The following Fedora 20 Security updates need testing: Age URL 54 https://admin.fedoraproject.org/updates/FEDORA-2014-5497/openstack-keystone-2013.2.3-3.fc20 46 https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20 26 https://admin.fedoraproject.org/updates/FEDORA-2014-6551/chicken-4.8.0.6-2.fc20 24 https://admin.fedoraproject.org/updates/FEDORA-2014-6615/drupal7-views-3.8-1.fc20 20 https://admin.fedoraproject.org/updates/FEDORA-2014-6705/readline-6.2-9.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-7126/libfep-0.1.0-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-7223/python-djblets-0.7.30-2.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-7166/python-jinja2-2.7.3-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-6901/php-doctrine-orm-2.4.2-2.fc20,php-phpunit-PHPUnit-MockObject-1.2.3-4.fc20,php-5.5.13-3.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-7263/polarssl-1.2.10-2.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-7296/tor-0.2.4.22-2.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-7348/ReviewBoard-1.7.26-2.fc20,python-django-evolution-0.6.9-4.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-7359/wireshark-1.10.7-3.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-7400/lynis-1.5.6-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-7406/rb_libtorrent-0.16.11-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-7423/xen-4.3.2-5.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 12 https://admin.fedoraproject.org/updates/FEDORA-2014-7035/gnome-settings-daemon-3.10.3-1.fc20 12 https://admin.fedoraproject.org/updates/FEDORA-2014-7024/lorax-20.5-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-7172/gnome-online-accounts-3.10.5-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-7113/libbluray-0.6.0-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-7240/selinux-policy-3.12.1-167.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-7276/gupnp-av-0.12.6-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-7383/crda-1.1.3_2014.06.13-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-7374/libusbx-1.0.19-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-7385/squashfs-tools-4.3-6.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-7410/elfutils-0.158-4.fc20 The following builds have been pushed to Fedora 20 updates-testing docker-io-1.0.0-3.fc20 elfutils-0.158-4.fc20 fuelmanager-0.4.1-3.fc20 libreoffice-4.2.5.2-1.fc20 lynis-1.5.6-1.fc20 mingw-opusfile-0.6-1.fc20 perl-NetPacket-1.5.0-1.fc20 perl-ZMQ-LibZMQ2-1.09-1.fc20 perl-ZMQ-LibZMQ3-1.16-1.fc20 pynag-0.8.9-2.fc20 python-stem-1.2.2-2.fc20 python-waitress-0.8.9-3.fc20 rawtherapee-4.1-1.fc20 rb_libtorrent-0.16.11-2.fc20 sparse-0.5.0-2.fc20 vertica-python-0.2.3-1.fc20 wt-3.3.3-2.fc20 xen-4.3.2-5.fc20 Details about builds: ================================================================================ docker-io-1.0.0-3.fc20 (FEDORA-2014-7425) Automates deployment of containerized applications -------------------------------------------------------------------------------- Update Information: correct bogus date -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 14 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 1.0.0-3 - correct bogus date * Sat Jun 14 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 1.0.0-2 - RHBZ#1109533 patch libcontainer for finalize namespace error - RHBZ#1109039 build with updated golang-github-syndtr-gocapability - install Dockerfile.5 manpage -------------------------------------------------------------------------------- References: [ 1 ] Bug #1109533 - finalize namespace errors with docker run https://bugzilla.redhat.com/show_bug.cgi?id=1109533 -------------------------------------------------------------------------------- ================================================================================ elfutils-0.158-4.fc20 (FEDORA-2014-7410) A collection of utilities and DSOs to handle compiled objects -------------------------------------------------------------------------------- Update Information: Fix eu-unstrip -n on ARM. Add elfutils-0.158-argp-attach.patch (#1107654) -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 10 2014 Mark Wielaard <mjw@xxxxxxxxxx> - 0.158-4 - Add elfutils-0.158-argp-attach.patch (#1107654) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1107654 - eu-unstrip -n doesn't work on architectures without unwinder https://bugzilla.redhat.com/show_bug.cgi?id=1107654 -------------------------------------------------------------------------------- ================================================================================ fuelmanager-0.4.1-3.fc20 (FEDORA-2014-7412) Manage fuel mileage -------------------------------------------------------------------------------- Update Information: changed to descending sort order. Added an appdata.xml file, fixes bug #2. -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 13 2014 kc8hfi <kc8hfi@xxxxxxxxx> - 0.4.1-3 - rebuilt * Fri Jun 13 2014 kc8hfi <kc8hfi@xxxxxxxxx> - 0.4.1-2 - Build for release 0.4.1 * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.4.