Fedora 20 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 20 Security updates need testing:
 Age  URL
  77  https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20
  30  https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionpack-4.0.0-5.fc20
  28  https://admin.fedoraproject.org/updates/FEDORA-2014-15489/rubygem-sprockets-2.8.2-5.fc20
  15  https://admin.fedoraproject.org/updates/FEDORA-2014-16250/cpio-2.11-28.fc20
  13  https://admin.fedoraproject.org/updates/FEDORA-2014-16357/pyxdg-0.25-5.fc20
  12  https://admin.fedoraproject.org/updates/FEDORA-2014-16459/gpgme-1.3.2-5.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-16572/links-2.8-4.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-16626/qemu-1.6.2-12.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-16494/mutt-1.5.23-4.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-16667/sagemath-6.1.1-6.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.2-1.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-16869/docker-io-1.4.0-1.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-16854/freetype-2.5.0-7.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-16932/libhtp-0.5.6-2.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-16838/rpm-4.11.3-2.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-16964/mpfr-3.1.2-5.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-17067/denyhosts-2.6-29.fc20.1
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-17089/orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-17107/ettercap-0.8.1-2.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-16530/nss-util-3.17.3-1.fc20,nss-3.17.3-2.fc20,nss-softokn-3.17.3-1.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-17153/httpd-2.4.10-2.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-17219/seamonkey-2.31-1.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-17222/subversion-1.8.11-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16349/jasper-1.900.1-27.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-17245/mailx-12.5-11.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-17228/mediawiki-1.23.8-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-17229/php-5.5.20-2.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-17272/ca-certificates-2014.2.2-1.0.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-17274/mingw-jasper-1.900.1-25.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-17283/kernel-3.17.7-200.fc20


The following Fedora 20 Critical Path updates have yet to be approved:
 Age URL
  13  https://admin.fedoraproject.org/updates/FEDORA-2014-16357/pyxdg-0.25-5.fc20
  12  https://admin.fedoraproject.org/updates/FEDORA-2014-16459/gpgme-1.3.2-5.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-16810/ppp-2.4.5-35.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-16964/mpfr-3.1.2-5.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-16530/nss-util-3.17.3-1.fc20,nss-3.17.3-2.fc20,nss-softokn-3.17.3-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-17263/dbus-1.6.28-3.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-17287/btrfs-progs-3.17.3-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-17231/hwdata-0.273-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-17272/ca-certificates-2014.2.2-1.0.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16705/ibus-1.5.9-8.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-16349/jasper-1.900.1-27.fc20


The following builds have been pushed to Fedora 20 updates-testing

    babel-1.3-7.fc20
    btrfs-progs-3.17.3-1.fc20
    ca-certificates-2014.2.2-1.0.fc20
    dbus-1.6.28-3.fc20
    deluge-1.3.11-1.fc20
    devilspie2-0.38-2.fc20
    digikam-4.6.0-1.fc20
    eigen3-3.2.3-1.fc20
    fedmsg-notify-0.5.5-1.fc20
    gnome-contacts-3.10.2-1.fc20
    google-roboto-fonts-1.2-6.fc20
    hwdata-0.273-1.fc20
    ibus-1.5.9-8.fc20
    jasper-1.900.1-27.fc20
    kernel-3.17.7-200.fc20
    kubernetes-0.7.0-18.0.git52e165a.fc20
    mailx-12.5-11.fc20
    mate-themes-extras-3.10.4-1.fc20
    mediawiki-1.23.8-1.fc20
    mingw-eigen3-3.2.3-1.fc20
    mingw-jasper-1.900.1-25.fc20
    mkvtoolnix-7.4.0-1.fc20
    php-5.5.20-2.fc20
    python-mutagen-1.27-1.fc20
    python-nmap-0.3.4-2.fc20
    python-sphinxcontrib-napoleon-0.2.8-2.fc20
    zint-2.4.3-9.fc20

Details about builds:


