The following Fedora 20 Security updates need testing: Age URL 63 https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20 43 https://admin.fedoraproject.org/updates/FEDORA-2014-6551/chicken-4.8.0.6-2.fc20 41 https://admin.fedoraproject.org/updates/FEDORA-2014-6615/drupal7-views-3.8-1.fc20 20 https://admin.fedoraproject.org/updates/FEDORA-2014-7348/ReviewBoard-1.7.26-2.fc20,python-django-evolution-0.6.9-4.fc20 15 https://admin.fedoraproject.org/updates/FEDORA-2014-5497/openstack-keystone-2013.2.3-4.fc20 14 https://admin.fedoraproject.org/updates/FEDORA-2014-7523/readline-6.2-10.fc20 12 https://admin.fedoraproject.org/updates/FEDORA-2014-7551/asterisk-11.10.2-2.fc20 12 https://admin.fedoraproject.org/updates/FEDORA-2014-7577/claws-mail-3.10.1-1.fc20,claws-mail-plugins-3.10.1-1.fc20 12 https://admin.fedoraproject.org/updates/FEDORA-2014-7613/perl-Email-Address-1.905-1.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2014-7697/dpkg-1.16.15-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-7779/mediawiki-1.21.11-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-7799/openstack-ceilometer-2013.2.3-2.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-7780/python-pycadf-0.5.1-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-7836/cacti-0.8.8b-7.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-7896/zarafa-7.1.10-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-7936/python3-3.3.2-16.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-7954/openstack-nova-2013.2.3-2.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-7964/owncloud-6.0.4-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-7992/file-5.19-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8032/ansible-1.6.6-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8021/docker-io-1.0.0-6.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8059/dbus-1.6.12-9.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8051/pnp4nagios-0.6.22-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8065/rubygem-activerecord-4.0.0-3.fc20
The following Fedora 20 Critical Path updates have yet to be approved: Age URL 6 https://admin.fedoraproject.org/updates/FEDORA-2014-7789/libndp-1.3-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-7857/python-mako-1.0.0-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-7868/gnome-shell-3.10.4-6.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-7968/perl-Pod-Usage-1.64-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-7980/gdb-7.7.1-15.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8059/dbus-1.6.12-9.fc20 The following builds have been pushed to Fedora 20 updates-testing cockpit-0.14-1.fc20 dbus-1.6.12-9.fc20 freetalk-4.0-0.1.rc4.fc20 geard-0-0.13.git6850c8d.fc20 inadyn-mt-2.24.40-1.fc20 irma_configuration-0.1-0.5.aeb8d68.fc20 kmymoney-4.6.6-1.fc20 libdatrie-0.2.8-4.fc20 libmspub-0.0.6-5.fc20 libtpms-0.5.2-1.fc20 lnst-4-1.fc20 mimetic-0.9.8-1.fc20 nfoview-1.14-1.fc20 octomap-1.6.6-4.fc20 perl-PerlIO-via-Timeout-0.29-2.fc20 pnp4nagios-0.6.22-1.fc20 python-flask-script-0.6.7-2.fc20 python-flask-whooshee-0.0.6-4.fc20 python-libcloud-0.15.0-1.fc20 rp-pppoe-3.11-7.fc20 rubygem-activerecord-4.0.0-3.fc20 voms-2.0.11-7.fc20 wxsqlite3-3.1.1-1.fc20 zsh-5.0.5-1.fc20 Details about builds: ================================================================================ cockpit-0.14-1.fc20 (FEDORA-2014-8052) A user interface for Linux servers -------------------------------------------------------------------------------- Update Information: Update to 0.14 release Update to 0.13 release Update to upstream 0.12 release Update to upstream 0.11 release Update to upstream 0.10 release Update to upstream 0.8 Update to upstream 0.5 release Update to upstream 0.4 release Update to upstream 0.3 release, including new UI look, and Docker container support Primary package. Update to upstream 0.9 release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1061056 - Review Request: cockpit - A user interface for Linux servers https://bugzilla.redhat.com/show_bug.cgi?id=1061056 -------------------------------------------------------------------------------- ================================================================================ dbus-1.6.12-9.fc20 (FEDORA-2014-8059) D-BUS message bus -------------------------------------------------------------------------------- Update Information: - Backport patches from dbus-1.6 - Fixes CVE-2014-3477 (fd.o#78979) - Fixes CVE-2014-3532 (fd.o#80163) - Fixes CVE-2014-3533 (fd.o#80469) - Resolves #1115636 -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 