxxxxx> 1.8-2
- Rebase el6 patch
* Tue Nov 25 2014 Kevin Fenzi <kevin@xxxxxxxxx> 1.8-1
- Update to 1.8
* Thu Oct  9 2014 Toshio Kuratomi <toshio@xxxxxxxxxxxxxxxxx> - 1.7.2-2
- Add /usr/bin/ansible to the rhel6 newer pycrypto patch
--------------------------------------------------------------------------------


================================================================================
 armadillo-4.550.0-1.fc19 (FEDORA-2014-15983)
 Fast C++ matrix library with interfaces to LAPACK and ATLAS
--------------------------------------------------------------------------------
Update Information:

Version 4.550   (Singapore Sling Deluxe)

* added matrix exponential function: expmat()
* faster .log_p() and .avg_log_p() functions in the gmm_diag class when compiling with OpenMP enabled
* faster handling of in-place addition/subtraction of expressions with an outer product 

--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 28 2014 José Matos <jamatos@xxxxxxxxxxxxxxxxx> - 4.550.0-1
- update to 4.550.0
--------------------------------------------------------------------------------


================================================================================
 ddd-3.3.12-20.fc19 (FEDORA-2014-16011)
 GUI for several command-line debuggers
--------------------------------------------------------------------------------
Update Information:

fix missing dependency
--------------------------------------------------------------------------------
ChangeLog:

* Sat Nov 29 2014 Andy Grover <agrover@xxxxxxxxxx> - 3.3.12-20
- Add Requires for xorg-x11-apps, for rhbz #1169011
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.3.12-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1169011 - ddd missing dependency
        https://bugzilla.redhat.com/show_bug.cgi?id=1169011
--------------------------------------------------------------------------------


================================================================================
 icecream-1.0.1-9.20140822git.fc19 (FEDORA-2014-15987)
 Distributed compiler
--------------------------------------------------------------------------------
Update Information:

This update relaxes the SELinux policy for icecc-scheduler to be able to determine broadcast addresses.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 27 2014 Michal Schmidt <mschmidt@xxxxxxxxxx> - 1.0.1-9.20140822git
- selinux: allow the scheduler to read state via netlink route sockets
- Fixes: rhbz#1162321
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1162321 - SELinux is preventing /usr/sbin/icecc-scheduler from 'nlmsg_read' accesses on the netlink_route_socket .
        https://bugzilla.redhat.com/show_bug.cgi?id=1162321
--------------------------------------------------------------------------------


================================================================================
 icedtea-web-1.5.2-0.fc19 (FEDORA-2014-16014)
 Additional Java components for OpenJDK - Java browser plug-in and Web Start implementation
--------------------------------------------------------------------------------
Update Information:

update to upstream 1.5.2
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 27 2014 Jiri Vanek <jvanek@xxxxxxxxxx> 1.5.2-0
- update to upstream 1.5.2
--------------------------------------------------------------------------------


================================================================================
 imapsync-1.607-1.fc19 (FEDORA-2014-15986)
 Tool to migrate email between IMAP servers
--------------------------------------------------------------------------------
Update Information:

Update to 1.607
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 26 2014 Nick Bebout <nb@xxxxxxxxxxxxxxxxx> - 1.607-1
- Upgrade to 1.607
--------------------------------------------------------------------------------


================================================================================
 libreoffice-4.1.6.2-10.fc19 (FEDORA-2014-15999)
 Free Software Productivity Suite
--------------------------------------------------------------------------------
Update Information:

CVE-2014-9093 backport some arbitrary rtf crash fixes
CVE-2014-3693 Use-after-free in Impress Remote socket manager
CVE-2014-3575 arbitrary file preview disclosure via ole2 objects

The vulnerability allows an attacker to send a document which when opened will trigger the prompt to "Update Links" but if the user cancels that prompt may still generate and insert into the document an OLE2 preview image of a file on the victims filesystem, Data exposure is possible if the updated document is then distributed to other parties.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 26 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.1.6.2-10
- Resolves: rhbz#1165740 CVE-2014-9093 backport some arbitrary rtf crash fixes
* Tue Nov 25 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.1.6.2-9
- Resolves: rhbz#1167503 CVE-2014-3693 Use-after-free in Impress Remote socket manager
* Tue Sep  9 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.1.6.2-8
- Resolves: rhbz#1139592 CVE-2014-3575 arbitrary file preview disclosure via ole2 objects
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1165740 - libreoffice: crash importing malformed .rtf [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1165740
  [ 2 ] Bug #1167503 - CVE-2014-3693 libreoffice: Use-After-Free in socket manager of Impress Remote [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1167503
  [ 3 ] Bug #1139592 - CVE-2014-3575 libreoffice: openoffice: Arbitrary file disclosure via crafted OLE objects [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1139592
--------------------------------------------------------------------------------


