The following Fedora 20 Security updates need testing: Age URL 68 https://admin.fedoraproject.org/updates/FEDORA-2013-23116/python-swiftclient-1.8.0-1.fc20 58 https://admin.fedoraproject.org/updates/FEDORA-2013-23636/rubygem-actionpack-4.0.0-2.fc20 50 https://admin.fedoraproject.org/updates/FEDORA-2013-24018/varnish-3.0.5-1.fc20 32 https://admin.fedoraproject.org/updates/FEDORA-2014-0792/libinfinity-0.5.5-1.fc20 18 https://admin.fedoraproject.org/updates/FEDORA-2014-1742/quassel-0.9.2-1.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2014-2103/python-gnupg-0.3.6-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-2221/NetworkManager-ssh-0.9.2-0.2.20140209git46247c2.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-2264/python-tahrir-0.5.1-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-2263/python-tahrir-0.5.2-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-2321/perl-Capture-Tiny-0.24-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-2291/seamonkey-2.24-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-2372/xstream-1.3.1-9.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-2495/lighttpd-1.4.34-3.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-2509/oath-toolkit-2.4.1-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-2531/drupal6-ctools-1.11-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-2452/augeas-1.2.0-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-2562/drupal7-ctools-1.4-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-2554/openstack-nova-2013.2.2-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-2583/mingw-gnutls-3.1.21-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-2611/drupal6-image_resize_filter-1.14-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-2576/kernel-3.13.3-201.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-2624/xen-4.3.1-10.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-2648/drupal6-filefield-3.12-1.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 95 https://admin.fedoraproject.org/updates/FEDORA-2013-21163/libproxy-0.4.11-8.fc20 26 https://admin.fedoraproject.org/updates/FEDORA-2014-1197/colord-1.1.6-1.fc20 13 https://admin.fedoraproject.org/updates/FEDORA-2014-1911/livecd-tools-20.4-1.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2014-2021/gupnp-tools-0.8.9-1.fc20,gupnp-av-0.12.5-1.fc20,gupnp-0.20.10-1.fc20,gssdp-0.14.7-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-2646/vim-7.4.179-1.fc20 The following builds have been pushed to Fedora 20 updates-testing clamtk-5.04-1.fc20 drupal6-filefield-3.12-1.fc20 drupal7-context-3.2-1.fc20 drupal7-fivestar-2.0-0.7.alpha3.fc20 drupal7-libraries-2.2-1.fc20 drupal7-login_destination-1.1-1.fc20 drupal7-taxonomy_access_fix-2.0-1.fc20 dvdbackup-0.4.2-1.fc20 fsarchiver-0.6.18-1.fc20 gimagereader-2.91-0.2git20140216.fc20 kernel-3.13.3-201.fc20 php-Pimple-1.1.1-1.fc20 python-markdown2-2.2.0-1.fc20 qepcad-B-1.69-3.fc20 root-5.34.15-1.fc20 sugar-memorize-47-1.fc20 sugar-pippy-57-1.fc20 sugar-turtleart-199-1.fc20 vdr-iptv-2.0.2-7.fc20 vim-7.4.179-1.fc20 xapian-bindings-1.2.17-1.fc20 xapian-core-1.2.17-1.fc20 xen-4.3.1-10.fc20 Details about builds: ================================================================================ clamtk-5.04-1.fc20 (FEDORA-2014-2632) Easy to use graphical user interface for Clam anti virus -------------------------------------------------------------------------------- Update Information: Update to 5.04. -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 15 2014 Dave M. <dave.nerd@xxxxxxxxx> - 5.04-1 - Updated to release 5.04. -------------------------------------------------------------------------------- ================================================================================ drupal6-filefield-3.12-1.fc20 (FEDORA-2014-2648) Defines a file field type -------------------------------------------------------------------------------- Update Information: Updated to 3.12 * Release notes: https://drupal.org/node/2194103 * SA-CONTRIB-2014-015 -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 14 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 1:3.12-1 - Updated to 3.12 (BZ #1064729; release notes https://drupal.org/node/2194103) - Security BZ #1064841, #1064842, 1064843 - SA-CONTRIB-2014-015 - Spec cleanup -------------------------------------------------------------------------------- References: [ 1 ] Bug #1064841 - drupal6-filefield: access bypass https://bugzilla.redhat.com/show_bug.cgi?id=1064841 -------------------------------------------------------------------------------- ================================================================================ drupal7-context-3.2-1.fc20 (FEDORA-2014-2644) Allows contextual conditions and reactions management -------------------------------------------------------------------------------- Update Information: Updated to 3.2 * Release notes: https://drupal.org/node/2183729 -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 15 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 3.2-1 - Updated to 3.2 (BZ #1059560; release notes https://drupal.org/node/2183729) - Spec cleanup -------------------------------------------------------------------------------- References: [ 1 ] Bug #1059560 - drupal7-context-3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1059560 -------------------------------------------------------------------------------- ================================================================================ drupal7-fivestar-2.0-0.7.alpha3.fc20 (FEDORA-2014-2634) Enables fivestar ratings on content, users, etc -------------------------------------------------------------------------------- Update Information: Updated to 2.0-alpha3 * Release notes: https://drupal.org/node/2186899 -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 15 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 2.0-0.7.alpha3 - Add build require drupal7-rpmbuild * Sat Feb 15 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 2.0-0.6.alpha3 - Updated to 2.0-alpha3 (BZ #1060464; release notes https://drupal.org/node/2186899) - Spec cleanup -------------------------------------------------------------------------------- References: [ 1 ] Bug #1060464 - drupal7-fivestar-2.0-alpha3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1060464 -------------------------------------------------------------------------------- ================================================================================ drupal7-libraries-2.2-1.fc20 (FEDORA-2014-2622) Allows version-dependent and shared usage of external libraries -------------------------------------------------------------------------------- Update Information: Updated to 2.2 * Release notes: https://drupal.org/node/2192173 -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 15 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 2.2-1 - Updated to 2.2 (BZ #1063727; release notes https://drupal.org/node/2192173) - Spec cleanup -------------------------------------------------------------------------------- References: [ 1 ] Bug #1063727 - drupal7-libraries-2.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1063727 -------------------------------------------------------------------------------- ================================================================================ drupal7-login_destination-1.1-1.fc20 (FEDORA-2014-2626) Customize the destination that the user is redirected to after login -------------------------------------------------------------------------------- Update Information: Updated to 1.1 * Release notes: https://drupal.org/node/1869598 -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 15 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 1.1-1 - Updated to 1.1 (BZ #1059997; release notes https://drupal.org/node/1869598) - Spec cleanup -------------------------------------------------------------------------------- References: [ 1 ] Bug #1059997 - drupal7-login_destination-1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1059997 -------------------------------------------------------------------------------- ================================================================================ drupal7-taxonomy_access_fix-2.0-1.fc20 (FEDORA-2014-2620) Fixes the crooked access checks for Taxonomy pages -------------------------------------------------------------------------------- Update Information: Updated to 2.0 * Release notes: https://drupal.org/node/2152445 -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 15 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 2.0-1 - Updated to 2.0 (BZ #1060000; release notes https://drupal.org/node/2152445) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1060000 - drupal7-taxonomy_access_fix-2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1060000 -------------------------------------------------------------------------------- ================================================================================ dvdbackup-0.4.2-1.fc20 (FEDORA-2014-2627) Command line tool for ripping video DVDs -------------------------------------------------------------------------------- Update Information: What is new in version 0.4.2 (2012-06-24)? New Features: Added new command line option -p, --progress: Print progress report while copying from the DVD; thanks to flipflip for the patch. Added new translations from Launchpad: Danish (da), English (United Kingdom) (en_GB), Estonian (et), Portuguese (pt), Slovak (sk), Turkish (tr) New complete translation: English (United Kingdom) (en_GB), French (fr), Italian (it), Slovak (sk) Changes: Convert DVD title to lower case, but let every word in the title start with an upper case letter and replace underscores with spaces. Bug fixes: Print the correct vob file name in which the read error happens. Thanks to Kolja Nowak for the patch. (Closes: #585560, LP: #648752) Fix DVD title detection on FreeBSD. Thanks to Emanuel Haupt. Fix copying of fragmented chapters. Thanks to Christian Kuehnke for the patch. (LP: #648920) -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 14 2014 Christopher Meng <rpm@xxxxxxxx> - 0.4.2-1 - Update to 0.4.2 -------------------------------------------------------------------------------- ================================================================================ fsarchiver-0.6.18-1.fc20 (FEDORA-2014-2636) Safe and flexible file-system backup/deployment tool -------------------------------------------------------------------------------- Update Information: New upstream release: * Prepared release sources using autoconf-2.69 to add support for new architectures (RHBZ#925370) * Applied patch from Berix to preserve the number of inode blocks per group on ext filesystems * Added support for recent btrfs features (up to linux-3.14) * Run mkfs.btrfs with option "-f" so that it does not fail on devices with pre-existing filesystems -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 15 2014 Adel Gadllah <adel.gadllah@xxxxxxxxx> - 0.6.18-1 - Update to 0.6.18 - Fixes RH#925370 -------------------------------------------------------------------------------- ================================================================================ gimagereader-2.91-0.2git20140216.fc20 (FEDORA-2014-2629) OCR application -------------------------------------------------------------------------------- Update Information: This update works around the the application crashing at exit when using the libsane-hpaio driver by disabling searching for scanners accross the network. Initial package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #653917 - Review Request: gimagereader - A tesseract OCR front-end https://bugzilla.redhat.com/show_bug.cgi?id=653917 -------------------------------------------------------------------------------- ================================================================================ kernel-3.13.3-201.fc20 (FEDORA-2014-2576) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 3.13.3 stable update contains a number of important fixes across the tree. The 3.13.2 rebase contains support for additional hardware, some new features and a number of important bug fixes across the tree. Fixes CVE-2014-0069 cifs: incorrect handling of bogus user pointers -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 14 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - 3.13.3-201 - CVE-2014-0069 cifs: incorrect handling of bogus user pointers (rhbz 1064253 1062584) * Thu Feb 13 2014 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - 3.13.3-200 - Linux v3.13.3 * Wed Feb 12 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Add patch to fix list corruption from pinctrl (rhbz 1051918) - Add IFA_FLAGS for IPv6 temporary addresses back (rhbz 1064430) - Fix cgroup destroy oops (rhbz 1045755) - Fix backtrace in amd_e400_idle (rhbz 1031296) - CVE-2014-1874 SELinux: local denial of service (rhbz 1062356 1062507) * Wed Feb 12 2014 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - 3.13.2-200 - Packaging fixes for tmon and trace * Tue Feb 11 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - Update am33xx (BeagleBone) patch for 3.13 - Minor ARM updates * Mon Feb 10 2014 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - Linux v3.13.2 - Fixes (rhbz 1062144) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1062356 - CVE-2014-1874 Kernel: SELinux: local denial-of-service https://bugzilla.redhat.com/show_bug.cgi?id=1062356 [ 2 ] Bug #1064253 - CVE-2014-0069 kernel: cifs: incorrect handling of bogus user pointers during uncached writes https://bugzilla.redhat.com/show_bug.cgi?id=1064253 -------------------------------------------------------------------------------- ================================================================================ php-Pimple-1.1.1-1.fc20 (FEDORA-2014-2637) A simple dependency injection container for PHP -------------------------------------------------------------------------------- Update Information: Updated to 1.1.1 * Change log: https://github.com/fabpot/Pimple/compare/v1.1.0...v1.1.1 -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 15 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> 1.1.1-1 - Updated to 1.1.1 (BZ #1061119) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1061119 - php-Pimple-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1061119 -------------------------------------------------------------------------------- ================================================================================ python-markdown2-2.2.0-1.fc20 (FEDORA-2014-2618) A fast and complete Python implementation of Markdown -------------------------------------------------------------------------------- Update Information: Update to the latest stable version. Changes in python-markdown2 2.2.0: - [issue #135] Fix fenced code blocks odd rendering. - [pull #138] specify shell in Makefile - [pull #130] break-on-newline extra - [pull #140] Allow html-classes for img - [pull #122] Allow parentheses in urls -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 5 2014 Thomas Moschny <thomas.moschny@xxxxxx> - 2.2.0-1 - Update to 2.2.0. - Modernize spec file. -------------------------------------------------------------------------------- ================================================================================ qepcad-B-1.69-3.fc20 (FEDORA-2014-2607) Quantifier elimination tool -------------------------------------------------------------------------------- Update Information: This new package is an implementation of quantifier elimination by partial cylindrical algebraic decomposition due originally to Hoon Hong, and subsequently added on to by many others. It is an interactive command-line program written in C/C++, and based on the SACLIB library. This is QEPCAD B version 1.x, the "B" designating a substantial departure from the original QEPCAD and distinguishing it from any development of the original that may proceed in a different direction. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1061902 - Review Request: qepcad-B - Quantifier elimination tool https://bugzilla.redhat.com/show_bug.cgi?id=1061902 -------------------------------------------------------------------------------- ================================================================================ root-5.34.15-1.fc20 (FEDORA-2014-2614) Numerical data analysis framework -------------------------------------------------------------------------------- Update Information: ROOT 5.34.05 http://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 14 2014 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 5.34.15-1 - Update to 5.34.15 - Drop patch root-davix.patch * Thu Jan 9 2014 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 5.34.14-3 - Rebuild for cfitsio 3.360 -------------------------------------------------------------------------------- ================================================================================ sugar-memorize-47-1.fc20 (FEDORA-2014-2631) Memorize for Sugar -------------------------------------------------------------------------------- Update Information: New updated bugfix Activities -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 15 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 47-1 - Update to 47 * Sun Jan 12 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 46-1 - Update to v46, build using sugar gtk3 support -------------------------------------------------------------------------------- ================================================================================ sugar-pippy-57-1.fc20 (FEDORA-2014-2631) Pippy for Sugar -------------------------------------------------------------------------------- Update Information: New updated bugfix Activities -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 15 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 57-1 - Release 57 * Thu Feb 6 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 56-1 - Release 56 -------------------------------------------------------------------------------- ================================================================================ sugar-turtleart-199-1.fc20 (FEDORA-2014-2631) Turtle Art activity for sugar -------------------------------------------------------------------------------- Update Information: New updated bugfix Activities -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 15 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 199-1 - release 199 -------------------------------------------------------------------------------- ================================================================================ vdr-iptv-2.0.2-7.fc20 (FEDORA-2014-2641) IPTV plugin for VDR -------------------------------------------------------------------------------- Update Information: added STRIP to get a usefull debuginfo package added %dir for %{vdr_configdir}/plugins/iptv -------------------------------------------------------------------------------- References: [ 1 ] Bug #1055730 - Review Request: vdr-iptv - multicast IPTV transport stream plugin for VDR https://bugzilla.redhat.com/show_bug.cgi?id=1055730 [ 2 ] Bug #496968 - Tracking bug for packages with debuginfo problems https://bugzilla.redhat.com/show_bug.cgi?id=496968 -------------------------------------------------------------------------------- ================================================================================ vim-7.4.179-1.fc20 (FEDORA-2014-2646) The VIM editor -------------------------------------------------------------------------------- Update Information: Lots of stability fixes, see README.patches for the complete list. -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 15 2014 Karsten Hopp <karsten@xxxxxxxxxx> 7.4.179-1 - patchlevel 179 * Wed Jan 29 2014 Karsten Hopp <karsten@xxxxxxxxxx> 7.4.160-1 - patchlevel 160 * Tue Dec 17 2013 Karsten Hopp <karsten@xxxxxxxxxx> 7.4.131-1 - patchlevel 131 * Wed Nov 20 2013 Karsten Hopp <karsten@xxxxxxxxxx> 7.4.094-1 - patchlevel 094 * Tue Oct 15 2013 Karsten Hopp <karsten@xxxxxxxxxx> 7.4.052-1 - patchlevel 052 -------------------------------------------------------------------------------- ================================================================================ xapian-bindings-1.2.17-1.fc20 (FEDORA-2014-2640) Bindings for the Xapian Probabilistic Information Retrieval Library -------------------------------------------------------------------------------- Update Information: New upstream 1.2.17 bugfix release -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 15 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 1.2.17-1 - Update to 1.2.17 -------------------------------------------------------------------------------- ================================================================================ xapian-core-1.2.17-1.fc20 (FEDORA-2014-2640) The Xapian Probabilistic Information Retrieval Library -------------------------------------------------------------------------------- Update Information: New upstream 1.2.17 bugfix release -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 15 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 1.2.17-1 - Update to 1.2.17 -------------------------------------------------------------------------------- ================================================================================ xen-4.3.1-10.fc20 (FEDORA-2014-2624) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: use-after-free in xc_cpupool_getinfo() under memory pressure -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 12 2014 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.3.1-10 - use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88, CVE-2014-1950] (#1064491) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1064490 - CVE-2014-1950 xen: use-after-free in xc_cpupool_getinfo() under memory pressure (XSA-88) https://bugzilla.redhat.com/show_bug.cgi?id=1064490 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
