The following Fedora 20 Security updates need testing:
Age URL
90
https://admin.fedoraproject.org/updates/FEDORA-2013-24018/varnish-3.0.5-1...
71
https://admin.fedoraproject.org/updates/FEDORA-2014-0792/libinfinity-0.5....
37
https://admin.fedoraproject.org/updates/FEDORA-2014-2693/openstack-glance...
36
https://admin.fedoraproject.org/updates/FEDORA-2014-2751/zabbix-2.0.11-2....
34
https://admin.fedoraproject.org/updates/FEDORA-2014-2875/oath-toolkit-2.4...
12
https://admin.fedoraproject.org/updates/FEDORA-2014-3915/squid-3.3.12-1.fc20
12
https://admin.fedoraproject.org/updates/FEDORA-2014-3818/udisks-1.0.4-13....
6
https://admin.fedoraproject.org/updates/FEDORA-2014-4135/k4dirstat-2.7.0-...
6
https://admin.fedoraproject.org/updates/FEDORA-2014-4118/rubygem-rack-ssl...
6
https://admin.fedoraproject.org/updates/FEDORA-2014-4163/moodle-2.5.5-1.fc20
1
https://admin.fedoraproject.org/updates/FEDORA-2014-4338/seamonkey-2.25-1...
1
https://admin.fedoraproject.org/updates/FEDORA-2014-4351/check-mk-1.2.4-1...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4458/xen-4.3.2-2.fc20
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4455/perl-Authen-Capt...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4437/munin-2.0.19-2.fc20
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4436/curl-7.32.0-8.fc20
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4443/xalan-j2-2.7.1-2...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4440/libyaml-0.1.6-1....
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
135
https://admin.fedoraproject.org/updates/FEDORA-2013-21163/libproxy-0.4.11...
12
https://admin.fedoraproject.org/updates/FEDORA-2014-3884/libosinfo-0.2.9-...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4436/curl-7.32.0-8.fc20
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4432/livecd-tools-20....
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4429/xorg-x11-drv-syn...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4376/initscripts-9.51...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4369/bluez-5.17-1.fc20
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4378/harfbuzz-0.9.27-...
The following builds have been pushed to Fedora 20 updates-testing
curl-7.32.0-8.fc20
gupnp-tools-0.8.9-2.fc20
kexec-tools-2.0.4-26.fc20
lbzip2-2.5-1.fc20
libmikmod-3.3.6-2.fc20
libyaml-0.1.6-1.fc20
livecd-tools-20.5-1.fc20
mingw-webkitgtk-2.2.6-1.fc20
mingw-webkitgtk3-2.2.6-1.fc20
munin-2.0.19-2.fc20
open-vm-tools-9.4.0-8.fc20
ovirt-engine-cli-3.4.0.5-1.fc20
ovirt-engine-sdk-java-3.4.0.7-1.fc20
ovirt-engine-sdk-python-3.4.0.6-1.fc20
perl-Authen-Captcha-1.024-1.fc20
perl-IO-Interactive-0.0.6-1.fc20
perl-Net-Amazon-S3-0.59-2.fc20
perl-Rose-DB-Object-0.811-1.fc20
perl-Term-ProgressBar-Quiet-0.31-1.fc20
perl-Term-ProgressBar-Simple-0.03-1.fc20
python-django-1.6.2-2.fc20
python-phyghtmap-1.48-1.fc20
qaccessibilityclient-0.1.1-1.fc20
rubygem-mechanize-2.7.3-2.fc20
smokeping-2.6.9-3.fc20
speech-dispatcher-0.8-7.fc20
tzdata-2014b-1.fc20
vtk-6.0.0-10.fc20
xalan-j2-2.7.1-22.fc20
xen-4.3.2-2.fc20
xfdashboard-0.1.6-2.fc20
xorg-x11-drv-synaptics-1.7.4-4.fc20
Details about builds:
================================================================================
curl-7.32.0-8.fc20 (FEDORA-2014-4436)
A utility for getting files from remote servers (FTP, HTTP, and others)
--------------------------------------------------------------------------------
Update Information:
fix connection re-use when using different log-in credentials (CVE-2014-0138)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 26 2014 Kamil Dudka <kdudka(a)redhat.com> 7.32.0-8
- fix connection re-use when using different log-in credentials (CVE-2014-0138)
* Mon Mar 17 2014 Paul Howarth <paul(a)city-fan.org> 7.32.0-7
- add all perl build requirements for the test suite, in a portable way
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1079148 - CVE-2014-0138 curl: wrong re-use of connections in libcurl
https://bugzilla.redhat.com/show_bug.cgi?id=1079148
--------------------------------------------------------------------------------
================================================================================
gupnp-tools-0.8.9-2.fc20 (FEDORA-2014-4428)
A collection of dev tools utilising GUPnP and GTK+
--------------------------------------------------------------------------------
Update Information:
Require gnome-icon-theme-legacy
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 27 2014 Peter Robinson <pbrobinson(a)fedoraproject.org> 0.8.9-1
- Require gnome-icon-theme-legacy
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1081213 - [abrt] gupnp-tools: _g_log_abort(): gupnp-av-cp killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1081213
--------------------------------------------------------------------------------
================================================================================
kexec-tools-2.0.4-26.fc20 (FEDORA-2014-4430)
The kexec/kdump userspace component
--------------------------------------------------------------------------------
Update Information:
fix issue when dump path is mounted on nfs.
