The following Fedora 20 Security updates need testing: Age URL 75 https://admin.fedoraproject.org/updates/FEDORA-2013-23116/python-swiftclient-1.8.0-1.fc20 66 https://admin.fedoraproject.org/updates/FEDORA-2013-23636/rubygem-actionpack-4.0.0-2.fc20 58 https://admin.fedoraproject.org/updates/FEDORA-2013-24018/varnish-3.0.5-1.fc20 40 https://admin.fedoraproject.org/updates/FEDORA-2014-0792/libinfinity-0.5.5-1.fc20 26 https://admin.fedoraproject.org/updates/FEDORA-2014-1742/quassel-0.9.2-1.fc20 14 https://admin.fedoraproject.org/updates/FEDORA-2014-2221/NetworkManager-ssh-0.9.2-0.2.20140209git46247c2.fc20 12 https://admin.fedoraproject.org/updates/FEDORA-2014-2264/python-tahrir-0.5.1-1.fc20 12 https://admin.fedoraproject.org/updates/FEDORA-2014-2263/python-tahrir-0.5.2-1.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2014-2452/augeas-1.2.0-1.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2014-2562/drupal7-ctools-1.4-1.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2014-2611/drupal6-image_resize_filter-1.14-1.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2014-2648/drupal6-filefield-3.12-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-2693/openstack-glance-2013.2.2-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-2751/zabbix-2.0.11-2.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-2802/xen-4.3.2-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-2875/oath-toolkit-2.4.1-3.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-2804/easy-rsa-2.2.2-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-2864/libvirt-1.1.3.4-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-2999/perl-CGI-Application-4.50-9.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 103 https://admin.fedoraproject.org/updates/FEDORA-2013-21163/libproxy-0.4.11-8.fc20 34 https://admin.fedoraproject.org/updates/FEDORA-2014-1197/colord-1.1.6-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-2816/clutter-1.16.2-4.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-2834/evolution-data-server-3.10.4-2.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-2801/selinux-policy-3.12.1-126.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-2924/keyutils-1.5.9-1.fc20 The following builds have been pushed to Fedora 20 updates-testing BackupPC-3.3.0-2.fc20 abiword-3.0.0-5.fc20 clusterssh-4.02.03-1.fc20 gphoto2-2.5.3-1.fc20 greybird-1.3.1-1.fc20 ircd-ratbox-2.2.9-1.fc20 kshutdown-3.2-1.fc20 mate-file-manager-1.6.3-2.fc20 nodejs-cssom-0.3.0-1.fc20 nodejs-debug-0.7.4-2.fc20 nodejs-temp-0.6.0-1.fc20 perl-CGI-Application-4.50-9.fc20 php-doctrine-annotations-1.1.2-3.20131220gita11349d.fc20 php-doctrine-cache-1.3.0-2.fc20 php-doctrine-collections-1.2-1.fc20 php-doctrine-common-2.4.1-2.fc20 php-doctrine-datafixtures-1.0.0-2.fc20 php-doctrine-dbal-2.4.2-2.fc20 php-doctrine-inflector-1.0-2.20131221gita81c334.fc20 php-doctrine-lexer-1.0-2.20131220gitf12a5f7.fc20 php-doctrine-orm-2.4.2-1.fc20 python-empy-3.3.1-1.fc20 rubygem-orm_adapter-0.5.0-1.fc20 rubygem-sanitize-2.1.0-1.fc20 rubygem-tins-1.0.0-2.fc20 shogun-data-0.8-1.fc20 tmux-1.9a-1.fc20 whowatch-1.8.5-1.fc20 wine-1.7.13-1.fc20 Details about builds: ================================================================================ BackupPC-3.3.0-2.fc20 (FEDORA-2014-3029) High-performance backup system -------------------------------------------------------------------------------- Update Information: -fix typo in README.RHEL - enable PIE build (bz #965523) - add patch that causes getpwnam to return only uid to fix selinux denials (bz #827854) - add local-fs.target and remote-fs.target to startup dependency (bz #959309) - Last upstream release - Remove no longer needeed patches - Fix incorrect-fsf-address to reduce rpmlint output -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 21 2014 Bernard Johnson <bjohnson@xxxxxxxxxxxx> 3.3.0-2 - fix typo in README.RHEL - enable PIE build (bz #965523) - add patch that causes getpwnam to return only uid to fix selinux denials (bz #827854) - add local-fs.target and remote-fs.target to startup dependency (bz #959309) * Fri Feb 21 2014 Johan Cwiklinski <johan AT x-tnd DOT be> 3.3.0-1 - Last upstream release - Remove no longer needeed patches - Fix incorrect-fsf-address to reduce rpmlint output * Fri Feb 21 2014 Bernard Johnson <bjohnson@xxxxxxxxxxxx> - 3.3.0-1 - v 3.3.0 - fixed typos -------------------------------------------------------------------------------- References: [ 1 ] Bug #827854 - SELinux prevents BackupPC from reading /etc/shadow https://bugzilla.redhat.com/show_bug.cgi?id=827854 [ 2 ] Bug #957393 - Please update to 3.3.0 https://bugzilla.redhat.com/show_bug.cgi?id=957393 [ 3 ] Bug #959309 - Missing startup dependencies in backuppc.service https://bugzilla.redhat.com/show_bug.cgi?id=959309 [ 4 ] Bug #965523 - BackupPC package should be built with PIE flags