================================================================================
 babel-1.3-7.fc20 (FEDORA-2014-17261)
 Tools for internationalizing Python applications
--------------------------------------------------------------------------------
Update Information:

* removes the version portion of the egg dependency on pytz as that breaks with newer setuptools.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 17 2014 Toshio Kuratomi <toshio@xxxxxxxxxxxxxxxxx> - 1.3-7
- Remove pytz version requirement in egginfo as it confuses newer setuptools
* Mon Jun 30 2014 Toshio Kuratomi <toshio@xxxxxxxxxxxxxxxxx> - 1.3-6
- Change python-setuptools-devel BR into python-setuptools
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 28 2014 Kalev Lember <kalevlember@xxxxxxxxx> - 1.3-4
- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4
--------------------------------------------------------------------------------


================================================================================
 btrfs-progs-3.17.3-1.fc20 (FEDORA-2014-17287)
 Userspace programs for btrfs
--------------------------------------------------------------------------------
Update Information:

New upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec  5 2014 Eric Sandeen <sandeen@xxxxxxxxxx> 3.17.3-1
- New upstream release
* Fri Nov 21 2014 Eric Sandeen <sandeen@xxxxxxxxxx> 3.17.2-1
- New upstream release
--------------------------------------------------------------------------------


================================================================================
 ca-certificates-2014.2.2-1.0.fc20 (FEDORA-2014-17272)
 The Mozilla CA root certificate bundle
--------------------------------------------------------------------------------
Update Information:

This is an update to the set of CA certificates released with NSS version 3.17.3

However, the package modifies the CA list to keep several legacy CAs still trusted for compatibility reasons. Please refer to the project URL for details.

If you prefer to use the unchanged list provided by Mozilla, and if you accept any compatibility issues it may cause, an administrator may configure the system by executing the "ca-legacy disable" command.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 16 2014 Kai Engert <kaie@xxxxxxxxxx> - 2014.2.2-1.0
- Update to CKBI 2.2 from NSS 3.17.3 with legacy modifications
- Update project URL
--------------------------------------------------------------------------------


================================================================================
 dbus-1.6.28-3.fc20 (FEDORA-2014-17263)
 D-BUS message bus
--------------------------------------------------------------------------------
Update Information:

Several fixes for packaging bugs\r\n\r\n* Relax subpackage dependencies (#1175837)\r\n* Remove obsolete dbus.target.wants (#1084087)\r\n* Use --with-tests to conditionalize test dependencies\r\n* Add some more documentation from the upstream tarball\r\n* Use macroized systemd scriptlets (#850083)\r\n* Correct license description for multiple licenses\r\n* BR systemd-devel\r\n* Adapt to unversioned docdirs; don't ship all docs in main package.\r\n* Fix bogus dates in %changelog and tabs vs spaces warning.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 David King <amigadave@xxxxxxxxxxxxx> - 1:1.6.28-3
- Relax subpackage dependencies (#1175837)
* Thu Dec  4 2014 David King <amigadave@xxxxxxxxxxxxx> - 1:1.6.28-2
- Remove obsolete dbus.target.wants (#1084087)
- Use --with-tests to conditionalize test dependencies
- Tighten subpackage dependencies by using %{?_isa}
- Add some more documentation from the upstream tarball
- Use macroized systemd scriptlets (#850083)
- Correct license description for multiple licenses
- fix license handling
- BR systemd-devel
- Adapt to unversioned docdirs; don't ship all docs in main package.
- Fix bogus dates in %changelog and tabs vs spaces warning.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1175837 - Cannot update dbus pkgs because of conflicts
        https://bugzilla.redhat.com/show_bug.cgi?id=1175837
  [ 2 ] Bug #1084087 - dbus provides unused files
        https://bugzilla.redhat.com/show_bug.cgi?id=1084087
  [ 3 ] Bug #850083 - Introduce new systemd-rpm macros in dbus spec file
        https://bugzilla.redhat.com/show_bug.cgi?id=850083
--------------------------------------------------------------------------------