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ libreoffice-4.2.5.2-1.fc20 (FEDORA-2014-7407) Free Software Productivity Suite -------------------------------------------------------------------------------- Update Information: Update to 4.2.5. List of fixed bugs can be found at https://wiki.documentfoundation.org/Releases/4.2.5/RC1 and https://wiki.documentfoundation.org/Releases/4.2.5/RC2 . -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 12 2014 David Tardon <dtardon@xxxxxxxxxx> - 1:4.2.5.2-1 - update to 4.2.5 * Mon Jun 9 2014 David Tardon <dtardon@xxxxxxxxxx> - 1:4.2.2.4-20 - Resolves: rhbz#1105376 FlatODF import/export does not work unless libreoffice-xsltfilter is installed * Sun Jun 8 2014 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> - 1:4.2.4.2-19 - rebuild against fixed Qt to get KDE file dialogs back - Resolves: rhbz#1105422 KDE file dialogs not showing in libreoffice -------------------------------------------------------------------------------- ================================================================================ lynis-1.5.6-1.fc20 (FEDORA-2014-7400) Security and system auditing tool -------------------------------------------------------------------------------- Update Information: == 1.5.6 (2014-06-12) == New: - Test for PHP binary and PHP version - Don't perform register_global test for systems running PHP 5.4.0 and later [PHP-2368] - Debug function (can be activated via --debug or profile) Changes: - Extended IsRunning function - Removed suggestion from secure shell test [SHLL-6202] - Check for idle session handlers [SHLL-6220] - Also check for apache2 binary (file instead of directory) - New report values: session_timeout_enabled and session_timeout_method - New report value for plugins: plugins_enabled - Fixed test to determine active TCP sessions on Linux [NETW-3012] == 1.5.5 (2014-06-08) == New: - Check for nginx access logging [HTTP-6712] - Check for missing error logs in nginx [HTTP-6714] - Check for debug mode in nginx [HTTP-6716] Changes: - Extended SSL test for nginx when using listen statements - Allow debugging via profile (config:debug:yes) - Check if discovered httpd file is actually a file - Improved temporary file creation related to security notice - Adjustments to screen output Security Note: This releases solves two issues regarding the usage of temporary files (predictability of the file names). You are advised to upgrade to this version as soon as possible. For more information see the our blog post: http://linux-audit.com/lynis-security-notice-154-and-older/ == 1.5.4 (2014-06-04) == New: - Check additional configuration files for nginx [HTTP-6706] - Analysis of nginx settings [HTTP-6708] - New test for SSL configuration of nginx [HTTP-6710] Changes: - Altered SMBD version check for Mac OS - Small adjustments to report for readability -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 16 2014 Christopher Meng <rpm@xxxxxxxx> - 1.5.6-1 - Update to 1.5.6 * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.5.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1104999 - CVE-2014-3982 CVE-2014-3986 lynis: insecure temporary file issues leading to privilege escalation https://bugzilla.redhat.com/show_bug.cgi?id=1104999 -------------------------------------------------------------------------------- ================================================================================ mingw-opusfile-0.6-1.fc20 (FEDORA-2014-7411) A high-level API for decoding and seeking within .opus files -------------------------------------------------------------------------------- Update Information: Update to 0.6 * fix bugs with comment handling * fix bugs handling invalid and non-opus streams -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 14 2014 David King <amigadave@xxxxxxxxxxxxx> 0.6-1 - Update to 0.6 -------------------------------------------------------------------------------- ================================================================================ perl-NetPacket-1.5.0-1.fc20 (FEDORA-2014-7414) Assemble/disassemble network packets at the protocol level -------------------------------------------------------------------------------- Update Information: Update to 1.5.0 -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 15 2014 Jose Pedro Oliveira <jose.p.oliveira.oss at gmail.com> - 1.5.0-1 - Update to 1.5.0 * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat Nov 30 2013 Jose Pedro Oliveira <jpo at di.uminho.pt> - 1.4.4-1 - Update to 1.4.4 -------------------------------------------------------------------------------- ================================================================================ perl-ZMQ-LibZMQ2-1.09-1.fc20 (FEDORA-2014-7417) Perl wrapper for the libzmq 2.x library -------------------------------------------------------------------------------- Update Information: Update to version 1.09 -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 14 2014 Jose Pedro Oliveira <jose.p.oliveira.oss at gmail.com> - 1.09-1 - Update to version 1.09 * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.07-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ perl-ZMQ-LibZMQ3-1.16-1.fc20 (FEDORA-2014-7419) Perl wrapper for the libzmq 3.x library -------------------------------------------------------------------------------- Update Information: Update to version 1.16 -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 14 2014 Jose Pedro Oliveira <jose.p.oliveira.oss at gmail.com> - 1.16-1 - Update to version 1.16 * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.14-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Tue Nov 26 2013 Jose Pedro Oliveira <jpo at di.uminho.pt> - 1.14-1 - Update to version 1.14 -------------------------------------------------------------------------------- ================================================================================ pynag-0.8.9-2.fc20 (FEDORA-2014-7424) Python modules and utilities for Nagios plugins and configuration -------------------------------------------------------------------------------- Update Information: Updated to latest upstream version -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 15 2014 Tomas Edwardsson <tommi@xxxxxxxxx> 0.8.9-1 - Updated to latest upstream version * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.8.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ python-stem-1.2.2-2.fc20 (FEDORA-2014-7404) Python controller library for Tor -------------------------------------------------------------------------------- Update Information: Update to version 1.2.2 -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 14 2014 Juan Orti Alcaine <jorti@xxxxxxxxxxxxxxxxx> - 1.2.2-2 - Rename tor-prompt to python3-tor-prompt in python3 subpackage * Thu Jun 12 2014 Juan Orti Alcaine <jorti@xxxxxxxxxxxxxxxxx> - 1.2.2-1 - Version 1.2.2 * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri May 9 2014 Juan Orti Alcaine <jorti@xxxxxxxxxxxxxxxxx> - 1.1.1-2 - Rebuilt for F21 Python 3.4 -------------------------------------------------------------------------------- ================================================================================ python-waitress-0.8.9-3.fc20 (FEDORA-2014-7418) Waitress WSGI server -------------------------------------------------------------------------------- Update Information: - Rebuilt. Update to latest upstream version. -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 14 2014 Lorenzo Gil Sanchez <lorenzo.gil.sanchez@xxxxxxxxx> - 0.8.9-3 - Run the tests with nose to avoid unclosed socket errors * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.8.9-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sun May 25 2014 Lorenzo Gil Sanchez <lorenzo.gil.sanchez@xxxxxxxxx> - 0.8.9-1 - Update to upstream * Wed May 14 2014 Bohuslav Kabrda <bkabrda@xxxxxxxxxx> - 0.8.8-2 - Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1100746 - python-waitress-0.8.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1100746 [ 2 ] Bug #1106928 - python-waitress: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1106928 -------------------------------------------------------------------------------- ================================================================================ rawtherapee-4.1-1.fc20 (FEDORA-2014-7421) Raw image processing software -------------------------------------------------------------------------------- Update Information: Update to new upstream stable release (first officially-stable release since 3.1). See changelog at <http://rawtherapee.com/blog/rawtherapee-4.1-is-out>. Note that this release drops bundled PDF documentation; see <http://rawpedia.rawtherapee.com/> instead. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 12 2014 Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> - 4.1-1 - update to new upstream stable release (first officially-stable release since 3.1) - see changelog at http://rawtherapee.com/blog/rawtherapee-4.1-is-out - drop documentation subpackage, because upstream does not yet have a pdf for 4.1; see docs online at http://rawtherapee.com/blog/documentation and http://rawpedia.rawtherapee.com/ - no need to include COMPILE.txt in binary package, but do incliude RELEASE_NOTES.txt -------------------------------------------------------------------------------- References: [ 1 ] Bug #1094722 - rawtherapee-4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1094722 -------------------------------------------------------------------------------- ================================================================================ rb_libtorrent-0.16.11-2.fc20 (FEDORA-2014-7406) A C++ BitTorrent library aiming to be the best alternative -------------------------------------------------------------------------------- Update Information: - stop UPNP from opening port 0 -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 15 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 0.16.11-2 - patch to stop UPNP from openning port 0 -------------------------------------------------------------------------------- ================================================================================ sparse-0.5.0-2.fc20 (FEDORA-2014-7405) A semantic parser of source files -------------------------------------------------------------------------------- Update Information: This package rebuilds sparse without -fpic. See bug 1109560 for details. -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 15 2014 Jeff Layton <jlayton@xxxxxxxxxxxxxxx> - 0.5.0-2 - Remove -fpic and -fPIC from CFLAGS. Seems to be causing weird effects with -O2. (bz# 1109560) -------------------------------------------------------------------------------- ================================================================================ vertica-python-0.2.3-1.fc20 (FEDORA-2014-7420) A native Python adapter for the Vertica database -------------------------------------------------------------------------------- Update Information: update to new version -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 13 2014 Jakub Jedelsky <jakub.jedelsky@xxxxxxxxx> - 0.2.3-1 - update to new version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1103263 - vertica-python-0.2.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1103263 -------------------------------------------------------------------------------- ================================================================================ wt-3.3.3-2.fc20 (FEDORA-2014-7280) C++ library for developing web applications -------------------------------------------------------------------------------- Update Information: New upstream version 3.3.3. Reenabled raster image support. -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 13 2014 Michal Minar <miminar@xxxxxxxxxx> 3.3.3-2 - Reenabled raster image support. * Wed Jun 11 2014 Michal Minar <miminar@xxxxxxxxxx> 3.3.3-1 - New upstream version 3.3.3. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1108929 - WRasterImage support is not included https://bugzilla.redhat.com/show_bug.cgi?id=1108929 -------------------------------------------------------------------------------- ================================================================================ xen-4.3.2-5.fc20 (FEDORA-2014-7423) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: Fix %if line typo in the spec file, Vulnerabilities in HVM MSI injection -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 15 2014 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.3.2-5 - Fix %if line typo in the spec file - Vulnerabilities in HVM MSI injection [XSA-96, CVE-2014-3967,CVE-2014-3968] (#1104583) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1102254 - CVE-2014-3967 CVE-2014-3968 xen: Vulnerabilities in HVM MSI injection (XSA-96) https://bugzilla.redhat.com/show_bug.cgi?id=1102254 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test