https://bugzilla.redhat.com/show_bug.cgi?id=965523 -------------------------------------------------------------------------------- ================================================================================ abiword-3.0.0-5.fc20 (FEDORA-2014-3020) Word processing program -------------------------------------------------------------------------------- Update Information: Add patch to fix redraw issues of ruler -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 22 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 1:3.0.0-5 - Add patch to fix redraw issues of ruler -------------------------------------------------------------------------------- ================================================================================ clusterssh-4.02.03-1.fc20 (FEDORA-2014-2992) Secure concurrent multiple server terminal control -------------------------------------------------------------------------------- Update Information: Updated to new 4.02.03 upstream version -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 22 2014 Filipe Rosset <rosset.filipe@xxxxxxxxx> - 4.02.03-1 - Updated to new 4.02.03 upstream version -------------------------------------------------------------------------------- ================================================================================ gphoto2-2.5.3-1.fc20 (FEDORA-2014-3025) Software for accessing digital cameras -------------------------------------------------------------------------------- Update Information: Bump to latest updtream version 2.5.3 -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 21 2014 Jon Disnard <jdisnard@xxxxxxxxx> - 2.5.3-1 - Bump to latest updtream version 2.5.3 - Add Source1 gpg2 signature to SRPM -------------------------------------------------------------------------------- ================================================================================ greybird-1.3.1-1.fc20 (FEDORA-2014-3018) A clean minimalistic theme for Xfce, GTK+ 2 and 3 -------------------------------------------------------------------------------- Update Information: latest upstream release -------------------------------------------------------------------------------- ChangeLog: * Sun Feb 23 2014 Mukundan Ragavan <nonamedotc@xxxxxxxxxxxxxxxxx> - 1.3.1-1 - Updated to 1.3.1 - Fixed the source URL to directly download from github -------------------------------------------------------------------------------- ================================================================================ ircd-ratbox-2.2.9-1.fc20 (FEDORA-2014-3024) Ircd-ratbox is an advanced, stable and fast ircd -------------------------------------------------------------------------------- Update Information: This update contains the latest 2.2.x upstream bugfix version. Additionally, it fixes ircd being unable to write its PID file and ships hardened executables. -------------------------------------------------------------------------------- ChangeLog: * Sun Feb 23 2014 Nils Philippsen <nils@xxxxxxxxxx> - 2.2.9-1 - fix build with -Werror=format-security (#1037135) - build hardened executables (#955164) * Fri Feb 21 2014 Nils Philippsen <nils@xxxxxxxxxx> - 2.2.9-1 - version 2.2.9 - remove obsolete offbyone patch - use working upstream and source URLs - tidy up inconsistent and trailing whitespace - add tmpfile.d configuration and adapt systemd service file (#1030161) - use systemd macros (#850170) - don't list files twice, mark all configuration as %config(noreplace) - don't specify %defattr and BuildRoot - change ircd user home directory to /run/ircd-ratbox - fix systemd requirements * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.2.8-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #850170 - Introduce new systemd-rpm macros in ircd-ratbox spec file https://bugzilla.redhat.com/show_bug.cgi?id=850170 [ 2 ] Bug #955164 - ircd-ratbox package should be built with PIE flags https://bugzilla.redhat.com/show_bug.cgi?id=955164 [ 3 ] Bug #1030161 - ircd install fails to create ircd.pid file https://bugzilla.redhat.com/show_bug.cgi?id=1030161 [ 4 ] Bug #1037135 - ircd-ratbox FTBFS if "-Werror=format-security" flag is used https://bugzilla.redhat.com/show_bug.cgi?id=1037135 -------------------------------------------------------------------------------- ================================================================================ kshutdown-3.2-1.fc20 (FEDORA-2014-2989) Graphical shutdown utility for KDE 4 -------------------------------------------------------------------------------- Update Information: KShutdown 3.2 release. See http://kshutdown.sourceforge.net/releases/3.2.html. -------------------------------------------------------------------------------- ChangeLog: * Sun Feb 23 2014 Jan Grulich <jgrulich@xxxxxxxxxx> - 3.2-1 - update to 3.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1068955 - KShutdown 3.2 released; fixes regressions https://bugzilla.redhat.com/show_bug.cgi?id=1068955 -------------------------------------------------------------------------------- ================================================================================ mate-file-manager-1.6.3-2.fc20 (FEDORA-2014-2987) File manager for MATE -------------------------------------------------------------------------------- Update Information: - remove debuging patch, fix rhbz (#1067234) -------------------------------------------------------------------------------- ChangeLog: * Sun Feb 23 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.3-2 - remove debuging patch, fix rhbz (#1067234) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1067234 - mate-utils-1.6.1-1.fc20.x86_64: mate-search-tool cannot open folders displayed in search results https://bugzilla.redhat.com/show_bug.cgi?id=1067234 -------------------------------------------------------------------------------- ================================================================================ nodejs-cssom-0.3.0-1.fc20 (FEDORA-2014-3016) CSS Object Model implementation and CSS parser for Node.js -------------------------------------------------------------------------------- Update Information: Update to upstream release 0.3.0. -------------------------------------------------------------------------------- ChangeLog: * Sun Feb 23 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.3.0-1 - update to upstream release 0.3.0 - MIT-LICENSE.txt is now included upstream -------------------------------------------------------------------------------- ================================================================================ nodejs-debug-0.7.4-2.fc20 (FEDORA-2014-3007) A small debugging utility for Node.js -------------------------------------------------------------------------------- Update Information: Update to upstream release 0.7.4. -------------------------------------------------------------------------------- ChangeLog: * Sun Feb 23 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.7.4-2 - History.md and example/ no longer included in the NPM tarball * Sun Feb 23 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.7.4-1 - update to upstream release 0.7.4 -------------------------------------------------------------------------------- ================================================================================ nodejs-temp-0.6.0-1.fc20 (FEDORA-2014-3013) Temporary files and directories for Node.js -------------------------------------------------------------------------------- Update Information: Update to upstream release 0.6.0: * https://github.com/bruce/node-temp/commits/v0.6.0 -------------------------------------------------------------------------------- ChangeLog: * Sun Feb 23 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.6.0-1 - update to upstream release 0.6.0 - apply patch to use native os.tmpDir instead of npm(osenv) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1005983 - nodejs-temp-0.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1005983 -------------------------------------------------------------------------------- ================================================================================ perl-CGI-Application-4.50-9.fc20 (FEDORA-2014-2999) Framework for building reusable web-applications -------------------------------------------------------------------------------- Update Information: CGI::Application suffers from a flaw where, in certain cases, it would unexpectedly dump a complete set of web query data and server environment information as an error page. This could allow unintended disclosure of sensitive information. This update patches CGI::Application to no longer do so. -------------------------------------------------------------------------------- ChangeLog: * Sun Feb 23 2014 Emmanuel Seyman <emmanuel@xxxxxxxxx> - 4.50-9 - Patch CGI::Application to prevent information disclosure (CVE-2013-7329) * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.50-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1067180 - CVE-2013-7329 perl-CGI-Application: information disclosure flaw https://bugzilla.redhat.com/show_bug.cgi?id=1067180 -------------------------------------------------------------------------------- ================================================================================ php-doctrine-annotations-1.1.2-3.20131220gita11349d.fc20 (FEDORA-2014-3004) PHP docblock annotations parser library -------------------------------------------------------------------------------- Update Information: php-doctrine-* 2.4.x stack -------------------------------------------------------------------------------- ================================================================================ php-doctrine-cache-1.3.0-2.fc20 (FEDORA-2014-3004) Doctrine Cache -------------------------------------------------------------------------------- Update Information: php-doctrine-* 2.4.x stack -------------------------------------------------------------------------------- ================================================================================ php-doctrine-collections-1.2-1.fc20 (FEDORA-2014-3004) Collections abstraction library -------------------------------------------------------------------------------- Update Information: php-doctrine-* 2.4.x stack -------------------------------------------------------------------------------- ================================================================================ php-doctrine-common-2.4.1-2.fc20 (FEDORA-2014-3004) Common library for Doctrine projects -------------------------------------------------------------------------------- Update Information: php-doctrine-* 2.4.x stack -------------------------------------------------------------------------------- ================================================================================ php-doctrine-datafixtures-1.0.0-2.fc20 (FEDORA-2014-3004) Data Fixtures for all Doctrine Object Managers -------------------------------------------------------------------------------- Update Information: php-doctrine-* 2.4.x stack -------------------------------------------------------------------------------- ================================================================================ php-doctrine-dbal-2.4.2-2.fc20 (FEDORA-2014-3004) Doctrine Database Abstraction Layer (DBAL) -------------------------------------------------------------------------------- Update Information: php-doctrine-* 2.4.x stack -------------------------------------------------------------------------------- ================================================================================ php-doctrine-inflector-1.0-2.20131221gita81c334.fc20 (FEDORA-2014-3004) Common string manipulations with regard to casing and singular/plural rules -------------------------------------------------------------------------------- Update Information: php-doctrine-* 2.4.x stack -------------------------------------------------------------------------------- ================================================================================ php-doctrine-lexer-1.0-2.20131220gitf12a5f7.fc20 (FEDORA-2014-3004) Base library for a lexer that can be used in top-down, recursive descent parsers -------------------------------------------------------------------------------- Update Information: php-doctrine-* 2.4.x stack -------------------------------------------------------------------------------- ================================================================================ php-doctrine-orm-2.4.2-1.fc20 (FEDORA-2014-3004) Doctrine Object-Relational-Mapper (ORM) -------------------------------------------------------------------------------- Update Information: php-doctrine-* 2.4.x stack -------------------------------------------------------------------------------- ================================================================================ python-empy-3.3.1-1.fc20 (FEDORA-2014-3028) A powerful and robust template system for Python -------------------------------------------------------------------------------- Update Information: Update to 3.3.1 -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 24 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.3.1-1 - Update to 3.3.1 -------------------------------------------------------------------------------- ================================================================================ rubygem-orm_adapter-0.5.0-1.fc20 (FEDORA-2014-3002) Provides a single point of entry for using basic features of ruby ORMs -------------------------------------------------------------------------------- Update Information: Update to 0.5.0 -------------------------------------------------------------------------------- ChangeLog: * Sun Jan 26 2014 Achilleas Pipinellis <axilleaspi@xxxxxxxxx> - 0.5.0-1 - Update to 0.5.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1030940 - rubygem-orm_adapter-0.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1030940 -------------------------------------------------------------------------------- ================================================================================ rubygem-sanitize-2.1.0-1.fc20 (FEDORA-2014-2996) Whitelist-based HTML sanitizer -------------------------------------------------------------------------------- Update Information: Update to 2.1.0 -------------------------------------------------------------------------------- ChangeLog: * Sat Jan 25 2014 Achilleas Pipinellis <axilleaspi@xxxxxxxxx> - 2.1.0-1 - Update to 2.1.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1053118 - rubygem-sanitize-2.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1053118 -------------------------------------------------------------------------------- ================================================================================ rubygem-tins-1.0.0-2.fc20 (FEDORA-2014-2991) Useful tools library in Ruby -------------------------------------------------------------------------------- Update Information: Update to 1.0.0 -------------------------------------------------------------------------------- ChangeLog: * Sun Feb 23 2014 Achilleas Pipinellis <axilleas@xxxxxxxxxxxxxxxxx> - 1.0.0-2 - Fix rpmlint errors/warnings * Sun Feb 23 2014 Achilleas Pipinellis <axilleas@xxxxxxxxxxxxxxxxx> - 1.0.0-1 - Bump to 1.0.0 - Do some cleanup * Mon Jan 27 2014 Achilleas Pipinellis <axilleas@xxxxxxxxxxxxxxxxx> - 0.13.1-1 - Bump to 0.13.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1060558 - rubygem-tins-1.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1060558 -------------------------------------------------------------------------------- ================================================================================ shogun-data-0.8-1.fc20 (FEDORA-2014-2985) Data-files for the SHOGUN machine learning toolbox -------------------------------------------------------------------------------- Update Information: new upstream release: v0.8 -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1068941 - shogun-data 0.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1068941 -------------------------------------------------------------------------------- ================================================================================ tmux-1.9a-1.fc20 (FEDORA-2014-3015) A terminal multiplexer -------------------------------------------------------------------------------- Update Information: New upstream release 1.9a New upstream release 1.9 -------------------------------------------------------------------------------- ChangeLog: * Sun Feb 23 2014 Filipe Rosset <rosset.filipe@xxxxxxxxx> 1.9a-1 - New upstream release 1.9a * Sat Feb 22 2014 Filipe Rosset <rosset.filipe@xxxxxxxxx> 1.9-1 - New upstream release 1.9 - Fix rhbz #1067860 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1067860 - [RFE]: Please update the RPM scriptlet based on the new guideline https://bugzilla.redhat.com/show_bug.cgi?id=1067860 [ 2 ] Bug #1067908 - tmux-1.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1067908 -------------------------------------------------------------------------------- ================================================================================ whowatch-1.8.5-1.fc20 (FEDORA-2014-2986) Display information about users currently logged on -------------------------------------------------------------------------------- Update Information: Update to new upstream version 1.8.5. - Added 'l' key to the process tree view. It shows the line numbers in the first column. - Minor bugfixes -------------------------------------------------------------------------------- ChangeLog: * Sun Feb 23 2014 Richard Fearn <richardfearn@xxxxxxxxx> - 1.8.5-1 - Update to 1.8.5 (rhbz#1068965) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1068965 - Update whowatch to 1.8.5 https://bugzilla.redhat.com/show_bug.cgi?id=1068965 -------------------------------------------------------------------------------- ================================================================================ wine-1.7.13-1.fc20 (FEDORA-2014-3010) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information: 1.7.13 * More Task Scheduler support. * A few more Direct3D 10 interfaces. * More Windows Media Player stubs. * ARM code generation improvements. * Various bug fixes. 1.7.12 * Initial support for Window Media Player interfaces. * Some more Task Scheduler support. * Various C++ runtime fixes. * More dlls with ugly names for Windows 8 API set support. * Various bug fixes. 1.7.11 * Uniscribe support in the RichEdit control. * Support for condition variables and Slim Reader/Writer locks. * More D3D command stream preparation work. * Optional Start Menu in desktop mode. * Improved support for vertical fonts metrics. * Various bug fixes. 1.7.10 * AVI compressor implementation. * Thread local storage support in dynamically loaded libraries. * Beginnings of a Task Scheduler implementation. * Extended IPX protocol support. * Various bug fixes. 1.7.9 * Some DirectDraw palette fixes. * Reduced code duplication between C++ runtime versions. * Various bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Sun Feb 23 2014 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 1.7.13-1 - version upgrade - upgraded winepulse * Sat Feb 8 2014 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 1.7.12-1 - version upgrade * Sun Jan 26 2014 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 1.7.11-1 - version upgrade * Thu Jan 9 2014 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 1.7.10-1 - version upgrade - upgraded winepulse -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