2 2014 Colin Walters <[email protected]> - 1:1.6.12-9 - Backport patches from dbus-1.6 - Fixes CVE-2014-3477 (fd.o#78979) - Fixes CVE-2014-3532 (fd.o#80163) - Fixes CVE-2014-3533 (fd.o#80469) - Resolves #1115636 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1114414 - CVE-2014-3532 dbus: denial of service in file descriptor passing feature https://bugzilla.redhat.com/show_bug.cgi?id=1114414 [ 2 ] Bug #1114416 - CVE-2014-3533 dbus: denial of service when forwarding invalid file descriptors https://bugzilla.redhat.com/show_bug.cgi?id=1114416 -------------------------------------------------------------------------------- ================================================================================ freetalk-4.0-0.1.rc4.fc20 (FEDORA-2014-8042) A console based Jabber client -------------------------------------------------------------------------------- Update Information: 4.0 final released, companied with guide 2.0 support, facebook api support. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 2 2014 Christopher Meng <[email protected]> - 4.0-0.1.rc4 - Update to 4.0rc4 * Sat Aug 3 2013 Fedora Release Engineering <[email protected]> - 3.2-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Feb 13 2013 Fedora Release Engineering <[email protected]> - 3.2-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ geard-0-0.13.git6850c8d.fc20 (FEDORA-2014-8055) Geard -------------------------------------------------------------------------------- Update Information: Latest version of geard from upstream. update to latest master 3c781d0cd8a961a85449d362fb5d8c88c5a34a22 Update to latest upstream git snapshot of geard. update to latest master 3c781d0cd8a961a85449d362fb5d8c88c5a34a22 make tests more resilient release 6 -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 2 2014 Adam Miller <[email protected]> - 0-0.13.git6850c8d - New builds from upstream master at commit id 6850c8d * Wed Jun 11 2014 Adam Miller <[email protected]> - 0-0.12.1.git8b2dcfc - Remove sti binary as per upstream feedback - Conditionally patch for selinux F20 vs F21+ * Wed Jun 11 2014 Adam Miller <[email protected]> - 0-0.12.git8b2dcfc - New builds from upstream master at commit id 8b2dcfc - Add sti binary * Mon Jun 9 2014 Adam Miller <[email protected]> - 0-0.11.git8b2dcfc - New builds from upstream master at commit id 8b2dcfc * Sat Jun 7 2014 Fedora Release Engineering <[email protected]> - 0-0.10.git3c781d0 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu May 29 2014 Lokesh Mandvekar <[email protected]> - 0-0.9.git - update to latest master 3c781d0cd8a961a85449d362fb5d8c88c5a34a22 - Require docker-io to fix BZ 1097638 - selinux fix in master 0-0.9 not required in f20 * Sat May 17 2014 Lokesh Mandvekar <[email protected]> - 0-0.8.git - update to latest master - make sure required package is docker-io * Wed May 7 2014 Lokesh Mandvekar <[email protected]> - 0-0.7.git - make tests more resilient * Fri May 2 2014 Lokesh Mandvekar <[email protected]> - 0-0.6.git - release 6 * Tue Apr 29 2014 Colin Walters <[email protected]> - 0-0.5.1.git - Change requires to be /usr/bin/docker to adapt to package rename -------------------------------------------------------------------------------- References: [ 1 ] Bug #1097638 - It will install the docker as dependency by default but not docker-io if install the geard via yum directly on Fedora20 https://bugzilla.redhat.com/show_bug.cgi?id=1097638 -------------------------------------------------------------------------------- ================================================================================ inadyn-mt-2.24.40-1.fc20 (FEDORA-2014-8056) Dynamic DNS Client -------------------------------------------------------------------------------- Update Information: New upstream release. Fix libAO dependency issue. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 2 2014 Jochen Schmitt <Jochen herr-schmitt de> - 2.24.40-1 - New upstream release - Set explicit account information in the systemd unit file (#1100889) - Rebuilt to fix dep. issue agains libao (#1100889) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1100889 - inadyn-mt should not be run as root https://bugzilla.redhat.com/show_bug.cgi?id=1100889 -------------------------------------------------------------------------------- ================================================================================ irma_configuration-0.1-0.5.aeb8d68.fc20 (FEDORA-2014-8046) IRMA Card configuration data -------------------------------------------------------------------------------- Update Information: Fix permissions -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 3 2014 Patrick Uiterwijk <[email protected]> - 0.1-0.5.aeb8d68 - Fix permissions * Sat Jun 7 2014 Fedora Release Engineering <[email protected]> - 0.1-0.4.aeb8d68 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ kmymoney-4.6.6-1.fc20 (FEDORA-2014-8037) Personal finance -------------------------------------------------------------------------------- Update Information: New stable upstream release, includes improved compatibility with recent quicken versions, see also http://kmymoney.kde.org/news.php#itemKMyMoney466released http://kmymoney.kde.org/news.php#itemKMyMoney465released -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 23 2014 Rex Dieter <[email protected]> 4.6.6-1 - kmymoney-4.6.6 * Fri Jun 20 2014 Rex Dieter <[email protected]> 4.6.5-1 - kmymoney-4.6.5 * Sun Jun 8 2014 Fedora Release Engineering <[email protected]> - 4.6.4-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri May 23 2014 Petr Machata <[email protected]> - 4.6.4-5 - Rebuild for boost 1.55.0 -------------------------------------------------------------------------------- ================================================================================ libdatrie-0.2.8-4.fc20 (FEDORA-2014-8067) Implementation of Double-Array structure for representing trie -------------------------------------------------------------------------------- Update Information: Dep of libthai, bundled for 7 yrs in Fedora. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1062542 - Review Request: libdatrie - Implementation of Double-Array structure for representing trie https://bugzilla.redhat.com/show_bug.cgi?id=1062542 -------------------------------------------------------------------------------- ================================================================================ libmspub-0.0.6-5.fc20 (FEDORA-2014-8038) A library providing ability to interpret and import Microsoft Publisher files -------------------------------------------------------------------------------- Update Information: fdo#80661 fix crash on import of specific docs from libreoffice -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 3 2014 David Tardon <[email protected]> - 0.0.6-5 - fdo#80661 fix crash on import of specific docs from libreoffice -------------------------------------------------------------------------------- ================================================================================ libtpms-0.5.2-1.fc20 (FEDORA-2014-8063) Library providing Trusted Platform Module (TPM) functionality -------------------------------------------------------------------------------- Update Information: Update to newer version of libtpms. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 30 2014 Stefan Berger - 0.5.2-1 - Updated to version 0.5.2 - coverity fixes - fixes for ARM64 using __aarch64__ -------------------------------------------------------------------------------- ================================================================================ lnst-4-1.fc20 (FEDORA-2014-8036) Common code for lnst-ctl and lnst-slave -------------------------------------------------------------------------------- Update Information: update to version 4 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 3 2014 Jiri Pirko <[email protected]> - 4-1 - Updating to stable release 4 * Sat Jun 7 2014 Fedora Release Engineering <[email protected]> - 3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ mimetic-0.9.8-1.fc20 (FEDORA-2014-8039) A full featured C++ MIME library -------------------------------------------------------------------------------- Update Information: MIME library -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 18 2014 Christopher Meng <[email protected]> - 0.9.8-1 - Update to 0.9.8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1111184 - Review Request: mimetic - A full featured C++ MIME library https://bugzilla.redhat.com/show_bug.cgi?id=1111184 -------------------------------------------------------------------------------- ================================================================================ nfoview-1.14-1.fc20 (FEDORA-2014-8040) Viewer for NFO files -------------------------------------------------------------------------------- Update Information: Update to new upstream version 1.14 -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 29 2014 Fabian Affolter <[email protected]> - 1.14-1 - Update to new upstream version 1.14 * Sat Jun 7 2014 Fedora Release Engineering <[email protected]> - 1.13.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Wed May 28 2014 Kalev Lember <[email protected]> - 1.13.1-2 - Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 * Mon Sep 23 2013 Fabian Affolter <[email protected]> - 1.13.1-1 - Update to new upstream version 1.13.1 -------------------------------------------------------------------------------- ================================================================================ octomap-1.6.6-4.fc20 (FEDORA-2014-7970) Efficient Probabilistic 3D Mapping Framework Based on Octrees -------------------------------------------------------------------------------- Update Information: Initial import of octomap -------------------------------------------------------------------------------- References: [ 1 ] Bug #1107422 - Review Request: octomap - Efficient Probabilistic 3D Mapping Framework Based on Octrees https://bugzilla.redhat.com/show_bug.cgi?id=1107422 -------------------------------------------------------------------------------- ================================================================================ perl-PerlIO-via-Timeout-0.29-2.fc20 (FEDORA-2014-8064) PerlIO layer that adds read & write timeout to a handle -------------------------------------------------------------------------------- Update Information: Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 7 2014 Fedora Release Engineering <[email protected]> - 0.29-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ pnp4nagios-0.6.22-1.fc20 (FEDORA-2014-8051) Nagios performance data analysis tool -------------------------------------------------------------------------------- Update Information: Update to upstream (fixes XSS flaw in an error page) -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 3 2014 Ján ONDREJ (SAL) <ondrejj(at)salstar.sk> - 0.6.22-1 - Update to upstream (fixes XSS flaw in an error page) * Sat Jun 7 2014 Fedora Release Engineering <[email protected]> - 0.6.21-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1115770 - pnp4nagios: cross-site scripting flaw in an error page https://bugzilla.redhat.com/show_bug.cgi?id=1115770 -------------------------------------------------------------------------------- ================================================================================ python-flask-script-0.6.7-2.fc20 (FEDORA-2014-8053) Scripting support for Flask -------------------------------------------------------------------------------- Update Information: Changed macros in specfile to use versioned python macros; Now using pytest for running tests; Moved Python3 requires to proper place; -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 3 2014 Robert Kuska <[email protected]> - 0.6.7-2 - Update spec to use python versioned macros - Move Python 3 requires to proper place -------------------------------------------------------------------------------- ================================================================================ python-flask-whooshee-0.0.6-4.fc20 (FEDORA-2014-8062) Whoosh integration -------------------------------------------------------------------------------- Update Information: Fixed Requires for Python3 position in specfile -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 3 2014 Robert Kuska <[email protected]> - 0.0.6-4 - Move Python 3 Requires into correct place * Sat Jun 7 2014 Fedora Release Engineering <[email protected]> - 0.0.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri May 16 2014 Robert Kuska <[email protected]> - 0.0.6-2 - Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 -------------------------------------------------------------------------------- ================================================================================ python-libcloud-0.15.0-1.fc20 (FEDORA-2014-8060) A Python library to address multiple cloud provider APIs -------------------------------------------------------------------------------- Update Information: First release in the 0.15 series which it brings many new features, -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 27 2014 Daniel Bruno <[email protected]> - 0.15.0-1 - First release in the 0.15 series which it brings many new features, improvements and bug fixes -------------------------------------------------------------------------------- ================================================================================ rp-pppoe-3.11-7.fc20 (FEDORA-2014-8050) A PPP over Ethernet client (for xDSL support). -------------------------------------------------------------------------------- Update Information: Fix an F20FTBFS -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 3 2014 Ralf Corsépius <[email protected]> - 3.11-7 - Let package honor %_pkgdocdir (Fix F20FTBFS RHBZ #993206, F21FTBFS RHBZ #1107035). - Modernize spec. * Thu Aug 8 2013 Than Ngo <[email protected]> - 3.11-6 - cleanup * Sun Aug 4 2013 Fedora Release Engineering <[email protected]> - 3.11-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #993206 - rp-pppoe: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=993206 -------------------------------------------------------------------------------- ================================================================================ rubygem-activerecord-4.0.0-3.fc20 (FEDORA-2014-8065) Implements the ActiveRecord pattern for ORM -------------------------------------------------------------------------------- Update Information: Fix for CVE-2014-3483 rubygem-activerecord: SQL injection vulnerability in 'range' quoting -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 3 2014 Josef Stribny <[email protected]> - 1:4.0.0-3 - Fix CVE-2014-3483 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1115777 - CVE-2014-3483 rubygem-activerecord: SQL injection vulnerability in 'range' quoting [fedora-20] https://bugzilla.redhat.com/show_bug.cgi?id=1115777 -------------------------------------------------------------------------------- ================================================================================ voms-2.0.11-7.fc20 (FEDORA-2014-7770) Virtual Organization Membership Service -------------------------------------------------------------------------------- Update Information: Fix stack smashing from SHA2 certificates. Fix gsoap linking. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 2 2014 Mattias Ellert <[email protected]> - 2.0.11-7 - Update the gsoap patch * Thu Jun 26 2014 Mattias Ellert <[email protected]> - 2.0.11-6 - Clean up SHA2 patch * Thu Jun 26 2014 Mattias Ellert <[email protected]> - 2.0.11-5 - Fix compilation problems when strndup is already defined * Thu Jun 26 2014 Mattias Ellert <[email protected]> - 2.0.11-4 - Patch that fixes a stack smash when SHA2 certificates are used * Sun Jun 8 2014 Fedora Release Engineering <[email protected]> - 2.0.11-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ wxsqlite3-3.1.1-1.fc20 (FEDORA-2014-8049) C++ wrapper around the SQLite 3.x database -------------------------------------------------------------------------------- Update Information: update to 3.1.1 -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 30 2014 Martin Gansser <[email protected]> 3.1.1-1 - update to 3.1.1 - added absolute path for wx-config -------------------------------------------------------------------------------- ================================================================================ zsh-5.0.5-1.fc20 (FEDORA-2014-8066) Powerful interactive shell -------------------------------------------------------------------------------- Update Information: This update brings the latest release of Zsh in version 5.0.5 to you. Please read the release notes at http://zsh.sourceforge.net/releases.htm A detailed change log may be found here: http://sourceforge.net/p/zsh/code/ci/master/tree/ Please note this update will install the Zsh binary in /usr/bin now instead of /bin and accordingly will append /usr/bin/zsh to your /etc/shells file. Installing this update will not remove any reference to /bin/zsh from /etc/shells, you probably want to maintain /etc/shells yourself accordingly. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 8 2014 Dominic Hopf <[email protected]> - 5.0.5-1 - Update to latest upstream release: Zsh 5.0.5 - remove individual _bindir setting; install to /usr/bin/ (RHBZ#1034060) - require info package instead of /sbin/install-info binary * Thu Jan 16 2014 James Antill <[email protected]> - 5.0.2-8 - Remove unneeded build require on tetex. * Sat Oct 26 2013 Dominic Hopf <[email protected]> - 5.0.2-7 - Require hostname package instead of /bin/hostname -------------------------------------------------------------------------------- References: [ 1 ] Bug #1045933 - zsh-5.0.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1045933 [ 2 ] Bug #1061896 - Please apply memcpy -> memmove patch https://bugzilla.redhat.com/show_bug.cgi?id=1061896 [ 3 ] Bug #1034060 - append /usr/bin/zsh to /etc/shells https://bugzilla.redhat.com/show_bug.cgi?id=1034060 -------------------------------------------------------------------------------- -- test mailing list [email protected] To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
