The following Fedora 20 Security updates need testing: Age URL 114 https://admin.fedoraproject.org/updates/FEDORA-2013-24018/varnish-3.0.5-1.fc20 60 https://admin.fedoraproject.org/updates/FEDORA-2014-2751/zabbix-2.0.11-2.fc20 18 https://admin.fedoraproject.org/updates/FEDORA-2014-4691/a2ps-4.14-23.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-5018/smb4k-1.1.1-2.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-5002/python-django-horizon-2013.2.3-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-5066/python-keystoneclient-0.7.1-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-5140/knot-1.4.5-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-5194/check-mk-1.2.4p2-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-5079/cups-1.7.2-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-5186/syncevolution-1.4.1-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-5198/openstack-glance-2013.2.3-3.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-5231/strongswan-5.1.3-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-5254/znc-1.2-3.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-5336/java-1.8.0-openjdk-1.8.0.5-1.b13.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-5321/stunnel-5.01-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-5298/drupal7-7.27-1.fc20,drupal6-6.31-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-5369/community-mysql-5.5.37-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-5393/mariadb-5.5.37-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-5407/ansible-1.5.5-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-5433/bugzilla-4.2.9-1.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 16 https://admin.fedoraproject.org/updates/FEDORA-2014-4774/gnome-shell-3.10.4-3.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-4995/mutter-3.10.4-2.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-5149/iscsi-initiator-utils-6.2.0.873-21.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-5179/perl-Exporter-5.70-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-5176/audit-2.3.6-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-5157/libpciaccess-0.13.3-0.1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-5227/libcomps-0.1.6-10.fc20 The following builds have been pushed to Fedora 20 updates-testing apper-0.8.2-1.fc20 autoarchive-1.1.1-1.fc20 bugzilla-4.2.9-1.fc20 cego-2.20.9-1.fc20 gtk-murrine-engine-0.98.2-5.fc20 gtkspell3-3.0.5-1.fc20 lfcbase-1.5.9-1.fc20 lfcxml-1.1.7-1.fc20 lightning-2.0.4-1.fc20 mingw-gtkspell3-3.0.5-1.fc20 nodejs-bindings-1.2.0-1.fc20 nodejs-chalk-0.4.0-2.fc20 nodejs-ejs-1.0.0-1.fc20 nodejs-grunt-0.4.4-2.fc20 nodejs-grunt-contrib-concat-0.4.0-1.fc20 nodejs-grunt-contrib-internal-0.4.9-1.fc20 nodejs-grunt-contrib-nodeunit-0.3.3-1.fc20 nodejs-has-color-0.1.7-1.fc20 nodejs-i2c-0.1.4-9.fc20 nodejs-jasmine-reporters-0.4.1-1.fc20 nodejs-jwt-simple-0.2.0-1.fc20 nodejs-libxmljs-0.9.0-1.fc20 nodejs-ltx-0.5.0-1.fc20 nodejs-pubcontrol-0.3.5-1.fc20 nodejs-sax-0.6.0-1.fc20 nodejs-strip-ansi-0.2.0-1.fc20 nodejs-stylus-0.43.1-1.fc20 nodejs-xml2js-0.4.2-2.fc20 nodeunit-0.8.6-4.fc20 pcc-1.1.0-0.1.20140420cvs.fc20 Details about builds: ================================================================================ apper-0.8.2-1.fc20 (FEDORA-2014-5431) KDE interface for PackageKit -------------------------------------------------------------------------------- Update Information: An update of Apper to the latest upstream release, version 0.8.2, fixing a small memory leak and adding an appdata XML file. -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 19 2014 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> 0.8.2-1 - update to 0.8.2 - drop upstreamed apper-updater-l10n.patch - update file list for the new apper.appdata.xml -------------------------------------------------------------------------------- ================================================================================ autoarchive-1.1.1-1.fc20 (FEDORA-2014-5436) A simple backup tool that uses tar -------------------------------------------------------------------------------- Update Information: Update to latest upstream version 1.1.1 -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 20 2014 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 1.1.1-1 - Update to latest upstream version 1.1.1 -------------------------------------------------------------------------------- ================================================================================ bugzilla-4.2.9-1.fc20 (FEDORA-2014-5433) Bug tracking system -------------------------------------------------------------------------------- Update Information: Previous versions of bugzilla had the following security issues: * The login form had no CSRF protection, meaning that an attacker could force the victim to log in using the attacker's credentials. * Dangerous control characters can be inserted into Bugzilla, notably into bug comments, which can then be used to execute local commands. The first issue has the CVE number CVE-2014-1517. Please see http://www.bugzilla.org/security/4.0.11/ for all the gory details. Both issues were fixed in 4.2.8 but it introduced a regression in bug commenting that was fixed in 4.2.9. -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 19 2014 Emmanuel Seyman <emmanuel@xxxxxxxxx> - 4.2.9-1 - Update to 4.2.9 (regression fix for 4.2.8 which was a security update) - Drop backported patches -------------------------------------------------------------------------------- ================================================================================ cego-2.20.9-1.fc20 (FEDORA-2014-5427) A relational and transactional database -------------------------------------------------------------------------------- Update Information: Update to 2.20.9 -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 16 2014 Christopher Meng <rpm@xxxxxxxx> - 2.20.9-1 - Update to 2.20.9 * Tue Feb 25 2014 Christopher Meng <rpm@xxxxxxxx> - 2.20.6-1 - Update to 2.20.6 -------------------------------------------------------------------------------- ================================================================================ gtk-murrine-engine-0.98.2-5.fc20 (FEDORA-2014-5435) Murrine GTK2 engine -------------------------------------------------------------------------------- Update Information: Silence deprecation warnings (#1046757) -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 20 2014 Martin Sourada <mso@xxxxxxxxxxxxxxxxx> - 0.98.2-5 - Silence deprecation warnings (#1046757) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1046757 - Murrine configuration option "scrollbar_color" is no longer supported and will be ignored. https://bugzilla.redhat.com/show_bug.cgi?id=1046757 -------------------------------------------------------------------------------- ================================================================================ gtkspell3-3.0.5-1.fc20 (FEDORA-2014-5424) On-the-fly spell checking for GtkTextView widgets -------------------------------------------------------------------------------- Update Information: Update to version 3.0.5, see http://gtkspell.sourceforge.net/ChangeLog for details. -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 19 2014 Sandro Mani <manisandro@xxxxxxxxx> - 3.0.5-1 - Update to 3.0.5 -------------------------------------------------------------------------------- ================================================================================ lfcbase-1.5.9-1.fc20 (FEDORA-2014-5427) Lemke Foundation Classes -------------------------------------------------------------------------------- Update Information: Update to 2.20.9 -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 2 2014 Christopher Meng <rpm@xxxxxxxx> - 1.5.9-1 - Update to 1.5.9 -------------------------------------------------------------------------------- ================================================================================ lfcxml-1.1.7-1.fc20 (FEDORA-2014-5427) Lemke Foundation Classes XML extension -------------------------------------------------------------------------------- Update Information: Update to 2.20.9 -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 4 2014 Christopher Meng <rpm@xxxxxxxx> - 1.1.7-1 - Update to 1.1.7 -------------------------------------------------------------------------------- ================================================================================ lightning-2.0.4-1.fc20 (FEDORA-2014-5420) Library for generating assembly code on run time -------------------------------------------------------------------------------- Update Information: Minor ARM-releated bugfixes from upstream. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 15 2014 Jochen Schmitt <Jochen herr-schmitt de> - 2.0.4-1 - New upstream release -------------------------------------------------------------------------------- ================================================================================ mingw-gtkspell3-3.0.5-1.fc20 (FEDORA-2014-5432) MinGW Windows GtkSpell3 library -------------------------------------------------------------------------------- Update Information: Update to version 3.0.5, see http://gtkspell.sourceforge.net/ChangeLog for details. -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 19 2014 Sandro Mani <manisandro@xxxxxxxxx> - 3.0.5-1 - Update to 3.0.5 -------------------------------------------------------------------------------- ================================================================================ nodejs-bindings-1.2.0-1.fc20 (FEDORA-2014-5425) Helper module for loading your native module's .node file -------------------------------------------------------------------------------- Update Information: Update to latest releases. -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 20 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 1.2.0-1 - update to upstream release 1.2.0 -------------------------------------------------------------------------------- ================================================================================ nodejs-chalk-0.4.0-2.fc20 (FEDORA-2014-5413) Terminal string styling done right -------------------------------------------------------------------------------- Update Information: Update to latest releases of has-color and strip-ansi. -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 20 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.4.0-2 - fix versioned dependencies -------------------------------------------------------------------------------- ================================================================================ nodejs-ejs-1.0.0-1.fc20 (FEDORA-2014-5438) Embedded JavaScript templates for Node.js -------------------------------------------------------------------------------- Update Information: Update to latest releases of nodejs-grunt-contrib-nodeunit and nodejs-ejs. -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 19 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 1.0.0 - update to upstream release 1.0.0 -------------------------------------------------------------------------------- ================================================================================ nodejs-grunt-0.4.4-2.fc20 (FEDORA-2014-5426) Grunt is a JavaScript library used for automation and running tasks -------------------------------------------------------------------------------- Update Information: Update to latest release of grunt-contrib-internal and grunt-contrib-concat. -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 20 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.4.4-2 - add missing internal-tasks/ folder -------------------------------------------------------------------------------- ================================================================================ nodejs-grunt-contrib-concat-0.4.0-1.fc20 (FEDORA-2014-5426) Concatenate files with grunt -------------------------------------------------------------------------------- Update Information: Update to latest release of grunt-contrib-internal and grunt-contrib-concat. -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 20 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.4.0-1 - update to upstream release 0.4.0 -------------------------------------------------------------------------------- ================================================================================ nodejs-grunt-contrib-internal-0.4.9-1.fc20 (FEDORA-2014-5426) Internal tasks for managing the grunt-contrib project -------------------------------------------------------------------------------- Update Information: Update to latest release of grunt-contrib-internal and grunt-contrib-concat. -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 20 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.4.9-1 - update to upstream release 0.4.9 -------------------------------------------------------------------------------- ================================================================================ nodejs-grunt-contrib-nodeunit-0.3.3-1.fc20 (FEDORA-2014-5438) Run Nodeunit unit tests with grunt -------------------------------------------------------------------------------- Update Information: Update to latest releases of nodejs-grunt-contrib-nodeunit and nodejs-ejs. -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 19 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.3.3-2 - update to upstream release 0.3.3 -------------------------------------------------------------------------------- ================================================================================ nodejs-has-color-0.1.7-1.fc20 (FEDORA-2014-5413) Detects whether a terminal supports color -------------------------------------------------------------------------------- Update Information: Update to latest releases of has-color and strip-ansi. -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 20 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.1.7-1 - update to upstream release 0.1.7 -------------------------------------------------------------------------------- ================================================================================ nodejs-i2c-0.1.4-9.fc20 (FEDORA-2014-5425) Node.js native bindings for i2c-dev -------------------------------------------------------------------------------- Update Information: Update to latest releases. -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 20 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.1.4-9 - fix version of npm(underscore) dependency * Sun Apr 20 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.1.4-8 - put nodejs_default_filter before nodejs_find_provides_and_requires * Sun Apr 20 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.1.4-7 - fix version of npm(bindings) dependency * Fri Apr 18 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.1.4-6 - fix version of npm(underscore) dependency * Fri Feb 14 2014 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 0.1.4-5 - rebuild for icu-53 (via v8) -------------------------------------------------------------------------------- ================================================================================ nodejs-jasmine-reporters-0.4.1-1.fc20 (FEDORA-2014-5428) Reporters for the Jasmine behavior-driven development (BDD) framework -------------------------------------------------------------------------------- Update Information: Update to latest release. -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 19 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.4.1-1 - update to upstream release 0.4.1 -------------------------------------------------------------------------------- ================================================================================ nodejs-jwt-simple-0.2.0-1.fc20 (FEDORA-2014-5437) JWT(JSON Web Token) encode and decode module for Node.js -------------------------------------------------------------------------------- Update Information: Update to latest releases. -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 20 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.2.0-1 - update to upstream release 0.2.0 -------------------------------------------------------------------------------- ================================================================================ nodejs-libxmljs-0.9.0-1.fc20 (FEDORA-2014-5425) Node.js module that provides libxml bindings for the v8 javascript engine -------------------------------------------------------------------------------- Update Information: Update to latest releases. -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 20 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.9.0-1 - update to upstream release 0.9.0 * Fri Feb 14 2014 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 0.8.1-4 - rebuild for icu-53 (via v8) -------------------------------------------------------------------------------- ================================================================================ nodejs-ltx-0.5.0-1.fc20 (FEDORA-2014-5412) A Node.js module for parsing, modifying and building XML -------------------------------------------------------------------------------- Update Information: Update to latest releases of stylus, sax and ltx. -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 19 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.5.0-1 - update to upstream release 0.5.0 -------------------------------------------------------------------------------- ================================================================================ nodejs-pubcontrol-0.3.5-1.fc20 (FEDORA-2014-5437) HTTP Extensible Pubsub Control Protocol (EPCP) library for Node.js -------------------------------------------------------------------------------- Update Information: Update to latest releases. -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 20 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.3.5-1 - update to upstream release 0.3.5 -------------------------------------------------------------------------------- ================================================================================ nodejs-sax-0.6.0-1.fc20 (FEDORA-2014-5412) A streaming SAX-style XML parser in JavaScript for Node.js -------------------------------------------------------------------------------- Update Information: Update to latest releases of stylus, sax and ltx. -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 19 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.6.0-1 - update to upstream release 0.6.0 -------------------------------------------------------------------------------- ================================================================================ nodejs-strip-ansi-0.2.0-1.fc20 (FEDORA-2014-5413) Strip ANSI escape codes (used for colorizing strings in the terminal) -------------------------------------------------------------------------------- Update Information: Update to latest releases of has-color and strip-ansi. -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 20 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.2.0-1 - update to upstream release 0.2.0 -------------------------------------------------------------------------------- ================================================================================ nodejs-stylus-0.43.1-1.fc20 (FEDORA-2014-5412) Robust, expressive, and feature-rich CSS super-set for Node.js -------------------------------------------------------------------------------- Update Information: Update to latest releases of stylus, sax and ltx. -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 19 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.43.1-1 - update to upstream release 0.43.1 -------------------------------------------------------------------------------- ================================================================================ nodejs-xml2js-0.4.2-2.fc20 (FEDORA-2014-5412) Simple XML to JavaScript object converter -------------------------------------------------------------------------------- Update Information: Update to latest releases of stylus, sax and ltx. -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 19 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.4.2-2 - fix version of npm(sax) dependency * Sun Mar 30 2014 Tom Hughes <tom@xxxxxxxxxx> - 0.4.2-1 - Update to 0.4.2 upstream release - Switch to using github as source so we get tests * Fri Jan 3 2014 Tom Hughes <tom@xxxxxxxxxx> - 0.4.1-1 - Update to 0.4.1 upstream release -------------------------------------------------------------------------------- ================================================================================ nodeunit-0.8.6-4.fc20 (FEDORA-2014-5438) Easy asynchronous unit testing framework for Node.js -------------------------------------------------------------------------------- Update Information: Update to latest releases of nodejs-grunt-contrib-nodeunit and nodejs-ejs. -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 19 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.8.6-4 - fix version of npm(ejs) dependency -------------------------------------------------------------------------------- ================================================================================ pcc-1.1.0-0.1.20140420cvs.fc20 (FEDORA-2014-5418) The Portable C Compiler -------------------------------------------------------------------------------- Update Information: Disable inlining in low level functions where it should not be done. Update to newest CVS release. -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 20 2014 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 1.1.0-0.1.20140420cvs - Disable inlining in low level functions where it should not be done. - Update to newest CVS release. -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
