The following Fedora 20 Security updates need testing: Age URL 34 https://admin.fedoraproject.org/updates/FEDORA-2013-17866/chicken-4.8.0.4-4.fc20 23 https://admin.fedoraproject.org/updates/FEDORA-2013-18705/phpMyAdmin-3.5.8.2-1.fc20 15 https://admin.fedoraproject.org/updates/FEDORA-2013-19198/quassel-0.9.1-1.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2013-19931/mod_nss-1.0.8-24.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2013-19934/openstack-glance-2013.2-2.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2013-20032/gnutls-3.1.15-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2013-20095/python-backports-ssl_match_hostname-3.4.0.2-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2013-20138/mantis-1.2.15-3.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2013-20216/python-setuptools-0.9.8-2.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2013-20310/spice-0.12.4-3.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2013-19507/openstack-keystone-2013.2-2.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2013-20382/xulrunner-25.0-2.fc20,firefox-25.0-3.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20517/xen-4.3.1-1.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 13 https://admin.fedoraproject.org/updates/FEDORA-2013-19560/mash-0.6.01-2.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2013-19861/libcomps-0.1.4-4.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2013-19854/lua-5.2.2-5.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2013-20032/gnutls-3.1.15-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2013-20219/perl-Socket-2.013-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2013-20254/gnome-abrt-0.3.3-1.fc20,abrt-2.1.9-1.fc20,libreport-2.1.9-1.fc20,satyr-0.11-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2013-20216/python-setuptools-0.9.8-2.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2013-20303/colord-1.1.3-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2013-20406/dnf-0.4.6-1.fc20,libsolv-0.4.0-1.gitd49d319.fc20,librepo-1.3.0-1.fc20,hawkey-0.4.4-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2013-20393/phonon-4.6.0-9.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20513/xorg-x11-drv-ati-7.2.0-3.20131101git3b38701.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20522/highlight-3.16.1-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20475/libevdev-0.4.1-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20450/pungi-3.03-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-20466/thunderbird-24.1.0-1.fc20,thunderbird-lightning-2.6.2-2.fc20 The following builds have been pushed to Fedora 20 updates-testing alexandria-0.6.9-8.fc20 curator-2.2.0-1.fc20 freeipa-3.3.3-1.fc20 ghc-MonadRandom-0.1.12-1.fc20 gnome-initial-setup-3.10.1.1-2.fc20 highlight-3.16.1-1.fc20 hugin-2013.0.0-1.fc20 mate-applets-1.6.1-6.fc20 mlmmj-1.2.18.0-2.fc20 mod_qos-10.24-1.fc20 ngircd-21-1.fc20 php-pear-phing-2.6.1-1.fc20 php-pecl-mongo-1.4.4-1.fc20 php-swift-Swift-5.0.2-1.fc20 python-keyring-3.1-1.fc20 rubygem-goocanvas-2.0.2-2.fc20 rubygem-goocanvas1-1.2.6-2.fc20 rubygem-opengl-0.8.0-2.fc20 rubygem-riddle-1.5.9-1.fc20 rubygem-ruby-opengl-0.61.0-1.fc20 spin-kickstarts-0.20.20-1.fc20 wireshark-1.10.3-1.fc20 xen-4.3.1-1.fc20 xorg-x11-drv-ati-7.2.0-3.20131101git3b38701.fc20 Details about builds: ================================================================================ alexandria-0.6.9-8.fc20 (FEDORA-2013-20515) Book collection manager -------------------------------------------------------------------------------- Update Information: Introduce rubygem-goocanvas1 package, which uses goocanvas 1 and gtk2, as current rubygem-goocanvas uses goocanvas 2 and gtk3. Patch against alexandria so that alexandria uses rubygem-goocanvas1 even if rubygem-goocanvas is also installed. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 1 2013 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 0.6.9-8 - Change dependency on goocanvas on F-20+ (bug 1025095) - Specify goocanvas version (bug 1024931) * Mon Oct 7 2013 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 0.6.9-7 - Read negative value as integer in case position has such value (bug 1014295) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1024931 - Alexandria can't start https://bugzilla.redhat.com/show_bug.cgi?id=1024931 -------------------------------------------------------------------------------- ================================================================================ curator-2.2.0-1.fc20 (FEDORA-2013-20512) A set of Java libraries that make using Apache ZooKeeper much easier -------------------------------------------------------------------------------- Update Information: Addition of apache curator -------------------------------------------------------------------------------- ================================================================================ freeipa-3.3.3-1.fc20 (FEDORA-2013-20514) The Identity, Policy and Audit system -------------------------------------------------------------------------------- Update Information: Update to upstream 3.3.3 -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 1 2013 Martin Kosek <mkosek@xxxxxxxxxx> - 3.3.3-1 - Update to upstream 3.3.3 * Fri Oct 4 2013 Martin Kosek <mkosek@xxxxxxxxxx> - 3.3.2-1 - Update to upstream 3.3.2 -------------------------------------------------------------------------------- ================================================================================ ghc-MonadRandom-0.1.12-1.fc20 (FEDORA-2013-20520) Random-number generation monad -------------------------------------------------------------------------------- Update Information: New release -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 1 2013 Shakthi Kannan <shakthimaan [AT] fedoraproject dot org> - 0.1.12-1 - Updated to new upstream 0.1.12 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1016212 - ghc-MonadRandom-0.1.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=1016212 -------------------------------------------------------------------------------- ================================================================================ gnome-initial-setup-3.10.1.1-2.fc20 (FEDORA-2013-20516) Bootstrapping your OS -------------------------------------------------------------------------------- Update Information: This update makes it possible to add online accounts in gnome-initial-setup, by populating the add dialog properly. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 1 2013 Matthias Clasen <mclasen@xxxxxxxxxx> - 3.10.1.1-2 - Fix goa add dialog to not be empty -------------------------------------------------------------------------------- References: [ 1 ] Bug #1014304 - Online account selection dialog is empty and 'Cancel' button doesn't work https://bugzilla.redhat.com/show_bug.cgi?id=1014304 -------------------------------------------------------------------------------- ================================================================================ highlight-3.16.1-1.fc20 (FEDORA-2013-20522) Universal source code to formatted text converter -------------------------------------------------------------------------------- Update Information: Remove of superfluid debug output. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 1 2013 Jochen Schmitt <Jochen herr-schmitt de> - 3.16.1-1 - Minor bug fix release from upstream * Sun Oct 13 2013 Jochen Schmitt <Jochen herr-schmitt de> - 3.16-1 - New upstream release -------------------------------------------------------------------------------- ================================================================================ hugin-2013.0.0-1.fc20 (FEDORA-2013-20532) A panoramic photo stitcher and more -------------------------------------------------------------------------------- Update Information: New release with a GUI overhaul -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 31 2013 Bruno Postle <bruno@xxxxxxxxxx> - 2013.0.0-1 - upstream stable release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1023906 - hugin-2013.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1023906 -------------------------------------------------------------------------------- ================================================================================ mate-applets-1.6.1-6.fc20 (FEDORA-2013-20529) MATE Desktop panel applets -------------------------------------------------------------------------------- Update Information: - disable upower BR > f20, until we know to handle upower-1.0 -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 1 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.1-6 - disable upower BR > f20, until we know to handle upower-1.0 -------------------------------------------------------------------------------- ================================================================================ mlmmj-1.2.18.0-2.fc20 (FEDORA-2013-20524) A simple and slim mailing list manager inspired by ezmlm -------------------------------------------------------------------------------- Update Information: New RPM. -------------------------------------------------------------------------------- ChangeLog: * Sat Oct 26 2013 Christopher Meng <rpm@xxxxxxxx> - 1.2.18.0-2 - Filter out wrong dependencies. * Fri Aug 9 2013 Christopher Meng <rpm@xxxxxxxx> - 1.2.18.0-1 - Resubmit the package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #995933 - Re-Review Request: mlmmj - A simple and slim mailing list manager inspired by ezmlm https://bugzilla.redhat.com/show_bug.cgi?id=995933 -------------------------------------------------------------------------------- ================================================================================ mod_qos-10.24-1.fc20 (FEDORA-2013-20519) Quality of service module for Apache -------------------------------------------------------------------------------- Update Information: upstream 10.24 -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 2 2013 Christof Damian <christof@xxxxxxxxxx> - 10.24-1 - upstream 10.24 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1000688 - mod_qos-10.24 is available https://bugzilla.redhat.com/show_bug.cgi?id=1000688 -------------------------------------------------------------------------------- ================================================================================ ngircd-21-1.fc20 (FEDORA-2013-20526) Next Generation IRC Daemon -------------------------------------------------------------------------------- Update Information: Misc upstream enhancements/bug fixes. See: http://ngircd.barton.de/doc/NEWS for detailed changes. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 1 2013 Kevin Fenzi <kevin@xxxxxxxxx> 21-1 - Update to 21 * Wed Sep 4 2013 Kevin Fenzi <kevin@xxxxxxxxx> 20.3-2 - Fix docs to not include Makefiles. Fixes bug #1004557 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1025162 - ngircd-21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1025162 -------------------------------------------------------------------------------- ================================================================================ php-pear-phing-2.6.1-1.fc20 (FEDORA-2013-20528) A project build system based on Apache Ant -------------------------------------------------------------------------------- Update Information: upstream 2.6.1 -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 2 2013 Christof Damian <christof@xxxxxxxxxx> - 2.6.1-1 - upstream 2.6.1 -------------------------------------------------------------------------------- ================================================================================ php-pecl-mongo-1.4.4-1.fc20 (FEDORA-2013-20511) PHP MongoDB database driver -------------------------------------------------------------------------------- Update Information: upstream 1.4.4 -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 2 2013 Christof Damian <christof@xxxxxxxxxx> - 1.4.4-1 - upstream 1.4.4 -------------------------------------------------------------------------------- ================================================================================ php-swift-Swift-5.0.2-1.fc20 (FEDORA-2013-20525) Free Feature-rich PHP Mailer -------------------------------------------------------------------------------- Update Information: upstream 5.0.2 -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 2 2013 Christof Damian <christof@xxxxxxxxxx> - 5.0.2-1 - upstream 5.0.2 -------------------------------------------------------------------------------- ================================================================================ python-keyring-3.1-1.fc20 (FEDORA-2013-20531) Python library to access the system keyring service -------------------------------------------------------------------------------- Update Information: Update to version 3.1 -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 22 2013 rtnpro <rtnpro@xxxxxxxxx> - 3.1-1 - Bump to version 3.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1007354 - Please update this package ASAP https://bugzilla.redhat.com/show_bug.cgi?id=1007354 -------------------------------------------------------------------------------- ================================================================================ rubygem-goocanvas-2.0.2-2.fc20 (FEDORA-2013-20521) Ruby binding of GooCanvas -------------------------------------------------------------------------------- Update Information: Add some license file Rebase to ruby-gnome2 2.0.x suite -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 1 2013 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 2.0.2-2 - Include license file * Mon Oct 28 2013 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 2.0.2-1 - 2.0.2 -------------------------------------------------------------------------------- ================================================================================ rubygem-goocanvas1-1.2.6-2.fc20 (FEDORA-2013-20515) Ruby binding of GooCanvas -------------------------------------------------------------------------------- Update Information: Introduce rubygem-goocanvas1 package, which uses goocanvas 1 and gtk2, as current rubygem-goocanvas uses goocanvas 2 and gtk3. Patch against alexandria so that alexandria uses rubygem-goocanvas1 even if rubygem-goocanvas is also installed. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1024931 - Alexandria can't start https://bugzilla.redhat.com/show_bug.cgi?id=1024931 -------------------------------------------------------------------------------- ================================================================================ rubygem-opengl-0.8.0-2.fc20 (FEDORA-2013-20530) An OpenGL wrapper for Ruby -------------------------------------------------------------------------------- Update Information: Introducing new package rubygem-opengl. Now new rubygem-ruby-opengl uses rubygem-opengl. -------------------------------------------------------------------------------- ================================================================================ rubygem-riddle-1.5.9-1.fc20 (FEDORA-2013-20523) An API for Sphinx, written in and for Ruby -------------------------------------------------------------------------------- Update Information: New package. A Ruby API and configuration helper for the Sphinx search service. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1025100 - Review Request: rubygem-riddle - An API for Sphinx, written in and for Ruby https://bugzilla.redhat.com/show_bug.cgi?id=1025100 -------------------------------------------------------------------------------- ================================================================================ rubygem-ruby-opengl-0.61.0-1.fc20 (FEDORA-2013-20530) OpenGL Interface for Ruby -------------------------------------------------------------------------------- Update Information: Introducing new package rubygem-opengl. Now new rubygem-ruby-opengl uses rubygem-opengl. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 1 2013 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 0.61.0-1 - 0.61.0 * Fri Nov 1 2013 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 0.60.1-14 - Remove files with unclear licenses -------------------------------------------------------------------------------- ================================================================================ spin-kickstarts-0.20.20-1.fc20 (FEDORA-2013-20527) Kickstart files and templates for creating your own Fedora Spins -------------------------------------------------------------------------------- Update Information: This should be very close to what gets used for beta compose. Get an up to date version for beta. -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 2 2013 <bruno@xxxxxxxx> - 0.20.20-1 - Get a relatively current build for beta * Tue Oct 8 2013 <bruno@xxxxxxxx> - 0.20.19-1 - Get a relatively current build for beta -------------------------------------------------------------------------------- ================================================================================ wireshark-1.10.3-1.fc20 (FEDORA-2013-20518) Network traffic analyzer -------------------------------------------------------------------------------- Update Information: * Ver. 1.10.3 -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 2 2013 Peter Lemenkov <lemenkov@xxxxxxxxx> - 1.10.3-1 - Ver. 1.10.3 - Dropped upsteamed patch no. 13 -------------------------------------------------------------------------------- ================================================================================ xen-4.3.1-1.fc20 (FEDORA-2013-20517) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: update to xen-4.3.1, Lock order reversal between page allocation and grant table lock ocaml xenstored mishandles oversized message replies systemd changes to allow oxenstored to be used instead of xenstored -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 1 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.3.1-1 - update to xen-4.3.1 - Lock order reversal between page allocation and grant table locks [XSA-73, CVE-2013-4494] * Tue Oct 29 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.3.0-10 - ocaml xenstored mishandles oversized message replies [XSA-72, CVE-2013-4416] (#1024450) * Thu Oct 24 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.3.0-9 - systemd changes to allow oxenstored to be used instead of xenstored (#1022640) * Thu Oct 10 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.3.0-8 - security fixes (#1017843) Information leak through outs instruction emulation in 64-bit PV guests [XSA-67, CVE-2013-4368] possible null dereference when parsing vif ratelimiting info [XSA-68, CVE-2013-4369] misplaced free in ocaml xc_vcpu_getaffinity stub [XSA-69, CVE-2013-4370] use-after-free in libxl_list_cpupool under memory pressure [XSA-70, CVE-2013-4371] qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu) [XSA-71, CVE-2013-4375] -------------------------------------------------------------------------------- References: [ 1 ] Bug #1017875 - CVE-2013-4416 xen: ocaml xenstored mishandles oversized message replies (XSA-72) https://bugzilla.redhat.com/show_bug.cgi?id=1017875 -------------------------------------------------------------------------------- ================================================================================ xorg-x11-drv-ati-7.2.0-3.20131101git3b38701.fc20 (FEDORA-2013-20513) Xorg X11 ati video driver -------------------------------------------------------------------------------- Update Information: Fix radeonsi gnome-shell rendering and other fixes. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 1 2013 Jerome Glisse <jglisse@xxxxxxxxxx> - 7.2.0-3 - Update to lastest upstream git snapshot * Fri Oct 25 2013 Jerome Glisse <jglisse@xxxxxxxxxx> - 7.2.0-2 - Fix gnome-shell rendering issue with radeonsi * Fri Oct 25 2013 Adam Jackson <ajax@xxxxxxxxxx> - 7.2.0-1 - ABI rebuild * Thu Aug 29 2013 Dave Airlie <airlied@xxxxxxxxxx> 7.2.0-0 - update to latest upstream release 7.2.0 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test