================================================================================
 libykneomgr-0.1.6-1.fc19 (FEDORA-2014-16012)
 YubiKey NEO CCID Manager C Library
--------------------------------------------------------------------------------
Update Information:

Update to 0.1.6
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 17 2014 Andy Lutomirski <luto@xxxxxxx> - 0.1.6-1
- Update to 0.1.6
--------------------------------------------------------------------------------


================================================================================
 lis-1.5.24-1.fc19 (FEDORA-2014-16025)
 A library for solving linear equations and eigenvalue problems
--------------------------------------------------------------------------------
Update Information:

Update to 1.5.24
Update to 1.5.22
Update to 1.5.13
Update to 1.5.11
Update to 1.5.4
Update to 1.5.2
Update to 1.4.67
Update to 1.4.64
Update to 1.4.63
Update to 1.4.62
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 27 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.5.24-1
- Update to 1.5.24
* Wed Nov 26 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.5.23-1
- Update to 1.5.23
* Tue Nov 25 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.5.22-1
- Update to 1.5.22
* Fri Nov 21 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.5.19-1
- Update to 1.5.19
* Fri Nov 21 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.5.18-1
- Update to 1.5.18
* Sat Nov 15 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.5.13-1
- Update to 1.5.13
* Wed Nov 12 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.5.11-1
- Update to 1.5.11
* Tue Nov  4 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.5.4-1
- Update to 1.5.4
* Sat Nov  1 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.5.2-1
- Update to 1.5.2
* Tue Oct 28 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.4.67-1
- Update to 1.4.67
* Mon Oct 27 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.4.66-1
- Update to 1.4.66
* Tue Oct 21 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.4.64-1
- Update to 1.4.64
* Mon Oct 20 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.4.63-1
- Update to 1.4.63
* Sat Oct 18 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.4.62-1
- Update to 1.4.62
--------------------------------------------------------------------------------


================================================================================
 liveusb-creator-3.13.1-1.fc19 (FEDORA-2014-15984)
 A liveusb creator
--------------------------------------------------------------------------------
Update Information:

 * Support a new installation mode that uses `dd` to copy the iso directly to the device. This method tends to be more reliable than the non-destructive approach.
 * Added a new `--dd` command-line option
 * DVD iso support with the 'overwrite device' method
 * Improved UI layout
 * Added AppData metadata
 * The `--calculcate-liveos-checksum` now works on Linux
 * Fixed the code that automatically populates the available releases
 * Switched to use polkit on Linux instead of consolehelper for authentication
 * Translation updates
 * Improved error handling

--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 27 2014 Luke Macken <lmacken@xxxxxxxxxx> - 3.13.1-1
- Latest upstream release
* Thu Nov 27 2014 Gene Czarcinski <gczarcinski@xxxxxxxxx> 3.13.0-2
- convert to using polkit (pkexec) instead of consolehelper
* Wed Nov 26 2014 Luke Macken <lmacken@xxxxxxxxxx> - 3.13.0-1
- Latest upstream release with bug fixes and interface improvements.
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.12.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri Feb 21 2014 Luke Macken <lmacken@xxxxxxxxxx> 3.12.1-1
- Update to 3.12.1 with more translations
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1096460 - [abrt] liveusb-creator: grabber.py:1727:_do_grab:URLGrabError: [Errno 14] curl#7 - "Failed to connect to 2a02:6b8::183: Сеть недоступна"
        https://bugzilla.redhat.com/show_bug.cgi?id=1096460
  [ 2 ] Bug #995258 - Cannot install Fedora 19 on MacBook pro
        https://bugzilla.redhat.com/show_bug.cgi?id=995258
  [ 3 ] Bug #1006270 - [abrt] liveusb-creator-3.11.8-3.fc19: creator.py:362:get_liveos:TypeError: unsupported operand type(s) for +: 'NoneType' and 'str'
        https://bugzilla.redhat.com/show_bug.cgi?id=1006270
  [ 4 ] Bug #1033489 - [abrt] liveusb-creator-3.11.8-3.fc19: creator.py:341:delete_liveos:UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 12: ordinal not in range(128)
        https://bugzilla.redhat.com/show_bug.cgi?id=1033489
  [ 5 ] Bug #1044309 - [abrt] liveusb-creator: gui.py:470:status:TypeError: QTextEdit.append(QString): argument 1 has unexpected type 'int'
        https://bugzilla.redhat.com/show_bug.cgi?id=1044309
  [ 6 ] Bug #1045692 - [abrt] liveusb-creator: gui.py:80:__init__:LiveUSBError: Unknown release: RFRemix 20 i686 XFCE
        https://bugzilla.redhat.com/show_bug.cgi?id=1045692
  [ 7 ] Bug #1057640 - [abrt] liveusb-creator: creator.py:732:get_free_bytes:OSError: [Errno 2] File o directory non esistente: '/run/media/lorenzo/F28B-8137'
        https://bugzilla.redhat.com/show_bug.cgi?id=1057640
  [ 8 ] Bug #1089453 - [abrt] liveusb-creator: linux_dialog.py:10:<module>:ImportError: /usr/lib/python2.7/site-packages/PyQt4/QtCore.so: undefined symbol: _ZTI13QStateMachine
        https://bugzilla.redhat.com/show_bug.cgi?id=1089453
  [ 9 ] Bug #1098725 - [abrt] liveusb-creator: creator.py:341:delete_liveos:UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 21: ordinal not in range(128)
        https://bugzilla.redhat.com/show_bug.cgi?id=1098725
  [ 10 ] Bug #1101288 - Created F20 liveusb boot problem
        https://bugzilla.redhat.com/show_bug.cgi?id=1101288
  [ 11 ] Bug #1120893 - unable to boot supermicro X10ssl-f and C7Z87
        https://bugzilla.redhat.com/show_bug.cgi?id=1120893
  [ 12 ] Bug #1149782 - liveusb-creator creates non-booting Live USB
        https://bugzilla.redhat.com/show_bug.cgi?id=1149782
  [ 13 ] Bug #1154779 - [abrt] liveusb-creator: python2.7 killed by SIGSEGV
        https://bugzilla.redhat.com/show_bug.cgi?id=1154779
  [ 14 ] Bug #1156489 - liveusb-creator for Windows (Win 8.1) produces not bootable usb media
        https://bugzilla.redhat.com/show_bug.cgi?id=1156489
  [ 15 ] Bug #1160979 - Trying to boot from USB just says "No OS found", or something like that
        https://bugzilla.redhat.com/show_bug.cgi?id=1160979
  [ 16 ] Bug #1161867 - Create a F20-DVD work but USB fail to boot
        https://bugzilla.redhat.com/show_bug.cgi?id=1161867
  [ 17 ] Bug #1164589 - Fedora Live unable to boot from USB 3.0 device
        https://bugzilla.redhat.com/show_bug.cgi?id=1164589
  [ 18 ] Bug #537577 - Ability to build LiveUSB from within a LiveDVD/CD
        https://bugzilla.redhat.com/show_bug.cgi?id=537577
  [ 19 ] Bug #1044243 - Installing from USB has wrong file paths
        https://bugzilla.redhat.com/show_bug.cgi?id=1044243
  [ 20 ] Bug #1054465 - [abrt] liveusb-creator: creator.py:362:get_liveos:TypeError: unsupported operand type(s) for +: 'NoneType' and 'str'
        https://bugzilla.redhat.com/show_bug.cgi?id=1054465
  [ 21 ] Bug #1145813 - RFE: use polkit instead of consolehelper
        https://bugzilla.redhat.com/show_bug.cgi?id=1145813
--------------------------------------------------------------------------------


================================================================================
 mariadb-5.5.40-1.fc19 (FEDORA-2014-15990)
 A community developed branch of MySQL
--------------------------------------------------------------------------------
Update Information:

This is an update that fixes all issues described at https://mariadb.com/kb/en/mariadb/development/changelogs/mariadb-5540-changelog and also couple of security issues.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 14 2014 Honza Horak <hhorak@xxxxxxxxxx> - 1:5.5.40-1
- Rebase to 5.5.40
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1153461 - CVE-2014-4287 mysql: unspecified vulnerability related to SERVER:CHARACTER SETS (CPU October 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1153461
  [ 2 ] Bug #1153462 - CVE-2014-6463 mysql: unspecified vulnerability related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML (CPU October 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1153462
  [ 3 ] Bug #1153463 - CVE-2014-6464 mysql: unspecified vulnerability related to SERVER:INNODB DML FOREIGN KEYS (CPU October 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1153463
  [ 4 ] Bug #1153464 - CVE-2014-6469 mysql: unspecified vulnerability related to SERVER:OPTIMIZER (CPU October 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1153464
  [ 5 ] Bug #1153467 - CVE-2014-6484 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1153467
  [ 6 ] Bug #1153489 - CVE-2014-6505 mysql: unspecified vulnerability related to SERVER:MEMORY STORAGE ENGINE (CPU October 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1153489
  [ 7 ] Bug #1153490 - CVE-2014-6507 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1153490
  [ 8 ] Bug #1153491 - CVE-2014-6520 mysql: unspecified vulnerability related to SERVER:DDL (CPU October 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1153491
  [ 9 ] Bug #1153493 - CVE-2014-6530 mysql: unspecified vulnerability related to CLIENT:MYSQLDUMP (CPU October 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1153493
  [ 10 ] Bug #1153494 - CVE-2014-6551 mysql: unspecified vulnerability related to CLIENT:MYSQLADMIN (CPU October 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1153494
  [ 11 ] Bug #1153495 - CVE-2014-6555 mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1153495
  [ 12 ] Bug #1153496 - CVE-2014-6559 mysql: unspecified vulnerability related to C API SSL CERTIFICATE HANDLING (CPU October 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1153496
  [ 13 ] Bug #1153497 - CVE-2014-6564 mysql: unspecified vulnerability related to SERVER:INNODB FULLTEXT SEARCH DML (CPU October 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1153497
--------------------------------------------------------------------------------


================================================================================
 mate-panel-1.6.2-3.fc19 (FEDORA-2014-16024)
 MATE Desktop panel applets
--------------------------------------------------------------------------------
Update Information:

- fix rhbz (#1023604)
- timezone fix
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 28 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.2-3
- fix rhbz (#1023604)
- timezone fix
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1023604 - [abrt] mate-panel-1.6.1-4.fc20: container_child_background_set: Process /usr/bin/mate-panel was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=1023604
--------------------------------------------------------------------------------


================================================================================
 mate-themes-extras-3.8.2-1.fc19 (FEDORA-2014-16047)
 Extra gtk-2/3 themes for gtk based desktops
--------------------------------------------------------------------------------
Update Information:

- better support for CSD applications
--------------------------------------------------------------------------------
ChangeLog:

* Sun Nov 30 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 3.8.2-1
- update to 3.8.2
- drop Gnome-Cupertino themes , they don't work with GTK3-3.8
--------------------------------------------------------------------------------


================================================================================
 mediawiki-1.23.7-1.fc19 (FEDORA-2014-16020)
 A wiki engine
--------------------------------------------------------------------------------
Update Information:

http://www.mediawiki.org/wiki/Release_notes/1.23#MediaWiki_1.23.7

* (bug 66776, bug 71478) SECURITY: User PleaseStand reported a way to inject code into API clients that used format=php to process pages that underwent flash policy mangling. This was fixed along with improving how the mangling was done for format=json, and allowing sites to disable the mangling using $wgMangleFlashPolicy.
* (bug 70901) SECURITY: User Jackmcbarn reported that the ability to update the content model for a page could allow an unprivileged attacker to edit another user's common.js under certain circumstances. The user right "editcontentmodel" was added, and is needed to change a revision's content model.
* (bug 71111) SECURITY: User PleaseStand reported that on wikis that allow raw HTML, it is not safe to preview wikitext coming from an untrusted source such as a cross-site request. Thus add an edit token to the form, and when raw HTML is allowed, ensure the token is provided before showing the preview. This check is not performed on wikis that both allow raw HTML and anonymous editing, since there are easier ways to exploit that scenario.
* (bug 72222) SECURITY: Do not show log action when the entry is revdeleted with DELETED_ACTION. NOTICE: this may be reverted in a future release pending a public RFC about the desired functionality. This issue was reported by user Bawolff.
* (bug 71621) Make allowing site-wide styles on restricted special pages a config option.
* (bug 42723) Added updated version history from 1.19.2 to 1.22.13
* $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that might be a flash policy directive configurable.

--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 28 2014 Michael Cronenworth <mike@xxxxxxxxxx> - 1.23.7-1
- Update to 1.23.7
- Release notes: http://www.mediawiki.org/wiki/Release_notes/1.23#MediaWiki_1.23.7
--------------------------------------------------------------------------------


================================================================================
 munin-2.0.25-1.fc19 (FEDORA-2014-16030)
 Network-wide graphing framework (grapher/gatherer)
--------------------------------------------------------------------------------
Update Information:

Upstream released 2.0.25
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 25 2014 "D. Johnson" <fenris02@xxxxxxxxxxxxxxxxx> - 2.0.25-1
- Upstream released 2.0.25
--------------------------------------------------------------------------------


================================================================================
 pam_mount-2.14-4.fc19 (FEDORA-2014-16031)
 A PAM module that can mount volumes for a user session
--------------------------------------------------------------------------------
Update Information:

- Fix problems with selinux and unmounting (support utab)
- Handle newer mount versions
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 28 2014 Till Maas <opensource@xxxxxxxxx> - 2.14-4
- Remove usage of deprecated -p0 mount option (#1167684)
- Support utab (#1161601)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.14-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Fri Jun  6 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.14-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1167684 - pam_mount does not mount anything: invalid option -- 'p'
        https://bugzilla.redhat.com/show_bug.cgi?id=1167684
  [ 2 ] Bug #1161601 - selinux breaks pam_mount umounting from gdm
        https://bugzilla.redhat.com/show_bug.cgi?id=1161601
--------------------------------------------------------------------------------


================================================================================
 perl-Fsdb-2.53-1.fc19 (FEDORA-2014-16026)
 A set of commands for manipulating flat-text databases from the shell
--------------------------------------------------------------------------------
Update Information:

update to 2.53
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 26 2014 John Heidemann <johnh@xxxxxxx> 2.53-1
- See http://www.isi.edu/~johnh/SOFTWARE/FSDB/
--------------------------------------------------------------------------------


================================================================================
 phpMyAdmin-4.2.13-1.fc19 (FEDORA-2014-16040)
 Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:

phpMyAdmin 4.2.13.0 (2014-11-30)
================================

  - Query history not being deleted
  - db/table query string parameters no longer work
  - Unseen messages in tracking
  - Tracking report export as SQL dump does not work
  - Syntax error during db_copy operation
  - SELECT permission issues with relations and restricted access
--------------------------------------------------------------------------------
ChangeLog:

* Sun Nov 30 2014 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 4.2.13-1
- Upgrade to 4.2.13
--------------------------------------------------------------------------------


================================================================================
 python-larch-1.20131130-1.fc19 (FEDORA-2014-15982)
 Python B-tree library
--------------------------------------------------------------------------------
Update Information:

* Serious bug fixed: the "KeyError" crash for reference counts. This
  was false memory use optimisation, which triggered a rare bug in
  related code. Repeatable test case by Rob Kendrick, and helpful
  analysis by Itamar Turing-Trauring.

* Serious bug fixed: another "node missing" bug. This crash was
  caused by a bug that overwrote on-disk reference count groups
  with zeroes. Repeatable test case by Rob Kendrick.

* Fixes to fsck from Antoine Brenner.

--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 27 2014 Michel Alexandre Salim <salimma@xxxxxxxxxxxxxxxxx> - 1.20131130-1
- Update to 1.20131130
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1036606 - python-larch-1.20131130 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1036606
--------------------------------------------------------------------------------


================================================================================
 rlwrap-0.42-1.fc19 (FEDORA-2014-16049)
 Wrapper for GNU readline
--------------------------------------------------------------------------------
Update Information:

* Added --mirror-arguments (-U) option
* several bug fixes, see CHANGES
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 27 2014 Michel Alexandre Salim <salimma@xxxxxxxxxxxxxxxxx> - 0.42-1
- Update to 0.42
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1136042 - RFE - Please build an EPEL7 release of rlwrap
        https://bugzilla.redhat.com/show_bug.cgi?id=1136042
  [ 2 ] Bug #1164466 - rlwrap-0.42 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1164466
--------------------------------------------------------------------------------


================================================================================
 sip-redirect-0.2.0-1.fc19 (FEDORA-2014-15981)
 Tiny IPv4 and IPv6 SIP redirect server written in Perl
--------------------------------------------------------------------------------
Update Information:

sip-redirect 0.2.0
==================

  - Changed hard requirement for IPv6 support for perl Socket6 to either perl Socket >= 1.95 or perl Socket6
  - Updated the copy of the GNU GPLv2 to reflect new FSF address
  - Added support for systemd alternatively to classic initscript
  - Ignore spaces around separator characters in configuration file
--------------------------------------------------------------------------------
ChangeLog:

* Sat Nov 29 2014 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 0.2.0-1
- Upgrade to 0.2.0
* Sun Jun  8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.1.2-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sun Aug  4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.1.2-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jul 17 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 0.1.2-9
- Perl 5.18 rebuild
--------------------------------------------------------------------------------


================================================================================
 tracker-0.16.5-1.fc19 (FEDORA-2014-16021)
 Desktop-neutral search tool and indexer
--------------------------------------------------------------------------------
Update Information:

Update to 0.16.5
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 16 2014 David King <amigadave@xxxxxxxxxxxxx> - 0.16.5-1
- Update to 0.16.5
* Thu Oct  2 2014 Debarshi Ray <rishi@xxxxxxxxxxxxxxxxx> - 0.16.4-3
- Fix a couple of tracker-miner-fs crashes (Red Hat #972338)
* Wed Sep 24 2014 David King <amigadave@xxxxxxxxxxxxx> - 0.16.4-2
- Enable FLAC and Vorbis extractors
- Build against newer versions of Thunderbird and Firefox
- Preserve timestamps during install
--------------------------------------------------------------------------------


================================================================================
 unzip-6.0-13.fc19 (FEDORA-2014-16009)
 A utility for unpacking zip files
--------------------------------------------------------------------------------
Update Information:

- Fix unitialized reads, reported in valgrind, see bug #558738.
- Fix fix broken -X option (keep original user) - never worked before- added patch and option -DIZ_HAVE_UXUIDGID for compilation. See bug #1139053.
Fix wrong output data due to memcpy() overlap.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 20 2014 Petr Stodulka <pstodulk@xxxxxxxxxx> - 6.0-13
- Fix unitialized reads (#558738)
- Fix fix broken -X option - never worked before. Added -DIZ_HAVE_UXUIDGID
  option for compilation.
    (#935202)
* Thu Nov  6 2014 Petr Stodulka <pstodulk@xxxxxxxxxx> - 6.0-12
- Fix producing of incorrect output due to memcpy overlapping
  by added option -D NOMEMCPY to compile section.
    (#1161325)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1139053 - The -X option to unzip has never worked on Unix/Linux.
        https://bugzilla.redhat.com/show_bug.cgi?id=1139053
  [ 2 ] Bug #558738 - Valgrind reports uninitialized reads in unzip
        https://bugzilla.redhat.com/show_bug.cgi?id=558738
  [ 3 ] Bug #1161325 - unzip reports crc error and produces incorrect output
        https://bugzilla.redhat.com/show_bug.cgi?id=1161325
--------------------------------------------------------------------------------


================================================================================
 util-linux-2.23.2-6.fc19 (FEDORA-2014-16045)
 A collection of basic system utilities
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2014-9114
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 27 2014 Karel Zak <kzak@xxxxxxxxxx> 2.23.2-6
- fix #1168490 - CVE-2014-9114 util-linux: command injection flaw in blkid
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1168485 - CVE-2014-9114 util-linux: command injection flaw in blkid
        https://bugzilla.redhat.com/show_bug.cgi?id=1168485
--------------------------------------------------------------------------------


================================================================================
 xen-4.2.5-6.fc19 (FEDORA-2014-16017)
 Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:

Excessive checking in compatibility mode hypercall argument translation,
Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor,
fix segfaults and failures in xl migrate --debug
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 27 2014 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.2.5-6
- Excessive checking in compatibility mode hypercall argument translation
	[XSA-111, CVE-2014-8866]
- Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor
	[XSA-112, CVE-2014-8867]
- fix segfaults and failures in xl migrate --debug (#1166461)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1166461 - migrate --debug option can lead to Segmentation fault (core dumped)
        https://bugzilla.redhat.com/show_bug.cgi?id=1166461
--------------------------------------------------------------------------------


================================================================================
 xpa-2.1.15-3.fc19 (FEDORA-2014-15978)
 The X Public Access messaging system
--------------------------------------------------------------------------------
Update Information:

xpa now requires xpa-libs, as it should; fixed wrong tcl version
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 27 2014 Sergio Pascual <sergiopr@xxxxxxxxxxxxxxxxx> - 2.1.15-3
- Fix race condition, tools were built before the shared library
- tcl in f20 is 8.5 (rh bz #1168544)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1168544 - xpa-2.1.15-2 requires unavailable tcl-8.6
        https://bugzilla.redhat.com/show_bug.cgi?id=1168544
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test





[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux