The following Fedora 20 Security updates need testing: Age URL 73 https://admin.fedoraproject.org/updates/FEDORA-2013-23636/rubygem-actionpack-4.0.0-2.fc20 65 https://admin.fedoraproject.org/updates/FEDORA-2013-24018/varnish-3.0.5-1.fc20 46 https://admin.fedoraproject.org/updates/FEDORA-2014-0792/libinfinity-0.5.5-1.fc20 20 https://admin.fedoraproject.org/updates/FEDORA-2014-2221/NetworkManager-ssh-0.9.2-0.2.20140209git46247c2.fc20 19 https://admin.fedoraproject.org/updates/FEDORA-2014-2264/python-tahrir-0.5.1-1.fc20 19 https://admin.fedoraproject.org/updates/FEDORA-2014-2263/python-tahrir-0.5.2-1.fc20 16 https://admin.fedoraproject.org/updates/FEDORA-2014-2452/augeas-1.2.0-1.fc20 12 https://admin.fedoraproject.org/updates/FEDORA-2014-2693/openstack-glance-2013.2.2-1.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2014-2751/zabbix-2.0.11-2.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2014-2875/oath-toolkit-2.4.1-3.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2014-2804/easy-rsa-2.2.2-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-2999/perl-CGI-Application-4.50-9.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-3054/python-swiftclient-2.0.2-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-3169/rubygem-activerecord-4.0.0-2.fc20,rubygem-actionpack-4.0.0-3.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-3184/freeradius-3.0.1-4.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-3222/v8-3.14.5.10-6.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-3300/pylint-1.1.0-1.fc20,python-astroid-1.0.1-2.fc20,python-logilab-common-0.61.0-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3338/mediawiki-1.21.6-1.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 110 https://admin.fedoraproject.org/updates/FEDORA-2013-21163/libproxy-0.4.11-8.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-3065/langtable-0.0.24-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-3244/audit-2.3.4-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-3218/evolution-3.10.4-2.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-3203/testdisk-6.14-3.fc20,ntfs-3g-2014.2.15-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-3292/harfbuzz-0.9.26-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3330/gdisk-0.8.9-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3313/colord-1.1.7-1.fc20 The following builds have been pushed to Fedora 20 updates-testing ShellCheck-0.3.1-4.fc20 asunder-2.4-1.fc20 darktable-1.4.1-1.fc20 drbdlinks-1.26-1.fc20 edgar-1.15-1.fc20 fsarchiver-0.6.19-1.fc20 gdisk-0.8.9-1.fc20 mediawiki-1.21.6-1.fc20 perl-Symbol-Global-Name-0.05-1.fc20 qbittorrent-3.1.9-1.fc20 valyriatear-0.6.0-1.fc20 wxGTK3-3.0.0-4.fc20 xfce4-equake-plugin-1.3.4-1.fc20 Details about builds: ================================================================================ ShellCheck-0.3.1-4.fc20 (FEDORA-2014-3342) Tool for checking common errors in POSIX shell scripts -------------------------------------------------------------------------------- Update Information: executable dynamically linked to the library -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 1 2014 Dridi <dridi.boukelmoune@xxxxxxxxx> - 0.3.1-4 - executable dynamically linked to the library (bug #1069048) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1069048 - minor spec file improvements: for README and symlink https://bugzilla.redhat.com/show_bug.cgi?id=1069048 -------------------------------------------------------------------------------- ================================================================================ asunder-2.4-1.fc20 (FEDORA-2014-3343) A graphical Audio CD ripper and encoder -------------------------------------------------------------------------------- Update Information: Upstream release notes: - Added Bengali, Traditional Chinese translations. - Updated Hungarian, Italian translations. - Fixed the eject functionality to be more reliable. - Added support for XDG_CACHE_HOME - Fixed some memory corruption bugs that may have caused crashes and undefined behaviour. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 1 2014 Marcin Zajaczkowski <mszpak ATT wp DOTT pl> - 2.4-1 - Update to 2.4 - Fix bogus date in changelog -------------------------------------------------------------------------------- References: [ 1 ] Bug #1047183 - asunder-2.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1047183 -------------------------------------------------------------------------------- ================================================================================ darktable-1.4.1-1.fc20 (FEDORA-2014-3337) Utility to organize and develop raw images -------------------------------------------------------------------------------- Update Information: Upgrade to 1.4.1 -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 12 2014 Edouard Bourguignon <madko@xxxxxxxxxxx> - 1.4.1-1 - Upgrade to 1.4.1 - Remove tools source files -------------------------------------------------------------------------------- References: [ 1 ] Bug #1063007 - darktable-1.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1063007 -------------------------------------------------------------------------------- ================================================================================ drbdlinks-1.26-1.fc20 (FEDORA-2014-3339) A program for managing links into a DRBD shared partition -------------------------------------------------------------------------------- Update Information: Upstream changes: * "Link local" relative symlink detection would add empty strings.strings (Fix by Flavio Grossi) -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 2 2014 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 1.26-1 - Upgrade to 1.26 -------------------------------------------------------------------------------- ================================================================================ edgar-1.15-1.fc20 (FEDORA-2014-3352) A platform game -------------------------------------------------------------------------------- Update Information: * Updated Dutch, Japanese, Russian and Ukrainian translations * Fixed a minor issue when changing direction using an analogue controller * Fixed the corrupted message that appears when Edgar's inventory is full * The slime timer above Edgar is now removed when changing maps or loading a game * Crushers no longer get stuck if they hit a pushable object * Ice cubes can no longer bounce on springs forever -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 2 2014 Andrea Musuruane <musuruan@xxxxxxxxx> - 1.15-1 - Updated to upstream 1.15-1 -------------------------------------------------------------------------------- ================================================================================ fsarchiver-0.6.19-1.fc20 (FEDORA-2014-3335) Safe and flexible file-system backup/deployment tool -------------------------------------------------------------------------------- Update Information: Update to 0.6.19, fixes a regression introduced in 0.6.18 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 1 2014 Adel Gadllah <adel.gadllah@xxxxxxxxx> - 0.6.19-1 - Update to 0.6.19 - Fixes regression introduced in 0.6.18 -------------------------------------------------------------------------------- ================================================================================ gdisk-0.8.9-1.fc20 (FEDORA-2014-3330) An fdisk-like partitioning tool for GPT disks -------------------------------------------------------------------------------- Update Information: Update to latest upstream release gdisk 0.8.9. -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 2 2014 Terje Rosten <terje.rosten@xxxxxxx> - 0.8.9-1 - 0.8.9 * Wed Feb 12 2014 Nils Philippsen <nils@xxxxxxxxxx> - 0.8.8-2 - fix bogus dates in changelog - rebuild for new libicu -------------------------------------------------------------------------------- References: [ 1 ] Bug #1066290 - gdisk-0.8.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1066290 -------------------------------------------------------------------------------- ================================================================================ mediawiki-1.21.6-1.fc20 (FEDORA-2014-3338) A wiki engine -------------------------------------------------------------------------------- Update Information: * (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. User will get an error including the namespace name if they use a non-whitelisted namespace. * (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time. * (bug 61362) SECURITY: API: Don't find links in the middle of api.php links. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 1 2014 Michael Cronenworth <mike@xxxxxxxxxx> - 1.21.6-1 - Update to 1.21.6 - (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. User will get an error including the namespace name if they use a non- whitelisted namespace. - (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time. - (bug 61362) SECURITY: API: Don't find links in the middle of api.php links. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1071135 - mediawiki: cross-site scripting flaw when handling SVG images https://bugzilla.redhat.com/show_bug.cgi?id=1071135 [ 2 ] Bug #1071136 - mediawiki: timing attack on token https://bugzilla.redhat.com/show_bug.cgi?id=1071136 [ 3 ] Bug #1071139 - mediawiki: HTML injection https://bugzilla.redhat.com/show_bug.cgi?id=1071139 -------------------------------------------------------------------------------- ================================================================================ perl-Symbol-Global-Name-0.05-1.fc20 (FEDORA-2014-3341) Finds name and type of a global variable -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ qbittorrent-3.1.9-1.fc20 (FEDORA-2014-3334) A Bittorrent Client -------------------------------------------------------------------------------- Update Information: - update to 3.1.9 release -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 2 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 1:3.1.9-1 - update to 3.1.9 release -------------------------------------------------------------------------------- ================================================================================ valyriatear-0.6.0-1.fc20 (FEDORA-2014-3329) Valyria Tear is a free 2D J-RPG based on the Hero of Allacrost engine -------------------------------------------------------------------------------- Update Information: New release! Overview of changes: - Many, many, many bugfixes and performance improvements. - The characters actual weapon is shown in battles, along with weaponless attack support. - Custom minimap support. - New art! - Battle enemies scriptable AI support. - Better scripted battle events. - Equipment and Battle status effect support in battles. - UI theme change support. - Menu mode UI stats info display improvements. - Translated into 4 languages (French, Galician Italian, and German) - Come and add your own! - Map enemies using patrol way points. - Scripted puzzle objects. - and of course, more of the story :) -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 1 2014 Erik Schilling <ablu.erikschilling@xxxxxxxxxxxxxx> - 0.6.0-1 - New release * Wed Sep 4 2013 Erik Schilling <ablu.erikschilling@xxxxxxxxxxxxxx> 0.6-0.1rc1 - New rc release -------------------------------------------------------------------------------- ================================================================================ wxGTK3-3.0.0-4.fc20 (FEDORA-2014-3349) GTK port of the wxWidgets GUI library -------------------------------------------------------------------------------- Update Information: new wxGTK3 package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1020942 - Package Request: wxGTK3 https://bugzilla.redhat.com/show_bug.cgi?id=1020942 -------------------------------------------------------------------------------- ================================================================================ xfce4-equake-plugin-1.3.4-1.fc20 (FEDORA-2014-3327) Plugin for the XFCE panel which monitors earthquakes -------------------------------------------------------------------------------- Update Information: Initial RPM version 1.3.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1069050 - Review Request: xfce4-equake-plugin - Plugin for the XFCE panel which monitors earthquakes https://bugzilla.redhat.com/show_bug.cgi?id=1069050 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test