The following Fedora 20 Security updates need testing: Age URL 39 https://admin.fedoraproject.org/updates/FEDORA-2014-5497/openstack-keystone-2013.2.3-3.fc20 30 https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20 20 https://admin.fedoraproject.org/updates/FEDORA-2014-6258/smb4k-1.1.2-1.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2014-6551/chicken-4.8.0.6-2.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2014-6615/drupal7-views-3.8-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-6705/readline-6.2-9.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-6810/check-mk-1.2.4p2-2.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-6837/mingw-libtiff-4.0.3-4.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-6828/mingw-icu-50.1.2-3.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-6870/mingw-libjpeg-turbo-1.3.1-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-6825/mingw-pixman-0.30.0-5.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-6830/mingw-freetype-2.5.0.1-2.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-6820/mingw-readline-6.2-4.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-6912/mingw-curl-7.37.0-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-6922/qt3-3.3.8b-58.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-6891/gnutls-3.1.25-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-6895/libtasn1-3.6-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-6901/php-doctrine-orm-2.4.2-2.fc20,php-phpunit-PHPUnit-MockObject-1.2.3-4.fc20,php-5.5.13-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6970/qemu-1.6.2-6.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6953/mingw-gnutls-3.1.25-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6944/mod_wsgi-3.5-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6961/mediawiki-1.21.10-1.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 10 https://admin.fedoraproject.org/updates/FEDORA-2014-6568/ibus-1.5.7-2.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2014-6617/libnl3-3.2.24-3.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-6726/gssdp-0.14.8-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-6792/device-mapper-persistent-data-0.3.2-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-6834/firewalld-0.3.10-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-6915/openldap-2.4.39-3.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-6918/python-urlgrabber-3.10.1-0.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-6895/libtasn1-3.6-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-6684/mesa-10.1.4-3.20140521.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-6967/gupnp-0.20.12-1.fc20 The following builds have been pushed to Fedora 20 updates-testing NetworkManager-ssh-0.9.3-0.1.20140601git9d834f2.fc20 edgar-1.16-1.fc20 freemind-1.0.1-2.fc20 geard-0-0.9.git3c781d0.fc20 git-cola-2.0.3-1.fc20 golang-github-gorilla-context-0-0.23.gitb06ed15.fc20 golang-github-gorilla-mux-0-0.13.git136d54f.fc20 golang-github-kr-pty-0-0.19.git67e2db2.fc20 gupnp-0.20.12-1.fc20 mediawiki-1.21.10-1.fc20 mingw-gnutls-3.1.25-1.fc20 qemu-1.6.2-6.fc20 rcssserver3d-0.6.8-1.fc20 routino-2.7-1.fc20 Details about builds: ================================================================================ NetworkManager-ssh-0.9.3-0.1.20140601git9d834f2.fc20 (FEDORA-2014-6968) NetworkManager VPN plugin for SSH -------------------------------------------------------------------------------- Update Information: Fixed GTK_STOCK deprecation errors, Czech translation -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 1 2014 Dan Fruehauf <malkodan@xxxxxxxxx> - 0.9.3-0.1.20140601git9d834f2 - Fixed GTK_STOCK deprecation errors - Czech translation by Jiri Kilmes -------------------------------------------------------------------------------- ================================================================================ edgar-1.16-1.fc20 (FEDORA-2014-6950) A platform game -------------------------------------------------------------------------------- Update Information: Updated Brazilian Portuguese, Dutch, Italian and Russian translations -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 1 2014 Andrea Musuruane <musuruan@xxxxxxxxx> - 1.16-1 - Updated to upstream 1.16-1 -------------------------------------------------------------------------------- ================================================================================ freemind-1.0.1-2.fc20 (FEDORA-2014-6952) Free mind mapping software -------------------------------------------------------------------------------- Update Information: Force using Xalan as XSL transformer - solves conversion failure -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 1 2014 Michael Simacek <msimacek@xxxxxxxxxx> - 1.0.1-2 - Force using Xalan as XSL transformer - solves conversion failure - Use %jpackage_script instead of source file -------------------------------------------------------------------------------- ================================================================================ geard-0-0.9.git3c781d0.fc20 (FEDORA-2014-6951) Geard -------------------------------------------------------------------------------- Update Information: update to latest master 3c781d0cd8a961a85449d362fb5d8c88c5a34a22 make tests more resilient release 6 -------------------------------------------------------------------------------- ChangeLog: * Thu May 29 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> - 0-0.9.git - update to latest master 3c781d0cd8a961a85449d362fb5d8c88c5a34a22 - Require docker-io to fix BZ 1097638 - selinux fix in master 0-0.9 not required in f20 * Sat May 17 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> - 0-0.8.git - update to latest master - make sure required package is docker-io * Wed May 7 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> - 0-0.7.git - make tests more resilient * Fri May 2 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> - 0-0.6.git - release 6 * Tue Apr 29 2014 Colin Walters <walters@xxxxxxxxxx> - 0-0.5.1.git - Change requires to be /usr/bin/docker to adapt to package rename -------------------------------------------------------------------------------- References: [ 1 ] Bug #1097638 - It will install the docker as dependency by default but not docker-io if install the geard via yum directly on Fedora20 https://bugzilla.redhat.com/show_bug.cgi?id=1097638 -------------------------------------------------------------------------------- ================================================================================ git-cola-2.0.3-1.fc20 (FEDORA-2014-6955) A sleek and powerful git GUI -------------------------------------------------------------------------------- Update Information: An update of git-cola to the latest upstream release, version 2.0.3. Usability improvements: * git cola no longer prompts after successfully creating a new branch. https://github.com/git-cola/git-cola/pull/251 * Hitting enter on simple dialogs now accepts them. https://github.com/git-cola/git-cola/pull/255 Bugfixes: * Switching repositories using the bookmarks widget was not refreshing the inotify watcher. https://github.com/git-cola/git-cola/pull/256 * Special commit messages trailers (e.g. “Acked-by:”) are now special-cased to fix word wrapping lines that start with “foo:”. https://github.com/git-cola/git-cola/issues/257 -------------------------------------------------------------------------------- ChangeLog: * Sat May 31 2014 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> - 2.0.3-1 - Update to 2.0.3 (#1101185) - Drop BR asciidoc, not used anymore (since 2.0.2) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1101185 - git-cola-2.0.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1101185 -------------------------------------------------------------------------------- ================================================================================ golang-github-gorilla-context-0-0.23.gitb06ed15.fc20 (FEDORA-2014-6959) A golang registry for global request variables -------------------------------------------------------------------------------- Update Information: update to commit b06ed15e1c (required for docker 1.0) golang exclusivearch for el6+ revert golang >= 1.2 requirement -------------------------------------------------------------------------------- ChangeLog: * Sat May 31 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> 0-0.23.git - update to commit b06ed15e1c (required for docker 1.0 https://github.com/dotcloud/docker/issues/5908 ) * Wed Jan 15 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> 0-0.22.git708054d - golang exclusivearch for el6+ - add check * Wed Jan 15 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> 0-0.21.git708054d - revert golang 1.2 requirement * Wed Jan 15 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> 0-0.20.git708054d - require golang 1.2 and up -------------------------------------------------------------------------------- ================================================================================ golang-github-gorilla-mux-0-0.13.git136d54f.fc20 (FEDORA-2014-6948) A powerful URL router and dispatcher for golang -------------------------------------------------------------------------------- Update Information: update to commit 136d54f81f (required for docker 1.0 -------------------------------------------------------------------------------- ChangeLog: * Sat May 31 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> 0-0.13.git - update to commit 136d54f81f (required for docker 1.0 https://github.com/dotcloud/docker/issues/5908 ) * Fri Jan 17 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> 0-0.12.gite718e93 - exclusivearch for el6+ - add check * Fri Jan 17 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> 0-0.11.gite718e93 - revert golang >= 1.2 version requirement * Wed Jan 15 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> 0-0.10.gite718e93 - require golang 1.2 and later -------------------------------------------------------------------------------- ================================================================================ golang-github-kr-pty-0-0.19.git67e2db2.fc20 (FEDORA-2014-6969) PTY interface for Go -------------------------------------------------------------------------------- Update Information: update to commit 67e2db24c8 (required for docker 1.0 exclusivearch for el6+ revert golang >= 1.2 version requirement -------------------------------------------------------------------------------- ChangeLog: * Sat May 31 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> 0-0.19.git - update to commit 67e2db24c8 (required for docker 1.0 https://github.com/dotcloud/docker/issues/5908 ) * Wed Jan 15 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> 0-0.18.git3b1f648 - exclusivearch for el6+ * Wed Jan 15 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> 0-0.17.git3b1f648 - revert golang >= 1.2 version requirement * Wed Jan 15 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> 0-0.16.git3b1f648 - require golang 1.2 and up -------------------------------------------------------------------------------- ================================================================================ gupnp-0.20.12-1.fc20 (FEDORA-2014-6967) A framework for creating UPnP devices & control points -------------------------------------------------------------------------------- Update Information: 0.20.12 ======= Changes since 0.20.11: - Several documentation fixes. - Fix warning from clang. - Prevent a critical if there's no DBus available and a DBus-based context manager is used. - Don't try to use a DBus context manager if we don't have a system bus. - Use g_return_val_if_fail. - Fix a small leak of CallbackData in GUPnPServiceProxy. - Add a gupnp_service_proxy_add_notify_full variant to be nice to gobject-introspection. - Several code cleanups. - Fix a reference leak in ACL. - Make "document" property of GUPnPDeviceInfo readable. - Add gupnp_service_proxy_add_raw_notify which can be used to get the raw xmlDoc received through notification. Bugs fixed in this release: - https://bugzilla.gnome.org/show_bug.cgi?id=701446 - https://bugzilla.gnome.org/show_bug.cgi?id=706123 - https://bugzilla.gnome.org/show_bug.cgi?id=706127 - https://bugzilla.gnome.org/show_bug.cgi?id=727709 - https://bugzilla.gnome.org/show_bug.cgi?id=729827 - https://bugzilla.gnome.org/show_bug.cgi?id=730359 - https://bugzilla.gnome.org/show_bug.cgi?id=730690 -------------------------------------------------------------------------------- ChangeLog: * Sat May 31 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 0.20.12-1 - 0.20.12 release - http://ftp.gnome.org/pub/GNOME/sources/gupnp/0.20/gupnp-0.20.12.news - Re-add vala bindings to devel (RHBZ 1093204) -------------------------------------------------------------------------------- ================================================================================ mediawiki-1.21.10-1.fc20 (FEDORA-2014-6961) A wiki engine -------------------------------------------------------------------------------- Update Information: * (bug 65501) SECURITY: Don't parse usernames as wikitext on Special:PasswordReset. * (bug 36356) Add space between two feed links. -------------------------------------------------------------------------------- ChangeLog: * Sat May 31 2014 Michael Cronenworth <mike@xxxxxxxxxx> - 1.21.10-1 - Update to 1.21.10 - (bug 65501) SECURITY: Don't parse usernames as wikitext on Special:PasswordReset. - (bug 36356) Add space between two feed links. -------------------------------------------------------------------------------- ================================================================================ mingw-gnutls-3.1.25-1.fc20 (FEDORA-2014-6953) MinGW GnuTLS TLS/SSL encryption library -------------------------------------------------------------------------------- Update Information: Version 3.1.25 (released 2014-05-30) * libgnutls: Eliminated memory corruption issue in Server Hello parsing. Issue reported by Joonas Kuorilehto of Codenomicon. * libgnutls: Increased the maximum certificate size buffer in the PKCS #11 subsystem. * libgnutls: Check the return code of getpwuid_r() instead of relying on the result value. That avoids issue in certain systems, when using tofu authentication and the home path cannot be determined. Issue reported by Viktor Dukhovni. Version 3.2.14 (released 2014-05-06) * libgnutls: Fixed issue with the check of incoming data when two different recv and send pointers have been specified. Reported and investigated by JMRecio. * libgnutls: Fixed issue in the RSA-PSK key exchange, which would result to illegal memory access if a server hint was provided. * libgnutls: Fixed client memory leak in the PSK key exchange, if a server hint was provided. * libgnutls: Several small bug fixes identified using valgrind and the Codenomicon TLS test suite. * libgnutls: Several small bug fixes found by coverity. -------------------------------------------------------------------------------- ChangeLog: * Sat May 31 2014 Michael Cronenworth <mike@xxxxxxxxxx> - 3.1.25-1 - Update to 3.1.25 - Fixes CVE-2014-3466 (#1103047) * Mon May 26 2014 Michael Cronenworth <mike@xxxxxxxxxx> - 3.1.24-1 - Update to 3.1.24 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1101932 - CVE-2014-3466 gnutls: insufficient session id length check in _gnutls_read_server_hello (GNUTLS-SA-2014-3) https://bugzilla.redhat.com/show_bug.cgi?id=1101932 -------------------------------------------------------------------------------- ================================================================================ qemu-1.6.2-6.fc20 (FEDORA-2014-6970) QEMU is a FAST! processor emulator -------------------------------------------------------------------------------- Update Information: * QCOW1 validation CVEs: CVE-2014-0222, CVE-2014-0223 (bz #1097232, bz #1097238, bz #1097222, bz #1097216) * CVE-2014-3461: Issues in USB post load checks (bz #1097260, bz #1096821) -------------------------------------------------------------------------------- ChangeLog: * Sat May 31 2014 Cole Robinson <crobinso@xxxxxxxxxx> - 2:1.6.2-6 - QCOW1 validation CVEs: CVE-2014-0222, CVE-2014-0223 (bz #1097232, bz - CVE-2014-3461: Issues in USB post load checks (bz #1097260, bz #1096821) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1097222 - CVE-2014-0223 Qemu: qcow1: validate image size to avoid out-of-bounds memory access https://bugzilla.redhat.com/show_bug.cgi?id=1097222 [ 2 ] Bug #1097216 - CVE-2014-0222 Qemu: qcow1: validate L2 table size to avoid integer overflows https://bugzilla.redhat.com/show_bug.cgi?id=1097216 [ 3 ] Bug #1096821 - CVE-2014-3461 Qemu: usb: fix up post load checks https://bugzilla.redhat.com/show_bug.cgi?id=1096821 -------------------------------------------------------------------------------- ================================================================================ rcssserver3d-0.6.8-1.fc20 (FEDORA-2014-6954) Robocup 3D Soccer Simulation Server -------------------------------------------------------------------------------- Update Information: Update to 0.6.8 with some enhancements for RoboCup 2014 competitions. -------------------------------------------------------------------------------- ChangeLog: * Sat May 31 2014 Hedayat Vatankhah <hedayat.fwd+rpmchlog@xxxxxxxxx> - 0.6.8-1 - Update to version 0.6.8 * Fri May 23 2014 David Tardon <dtardon@xxxxxxxxxx> - 0.6.7-4 - rebuild for boost 1.55.0 -------------------------------------------------------------------------------- ================================================================================ routino-2.7-1.fc20 (FEDORA-2014-6956) Router for OpenStreetMap Data -------------------------------------------------------------------------------- Update Information: Update of Routino to version 2.7. Bug fixes: * Fix typo in documentation strings in filedumper program. * Don't lose super-segments when merging them with normal segments. * Don't exceed the database lat/long limits when searching for visualiser data. planetsplitter: * Don't overflow (and wrap-around) conversions of lengths, weights etc. * Add some new formats of length, weight and speed parsing. * Add .xz uncompression as a compile-time option (enabled in Fedora packaging). router: * Remove ancient undocumented option to specify lat/lon without --lat/--lon. * Add a '--output-stdout' option to output the route in a selected format. * Add a '--reverse' option to calculate a route in the reverse order. * Add a '--loop' option to calculate a route that returns to the first waypoint. * Output valid HTML4 (use strict DTD and use numeric entity for apostrophe). OSM tagging: * Allow bicycles both ways on certain oneway roads if tagging allows. * Handle "access=bus" like "access=psv". (Taking advantage of those 2 features requires regenerating the database (.mem files).) Configuration Files: * Updated Dutch translations. * Updates to the XML parser tagging rules. * Added French translations for the routing output. Documentation: * Update the algorithm documentation for finding the shortest path. * Update documentation HTML to strict 4.01 DTD. Note: This version is compatible with databases from version 2.6 (although cycling both ways on one-way highways requires a database update). (Unfortunately, the latest version, 2.7.1, cannot be pushed to Fedora 20 because it is not compatible with databases from 2.6 or 2.7. Therefore, this is the last upgrade of Routino for Fedora 20.) -------------------------------------------------------------------------------- ChangeLog: * Sat May 31 2014 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> - 2.7-1 - Update to 2.7 (last version compatible with databases from 2.6) - Rebase patches - Enable xz support, BuildRequires: xz-devel - README-MARBLE.txt: update: 2.6 database compatibility, .xz support -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