================================================================================
 deluge-1.3.11-1.fc20 (FEDORA-2014-17299)
 A GTK+ BitTorrent client with support for DHT, UPnP, and PEX
--------------------------------------------------------------------------------
Update Information:

Update to 1.3.11\r\n\r\nGtkUI\r\n\r\n    Fixed ImportError? for users with Twisted < 10\r\n    #2698: Fixed column issue when disabling a plugin \r\n\r\nCore\r\n\r\n    Fixed cache issue with libtorrent 0.16 on Windows\r\n    #2555: Disabled use of SSLv3 protocol for DelugeRPC \r\n\r\nWebUI\r\n\r\n    Modify SSL Context to allow >= TLSv1 protocol\r\n    #2588: Fixed Size column to show total_wanted instead of total_size \nupdate to 1.3.10
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.3.11-1
- update to 1.3.11
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1153456 - deluge-web is vulnerable to POODLE
        https://bugzilla.redhat.com/show_bug.cgi?id=1153456
--------------------------------------------------------------------------------


================================================================================
 devilspie2-0.38-2.fc20 (FEDORA-2014-17294)
 A window-matching utility
--------------------------------------------------------------------------------
Update Information:

Initial release.
--------------------------------------------------------------------------------


================================================================================
 digikam-4.6.0-1.fc20 (FEDORA-2014-17291)
 A digital camera accessing & photo management application
--------------------------------------------------------------------------------
Update Information:

digiKam 4.6.0 See https://www.digikam.org/node/725
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Alexey Kurov <nucleo@xxxxxxxxxxxxxxxxx> - 4.6.0-1
- digikam-4.6.0
* Wed Dec 10 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.5.0-3
- rebuild (marble)
- drop libjpeg-turbo workarounds (not needed anymore)
* Mon Nov 17 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.5.0-2
- fix/workaround FTBFS against newer libjpeg-turbo (kde#340944)
--------------------------------------------------------------------------------


================================================================================
 eigen3-3.2.3-1.fc20 (FEDORA-2014-17250)
 A lightweight C++ template library for vector and matrix math
--------------------------------------------------------------------------------
Update Information:

Update to release 3.2.3, see http://eigen.tuxfamily.org/index.php?title=ChangeLog#Eigen_3.2.3 for details.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Sandro Mani <manisandro@xxxxxxxxx> - 3.2.3-1
- Update to release 3.2.3
- Drop upstreamed eigen3-ppc64.patch
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1175149 - eigen3-3.2.3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1175149
--------------------------------------------------------------------------------


================================================================================
 fedmsg-notify-0.5.5-1.fc20 (FEDORA-2014-17253)
 Fedmsg Desktop Notifications
--------------------------------------------------------------------------------
Update Information:

 * Make the topic grid scrollable
 * Fixed the distro-specific imports
 * Uses the abrt python API


--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 17 2014 Luke Macken <lmacken@xxxxxxxxxx> - 0.5.5-1
- Latest upstream release
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1087076 - Fedmsg-notify height windows is not resizable.
        https://bugzilla.redhat.com/show_bug.cgi?id=1087076
--------------------------------------------------------------------------------


================================================================================
 gnome-contacts-3.10.2-1.fc20 (FEDORA-2014-17279)
 Contacts manager for GNOME
--------------------------------------------------------------------------------
Update Information:

Update to 3.10.2
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 David King <amigadave@xxxxxxxxxxxxx> - 3.10.2-1
- Update to 3.10.2
--------------------------------------------------------------------------------


================================================================================
 google-roboto-fonts-1.2-6.fc20 (FEDORA-2014-17236)
 Google Roboto fonts
--------------------------------------------------------------------------------
Update Information:

Update to what is presumably the latest release
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 17 2014 David Tardon <dtardon@xxxxxxxxxx> - 1.2-6
- Resolves: rhbz#1174935 update to what is presumably the latest release
  of the font
* Mon Nov 24 2014 David Tardon <dtardon@xxxxxxxxxx> - 1.2-5
- use just Roboto as the font's name in metainfo
* Thu Nov 20 2014 David Tardon <dtardon@xxxxxxxxxx> - 1.2-4
- add AppData files
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1174935 - Roboto Black and Roboto Condensed have bad metadata which results in misrendered web pages (among other things)
        https://bugzilla.redhat.com/show_bug.cgi?id=1174935
--------------------------------------------------------------------------------


================================================================================
 hwdata-0.273-1.fc20 (FEDORA-2014-17231)
 Hardware identification and configuration data
--------------------------------------------------------------------------------
Update Information:

Updated pci, usb and vendor ids.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Michal Minar <miminar@xxxxxxxxxx> 0.273-1
- Updated pci, usb and vendor ids.
--------------------------------------------------------------------------------


================================================================================
 ibus-1.5.9-8.fc20 (FEDORA-2014-16705)
 Intelligent Input Bus for Linux OS
--------------------------------------------------------------------------------
Update Information:

This fix replaces 'US' with 'EN' icon on ibus panel icon.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.9-8
- Updated ibus-HEAD.patch to fix #1175595 ibus-x11 freeze
* Mon Dec  8 2014 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.9-7
- Added ibus-1136623-lost-by-another-focus.patch to fix #1136623
* Mon Dec  8 2014 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.9-6
- Updated ibus-xx-increase-timeout.patch to fix #1163722
- Updated ibus-HEAD.patch for upstream #1747, #1748, #1753
  and gnome #703020, gnome #730628
* Wed Nov 12 2014 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.9-5
- rhbz#1161871 Added BR of python and python3
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1163722 - ibus freezes while switching input method
        https://bugzilla.redhat.com/show_bug.cgi?id=1163722
  [ 2 ] Bug #1136623 - The input context is disabled with the popup window
        https://bugzilla.redhat.com/show_bug.cgi?id=1136623
  [ 3 ] Bug #1175595 - [Fedora] using "PreeditType: OverTheSpot" child window input freezes
        https://bugzilla.redhat.com/show_bug.cgi?id=1175595
--------------------------------------------------------------------------------


================================================================================
 jasper-1.900.1-27.fc20 (FEDORA-2014-16349)
 Implementation of the JPEG-2000 standard, Part 1
--------------------------------------------------------------------------------
Update Information:

Fixes various flaws: CVE-2014-9029, CVE-2014-8138, CVE-2014-8137
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Jiri Popelka <jpopelka@xxxxxxxxxx> - 1.900.1-27
- CVE-2014-8137 - double-free in jas_iccattrval_destroy() (oCERT-2014-012) (#1175761)
- CVE-2014-8138 - heap overflow in jp2_decode() (oCERT-2014-012) (#1175761)
* Thu Dec  4 2014 Jiri Popelka <jpopelka@xxxxxxxxxx> - 1.900.1-26
- CVE-2014-9029 - incorrect component number check in COC, RGN and QCC
                  marker segment decoders (#1170650)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1167537 - CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009)
        https://bugzilla.redhat.com/show_bug.cgi?id=1167537
  [ 2 ] Bug #1173157 - CVE-2014-8137 jasper: double-free in in jas_iccattrval_destroy() (oCERT-2014-012)
        https://bugzilla.redhat.com/show_bug.cgi?id=1173157
  [ 3 ] Bug #1173162 - CVE-2014-8138 jasper: heap overflow in jp2_decode() (oCERT-2014-012)
        https://bugzilla.redhat.com/show_bug.cgi?id=1173162
--------------------------------------------------------------------------------


================================================================================
 kernel-3.17.7-200.fc20 (FEDORA-2014-17283)
 The Linux kernel
--------------------------------------------------------------------------------
Update Information:

The 3.17.7 stable update contains a number of important fixes across the tree.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 16 2014 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - 3.17.7-200
- Linux v3.17.7
* Tue Dec 16 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx>
- CVE-2014-8559 deadlock due to incorrect usage of rename_lock (rhbz 1159313 1173814)
- Add patch from Josh Stone to restore var-tracking via Kconfig (rhbz 1126580)
* Mon Dec 15 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx>
- Fix ppc64 boot with smt-enabled=off (rhbz 1173806)
- CVE-2014-8133 x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS (rhbz 1172797 1174374)
* Fri Dec 12 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx>
- Remove pointless warning in cfg80211 (rhbz 1172543)
* Wed Dec 10 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx>
- Fix MSI issues on another Samsung pci-e SSD (rhbz 1084928)
- Fix UAS crashes with Seagate and Fresco Logic drives (rhbz 1164945)
- CVE-2014-8134 fix espfix for 32-bit KVM paravirt guests (rhbz 1172765 1172769)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1159313 - CVE-2014-8559 Kernel: fs: deadlock due to incorrect usage of rename_lock
        https://bugzilla.redhat.com/show_bug.cgi?id=1159313
  [ 2 ] Bug #1172797 - CVE-2014-8133 kernel: x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS
        https://bugzilla.redhat.com/show_bug.cgi?id=1172797
  [ 3 ] Bug #1172765 - CVE-2014-8134 kernel: x86: espfix not working for 32-bit KVM paravirt guests
        https://bugzilla.redhat.com/show_bug.cgi?id=1172765
--------------------------------------------------------------------------------


================================================================================
 kubernetes-0.7.0-18.0.git52e165a.fc20 (FEDORA-2014-17286)
 Container cluster management
--------------------------------------------------------------------------------
Update Information:

Bump to upstream 52e165a4fd720d1703ebc31bd6660e01334227b8
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 16 2014 Eric Paris <eparis@xxxxxxxxxx> - 0.7.0-18.0.git52e165a
- Bump to upstream 52e165a4fd720d1703ebc31bd6660e01334227b8
* Mon Dec 15 2014 Eric Paris <eparis@xxxxxxxxxx> - 0.6-297.0.git5ef34bf
- Bump to upstream 5ef34bf52311901b997119cc49eff944c610081b
* Wed Dec  3 2014 Eric Paris <eparis@xxxxxxxxxx>
- Replace patch to use old googlecode/go.net/ with BuildRequires on golang.org/x/net/
--------------------------------------------------------------------------------


================================================================================
 mailx-12.5-11.fc20 (FEDORA-2014-17245)
 Enhanced implementation of the mailx command
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2004-2771, CVE-2014-7844
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 17 2014 jchaloup <jchaloup@xxxxxxxxxx> - 12.5-11
- Security fix for CVE-2004-2771, CVE-2014-7844
  resolves: #1174903
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1162783 - CVE-2004-2771 CVE-2014-7844 mailx: command execution flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=1162783
--------------------------------------------------------------------------------


================================================================================
 mate-themes-extras-3.10.4-1.fc20 (FEDORA-2014-17249)
 Extra gtk-2/3 themes for gtk based desktops
--------------------------------------------------------------------------------
Update Information:

- update to 3.10.4
- more improvements for csd applications
- improvements for Submarine themes, Smoothly themes,
- Zukitwo color themes and GnomishBeige theme
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 17 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 3.10.4-1
- update to 3.10.4
- more improvements for csd applications
- improvements for Submarine themes, Smoothly themes,
- Zukitwo color themes and GnomishBeige theme
--------------------------------------------------------------------------------


================================================================================
 mediawiki-1.23.8-1.fc20 (FEDORA-2014-17228)
 A wiki engine
--------------------------------------------------------------------------------
Update Information:

* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which could lead to xss. Permission to edit MediaWiki namespace is required to exploit this.\r\n* (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as part of its name.\r\n* (bug T74222) The original patch for T74222 was reverted as unnecessary.\r\n
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Michael Cronenworth <mike@xxxxxxxxxx> - 1.23.8-1
- Update to 1.23.8
- (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which could lead to xss. Permission to edit MediaWiki namespace is required to exploit this.
- (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as part of its name.
- (bug T74222) The original patch for T74222 was reverted as unnecessary.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1175828 - mediawiki: multiple vulnerabilities
        https://bugzilla.redhat.com/show_bug.cgi?id=1175828
--------------------------------------------------------------------------------


================================================================================
 mingw-eigen3-3.2.3-1.fc20 (FEDORA-2014-17288)
 MinGW lightweight C++ template library for vector and matrix math
--------------------------------------------------------------------------------
Update Information:

Update to release 3.2.3, see http://eigen.tuxfamily.org/index.php?title=ChangeLog#Eigen_3.2.3 for details.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Sandro Mani <manisandro@xxxxxxxxx> - 3.2.3-1
- Update to release 3.2.3
--------------------------------------------------------------------------------


================================================================================
 mingw-jasper-1.900.1-25.fc20 (FEDORA-2014-17274)
 MinGW Windows Jasper library
--------------------------------------------------------------------------------
Update Information:

Fixes for CVE-2014-8137 and CVE-2014-8138
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Michael Cronenworth <mike@xxxxxxxxxx> - 1.900.1-25
- Fixes for CVE-2014-8137 and CVE-2014-8138
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1173157 - CVE-2014-8137 jasper: double-free in in jas_iccattrval_destroy() (oCERT-2014-012)
        https://bugzilla.redhat.com/show_bug.cgi?id=1173157
  [ 2 ] Bug #1173162 - CVE-2014-8138 jasper: heap overflow in jp2_decode() (oCERT-2014-012)
        https://bugzilla.redhat.com/show_bug.cgi?id=1173162
--------------------------------------------------------------------------------


================================================================================
 mkvtoolnix-7.4.0-1.fc20 (FEDORA-2014-17248)
 Matroska container manipulation utilities
--------------------------------------------------------------------------------
Update Information:

Multiple bugfixes and enhancements. Please see upstream changelog (https://www.bunkus.org/videotools/mkvtoolnix/doc/ChangeLog) for more details.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 17 2014 Dominik Mierzejewski <rpm@xxxxxxxxxxxxxx> 7.4.0-1
- update to 7.4.0
- drop obsolete patch (upstream bug #1090)
- shorten desktop and icon file installation commands
* Thu Dec  4 2014 Dominik Mierzejewski <rpm@xxxxxxxxxxxxxx> 7.3.0-1
- update to 7.3.0
- enable unit tests
- use system boost code fragment and pugixml
* Thu Oct  2 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 7.2.0-2
- update icon/mime scriptlets
* Sun Sep 21 2014 Dominik Mierzejewski <rpm@xxxxxxxxxxxxxx> 7.2.0-1
- update to 7.2.0
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 7.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1157464 - mkvtoolnix-7.4.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1157464
--------------------------------------------------------------------------------


================================================================================
 php-5.5.20-2.fc20 (FEDORA-2014-17229)
 PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:

18 Dec 2014, PHP 5.5.20\\r\\n\\r\\nCore:\\r\\n* Fixed bug #68091 (Some Zend headers lack appropriate extern "C" blocks). (Adam)\\r\\n* Fixed bug #68185 ("Inconsistent insteadof definition."- incorrectly  triggered). (Julien)\\r\\n* Fixed bug #68370 ("unset($this)" can make the program crash). (Laruence)\\r\\n* Fixed bug #68545 (NULL pointer dereference in unserialize.c). (Anatol)\\r\\n* Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142) (Stefan Esser)\\r\\n\\r\\nDate:\\r\\n* Fixed day_of_week function as it could sometimes return negative values internally. (Derick)\\r\\n\\r\\nFPM:\\r\\n* Fixed bug #68381 (fpm_unix_init_main ignores log_level). (David Zuelke, Remi)\\r\\n* Fixed bug #68420 (listen=9000 listens to ipv6 localhost instead of all addresses). (Remi)\\r\\n* Fixed bug #68421 (access.format='%R' doesn't log ipv6 address). (Remi)\\r\\n* Fixed bug #68423 (PHP-FPM will no longer load all pools). (Remi)\\r\\n* Fixed bug #68428 (listen.allowed_clients is IPv4 only). (Remi)\\r\\n* Fixed bug #68452 (php-fpm man page is oudated). (Remi)\\r\\n* Fixed request #68458 (Change pm.start_servers default warning to notice). (David Zuelke, Remi)\\r\\n* Fixed bug #68463 (listen.allowed_clients can silently result in no allowed access). (Remi)\\r\\n* Fixed request #68391 (php-fpm conf files loading order). (Florian Margaine, Remi)\\r\\n* Fixed bug #68478 (access.log don't use prefix). (Remi)\\r\\n\\r\\nMcrypt:\\r\\n* Fixed possible read after end of buffer and use after free. (Dmitry)\\r\\n\\r\\nPDO_pgsql:\\r\\n* Fixed bug #66584 (Segmentation fault on statement deallocation) (Matteo)\\r\\n* Fixed bug #67462 (PDO_PGSQL::beginTransaction() wrongly throws exception when not in transaction) (Matteo)\\r\\n* Fixed bug #68351 (PDO::PARAM_BOOL and ATTR_EMULATE_PREPARES misbehaving) (Matteo)\\r\\n\\r\\nzlib:\\r\\n* Fixed bug #53829 (Compiling PHP with large file support will replace function gzopen by gzopen64) (Sascha Kettler, Matteo)\\r\\n
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.5.20-2
- Update to 5.5.20 (real)
  http://www.php.net/releases/5_5_20.php
- php-xmlrpc requires php-xml
* Wed Dec 10 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.5.20-1
- Update to 5.5.20
  http://www.php.net/releases/5_5_20.php
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()
        https://bugzilla.redhat.com/show_bug.cgi?id=1175718
--------------------------------------------------------------------------------


================================================================================
 python-mutagen-1.27-1.fc20 (FEDORA-2014-17254)
 Mutagen is a Python module to handle audio meta-data
--------------------------------------------------------------------------------
Update Information:

New upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 15 2014 Michele Baldessari <michele@xxxxxxxxxx> - 1.27-1
- New upstream release
- Only use macro style for buildroot
* Sun Nov 23 2014 Michele Baldessari <michele@xxxxxxxxxx> - 1.26-1
- Fixed homepage and source URL
- Set python2-devel as BR
- Fix documentation building and shipping
- Fix spelling errors in description
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.20-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 python-nmap-0.3.4-2.fc20 (FEDORA-2014-17230)
 A python library which helps in using nmap port scanner
--------------------------------------------------------------------------------
Update Information:

Fix package naming (rhbz#1174115)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 17 2014 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 0.3.4-2
- Fix package naming (rhbz#1174115)
* Wed Aug  6 2014 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 0.3.4-1
- Switch to py3
- Update the URL and the source URL
- Update to latest upstream version 0.3.4
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1174115 - Package built for python3, should be named python3-nmap!
        https://bugzilla.redhat.com/show_bug.cgi?id=1174115
--------------------------------------------------------------------------------


================================================================================
 python-sphinxcontrib-napoleon-0.2.8-2.fc20 (FEDORA-2014-17258)
 Sphinx napoleon extension
--------------------------------------------------------------------------------
Update Information:

Initial release.
--------------------------------------------------------------------------------


================================================================================
 zint-2.4.3-9.fc20 (FEDORA-2014-17260)
 Barcode generator library
--------------------------------------------------------------------------------
Update Information:

This update fixes https://bugzilla.redhat.com/show_bug.cgi?id=1174324
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Martin Gieseking <martin.gieseking@xxxxxx> 2.4.3-9
- Fixed https://bugzilla.redhat.com/show_bug.cgi?id=1174324
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.4.3-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.4.3-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1174324 - [abrt] zint-qt: __stack_chk_fail_local(): zint-qt killed by SIGABRT
        https://bugzilla.redhat.com/show_bug.cgi?id=1174324
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test





[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux