Fedora 19 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 19 Security updates need testing:
 Age  URL
 404  https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19
 216  https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19
 167  https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19
  62  https://admin.fedoraproject.org/updates/FEDORA-2014-12057/krb5-1.11.3-29.fc19
  47  https://admin.fedoraproject.org/updates/FEDORA-2014-13018/deluge-1.3.10-1.fc19
  38  https://admin.fedoraproject.org/updates/FEDORA-2014-13551/wpa_supplicant-2.0-12.fc19
  29  https://admin.fedoraproject.org/updates/FEDORA-2014-14237/claws-mail-plugins-3.11.1-1.fc19,claws-mail-3.11.1-2.fc19,libetpan-1.6-1.fc19
  22  https://admin.fedoraproject.org/updates/FEDORA-2014-14738/gnutls-3.1.20-6.fc19
  19  https://admin.fedoraproject.org/updates/FEDORA-2014-12407/sddm-0.10.0-2.fc19
  18  https://admin.fedoraproject.org/updates/FEDORA-2014-15079/mantis-1.2.17-4.fc19
  18  https://admin.fedoraproject.org/updates/FEDORA-2014-14874/arm-none-eabi-binutils-cs-2014.05.28-3.fc19
  18  https://admin.fedoraproject.org/updates/FEDORA-2014-14838/avr-binutils-2.24-3.fc19
  15  https://admin.fedoraproject.org/updates/FEDORA-2014-15248/kde-runtime-4.11.5-3.fc19
  14  https://admin.fedoraproject.org/updates/FEDORA-2014-15378/rubygem-actionpack-3.2.13-7.fc19
  14  https://admin.fedoraproject.org/updates/FEDORA-2014-15390/nodejs-0.10.33-1.fc19,libuv-0.10.29-1.fc19
  13  https://admin.fedoraproject.org/updates/FEDORA-2014-15466/rubygem-sprockets-2.8.2-4.fc19
   8  https://admin.fedoraproject.org/updates/FEDORA-2014-15717/kernel-3.14.25-100.fc19
   8  https://admin.fedoraproject.org/updates/FEDORA-2014-15740/facter-1.6.18-8.fc19
   8  https://admin.fedoraproject.org/updates/FEDORA-2014-15730/asterisk-11.14.1-1.fc19
   8  https://admin.fedoraproject.org/updates/FEDORA-2014-15743/curl-7.29.0-26.fc19
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-15838/libksba-1.3.2-1.fc19
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-15811/graphviz-2.30.1-13.fc19
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-15833/hivex-1.3.8-2.fc19
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-15848/docker-io-1.3.2-2.fc19
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-16017/xen-4.2.5-6.fc19
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-15990/mariadb-5.5.40-1.fc19
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-15999/libreoffice-4.1.6.2-10.fc19
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-16020/mediawiki-1.23.7-1.fc19
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-16045/util-linux-2.23.2-6.fc19
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-16130/libyaml-0.1.6-2.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16272/flac-1.3.1-1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16251/mingw-flac-1.3.1-1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16227/dbus-1.6.28-1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16224/pcre-8.32-12.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16257/antiword-0.37-17.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16234/pkcs11-helper-1.11-3.fc19,openvpn-2.3.6-1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16203/kde-plasma-networkmanagement-0.9.0.11-2.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16210/perl-YAML-LibYAML-0.54-1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16242/firefox-34.0-1.fc19,thunderbird-31.3.0-1.fc19


The following Fedora 19 Critical Path updates have yet to be approved:
 Age URL
 352  https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19
 278  https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19
  11  https://admin.fedoraproject.org/updates/FEDORA-2014-15506/ca-certificates-2014.2.1-1.5.fc19
   8  https://admin.fedoraproject.org/updates/FEDORA-2014-15743/curl-7.29.0-26.fc19
   8  https://admin.fedoraproject.org/updates/FEDORA-2014-15717/kernel-3.14.25-100.fc19
   8  https://admin.fedoraproject.org/updates/FEDORA-2014-15732/cups-1.6.4-12.fc19
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-15832/lvm2-2.02.98-16.fc19
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-16021/tracker-0.16.5-1.fc19
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-16009/unzip-6.0-13.fc19
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-16045/util-linux-2.23.2-6.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16276/selinux-policy-3.12.1-74.30.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16213/crda-1.1.3_2014.11.18-1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16224/pcre-8.32-12.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16227/dbus-1.6.28-1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16242/firefox-34.0-1.fc19,thunderbird-31.3.0-1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16272/flac-1.3.1-1.fc19


The following builds have been pushed to Fedora 19 updates-testing

    antiword-0.37-17.fc19
    bionetgen-2.2.5-2.fc19
    crda-1.1.3_2014.11.18-1.fc19
    dbus-1.6.28-1.fc19
    easystroke-0.6.0-6.fc19
    firefox-34.0-1.fc19
    flac-1.3.1-1.fc19
    java-1.7.0-openjdk-1.7.0.71-2.5.3.1.fc19
    kde-plasma-networkmanagement-0.9.0.11-2.fc19
    lis-1.5.31-1.fc19
    mingw-flac-1.3.1-1.fc19
    nodejs-grunt-saucelabs-8.3.3-1.fc19
    nodejs-nsp-audit-shrinkwrap-1.0.1-1.fc19
    obnam-1.8-1.fc19
    openscap-1.2.0-1.fc19
    openvpn-2.3.6-1.fc19
    pcre-8.32-12.fc19
    perl-Want-0.24-1.fc19
    perl-YAML-LibYAML-0.54-1.fc19
    pkcs11-helper-1.11-3.fc19
    pybliographer-1.2.17-1.fc19
    pyhoca-gui-0.5.0.3-1.fc19
    python-bloom-0.5.14-1.fc19
    python-cliapp-1.20140719-1.fc19
    python-pygraphviz-1.3-2.rc2.fc19
    python-rosdep-0.10.33-1.fc19
    python-rosdistro-0.3.7-1.fc19
    python-x2go-0.5.0.2-1.fc19
    rubygem-openscap-0.4.0-1.fc19
    selinux-policy-3.12.1-74.30.fc19
    statsd-0.7.2-3.fc19
    surfraw-2.2.9-3.fc19
    thunderbird-31.3.0-1.fc19
    varnish-3.0.6-1.fc19
    xpdf-3.04-6.fc19

Details about builds:


================================================================================
 antiword-0.37-17.fc19 (FEDORA-2014-16257)
 MS Word to ASCII/Postscript converter
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2014-8123
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  2 2014 Adrian Reber <adrian@xxxxxxxx> - 0.37-17
- added patch for "CVE-2014-8123 antiword: buffer overflow of atPPSlist[].szName[]" (#1169665)
- fixed dates in changelog
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.37-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.37-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Aug  3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.37-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1169665 - CVE-2014-8123 antiword: buffer overflow of atPPSlist[].szName[]
        https://bugzilla.redhat.com/show_bug.cgi?id=1169665
--------------------------------------------------------------------------------


================================================================================
 bionetgen-2.2.5-2.fc19 (FEDORA-2014-16237)
 Software for rule-based modeling of biochemical systems
--------------------------------------------------------------------------------
Update Information:

New package.
--------------------------------------------------------------------------------


================================================================================
 crda-1.1.3_2014.11.18-1.fc19 (FEDORA-2014-16213)
 Regulatory compliance daemon for 802.11 wireless networking
--------------------------------------------------------------------------------
Update Information:

Update wireless-regdb to version 2014.11.18
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 25 2014 John W. Linville <linville@xxxxxxxxxx> - 1.1.3_2014.11.18-1
- Update wireless-regdb to version 2014.11.18
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1169973 - Update wireless-regdb from 2014-11-18
        https://bugzilla.redhat.com/show_bug.cgi?id=1169973
  [ 2 ] Bug #1056162 - Wireless: the lack of regulatory entries makes AD country unable to use some wifi drivers
        https://bugzilla.redhat.com/show_bug.cgi?id=1056162
--------------------------------------------------------------------------------


================================================================================
 dbus-1.6.28-1.fc19 (FEDORA-2014-16227)
 D-BUS message bus
--------------------------------------------------------------------------------
Update Information:

Update to 1.6.28
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 27 2014 David King <amigadave@xxxxxxxxxxxxx> - 1:1.6.28-1
- Update to 1.6.28
- Fixes CVE-2014-3635 (fd.o#83622)
- Fixes CVE-2014-3636 (fd.o#82820)
- Fixes CVE-2014-3637 (fd.o#80559)
- Fixes CVE-2014-3638 (fd.o#81053)
- Fixes CVE-2014-3639 (fd.o#80919)
- Fixes CVE-2014-7824 (fd.o#85105)
- Fixes CVE-2014-3477 (fd.o#78979)
- Fixes CVE-2014-3532 (fd.o#80163)
- Fixes CVE-2014-3533 (fd.o#80469)
- Resolves #1115636
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1140523 - CVE-2014-3635 dbus: heap-based buffer overflow flaw in file descriptor passing
        https://bugzilla.redhat.com/show_bug.cgi?id=1140523
  [ 2 ] Bug #1140525 - CVE-2014-3636 dbus: denial of service by queuing or splitting file descriptors
        https://bugzilla.redhat.com/show_bug.cgi?id=1140525
  [ 3 ] Bug #1140527 - CVE-2014-3637 dbus: denial of service by creating unkillable D-Bus connections
        https://bugzilla.redhat.com/show_bug.cgi?id=1140527
  [ 4 ] Bug #1140529 - CVE-2014-3638 dbus: denial of service in method call handling
        https://bugzilla.redhat.com/show_bug.cgi?id=1140529
  [ 5 ] Bug #1140532 - CVE-2014-3639 dbus: denial of service flaw in incomplete connection handling
        https://bugzilla.redhat.com/show_bug.cgi?id=1140532
  [ 6 ] Bug #1114414 - CVE-2014-3532 dbus: denial of service in file descriptor passing feature
        https://bugzilla.redhat.com/show_bug.cgi?id=1114414
  [ 7 ] Bug #1114416 - CVE-2014-3533 dbus: denial of service when forwarding invalid file descriptors
        https://bugzilla.redhat.com/show_bug.cgi?id=1114416
--------------------------------------------------------------------------------


================================================================================
 easystroke-0.6.0-6.fc19 (FEDORA-2014-16221)
 Gesture-recognition application for X11
--------------------------------------------------------------------------------
Update Information:

fix black squares issue on gnome 3
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  2 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 0.6.0-6
- fix black squares issue on gnome 3 (bz1084308)
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.6.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.6.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri May 23 2014 Petr Machata <pmachata@xxxxxxxxxx> - 0.6.0-3
- Rebuild for boost 1.55.0
* Fri May 23 2014 David Tardon <dtardon@xxxxxxxxxx> - 0.6.0-2
- rebuild for boost 1.55.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1084308 - Black squares rendered around gestures
        https://bugzilla.redhat.com/show_bug.cgi?id=1084308
--------------------------------------------------------------------------------


================================================================================
 firefox-34.0-1.fc19 (FEDORA-2014-16242)
 Mozilla Firefox Web browser
--------------------------------------------------------------------------------
Update Information:

New Firefox release - 34.0.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec  1 2014 Martin Stransky <stransky@xxxxxxxxxx> - 34.0-1
- Update to 34.0 build 2
--------------------------------------------------------------------------------


================================================================================
 flac-1.3.1-1.fc19 (FEDORA-2014-16272)
 An encoder/decoder for the Free Lossless Audio Codec
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2014-9028, CVE-2014-8962
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 27 2014 Miroslav Lichvar <mlichvar@xxxxxxxxxx> 1.3.1-1
- update to 1.3.1 (CVE-2014-8962, CVE-2014-9028)
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Aug  3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1167236 - CVE-2014-8962 flac: Heap buffer read overflow when processing ID3V2 metadata
        https://bugzilla.redhat.com/show_bug.cgi?id=1167236
  [ 2 ] Bug #1167741 - CVE-2014-9028 flac: Heap buffer write overflow in read_residual_partitioned_rice_
        https://bugzilla.redhat.com/show_bug.cgi?id=1167741
--------------------------------------------------------------------------------


================================================================================
 java-1.7.0-openjdk-1.7.0.71-2.5.3.1.fc19 (FEDORA-2014-16228)
 OpenJDK Runtime Environment
--------------------------------------------------------------------------------
Update Information:

packages made relocatable  (RH11690970)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec  1 2014 Jiri Vanek <jvanek@xxxxxxxxxx> - 1:1.7.0.71-2.5.3.1
- removed source14 remove-origin-from-rpaths (11690970)
- removed build requirement for chrpath
--------------------------------------------------------------------------------


================================================================================
 kde-plasma-networkmanagement-0.9.0.11-2.fc19 (FEDORA-2014-16203)
 NetworkManager KDE 4 integration
--------------------------------------------------------------------------------
Update Information:

Add option for server certificate verification.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  3 2014 Jan Grulich <jgrulich@xxxxxxxxxx> 0.9.0.11-2
- add option for server certificate verification
  Resolves: 1169887
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1169886 - kde-plasma-networkmanagement, kde-plasma-nm: creates OpenVPN connections vulnerable to MITM attack
        https://bugzilla.redhat.com/show_bug.cgi?id=1169886
--------------------------------------------------------------------------------


================================================================================
 lis-1.5.31-1.fc19 (FEDORA-2014-16202)
 A library for solving linear equations and eigenvalue problems
--------------------------------------------------------------------------------
Update Information:

Update to 1.5.31
Update to 1.5.24
Update to 1.5.22
Update to 1.5.13
Update to 1.5.11
Update to 1.5.4
Update to 1.5.2
Update to 1.4.67
Update to 1.4.64
Update to 1.4.63
Update to 1.4.62
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  3 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.5.31-1
- Update to 1.5.31
* Thu Nov 27 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.5.24-1
- Update to 1.5.24
* Wed Nov 26 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.5.23-1
- Update to 1.5.23
* Tue Nov 25 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.5.22-1
- Update to 1.5.22
* Fri Nov 21 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.5.19-1
- Update to 1.5.19
* Fri Nov 21 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.5.18-1
- Update to 1.5.18
* Sat Nov 15 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.5.13-1
- Update to 1.5.13
* Wed Nov 12 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.5.11-1
- Update to 1.5.11
* Tue Nov  4 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.5.4-1
- Update to 1.5.4
* Sat Nov  1 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.5.2-1
- Update to 1.5.2
* Tue Oct 28 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.4.67-1
- Update to 1.4.67
* Mon Oct 27 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.4.66-1
- Update to 1.4.66
* Tue Oct 21 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.4.64-1
- Update to 1.4.64
* Mon Oct 20 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.4.63-1
- Update to 1.4.63
* Sat Oct 18 2014 Florian Lehner <dev@xxxxxxxxxxx> - 1.4.62-1
- Update to 1.4.62
--------------------------------------------------------------------------------


================================================================================
 mingw-flac-1.3.1-1.fc19 (FEDORA-2014-16251)
 Encoder/decoder for the Free Lossless Audio Codec
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2014-9028, CVE-2014-8962
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 27 2014 David King <amigadave@xxxxxxxxxxxxx> - 1.3.1-1
- Update to 1.3.1 (#1168768)
- Fixes CVE-2014-8962 and CVE-2014-9028
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sun Feb 16 2014 František Dvořák <valtri@xxxxxxxxxx> - 1.3.0-2
- Added tools subpackage
- Comment licensing breakdown
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1167236 - CVE-2014-8962 flac: Heap buffer read overflow when processing ID3V2 metadata
        https://bugzilla.redhat.com/show_bug.cgi?id=1167236
  [ 2 ] Bug #1167741 - CVE-2014-9028 flac: Heap buffer write overflow in read_residual_partitioned_rice_
        https://bugzilla.redhat.com/show_bug.cgi?id=1167741
--------------------------------------------------------------------------------


================================================================================
 nodejs-grunt-saucelabs-8.3.3-1.fc19 (FEDORA-2014-16207)
 Grunt task running tests using Sauce Labs
--------------------------------------------------------------------------------
Update Information:

Initial packaging
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1115679 - Review Request: nodejs-grunt-saucelabs - Grunt task running tests using Sauce Labs
        https://bugzilla.redhat.com/show_bug.cgi?id=1115679
--------------------------------------------------------------------------------


================================================================================
 nodejs-nsp-audit-shrinkwrap-1.0.1-1.fc19 (FEDORA-2014-16269)
 Audits a shrinkwrap file against the NSP module vulnerability database
--------------------------------------------------------------------------------
Update Information:

update to 1.0.1
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  3 2014 Parag Nemade <pnemade AT redhat DOT com> - 1.0.1-1
- update to 1.0.1
--------------------------------------------------------------------------------


================================================================================
 obnam-1.8-1.fc19 (FEDORA-2014-16246)
 An easy, secure backup program
--------------------------------------------------------------------------------
Update Information:

Many enhancements and bug fixes; see NEWS file
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  2 2014 Michel Alexandre Salim <salimma@xxxxxxxxxxxxxxxxx> - 1.8-1
- Update to 1.8
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1100691 - obnam-1.8 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1100691
--------------------------------------------------------------------------------


================================================================================
 openscap-1.2.0-1.fc19 (FEDORA-2014-16275)
 Set of open source libraries enabling integration of the SCAP line of standards
--------------------------------------------------------------------------------
Update Information:

New OpenSCAP release.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  2 2014 Šimon Lukašík <slukasik@xxxxxxxxxx> - 1.2.0-1
- upgrade to the latest upstream release
--------------------------------------------------------------------------------


================================================================================
 openvpn-2.3.6-1.fc19 (FEDORA-2014-16234)
 A full-featured SSL VPN solution
--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2014-8104.

https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec  1 2014 Jon Ciesla <limburgher@xxxxxxxxx> 2.3.6-1
- 2.3.6, CVE-2014-8104.
* Fri Nov 21 2014 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 2.3.5-2
- Rework package doc handling (RHBZ #1165004).
* Tue Oct 28 2014 Jon Ciesla <limburgher@xxxxxxxxx> 2.3.5-1
- 2.3.5.
* Tue Aug 26 2014 Jan Vcelak <jvcelak@xxxxxxxxxxxxxxxxx> 2.3.4-4
* Fri Nov 21 2014 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 2.3.2-7
- Rework package doc handling (RHBZ #1165004).
* Tue Aug 26 2014 Jan Vcelak <jvcelak@xxxxxxxxxxxxxxxxx> 2.3.2-6
- Enable systemd support.
* Sun Jan 19 2014 Ville Skyttä <ville.skytta@xxxxxx> - 2.3.2-5
- Don't order service after syslog.target.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1169487 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1169487
  [ 2 ] Bug #1169488 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1169488
--------------------------------------------------------------------------------


================================================================================
 pcre-8.32-12.fc19 (FEDORA-2014-16224)
 Perl-compatible regular expression library
--------------------------------------------------------------------------------
Update Information:

This release fixes CVE-2014-8964 (an unused memory usage on zero-repeat assertion condition)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  2 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 8.32-12
- Fix CVE-2014-8964 (unused memory usage on zero-repeat assertion condition)
  (bug #1165626)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1166147 - CVE-2014-8964 pcre: incorrect handling of zero-repeat assertion conditions
        https://bugzilla.redhat.com/show_bug.cgi?id=1166147
--------------------------------------------------------------------------------


================================================================================
 perl-Want-0.24-1.fc19 (FEDORA-2014-16263)
 Perl module implementing a generalisation of wantarray
--------------------------------------------------------------------------------
Update Information:

 
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  3 2014 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 0.24-1
- Upstream update.
- Switch to using DESTDIR and pure_install.
--------------------------------------------------------------------------------


================================================================================
 perl-YAML-LibYAML-0.54-1.fc19 (FEDORA-2014-16210)
 Perl YAML Serialization using XS and libyaml
--------------------------------------------------------------------------------
Update Information:

An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Nov 30 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 0.54-1
- Update to 0.54
  - Fix for an edge case in scanner that results in an assert() failing
    (https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure)
    (CVE-2014-9130)
- Drop upstreamed patches for CVE-2013-6393 and CVE-2014-2525
* Tue Nov 18 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.52-3
- Update BRs (bz#1165198)
* Wed Aug 27 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.52-2
- Perl 5.20 rebuild
* Sun Aug 24 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 0.52-1
- Update to 0.52
  - Fix e1 test failure on 5.21.4
* Mon Aug 18 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 0.51-1
- Update to 0.51 (various minor tidy-ups, no functional changes)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.47-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Aug  9 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 0.47-1
- Update to 0.47:
  - Fix swim errors
- Include upstream license file
* Wed Aug  6 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.46-1
- 0.46 bump
* Tue Aug  5 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.45-1
- 0.45 bump
* Mon Jul 14 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.44-1
- 0.44 bump
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.41-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1169369 - CVE-2014-9130 libyaml: assert failure when processing wrapped strings
        https://bugzilla.redhat.com/show_bug.cgi?id=1169369
--------------------------------------------------------------------------------


================================================================================
 pkcs11-helper-1.11-3.fc19 (FEDORA-2014-16234)
 A library for using PKCS#11 providers
--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2014-8104.

https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
--------------------------------------------------------------------------------
ChangeLog:

* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.11-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri Apr 11 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 1.11-1
- Latest upstream, required for openvpn 2.3.3.
* Sun Aug  4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1169487 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1169487
  [ 2 ] Bug #1169488 - CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1169488
--------------------------------------------------------------------------------


================================================================================
 pybliographer-1.2.17-1.fc19 (FEDORA-2014-16222)
 Framework for working with bibliographic databases
--------------------------------------------------------------------------------
Update Information:

This update fixes bugs and installs appdata file.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  2 2014 Zoltan Kota <zoltank at gmail.com> - 1.2.17-1
- update to 1.2.17
--------------------------------------------------------------------------------


================================================================================
 pyhoca-gui-0.5.0.3-1.fc19 (FEDORA-2014-16261)
 Graphical X2Go client written in (wx)Python
--------------------------------------------------------------------------------
Update Information:

python-x2go-0.5.0.2:

- Fix X2Go Desktop Sharing feature
- Provide more stability if connections fail during session startup/resumption

pyhoca-gui-0.5.0.3:

- Finnish translation update / fix
- Danish translation update
- Point to our new mailing list server where the old one (BerliOS) was still referenced.


--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec  1 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 0.5.0.3-1
- Update to 0.5.0.3
--------------------------------------------------------------------------------


================================================================================
 python-bloom-0.5.14-1.fc19 (FEDORA-2014-16277)
 Bloom is a release automation tool
--------------------------------------------------------------------------------
Update Information:

Update to latest upstream versions and add python3 packages for rosdistro and catkin_lint
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 28 2014 Scott K Logan <logans@xxxxxxxxxxx> - 0.5.14-1
- Update to 0.5.14
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1160290 - python-catkin_lint-1.3.8 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1160290
  [ 2 ] Bug #1167730 - python-bloom-0.5.14 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1167730
  [ 3 ] Bug #1155143 - python-rosdistro-0.3.7 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1155143
--------------------------------------------------------------------------------


================================================================================
 python-cliapp-1.20140719-1.fc19 (FEDORA-2014-16256)
 Python framework for Unix command line programs
--------------------------------------------------------------------------------
Update Information:

Version 1.20140719

* The way logging is set up has been split into smaller methods, to allow overriding better.
* Plugins no longer need to define a `disable` method: the default implementation is now a no-op.

Bug fixes:

* When getting help for a subcommand, cliapp would crash saying
  `get_help_text_formatter` couldn't be found. This has been fixed.

Version 1.20140315
------------------

* `cliapp` now logs the current working directory, uid, effective uid, gid, and effective gid at startup.
* `cliapp` (`Settings.load_configs`) now reports an unknown
  variable in a configuration file with a nice error message, rather than a stack trace.
* Allow overriding how the full help text for a subcommand is to be formatted.
* The `cliapp.Settings.require` method now accepts many setting names, and check for all of them.

--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  2 2014 Michel Alexandre Salim <salimma@xxxxxxxxxxxxxxxxx> - 1.20140719-1
- Update to 1.20140719
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1077600 - python-cliapp-1.20140719 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1077600
--------------------------------------------------------------------------------


================================================================================
 python-pygraphviz-1.3-2.rc2.fc19 (FEDORA-2014-16212)
 Create and Manipulate Graphs and Networks
--------------------------------------------------------------------------------
Update Information:

New package.
--------------------------------------------------------------------------------


================================================================================
 python-rosdep-0.10.33-1.fc19 (FEDORA-2014-16277)
 ROS System Dependency Installer
--------------------------------------------------------------------------------
Update Information:

Update to latest upstream versions and add python3 packages for rosdistro and catkin_lint
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 24 2014 Scott K Logan <logans@xxxxxxxxxxx> - 0.10.33-1
- Update to release 0.10.33
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1160290 - python-catkin_lint-1.3.8 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1160290
  [ 2 ] Bug #1167730 - python-bloom-0.5.14 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1167730
  [ 3 ] Bug #1155143 - python-rosdistro-0.3.7 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1155143
--------------------------------------------------------------------------------


================================================================================
 python-rosdistro-0.3.7-1.fc19 (FEDORA-2014-16277)
 File format for managing ROS Distributions
--------------------------------------------------------------------------------
Update Information:

Update to latest upstream versions and add python3 packages for rosdistro and catkin_lint
--------------------------------------------------------------------------------
ChangeLog:

* Sat Oct 25 2014 Scott K Logan <logans@xxxxxxxxxxx> - 0.3.7-1
- Update to release 0.3.7
- Remove argparse patch (fixed upstream)
- Fix sphinx dependency in el6
- Add check section
- Add python3 package
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1160290 - python-catkin_lint-1.3.8 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1160290
  [ 2 ] Bug #1167730 - python-bloom-0.5.14 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1167730
  [ 3 ] Bug #1155143 - python-rosdistro-0.3.7 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1155143
--------------------------------------------------------------------------------


================================================================================
 python-x2go-0.5.0.2-1.fc19 (FEDORA-2014-16261)
 Python module providing X2Go client API
--------------------------------------------------------------------------------
Update Information:

python-x2go-0.5.0.2:

- Fix X2Go Desktop Sharing feature
- Provide more stability if connections fail during session startup/resumption

pyhoca-gui-0.5.0.3:

- Finnish translation update / fix
- Danish translation update
- Point to our new mailing list server where the old one (BerliOS) was still referenced.


--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 27 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 0.5.0.2-1
- Update to 0.5.0.2
--------------------------------------------------------------------------------


================================================================================
 rubygem-openscap-0.4.0-1.fc19 (FEDORA-2014-16275)
 A FFI wrapper around the OpenSCAP library
--------------------------------------------------------------------------------
Update Information:

New OpenSCAP release.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  2 2014 Šimon Lukašík <slukasik@xxxxxxxxxx> - 0.4.0-1
- upgrade to the new upstream version
* Thu Oct 23 2014 Šimon Lukašík <slukasik@xxxxxxxxxx> - 0.3.0-1
- upgrade to the new upstream version
--------------------------------------------------------------------------------


================================================================================
 selinux-policy-3.12.1-74.30.fc19 (FEDORA-2014-16276)
 SELinux policy configuration
--------------------------------------------------------------------------------
Update Information:

More info: http://koji.fedoraproject.org/koji/buildinfo?buildID=596542
More info: http://koji.fedoraproject.org/koji/buildinfo?buildID=552380
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  2 2014 Lukas Vrabec <lvrabec@xxxxxxxxxx> 3.12.1-74.30
- Allow systemd_tmpfiles_t to manage/relabel non auth files. BZ #(1139336)
- Fix labeling for HOME_DIR/tmp and HOME_DIR/.tmp directories.
- Label ~/tmp and ~/.tmp directories in user tmp dirs as user_tmp_t
- Allow boinc_t manage boinc_project_tmp_t files and dirs (#1135687)
- Allow apache to communicate with zoneminder, dontaudit attempts to read utmp
- Allow smoltclient to connect on http_cache port. (#982199)
- Allow mozilla_plugin_t to setcap (#981796)
* Tue Aug 12 2014 Lukas Vrabec <lvrabec@xxxxxxxxxx> 3.12.1-74.29
- Allow sensord to send a signal.
- Allow smokeping cgi script to send syslog messages (#1122163)
- docker needs setfcap
* Thu Jun 19 2014 Lukas Vrabec <lvrabec@xxxxxxxxxx> 3.12.1-74.28
- Added docker policy
- Allow chrome_sandbox to execute config_home_t
- apcupsd will send a wall message to all terminals telling the system is about to go down
- If you use ldap you should be able to read certs
* Wed May 14 2014 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.12.1-74.27
- Add missing dyntransition for sandbox_x_domain
* Fri May  9 2014 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.12.1-74.26
- Update sandbox_transition() to call sandbox_dyntrasition().
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #965714 - Zoneminder will not start with Selinux in Enforcing Mode
        https://bugzilla.redhat.com/show_bug.cgi?id=965714
  [ 2 ] Bug #981796 - SELinux is preventing /usr/bin/pulseaudio from using the 'setcap' accesses on a process.
        https://bugzilla.redhat.com/show_bug.cgi?id=981796
  [ 3 ] Bug #982199 - SELinux is preventing /usr/bin/python2.7 from 'name_connect' accesses on the tcp_socket .
        https://bugzilla.redhat.com/show_bug.cgi?id=982199
  [ 4 ] Bug #1023937 - SELinux is preventing /usr/libexec/cups-pk-helper-mechanism from 'read' accesses on the file tmpQ1BRQ4.
        https://bugzilla.redhat.com/show_bug.cgi?id=1023937
  [ 5 ] Bug #1135687 - SELinux is preventing /usr/bin/rm from 'rmdir' accesses on the directory .vbox-boinc-ipc.
        https://bugzilla.redhat.com/show_bug.cgi?id=1135687
  [ 6 ] Bug #1139336 - SELinux is preventing /usr/bin/systemd-tmpfiles from 'setattr' accesses on the directory mctsct1z.default.
        https://bugzilla.redhat.com/show_bug.cgi?id=1139336
  [ 7 ] Bug #1141967 - Receive the error Multiple different specifications for /var/opt/quest/vas/vasd(/.*)? when trying to develop an SELinux module for Dell Software's vasd.
        https://bugzilla.redhat.com/show_bug.cgi?id=1141967
  [ 8 ] Bug #1089660 - Dovecot cannot access slapd_cert
        https://bugzilla.redhat.com/show_bug.cgi?id=1089660
  [ 9 ] Bug #1109498 - SELinux is preventing /usr/bin/wall from 'open' accesses on the chr_file /dev/pts/0.
        https://bugzilla.redhat.com/show_bug.cgi?id=1109498
  [ 10 ] Bug #1122163 - SELinux is preventing /usr/bin/perl from 'getattr' accesses on the sock_file /dev/log.
        https://bugzilla.redhat.com/show_bug.cgi?id=1122163
  [ 11 ] Bug #1123111 - SELinux is preventing /usr/sbin/sensord from using the 'signal' accesses on a process.
        https://bugzilla.redhat.com/show_bug.cgi?id=1123111
  [ 12 ] Bug #1079636 - Enforcing selinux-policy-targeted prevents named-chroot.service from functioning
        https://bugzilla.redhat.com/show_bug.cgi?id=1079636
--------------------------------------------------------------------------------


================================================================================
 statsd-0.7.2-3.fc19 (FEDORA-2014-16223)
 A simple, lightweight network daemon to collect metrics over UDP
--------------------------------------------------------------------------------
Update Information:

fix end of line encodings
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1164496 - Review Request: statsd - A simple, lightweight network daemon to collect metrics over UDP
        https://bugzilla.redhat.com/show_bug.cgi?id=1164496
--------------------------------------------------------------------------------


================================================================================
 surfraw-2.2.9-3.fc19 (FEDORA-2014-16254)
 Shell Users Revolutionary Front Rage Against the Web
--------------------------------------------------------------------------------
Update Information:

Remove dependency on screen (rhbz#1159215).
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  2 2014 Thomas Moschny <thomas.moschny@xxxxxx> - 2.2.9-3
- Remove dependency on screen (rhbz#1159215).
* Sun Jun  8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.2.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1159215 - Surfraw unecessarily depends on screen
        https://bugzilla.redhat.com/show_bug.cgi?id=1159215
--------------------------------------------------------------------------------


================================================================================
 thunderbird-31.3.0-1.fc19 (FEDORA-2014-16242)
 Mozilla Thunderbird mail/newsgroup client
--------------------------------------------------------------------------------
Update Information:

New Firefox release - 34.0.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec  1 2014 Jan Horak <jhorak@xxxxxxxxxx> - 31.3.0-1
- Update to 31.3.0
--------------------------------------------------------------------------------


================================================================================
 varnish-3.0.6-1.fc19 (FEDORA-2014-16244)
 High-performance HTTP accelerator
--------------------------------------------------------------------------------
Update Information:

New upstream release. A bugfix release.

>From the upstream release notes:

Varnish 3.0.6 has just been released. It corrects a series of bugs fixed over the last 11 months, including three robustness bugs that may, in odd cases, lead to Varnish restarting.

We recommend that users that can't upgrade to 4.0 at this point, upgrade to 3.0.6.

This is the last planned release in the 3.0 series. Please note that per our release schedule we support the
old stable version one year after the next version is released. Varnish 4.0.0 was released in April 2014.

--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  2 2014 Ingvar Hagelund <ingvar@xxxxxxxxxxxxxxxxxx> 3.0.6-1
- New upstream release
- Added python to BuildRequires - it's needed for mock builds on f19
--------------------------------------------------------------------------------


================================================================================
 xpdf-3.04-6.fc19 (FEDORA-2014-16232)
 A PDF file viewer for the X Window System
--------------------------------------------------------------------------------
Update Information:

fix proper display of international strings in the title
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  2 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1:3.04-6
- fix proper display of international strings in the title (bz 1169301)
* Fri Sep 12 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1:3.04-5
- fix .desktop file
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1:3.04-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun  8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1:3.04-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1169301 - xpdf does not show non-ASCII paths correctly
        https://bugzilla.redhat.com/show_bug.cgi?id=1169301
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test





[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux