The following Fedora 19 Security updates need testing: Age URL 88 https://admin.fedoraproject.org/updates/FEDORA-2013-19262/quassel-0.9.1-1.fc19 81 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 26 https://admin.fedoraproject.org/updates/FEDORA-2013-23592/rubygem-actionpack-3.2.13-3.fc19 26 https://admin.fedoraproject.org/updates/FEDORA-2013-23622/ibus-chewing-1.4.4-1.fc19 18 https://admin.fedoraproject.org/updates/FEDORA-2013-24023/varnish-3.0.5-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-0398/cantata-1.2.2-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-0467/libXfont-1.4.5-5.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-0508/drupal7-entity-1.3-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-0574/flite-1.3-20.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-0567/strongswan-5.1.1-4.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-0094/rubygem-will_paginate-3.0.4-5.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-0621/graphviz-2.30.1-12.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-0719/openjpeg-1.5.1-8.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22883/qt3-3.3.8b-56.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0858/bind-9.9.3-14.P2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22932/qt-4.8.5-14.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0850/puppet-3.4.2-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0797/libinfinity-0.5.5-1.fc19
The following Fedora 19 Critical Path updates have yet to be approved: Age URL 55 https://admin.fedoraproject.org/updates/FEDORA-2013-21772/unzip-6.0-11.fc19 29 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-0158/perl-Encode-2.54-2.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-0051/libldb-1.1.16-4.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-0250/qtwebkit-2.3.3-3.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-0452/popt-1.16-2.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-0498/livecd-tools-19.8-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-0525/ca-certificates-2013.1.96-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-0517/pcre-8.32-8.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-0437/satyr-0.13-1.fc19,abrt-2.1.11-1.fc19,libreport-2.1.11-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-0630/control-center-3.8.5-2.fc19,accountsservice-0.6.35-3.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-0636/selinux-policy-3.12.1-74.17.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-0639/rtkit-0.11-8.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-0719/openjpeg-1.5.1-8.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0858/bind-9.9.3-14.P2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0847/ibus-1.5.5-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0752/firewalld-0.3.9-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0739/colord-1.0.6-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0749/util-linux-2.23.2-5.fc19 The following builds have been pushed to Fedora 19 updates-testing NLopt-2.4.1-5.fc19 bind-9.9.3-14.P2.fc19 corosync-2.3.3-1.fc19 cpuid-20140112-1.fc19 duplicity-0.6.22-4.fc19 findbugs-bcel-5.3-0.2.20130910svn1521566.fc19 fswebcam-20140113-1.fc19 gnome-commander-1.2.8.17-1.fc19 google-android-emoji-fonts-1.01-0.1.20120228git.fc19 ibus-1.5.5-1.fc19 jFormatString-0-0.14.20131227git.fc19 keepalived-1.2.10-1.fc19 knot-1.4.1-1.fc19 libinfinity-0.5.5-1.fc19 mediawiki-1.21.4-1.fc19 nodejs-grunt-cli-0.1.11-1.fc19 nodejs-joosex-simplerequest-0.2.2-4.fc19 open-sans-fonts-1.10-1.fc19 openscap-1.0.3-1.fc19 php-pecl-rrd-1.1.2-1.fc19 puppet-3.4.2-1.fc19 python-argcomplete-0.6.7-1.fc19 python-argcomplete-0.6.7-2.fc19 python-patsy-0.2.1-2.fc19 qt-4.8.5-14.fc19 qt3-3.3.8b-56.fc19 qt5-qtbase-5.2.0-4.fc19 qtchooser-39-1.fc19 sddm-kcm-0-0.2.20140114gitfe615f21.fc19 srm-1.2.12-1.fc19 will-crash-0.6-1.fc19 Details about builds: ================================================================================ NLopt-2.4.1-5.fc19 (FEDORA-2014-0820) Open-Source library for nonlinear optimization -------------------------------------------------------------------------------- Update Information: fixed description-file for octave-NLopt (#1048510) * fixed nlopt.pc to reflect the correct lib to link against -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Björn Esser <[email protected]> - 2.4.1-5 - fixed description-file for octave-NLopt (#1048510) * Tue Jan 14 2014 Björn Esser <[email protected]> - 2.4.1-4 - fixed nlopt.pc to reflect the correct lib to link against * Sat Dec 28 2013 Kevin Fenzi <[email protected]> - 2.4.1-3 - Rebuild to fix broken deps * Sat Dec 28 2013 Björn Esser <[email protected]> - 2.4.1-2 - rebuild for octave-3.8.0-rc2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1048510 - octave-NLopt install errors https://bugzilla.redhat.com/show_bug.cgi?id=1048510 -------------------------------------------------------------------------------- ================================================================================ bind-9.9.3-14.P2.fc19 (FEDORA-2014-0858) The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server -------------------------------------------------------------------------------- Update Information: Fixed CVE-2014-0591. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Tomas Hozza <[email protected]> 32:9.9.3-14.P2 - Fix CVE-2014-0591 * Thu Nov 28 2013 Tomas Hozza <[email protected]> 32:9.9.3-13.P2 - Fixed memory leak in nsupdate if 'realm' was used multiple times (#984687) * Thu Oct 31 2013 Tomas Hozza <[email protected]> 32:9.9.3-12.P2 - Correct the upstream patch for #794940 * Wed Oct 30 2013 Tomas Hozza <[email protected]> 32:9.9.3-11.P2 - Use upstream version of patch for previously fixed #794940 - Create symlink /var/named/chroot/var/run -> /var/named/chroot/run - Added session-keyfile statement into default named.conf since we use /run/named * Fri Oct 18 2013 Tomas Hozza <[email protected]> 32:9.9.3-10.P2 - Fix race condition on send buffers in dighost.c (#794940) * Tue Oct 8 2013 Tomas Hozza <[email protected]> 32:9.9.3-9.P2 - install isc/errno2result.h header * Tue Sep 10 2013 Tomas Hozza <[email protected]> 32:9.9.3-8.P2 - Fix [ISC-Bugs #34738] dns_journal_open() returns a pointer to stack * Fri Aug 16 2013 Tomas Hozza <[email protected]> 32:9.9.3-7.P2 - Don't generate rndc.key if there exists rndc.conf * Fri Aug 16 2013 Tomas Hozza <[email protected]> 32:9.9.3-6.P2 - don't install named-sdb.service if SDB macro is defined to zero -------------------------------------------------------------------------------- References: [ 1 ] Bug #1051717 - CVE-2014-0591 bind: named crash when handling malformed NSEC3-signed zones https://bugzilla.redhat.com/show_bug.cgi?id=1051717 -------------------------------------------------------------------------------- ================================================================================ corosync-2.3.3-1.fc19 (FEDORA-2014-0801) The Corosync Cluster Engine and Application Programming Interfaces -------------------------------------------------------------------------------- Update Information: This update improves stability and addresses several bugs -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Jan Friesse <[email protected]> - 2.3.3-1 - New upstream release -------------------------------------------------------------------------------- ================================================================================ cpuid-20140112-1.fc19 (FEDORA-2014-0848) Dumps information about the CPU(s) -------------------------------------------------------------------------------- Update Information: * Tue Jan 14 2014 Fabian Affolter <[email protected]> - 20140114-1 - Update to new upstream version 20130114 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Fabian Affolter <[email protected]> - 20140114-1 - Update to new upstream version 20130114 * Sat Aug 3 2013 Fedora Release Engineering <[email protected]> - 20130610-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ duplicity-0.6.22-4.fc19 (FEDORA-2014-0823) Encrypted bandwidth-efficient backup using rsync algorithm -------------------------------------------------------------------------------- Update Information: Added runtime requirement to python-dropbox -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Rahul Sundaram <[email protected]> - 0.6.22-4 - Added runtime requirement to python-dropbox (#1048656) * Fri Dec 27 2013 Rahul Sundaram <[email protected]> - 0.6.22-3 - Fix ssl cert enforcement (rhbz#960860) - Fix bogus date in changelog * Thu Dec 26 2013 Robert Scheck <[email protected]> 0.6.22-2 - Added runtime requirement to python-paramiko (#819272, #918933) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1048656 - duplicity prints a non-fatal error message https://bugzilla.redhat.com/show_bug.cgi?id=1048656 -------------------------------------------------------------------------------- ================================================================================ findbugs-bcel-5.3-0.2.20130910svn1521566.fc19 (FEDORA-2014-0837) Byte Code Engineering Library for FindBugs -------------------------------------------------------------------------------- Update Information: Added Maven depmap -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Marek Goldmann <[email protected]> - 5.3-0.2.20130910svn1521566 - Add com.google.code.findbugs:bcel Maven mapping, RHBZ#1052087 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1052087 - findbugs-bcel: Add com.google.code.findbugs:bcel Maven mapping https://bugzilla.redhat.com/show_bug.cgi?id=1052087 -------------------------------------------------------------------------------- ================================================================================ fswebcam-20140113-1.fc19 (FEDORA-2014-0793) Tiny and flexible webcam program -------------------------------------------------------------------------------- Update Information: * Tue Jan 14 2014 Fabian Affolter <[email protected]> - 20140113-1 - Update to new upstream version 20140113 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Fabian Affolter <[email protected]> - 20140113-1 - Update to new upstream version 20140113 * Sat Aug 3 2013 Fedora Release Engineering <[email protected]> - 20110717-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Jun 26 2013 Fabian Affolter <[email protected]> - 20110717-6 - Spec file updated * Tue Jun 11 2013 Remi Collet <[email protected]> - 20110717-5 - Rebuild for new GD 2.1.0 -------------------------------------------------------------------------------- ================================================================================ gnome-commander-1.2.8.17-1.fc19 (FEDORA-2014-0830) A nice and fast file manager for the GNOME desktop -------------------------------------------------------------------------------- Update Information: New version 1.2.8.17 is released. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Mamoru TASAKA <[email protected]> - 4:1.2.8.17-1 - Update to 1.2.8.17 * Thu Dec 26 2013 Mamoru TASAKA <[email protected]> - 4:1.2.8.16-1 - Update to 1.2.8.16 -------------------------------------------------------------------------------- ================================================================================ google-android-emoji-fonts-1.01-0.1.20120228git.fc19 (FEDORA-2014-0863) Android Emoji font released by Google -------------------------------------------------------------------------------- Update Information: New package, Android Emoji font released by Google. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1049076 - Review Request: google-android-emoji-fonts - Android Emoji font released by Google https://bugzilla.redhat.com/show_bug.cgi?id=1049076 -------------------------------------------------------------------------------- ================================================================================ ibus-1.5.5-1.fc19 (FEDORA-2014-0847) Intelligent Input Bus for Linux OS -------------------------------------------------------------------------------- Update Information: This release includes bug fixes and features. Each bug description explains itself. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Takao Fujiwara <[email protected]> - 1.5.5-1 - Bumped to 1.5.5 - Deleted notify-python in Requires -------------------------------------------------------------------------------- References: [ 1 ] Bug #1013651 - fi_FI compose keys not working with ibus https://bugzilla.redhat.com/show_bug.cgi?id=1013651 [ 2 ] Bug #1037999 - [abrt] ibus-1.5.4-2.fc20: panel_switch_engine: Process /usr/libexec/ibus-ui-gtk3 was killed by signal 6 (SIGABRT) https://bugzilla.redhat.com/show_bug.cgi?id=1037999 [ 3 ] Bug #1047833 - ibus compose/candidates windows placement needs to be more intelligent https://bugzilla.redhat.com/show_bug.cgi?id=1047833 [ 4 ] Bug #1050817 - ibus should no longer require notify-python https://bugzilla.redhat.com/show_bug.cgi?id=1050817 -------------------------------------------------------------------------------- ================================================================================ jFormatString-0-0.14.20131227git.fc19 (FEDORA-2014-0783) Java format string compile-time checker -------------------------------------------------------------------------------- Update Information: Added Maven depmap -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Marek Goldmann <[email protected]> - 0-0.14.20131227git - Add com.google.code.findbugs:jFormatString Maven mapping, RHBZ#1052089 * Fri Dec 27 2013 Richard Fearn <[email protected]> - 0-0.13.20131227git - Bump release after fixing incoherent-version-in-changelog rpmlint warning * Fri Dec 27 2013 Richard Fearn <[email protected]> - 0-0.12.20131227git - Build using source from new Google Code j-format-string project -------------------------------------------------------------------------------- References: [ 1 ] Bug #1052089 - jFormatString: Add com.google.code.findbugs:jFormatString Maven mapping https://bugzilla.redhat.com/show_bug.cgi?id=1052089 -------------------------------------------------------------------------------- ================================================================================ keepalived-1.2.10-1.fc19 (FEDORA-2014-0856) High Availability monitor built upon LVS, VRRP and service pollers -------------------------------------------------------------------------------- Update Information: Update to version 1.2.10. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Ryan O'Hara <[email protected]> - 1.2.10-1 - Update to 1.2.10. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1048443 - keepalived-1.2.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1048443 -------------------------------------------------------------------------------- ================================================================================ knot-1.4.1-1.fc19 (FEDORA-2014-0827) An authoritative DNS daemon -------------------------------------------------------------------------------- Update Information: update to new upstream version -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Jan Vcelak <[email protected]> 1.4.1-1 - update to 1.4.1 -------------------------------------------------------------------------------- ================================================================================ libinfinity-0.5.5-1.fc19 (FEDORA-2014-0797) Library implementing the infinote protocol -------------------------------------------------------------------------------- Update Information: * Fix a crash in infinoted when nmap scans the infinote port (Rainer Rehak). -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Till Maas <[email protected]> - 0.5.5-1 - Update to new release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1052396 - libinfinity-0.5.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1052396 -------------------------------------------------------------------------------- ================================================================================ mediawiki-1.21.4-1.fc19 (FEDORA-2014-0803) A wiki engine -------------------------------------------------------------------------------- Update Information: - Update to 1.21.4 - (bug 57550) (CVE-2013-6452) SECURITY: Disallow stylesheets in SVG Uploads - (bug 58088) (CVE-2013-6451) SECURITY: Don't normalize U+FF3C to \ in CSS Checks - (bug 58472) (CVE-2013-6454) SECURITY: Disallow -o-link in styles - (bug 58553) (CVE-2013-6453) SECURITY: Return error on invalid XML for SVG Uploads - (bug 58699) (CVE-2013-6472) SECURITY: Fix RevDel log entry information leaks -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Patrick Uiterwijk <[email protected]> - 1.21.4-1 - Security update to 1.19.10 - (bug 57550) (CVE-2013-6452) SECURITY: Disallow stylesheets in SVG Uploads - (bug 58088) (CVE-2013-6451) SECURITY: Don't normalize U+FF3C to \ in CSS Checks - (bug 58472) (CVE-2013-6454) SECURITY: Disallow -o-link in styles - (bug 58553) (CVE-2013-6453) SECURITY: Return error on invalid XML for SVG Uploads - (bug 58699) (CVE-2013-6472) SECURITY: Fix RevDel log entry information leaks -------------------------------------------------------------------------------- References: [ 1 ] Bug #1052874 - New mediawiki security releases have been released https://bugzilla.redhat.com/show_bug.cgi?id=1052874 -------------------------------------------------------------------------------- ================================================================================ nodejs-grunt-cli-0.1.11-1.fc19 (FEDORA-2014-0782) Command-line interface for Grunt, the JavaScript testing framework -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #977122 - Review Request: nodejs-grunt-cli - The grunt command-line interface https://bugzilla.redhat.com/show_bug.cgi?id=977122 -------------------------------------------------------------------------------- ================================================================================ nodejs-joosex-simplerequest-0.2.2-4.fc19 (FEDORA-2014-0809) Simple XHR request abstraction for Node.js -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #968604 - Review Request: nodejs-joosex-simplerequest - Simple XHR request abstraction for Node.js https://bugzilla.redhat.com/show_bug.cgi?id=968604 -------------------------------------------------------------------------------- ================================================================================ open-sans-fonts-1.10-1.fc19 (FEDORA-2014-0812) Open Sans is a humanist sans-serif typeface designed by Steve Matteson -------------------------------------------------------------------------------- Update Information: Open Sans is a humanist sans serif typeface designed by Steve Matteson, Type Director of Ascender Corp. This version contains the complete 897 character set, which includes the standard ISO Latin 1, Latin CE, Greek and Cyrillic character sets. Open Sans was designed with an upright stress, open forms and a neutral, yet friendly appearance. It was optimized for print, web, and mobile interfaces, and has excellent legibility characteristics in its letter forms. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1035897 - Review Request: open-sans-fonts - a humanist sans-serif typeface https://bugzilla.redhat.com/show_bug.cgi?id=1035897 -------------------------------------------------------------------------------- ================================================================================ openscap-1.0.3-1.fc19 (FEDORA-2014-0849) Set of open source libraries enabling integration of the SCAP line of standards -------------------------------------------------------------------------------- Update Information: OpenSCAP 1.0.3 brings minor bug fixes. Update to new upstream release: OpenSCAP 1.0.2. Vast majority of the changes are bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Šimon Lukašík <[email protected]> - 1.0.3-1 - upgrade - This upstream release addresses: #1052142 * Fri Jan 10 2014 Šimon Lukašík <[email protected]> - 1.0.2-1 - upgrade - This upstream release addresses: #1018291, #1029879, #1026833 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1052142 - partition_test fails with huge values in *space* system data https://bugzilla.redhat.com/show_bug.cgi?id=1052142 -------------------------------------------------------------------------------- ================================================================================ php-pecl-rrd-1.1.2-1.fc19 (FEDORA-2014-0805) PHP Bindings for rrdtool -------------------------------------------------------------------------------- Update Information: Upstream changelog: * closing connection to rrd caching daemon #66088 * better documentation for RRDGraph::setOptions #65756 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Remi Collet <[email protected]> - 1.1.2-1 - Update to 1.1.2 (stable) - install doc in pecl doc_dir - install tests in pecl test_dir - add conditional build of ZTS extension -------------------------------------------------------------------------------- ================================================================================ puppet-3.4.2-1.fc19 (FEDORA-2014-0850) A network tool for managing many disparate systems -------------------------------------------------------------------------------- Update Information: Update to 3.4.2 to mitigate CVE-2013-4969 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Sam Kottler <[email protected]> - 3.4.2-1 - Update to 3.4.2 to mitigate CVE-2013-4969 (BZ#1047792) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1047792 - CVE-2013-4969 Puppet: Unsafe use of Temp files in File type [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1047792 -------------------------------------------------------------------------------- ================================================================================ python-argcomplete-0.6.7-1.fc19 (FEDORA-2014-0816) Bash tab completion for argparse -------------------------------------------------------------------------------- Update Information: Applying latest patch (0.6.7) of argcomplete. Pushing new build for update as previous was not picked up. -------------------------------------------------------------------------------- ================================================================================ python-argcomplete-0.6.7-2.fc19 (FEDORA-2014-0784) Bash tab completion for argparse -------------------------------------------------------------------------------- Update Information: Removing '%exclude %{python_sitelib}/test' fom %files as no longer needed. -------------------------------------------------------------------------------- ================================================================================ python-patsy-0.2.1-2.fc19 (FEDORA-2014-0804) Describing statistical models in Python using symbolic formulas -------------------------------------------------------------------------------- Update Information: A Python package for describing statistical models and for building design matrices. -------------------------------------------------------------------------------- ================================================================================ qt-4.8.5-14.fc19 (FEDORA-2013-22932) Qt toolkit -------------------------------------------------------------------------------- Update Information: Qt Project Security Advisory: XML Entity Expansion Denial of Service (CVE-2013-4549) See also http://lists.qt-project.org/pipermail/announce/2013-December/000036.html In addition, this update: * adds support for discovering printers shared by CUPS 1.6, * adds support for the aarch64 architecture, * fixes QTBUG-35459, a too low character limit for XML entities enforced by the fix for CVE-2013-4549 that was breaking real-world XML files (in particular, the KatePart Lilypond syntax highlighting description), * fixes QTBUG-35460, a misspelling in the error message produced by the CVE-2013-4549 fix when the character limit for XML entities was exceeded. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Kevin Kofler <[email protected]> - 4.8.5-14 - fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549) - fix QTBUG-35460 (error message for CVE-2013-4549 is misspelled) * Mon Dec 23 2013 Peter Robinson <[email protected]> 4.8.5-13 - Add support for aarch64 (#1046360) * Thu Dec 5 2013 Rex Dieter <[email protected]> 4.8.5-12 - XML Entity Expansion Denial of Service (CVE-2013-4549) -------------------------------------------------------------------------------- References: [ 1 ] Bug #980952 - RFE: Discover printers shared by CUPS 1.6 https://bugzilla.redhat.com/show_bug.cgi?id=980952 -------------------------------------------------------------------------------- ================================================================================ qt3-3.3.8b-56.fc19 (FEDORA-2013-22883) The shared library for the Qt 3 GUI toolkit -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2013-4549 (XML Entity Expansion Denial of Service) in Qt 3. See the Qt Project Security Advisory for details: http://lists.qt-project.org/pipermail/announce/2013-December/000036.html In addition, this update fixes: * QTBUG-35459, a too low character limit for XML entities enforced by the fix for CVE-2013-4549 that was breaking real-world XML files (in particular, the KatePart Lilypond syntax highlighting description), * QTBUG-35460, a misspelling in the error message produced by the CVE-2013-4549 fix when the character limit for XML entities was exceeded, * some minor format string abuse that was probably not exploitable (most instances definitely weren't). -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Kevin Kofler <[email protected]> - 3.3.8b-56 - work around -Werror=format-security false positives (#1037297) * Mon Jan 13 2014 Kevin Kofler <[email protected]> - 3.3.8b-55 - fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549) - fix QTBUG-35460 (error message for CVE-2013-4549 is misspelled) * Thu Dec 5 2013 Kevin Kofler <[email protected]> - 3.3.8b-54 - backport CVE-2013-4549 fix from Qt 4 * Tue Aug 27 2013 Rex Dieter <[email protected]> 3.3.8b-53 - trim changelog * Tue Aug 27 2013 Rex Dieter <[email protected]> 3.3.8b-52 - strip extraneous libs from .pc/.prl files - -devel: due to ^^, drop non-X11-related deps too * Mon Aug 26 2013 Jon Ciesla <[email protected]> - 3.3.8b-51 - libmng rebuild. * Sun Aug 4 2013 Fedora Release Engineering <[email protected]> - 3.3.8b-50 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Jul 17 2013 Petr Pisar <[email protected]> - 3.3.8b-49 - Perl 5.18 rebuild * Thu Apr 25 2013 Than Ngo <[email protected]> - 3.3.8b-48 - build with -fno-strict-aliasing - drop deprecated Encoding -------------------------------------------------------------------------------- ================================================================================ qt5-qtbase-5.2.0-4.fc19 (FEDORA-2014-0853) Qt5 - QtBase components -------------------------------------------------------------------------------- Update Information: This update fixes: * building against QtSql, by requiring all the SQL plugins in qt5-qtbase-devel so they are detected at build time, * QTBUG-35459, a too low character limit for XML entities enforced by the recent fix for CVE-2013-4549 that was breaking real-world XML files (in particular, the KatePart Lilypond syntax highlighting description), * QTBUG-35460, a misspelling in the error message produced by the recent CVE-2013-4549 fix when the character limit for XML entities was exceeded. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Kevin Kofler <[email protected]> - 5.2.0-4 - fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549) - fix QTBUG-35460 (error message for CVE-2013-4549 is misspelled) - reenable docs on Fedora (accidentally disabled) * Mon Jan 13 2014 Rex Dieter <[email protected]> - 5.2.0-3 - move sql build deps into subpkg sections - macro'ize ibase,tds support (disabled on rhel) * Thu Jan 2 2014 Rex Dieter <[email protected]> 5.2.0-2 - -devel: qtsql apparently wants all drivers available at buildtime -------------------------------------------------------------------------------- ================================================================================ qtchooser-39-1.fc19 (FEDORA-2014-0794) Qt Chooser -------------------------------------------------------------------------------- Update Information: Qt Chooser provides a wrapper to switch between versions of Qt development binaries when multiple versions like 4 and 5 are installed or local Qt builds are to be used. -------------------------------------------------------------------------------- References: [ 1 ] Bug #895149 - Review Request: qtchooser - Qt Chooser https://bugzilla.redhat.com/show_bug.cgi?id=895149 -------------------------------------------------------------------------------- ================================================================================ sddm-kcm-0-0.2.20140114gitfe615f21.fc19 (FEDORA-2014-0802) SDDM KDE configuration module -------------------------------------------------------------------------------- Update Information: Updated to the latest upstream commit. Fixes theme display New package -------------------------------------------------------------------------------- ================================================================================ srm-1.2.12-1.fc19 (FEDORA-2014-0845) Secure file deletion -------------------------------------------------------------------------------- Update Information: * Tue Jan 14 2014 Fabian Affolter <[email protected]> - 1.2.12-1 - Update to new upstream version 1.2.12 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Fabian Affolter <[email protected]> - 1.2.12-1 - Update to new upstream version 1.2.12 * Sat Sep 7 2013 Fabian Affolter <[email protected]> - 1.2.11-8 - Spec file update * Sun Aug 4 2013 Fedora Release Engineering <[email protected]> - 1.2.11-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ will-crash-0.6-1.fc19 (FEDORA-2014-0785) Set of crashing executables written in various languages -------------------------------------------------------------------------------- Update Information: Version bump New version 0.5 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Richard Marko <[email protected]> - 0.6-1 - Version bump - added will_cpp_segfault - reworked will_segfault to produce more stack frames * Sun Aug 4 2013 Fedora Release Engineering <[email protected]> - 0.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Fri May 3 2013 Jiri Moskovcak <[email protected]> 0.5-1 - new upstream release - 0.5 - added will_oops -------------------------------------------------------------------------------- -- test mailing list [email protected] To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