Warn user about save vmcore path mounted by another disk
Pass disable_cpu_apicid to kexec of capture kernel
add kdump-in-cluster-environment.txt to rpm pkg
ssh dump: create random-seed manually
makedumpfile: Improve progress information for huge memory system
a few backports and script fixes
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 26 2014 WANG Chao <chaowang(a)redhat.com> - 2.0.4-26
- fix issue when dump path is mounted on nfs.
- vmcore-dmesg: stack smashing fix
- get_ssh_size fix for localized df output
* Mon Mar 10 2014 WANG Chao <chaowang(a)redhat.com> - 2.0.4-25
- Warn user about save vmcore path mounted by another disk
- omit dracut resume module
* Wed Mar 5 2014 WANG Chao <chaowang(a)redhat.com> - 2.0.4-24
- Pass disable_cpu_apicid to kexec of capture kernel
- Relax restriction of dumping on encrypted target
- Regression fix on wdt kernel drivers install
* Mon Feb 17 2014 WANG Chao <chaowang(a)redhat.com> - 2.0.4-23
- add kdump-in-cluster-environment.txt to rpm pkg
- Secure Boot status check warning
- Some watchdog driver support
* Wed Jan 29 2014 WANG Chao <chaowang(a)redhat.com> - 2.0.4-22
- ssh dump: create random-seed manually
- Add fence kdump support
* Wed Jan 22 2014 WANG Chao <chaowang(a)redhat.com> - 2.0.4-21
- makedumpfile: Improve progress information for huge memory system
- s390: use nr_cpus=1 instead of maxcpus=1
* Fri Jan 17 2014 WANG Chao <chaowang(a)redhat.com> - 2.0.4-20
- vmcore-dmesg: fix timestamp error in vmcore-dmesg.txt
- makedumpfile: re-enable mmap() and introduce --non-mmap
- kdump.conf uncomment default core_collector line
- fix an issue when 'ssh' directive appearing in kdump.conf, the rest part of
lines in this file are ignored
--------------------------------------------------------------------------------
================================================================================
lbzip2-2.5-1.fc20 (FEDORA-2014-4331)
Fast, multi-threaded bzip2 utility
--------------------------------------------------------------------------------
Update Information:
This update rebases to upstream version 2.5, which fixes several bugs and adds some
improvements. Full release notes are available at upstream website:
http://lbzip2.org/news This release is strictly backwards-compatible with all previous
releases in 2.x line.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 27 2014 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 2.5-1
- Update to upstream version 2.5
* Wed Mar 26 2014 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 2.4-4
- Add patch for performance regression during compression
* Wed Mar 26 2014 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 2.4-3
- Fix a typo in compression order block patch
* Wed Mar 26 2014 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 2.4-2
- Add patch fixing block ordering during compression
* Mon Mar 24 2014 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 2.4-1
- Update to upstream version 2.4
* Sun Dec 22 2013 Ville Skyttä <ville.skytta(a)iki.fi> - 2.3-3
- Drop INSTALL from docs.
- Fix bogus dates in %changelog.
- Use bzipped source tarball.
--------------------------------------------------------------------------------
================================================================================
libmikmod-3.3.6-2.fc20 (FEDORA-2014-4447)
A MOD music file player library
--------------------------------------------------------------------------------
Update Information:
- Add missing requires pulseaudio-libs-devel to the -devel pkg (rhbz#1081142)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 27 2014 Hans de Goede <hdegoede(a)redhat.com> - 3.3.6-2
- Add missing requires pulseaudio-libs-devel to the -devel pkg (rhbz#1081142)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1081142 - FTBFS against libmikmod-3.3.6 (works with libmikmod-3.3.5)
https://bugzilla.redhat.com/show_bug.cgi?id=1081142
--------------------------------------------------------------------------------
================================================================================
libyaml-0.1.6-1.fc20 (FEDORA-2014-4440)
YAML 1.1 parser and emitter written in C
--------------------------------------------------------------------------------
Update Information:
New upstream release 0.1.6, fixes CVE-2014-2525
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 26 2014 John Eckersberg <jeckersb(a)redhat.com> - 0.1.6-1
- New upstream release 0.1.6 (bz1081492)
- Fixes CVE-2014-2525 (bz1078083)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1078083 - CVE-2014-2525 libyaml: heap-based buffer overflow when parsing
URLs
https://bugzilla.redhat.com/show_bug.cgi?id=1078083
--------------------------------------------------------------------------------
================================================================================
livecd-tools-20.5-1.fc20 (FEDORA-2014-4432)
Tools for building live CDs
--------------------------------------------------------------------------------
Update Information:
Check to make sure the kickstart exists and cleanup the README a little.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 26 2014 Brian C. Lane <bcl(a)redhat.com> 20.5-1
- Version 20.5 (bcl)
- Cleanup paths in README (bcl)
- livecd-creator: Make sure kickstart file exists (#1074295) (bcl)
--------------------------------------------------------------------------------
================================================================================
mingw-webkitgtk-2.2.6-1.fc20 (FEDORA-2014-4444)
MinGW Windows web content engine library
--------------------------------------------------------------------------------
Update Information:
* Update to 2.2.6
* Fix use-after-free in WTF threading code (WebKit bug #130122)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 26 2014 Erik van Pienbroek <epienbro(a)fedoraproject.org> - 2.2.6-1
- Update to 2.2.6
- Fix use-after-free in WTF threading code (WebKit bug #130122)
--------------------------------------------------------------------------------
================================================================================
mingw-webkitgtk3-2.2.6-1.fc20 (FEDORA-2014-4433)
MinGW Windows GTK+ Web content engine library
--------------------------------------------------------------------------------
Update Information:
* Update to 2.2.6
* Fix use-after-free in WTF threading code (WebKit bug #130122)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 26 2014 Erik van Pienbroek <epienbro(a)fedoraproject.org> - 2.2.6-1
- Update to 2.2.6
- Fix use-after-free in WTF threading code (WebKit bug #130122)
--------------------------------------------------------------------------------
================================================================================
munin-2.0.19-2.fc20 (FEDORA-2014-4437)
Network-wide graphing framework (grapher/gatherer)
--------------------------------------------------------------------------------
Update Information:
minor bugfix release:
- BZ# 1081254: Start asyncd after node
- BZ# 1028075: munin-node doesn't get added to chkconfig
Upstream update to 2.0.18, fixes CVE-2013-6359
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 26 2014 D. Johnson <fenris02(a)fedoraproject.org> - 2.0.19-2
- BZ# 1081254: Start asyncd after node
- BZ# 1028075: munin-node doesn't get added to chkconfig
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037888 - CVE-2013-6048 CVE-2013-6359 munin: two denial of service flaws
fixed in 2.0.18
https://bugzilla.redhat.com/show_bug.cgi?id=1037888
--------------------------------------------------------------------------------
================================================================================
open-vm-tools-9.4.0-8.fc20 (FEDORA-2014-4425)
Open Virtual Machine Tools for virtual machines hosted on VMware
--------------------------------------------------------------------------------
Update Information:
Added missing package dependency on 'which' (BZ#1045709)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 26 2014 Ravindra Kumar <ravindrakumar(a)vmware.com> - 9.4.0-8
- Add missing package dependency on 'which' (BZ#1045709)
* Tue Mar 25 2014 Ravindra Kumar <ravindrakumar(a)vmware.com> - 9.4.0-7
- Add -D_DEFAULT_SOURCE to suppress warning as suggested in
https://sourceware.org/bugzilla/show_bug.cgi?id=16632
* Fri Mar 21 2014 Ravindra Kumar <ravindrakumar(a)vmware.com> - 9.4.0-6
- Add missing package dependencies (BZ#1045709, BZ#1077320)
* Tue Feb 18 2014 Igor Gnatenko <i.gnatenko.brain(a)gmail.com> - 9.4.0-5
- Fix FTBFS g_info redefine (RHBZ #1063847)
* Fri Feb 14 2014 David Tardon <dtardon(a)redhat.com> - 9.4.0-4
- rebuild for new ICU
* Tue Feb 11 2014 Richard W.M. Jones <rjones(a)redhat.com> - 9.4.0-3
- Only build on x86-64 for RHEL 7 (RHBZ#1054608).
* Wed Dec 4 2013 Richard W.M. Jones <rjones(a)redhat.com> - 9.4.0-2
- Rebuild for procps SONAME bump.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1045709 - open-vm-tools should depend on which
https://bugzilla.redhat.com/show_bug.cgi?id=1045709
--------------------------------------------------------------------------------
================================================================================
ovirt-engine-cli-3.4.0.5-1.fc20 (FEDORA-2014-4445)
oVirt Engine Command Line Interface
--------------------------------------------------------------------------------
Update Information:
Update to upstream 3.4.0.5
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 27 2014 Juan Hernandez <juan.hernandez(a)redhat.com> - 3.4.0.5-1
- Update to upstream 3.4.0.5 in order to support version 3.4 of the
oVirt project.
--------------------------------------------------------------------------------
================================================================================
ovirt-engine-sdk-java-3.4.0.7-1.fc20 (FEDORA-2014-4419)
oVirt Engine Software Development Kit (Java)
--------------------------------------------------------------------------------
Update Information:
Update to upstream 3.4.0.7
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 27 2014 Juan Hernandez <juan.hernandez(a)redhat.com> - 3.4.0.7-1
- Update to upstream 3.4.0.7 in order to suport version 3.4 of the
oVirt project.
--------------------------------------------------------------------------------
================================================================================
ovirt-engine-sdk-python-3.4.0.6-1.fc20 (FEDORA-2014-4446)
oVirt Engine Software Development Kit (Python)
--------------------------------------------------------------------------------
Update Information:
Update to upstream version 3.4.0.6
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 27 2014 Juan Hernandez <juan.hernandez(a)redhat.com> - 3.4.0.6-1
- Update to upstream version 3.4.0.6 in order to support release 3.4 of
the oVirt project.
--------------------------------------------------------------------------------
================================================================================
perl-Authen-Captcha-1.024-1.fc20 (FEDORA-2014-4455)
Perl extension for creating captchas
--------------------------------------------------------------------------------
Update Information:
An issue in previous versions of perl-Authen-Captcha is that the generated public string
(file name of the picture) for the captcha is merely a checksum of the secret string. It
is trivial to break such short strings even using google instead of a rainbow table.
Version 1.024 of the module fixes this.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 27 2014 Emmanuel Seyman <emmanuel(a)seyman.fr> - 1.024-1
- Update to 1.024
--------------------------------------------------------------------------------
================================================================================
perl-IO-Interactive-0.0.6-1.fc20 (FEDORA-2014-4441)
Utilities for interactive I/O
--------------------------------------------------------------------------------
Update Information:
These new perl modules provide nifty progress bar and are needed to enable an S3 client.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1081447 - Review Request: perl-IO-Interactive - Utilities for interactive
I/O
https://bugzilla.redhat.com/show_bug.cgi?id=1081447
[ 2 ] Bug #1081465 - Review Request: perl-Term-ProgressBar-Quiet - Provide a progress
meter if run interactively
https://bugzilla.redhat.com/show_bug.cgi?id=1081465
[ 3 ] Bug #1081468 - Review Request: perl-Term-ProgressBar-Simple - Simpler progress
bars
https://bugzilla.redhat.com/show_bug.cgi?id=1081468
[ 4 ] Bug #995748 - perl-Net-Amazon-S3-0.59-1.fc20 does not include s3cl script and
manpage
https://bugzilla.redhat.com/show_bug.cgi?id=995748
--------------------------------------------------------------------------------
================================================================================
perl-Net-Amazon-S3-0.59-2.fc20 (FEDORA-2014-4441)
Use the Amazon Simple Storage Service (S3)
--------------------------------------------------------------------------------
Update Information:
These new perl modules provide nifty progress bar and are needed to enable an S3 client.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 27 2014 Petr Pisar <ppisar(a)redhat.com> - 0.59-2
- Enable s3cl tool (bug #995748)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1081447 - Review Request: perl-IO-Interactive - Utilities for interactive
I/O
https://bugzilla.redhat.com/show_bug.cgi?id=1081447
[ 2 ] Bug #1081465 - Review Request: perl-Term-ProgressBar-Quiet - Provide a progress
meter if run interactively
https://bugzilla.redhat.com/show_bug.cgi?id=1081465
[ 3 ] Bug #1081468 - Review Request: perl-Term-ProgressBar-Simple - Simpler progress
bars
https://bugzilla.redhat.com/show_bug.cgi?id=1081468
[ 4 ] Bug #995748 - perl-Net-Amazon-S3-0.59-1.fc20 does not include s3cl script and
manpage
https://bugzilla.redhat.com/show_bug.cgi?id=995748
--------------------------------------------------------------------------------
================================================================================
perl-Rose-DB-Object-0.811-1.fc20 (FEDORA-2014-4421)
Extensible, high performance object-relational mapper (ORM)
--------------------------------------------------------------------------------
Update Information:
update to version 0.811
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 26 2014 Bill Pemberton <wfp5p(a)worldbroken.com> - 0.811-1
- update to version 0.811
- fixes a bug that prevented many-to-many map records from being saved
to the database
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1055297 - perl-Rose-DB-Object-0.811 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1055297
--------------------------------------------------------------------------------
================================================================================
perl-Term-ProgressBar-Quiet-0.31-1.fc20 (FEDORA-2014-4441)
Provide a progress meter if run interactively
--------------------------------------------------------------------------------
Update Information:
These new perl modules provide nifty progress bar and are needed to enable an S3 client.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1081447 - Review Request: perl-IO-Interactive - Utilities for interactive
I/O
https://bugzilla.redhat.com/show_bug.cgi?id=1081447
[ 2 ] Bug #1081465 - Review Request: perl-Term-ProgressBar-Quiet - Provide a progress
meter if run interactively
https://bugzilla.redhat.com/show_bug.cgi?id=1081465
[ 3 ] Bug #1081468 - Review Request: perl-Term-ProgressBar-Simple - Simpler progress
bars
https://bugzilla.redhat.com/show_bug.cgi?id=1081468
[ 4 ] Bug #995748 - perl-Net-Amazon-S3-0.59-1.fc20 does not include s3cl script and
manpage
https://bugzilla.redhat.com/show_bug.cgi?id=995748
--------------------------------------------------------------------------------
================================================================================
perl-Term-ProgressBar-Simple-0.03-1.fc20 (FEDORA-2014-4441)
Simpler progress bars
--------------------------------------------------------------------------------
Update Information:
These new perl modules provide nifty progress bar and are needed to enable an S3 client.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1081447 - Review Request: perl-IO-Interactive - Utilities for interactive
I/O
https://bugzilla.redhat.com/show_bug.cgi?id=1081447
[ 2 ] Bug #1081465 - Review Request: perl-Term-ProgressBar-Quiet - Provide a progress
meter if run interactively
https://bugzilla.redhat.com/show_bug.cgi?id=1081465
[ 3 ] Bug #1081468 - Review Request: perl-Term-ProgressBar-Simple - Simpler progress
bars
https://bugzilla.redhat.com/show_bug.cgi?id=1081468
[ 4 ] Bug #995748 - perl-Net-Amazon-S3-0.59-1.fc20 does not include s3cl script and
manpage
https://bugzilla.redhat.com/show_bug.cgi?id=995748
--------------------------------------------------------------------------------
================================================================================
python-django-1.6.2-2.fc20 (FEDORA-2014-4393)
A high-level Python Web framework
--------------------------------------------------------------------------------
Update Information:
update to 1.6.2 (rhbz#1027766)
Please note, it is required to update python-django and python3-django as well in one
transaction. yum update or dnf update will do that for you.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 27 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.2-2
- remove simplejson requirement
- make bash-completion a sub-package, both main packages can require
* Thu Feb 13 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.2-1
- update to 1.6.2 (rhbz#1027766)
- bash completion for python3-django-admin (rhbz#1035987)
* Sun Nov 24 2013 Matěj Cepl <mcepl(a)redhat.com> - 1.6-1
- update to 1.6 (rhbz#1027766)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1027766 - python-django-1.6.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1027766
[ 2 ] Bug #1035987 - bash_completion for python3-django-admin
https://bugzilla.redhat.com/show_bug.cgi?id=1035987
[ 3 ] Bug #1073773 - FTBFS due sphinx upgrade
https://bugzilla.redhat.com/show_bug.cgi?id=1073773
--------------------------------------------------------------------------------
================================================================================
python-phyghtmap-1.48-1.fc20 (FEDORA-2014-4450)
Generate OSM contour lines from NASA SRTM data
--------------------------------------------------------------------------------
Update Information:
This update fixes minor bugs related to index generation and missing file downloads when
using viewfinder 3 arc second data.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 26 2014 Volker Fröhlich <volker27(a)gmx.at> - 1.48-1
- New upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1080888 - python-phyghtmap-1.48 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1080888
--------------------------------------------------------------------------------
================================================================================
qaccessibilityclient-0.1.1-1.fc20 (FEDORA-2014-4460)
Accessibility client library for Qt
--------------------------------------------------------------------------------
Update Information:
New stable release to replace previous snapshot build, see also:
http://lists.kde.org/?l=kde-accessibility&m=139207620411895&w=2
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 12 2014 Rex Dieter <rdieter(a)fedoraproject.org> - 0.1.1-1
- 1.1.1 release
- support QT4_BUILD option
- fix dso patch
- Provides: libqaccessibilityclient(-devel)
--------------------------------------------------------------------------------
================================================================================
rubygem-mechanize-2.7.3-2.fc20 (FEDORA-2014-4457)
A handy web browsing ruby object
--------------------------------------------------------------------------------
Update Information:
Also modify mime-type dependency on spec
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 27 2014 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 2.7.3-2
- Also modify mime-type dependency on spec (bug 1080855)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1080855 - rubygem-mechanize requires a higher version of rubygem-mime-types
than supplied
https://bugzilla.redhat.com/show_bug.cgi?id=1080855
--------------------------------------------------------------------------------
================================================================================
smokeping-2.6.9-3.fc20 (FEDORA-2014-4439)
Latency Logging and Graphing System
--------------------------------------------------------------------------------
Update Information:
Smokeping was adding improper date header in email reports.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 26 2014 Terje Rosten <terje.rosten(a)ntnu.no> - 2.6.9-3
- Fix build
* Wed Mar 26 2014 Terje Rosten <terje.rosten(a)ntnu.no> - 2.6.9-2
- Let MTA add date header (bz #1080949)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1080949 - wrong date header with locale in alert mails
https://bugzilla.redhat.com/show_bug.cgi?id=1080949
--------------------------------------------------------------------------------
================================================================================
speech-dispatcher-0.8-7.fc20 (FEDORA-2014-4427)
To provide a high-level device independent layer for speech synthesis
--------------------------------------------------------------------------------
Update Information:
Fix a crash in the festival module
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 27 2014 Peter Robinson <pbrobinson(a)fedoraproject.org> 0.8-7
- Rebuild
* Fri Nov 1 2013 Matthias Clasen <mclasen(a)redhat.com> 0.8-6
- Avoid a crash in the festival module (#995639)
--------------------------------------------------------------------------------
================================================================================
tzdata-2014b-1.fc20 (FEDORA-2014-4451)
Timezone data
--------------------------------------------------------------------------------
Update Information:
Rebase to tzdata-2014b which includes the following update:
- Crimea changes to Moscow time on March, 30, 2014.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 26 2014 Patsy Franklin <pfrankli(a)redhat.com> 2014b-1
- Rebase to 2014b
- Crimea changes to Moscow time on March 30, 2014.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1080928 - tzdata-2014b is available
https://bugzilla.redhat.com/show_bug.cgi?id=1080928
--------------------------------------------------------------------------------
================================================================================
vtk-6.0.0-10.fc20 (FEDORA-2014-4422)
The Visualization Toolkit - A high level 3D visualization library
--------------------------------------------------------------------------------
Update Information:
Add Requires: qtwebkit-devel and hdf5-devel to vtk-devel (bug #1080781)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 26 2014 Orion Poplawski <orion(a)cora.nwra.com> - 6.0.0-10
- Add Requires: qtwebkit-devel and hdf5-devel to vtk-devel (bug #1080781)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1080781 - vtk-devel is missing dependencies on qtwebkit-devel and hdf5-devel
https://bugzilla.redhat.com/show_bug.cgi?id=1080781
--------------------------------------------------------------------------------
================================================================================
xalan-j2-2.7.1-22.fc20 (FEDORA-2014-4443)
Java XSLT processor
--------------------------------------------------------------------------------
Update Information:
This update fixes a remote code execution security vulnerability (CVE-2014-0107).
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 27 2014 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 0:2.7.1-22
- Add patch to fix remote code execution vulnerability
- Resolves: CVE-2014-0107
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1080248 - CVE-2014-0107 Xalan-Java: insufficient constraints in secure
processing feature (oCERT-2014-002)
https://bugzilla.redhat.com/show_bug.cgi?id=1080248
--------------------------------------------------------------------------------
================================================================================
xen-4.3.2-2.fc20 (FEDORA-2014-4458)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 26 2014 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.2-2
- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1075499 - CVE-2014-2599 xen: HVMOP_set_mem_access is not preemptible
https://bugzilla.redhat.com/show_bug.cgi?id=1075499
--------------------------------------------------------------------------------
================================================================================
xfdashboard-0.1.6-2.fc20 (FEDORA-2014-4453)
GNOME shell like dashboard for Xfce
--------------------------------------------------------------------------------
Update Information:
Update to 0.1.6 containing bugfixes and new enhancements
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 23 2014 Mukundan Ragavan <nonamedotc(a)fedoraproject.org> - 0.1.6-2
- Updated to 0.1.6
- Added xfdashboard.xml to files section
* Sun Mar 23 2014 Mukundan Ragavan <nonamedotc(a)fedoraproject.org> - 0.1.6-1
- Updated to 0.1.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1081122 - version 0.1.6
https://bugzilla.redhat.com/show_bug.cgi?id=1081122
--------------------------------------------------------------------------------
================================================================================
xorg-x11-drv-synaptics-1.7.4-4.fc20 (FEDORA-2014-4429)
Xorg X11 Synaptics touchpad input driver
--------------------------------------------------------------------------------
Update Information:
Backport patches to support the T440 series laptops and generally improve clickpad
behaviour
Fix stuck touch points when receiving SYN_DROPPED events (#877464)
Unset ClickPad for Cypress touchpads, they do everything in firmware and we get flaky
button events if we try to enable software buttons on top of that.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 27 2014 Peter Hutterer <peter.hutterer(a)redhat.com> 1.7.4-4
- Add patches to support the T440 series laptops
* Mon Mar 24 2014 Peter Hutterer <peter.hutterer(a)redhat.com> 1.7.4-3
- Fix stuck touch points when receving SYN_DROPPED events (#877464)
* Fri Mar 21 2014 Peter Hutterer <peter.hutterer(a)redhat.com> 1.7.4-2
- Unset ClickPad for Cypress touchpads, they do everything in firmware, we
can't compete with that. (fdo bug 76341 and 70819)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1060885 - New ThinkPad touchpad soft buttons are misconfigured
https://bugzilla.redhat.com/show_bug.cgi?id=1060885
[ 2 ] Bug #877464 - BUG: triggered 'if (priv->num_active_touches >
priv->num_slots)'
https://bugzilla.redhat.com/show_bug.cgi?id=877464
--------------------------------------------------------------------------------