The following Fedora 20 Security updates need testing: Age URL 69 https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20 49 https://admin.fedoraproject.org/updates/FEDORA-2014-6551/chicken-4.8.0.6-2.fc20 47 https://admin.fedoraproject.org/updates/FEDORA-2014-6615/drupal7-views-3.8-1.fc20 21 https://admin.fedoraproject.org/updates/FEDORA-2014-5497/openstack-keystone-2013.2.3-4.fc20 20 https://admin.fedoraproject.org/updates/FEDORA-2014-7523/readline-6.2-10.fc20 18 https://admin.fedoraproject.org/updates/FEDORA-2014-7551/asterisk-11.10.2-2.fc20 18 https://admin.fedoraproject.org/updates/FEDORA-2014-7577/claws-mail-3.10.1-1.fc20,claws-mail-plugins-3.10.1-1.fc20 18 https://admin.fedoraproject.org/updates/FEDORA-2014-7613/perl-Email-Address-1.905-1.fc20 15 https://admin.fedoraproject.org/updates/FEDORA-2014-7697/dpkg-1.16.15-1.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2014-7896/zarafa-7.1.10-1.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2014-7936/python3-3.3.2-16.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2014-7954/openstack-nova-2013.2.3-2.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-8032/ansible-1.6.6-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-8021/docker-io-1.0.0-6.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-7657/couchdb-1.6.0-6.fc20,erlang-ibrowse-4.0.1-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-8098/pnp4nagios-0.6.22-2.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-8099/lz4-r119-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8189/krb5-1.11.5-8.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8227/ocsinventory-2.0.5-8.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8208/libXfont-1.4.8-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8065/rubygem-activerecord-4.0.0-4.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 12 https://admin.fedoraproject.org/updates/FEDORA-2014-7789/libndp-1.3-1.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2014-7857/python-mako-1.0.0-1.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2014-7868/gnome-shell-3.10.4-6.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2014-7968/perl-Pod-Usage-1.64-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-8109/libfm-1.2.1-1.fc20,pcmanfm-1.2.1-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8208/libXfont-1.4.8-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8185/fontconfig-2.11.0-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8189/krb5-1.11.5-8.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8186/xorg-x11-drv-qxl-0.1.1-4.fc20 The following builds have been pushed to Fedora 20 updates-testing alglib-3.8.2-5.fc20 conky-1.9.0-8.20140617gitab826d.fc20 freight-0.3.5-4.fc20 hornetq-2.4.1-3.fc20 libXfont-1.4.8-1.fc20 lmiwbem-0.2.0-6.fc20 nx-libs-3.5.0.27-1.fc20 ocsinventory-2.0.5-8.fc20 perl-IO-Socket-IP-0.30-2.fc20 perl-Module-Package-Au-2-1.fc20 perl-SOCKS-0.03-1.fc20 php-horde-Horde-Compress-Fast-1.0.3-1.fc20 php-horde-Horde-Imap-Client-2.23.2-1.fc20 php-horde-Horde-Mime-2.4.3-1.fc20 python-django-pyscss-1.0.1-2.fc20 python-tox-1.7.1-1.fc20 qpid-proton-0.7-3.fc20 rubygem-activerecord-4.0.0-4.fc20 se-sandbox-runner-1.6.12-1.fc20 x11trace-1.3.1-7.fc20 Details about builds: ================================================================================ alglib-3.8.2-5.fc20 (FEDORA-2014-8219) A numerical analysis and data processing library -------------------------------------------------------------------------------- Update Information: Disable builds for non x86 and non arm architectures, since upstream does not support them. Initial package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1109490 - Review Request: alglib - A numerical analysis and data processing library https://bugzilla.redhat.com/show_bug.cgi?id=1109490 -------------------------------------------------------------------------------- ================================================================================ conky-1.9.0-8.20140617gitab826d.fc20 (FEDORA-2014-8212) A system monitor for X -------------------------------------------------------------------------------- Update Information: This update fixes crash with lua scripts. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 9 2014 Miroslav Lichvar <mlichvar@xxxxxxxxxx> - 1.9.0-8.20140617gitab826d.fc20 - build with lua-5.1 (#1117120) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1117120 - [abrt] conky: luaH_getstr(): conky killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1117120 -------------------------------------------------------------------------------- ================================================================================ freight-0.3.5-4.fc20 (FEDORA-2014-8217) A modern take on the Debian archive -------------------------------------------------------------------------------- Update Information: New package for easy management of Debian archives -------------------------------------------------------------------------------- References: [ 1 ] Bug #1115049 - Review Request: freight - A modern take on the Debian archive https://bugzilla.redhat.com/show_bug.cgi?id=1115049 -------------------------------------------------------------------------------- ================================================================================ hornetq-2.4.1-3.fc20 (FEDORA-2014-8231) High performance messaging system -------------------------------------------------------------------------------- Update Information: Adds missing jars that are required by WildFly. -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.4.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri Mar 28 2014 Michael Simacek <msimacek@xxxxxxxxxx> - 2.4.1-2 - Use Requires: java-headless rebuild (#1067528) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1116959 - Wildfly do not install in Fedora 20 PPC64 https://bugzilla.redhat.com/show_bug.cgi?id=1116959 -------------------------------------------------------------------------------- ================================================================================ libXfont-1.4.8-1.fc20 (FEDORA-2014-8208) X.Org X11 libXfont runtime library -------------------------------------------------------------------------------- Update Information: - libXfont 1.4.8 (rhbz#1100441) - Fixes: CVE-2014-0209, CVE-2014-0210, CVE-2014-0211 (rhbz#1097397) -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 9 2014 Hans de Goede <hdegoede@xxxxxxxxxx> - 1.4.8-1 - libXfont 1.4.8 (rhbz#1100441) - Fixes: CVE-2014-0209, CVE-2014-0210, CVE-2014-0211 (rhbz#1097397) * Mon Jun 9 2014 Adam Jackson <ajax@xxxxxxxxxx> 1.4.7-2 - Fix FTBFS against new fontproto * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1096593 - CVE-2014-0209 libXfont: integer overflow of allocations in font metadata file parsing https://bugzilla.redhat.com/show_bug.cgi?id=1096593 [ 2 ] Bug #1096597 - CVE-2014-0210 libXfont: unvalidated length fields when parsing xfs protocol replies https://bugzilla.redhat.com/show_bug.cgi?id=1096597 [ 3 ] Bug #1096601 - CVE-2014-0211 libXfont: integer overflows calculating memory needs for xfs replies https://bugzilla.redhat.com/show_bug.cgi?id=1096601 -------------------------------------------------------------------------------- ================================================================================ lmiwbem-0.2.0-6.fc20 (FEDORA-2014-8216) Python WBEM Client -------------------------------------------------------------------------------- Update Information: fix deadlocks related to Python's GIL -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 9 2014 Peter Hatina <phatina@xxxxxxxxxx> - 0.2.0-6 - fix deadlocks related to Python's GIL -------------------------------------------------------------------------------- ================================================================================ nx-libs-3.5.0.27-1.fc20 (FEDORA-2014-8215) NX X11 protocol compression libraries -------------------------------------------------------------------------------- Update Information: Update to 3.5.0.27: - Add kernel socket namespace support. Fixes failing nxproxy/nxagent execution on systems where pam_namespace.so is in use. - Fix xkeyboard-2.6 incompatibility issues. (Maybe not all of them, so please report back...). - Fix PPC64 support. (Thanks to Mihai Moldovan for digging into this!!!) - New option: -state <statefile>. More accurately detect the current session state via an external status file. This is part of the bugfix for X2Go BTS issue #302. - Allow clipboard={none,client,server,both} as NX option. - Plus some minor issues -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 7 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.5.0.27-1 - Update to 3.5.0.27 - Drop aarch64 patch applied upstream * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.5.0.24-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Wed May 7 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.5.0.24-2 - Add patch for aarch64 support attempt * Wed May 7 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.5.0.24-1 - Update to 3.5.0.24 - Drop format patch applied upstream * Tue May 6 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.5.0.23-1 - Update to 3.5.0.23 - Drop ppc64 and imake patches applied upstream * Fri Jan 24 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.5.0.22-3 - Add patch to fix imake build - Add patch to fix -Werror=format-security build * Fri Jan 24 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.5.0.22-2 - Set compile flags properly on arm and ppc64 - Add patch to fix ppc64 build -------------------------------------------------------------------------------- ================================================================================ ocsinventory-2.0.5-8.fc20 (FEDORA-2014-8227) Open Computer and Software Inventory Next Generation -------------------------------------------------------------------------------- Update Information: Upstream XSS security fix for CVE-2014-4722 -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 9 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.0.5-8 - XSS security fix for CVE-2014-4722 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1117205 - CVE-2014-4722 ocsinventory: multiple stored XSS vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=1117205 -------------------------------------------------------------------------------- ================================================================================ perl-IO-Socket-IP-0.30-2.fc20 (FEDORA-2014-8225) Drop-in replacement for IO::Socket::INET supporting both IPv4 and IPv6 -------------------------------------------------------------------------------- Update Information: The 0.30-2 release fixes multihoming, especially with IO::Socket::SSL, really. This release fixes connect to multihomed peer in case IO::Socket::IP is sub-classed. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 9 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 0.30-2 - Fix multihomed SSL (bug #1116600) * Mon Jul 7 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 0.30-1 - 0.30 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1116600 - perl-IO-Socket-IP-0.30 is available https://bugzilla.redhat.com/show_bug.cgi?id=1116600 -------------------------------------------------------------------------------- ================================================================================ perl-Module-Package-Au-2-1.fc20 (FEDORA-2014-8206) Reusable Module::Install bits -------------------------------------------------------------------------------- Update Information: New package: Reusable Module::Install bits -------------------------------------------------------------------------------- References: [ 1 ] Bug #886192 - Review Request: perl-Module-Package-Au - Reusable Module::Install bits https://bugzilla.redhat.com/show_bug.cgi?id=886192 -------------------------------------------------------------------------------- ================================================================================ perl-SOCKS-0.03-1.fc20 (FEDORA-2014-8220) SOCKS Perl module -------------------------------------------------------------------------------- Update Information: Initial release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1115846 - Review Request: perl-SOCKS - SOCKS Perl module https://bugzilla.redhat.com/show_bug.cgi?id=1115846 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Compress-Fast-1.0.3-1.fc20 (FEDORA-2014-8230) Fast Compression Library -------------------------------------------------------------------------------- Update Information: Horde_Compress_Fast 1.0.3 * [mms] Relax overly strict string type checking when compressing/decompressing. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 9 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.0.3-1 - Update to 1.0.3 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Imap-Client-2.23.2-1.fc20 (FEDORA-2014-8214) Horde IMAP abstraction interface -------------------------------------------------------------------------------- Update Information: Horde_Imap_Client 2.23.2 * [mms] Determination of approximate part size should be done at IMAP level, not within Horde_Mime_Part. * [mms] Fix regression in handling invalid DateTime data due to a BC-incompatible change in PHP. Horde_Mime 2.4.3 * [mms] Fix determination of part size when the part contains explicit sizing information. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 9 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.23.2-1 - Update to 2.23.2 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Mime-2.4.3-1.fc20 (FEDORA-2014-8214) Horde MIME Library -------------------------------------------------------------------------------- Update Information: Horde_Imap_Client 2.23.2 * [mms] Determination of approximate part size should be done at IMAP level, not within Horde_Mime_Part. * [mms] Fix regression in handling invalid DateTime data due to a BC-incompatible change in PHP. Horde_Mime 2.4.3 * [mms] Fix determination of part size when the part contains explicit sizing information. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 9 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.4.3-1 - Update to 2.4.3 -------------------------------------------------------------------------------- ================================================================================ python-django-pyscss-1.0.1-2.fc20 (FEDORA-2014-8209) Makes it easier to use PySCSS in Django -------------------------------------------------------------------------------- Update Information: Initial package import -------------------------------------------------------------------------------- References: [ 1 ] Bug #1117281 - Review Request: python-django-pyscss - Makes it easier to use PySCSS in Django https://bugzilla.redhat.com/show_bug.cgi?id=1117281 -------------------------------------------------------------------------------- ================================================================================ python-tox-1.7.1-1.fc20 (FEDORA-2014-8222) Virtualenv-based automation of test activities -------------------------------------------------------------------------------- Update Information: update to 1.7.1 (rhbz#111797) -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 8 2014 Matthias Runge <mrunge@xxxxxxxxxx> - 1.7.1-1 - update to 1.7.1 (rhbz#111797) * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.6.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Tue Sep 24 2013 Matthias Runge <mrunge@xxxxxxxxxx> - 1.6.1-1 - update to 1.6.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #111797 - Bad: 3CSOHO100B-TX network card not recognized https://bugzilla.redhat.com/show_bug.cgi?id=111797 -------------------------------------------------------------------------------- ================================================================================ qpid-proton-0.7-3.fc20 (FEDORA-2014-8226) A high performance, lightweight messaging library -------------------------------------------------------------------------------- Update Information: Removed intra-package comments which cause error messages on package uninstall. -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 8 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.7-3 - Removed intra-package comments which cause error messages on package uninstall. * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rubygem-activerecord-4.0.0-4.fc20 (FEDORA-2014-8065) Implements the ActiveRecord pattern for ORM -------------------------------------------------------------------------------- Update Information: Fix for CVE-2014-3483 rubygem-activerecord: SQL injection vulnerability in 'range' quoting and its regression -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 9 2014 Josef Stribny <jstribny@xxxxxxxxxx> - 1:4.0.0-4 - Fix CVE-2014-3483 regression * Thu Jul 3 2014 Josef Stribny <jstribny@xxxxxxxxxx> - 1:4.0.0-3 - Fix CVE-2014-3483 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1115777 - CVE-2014-3483 rubygem-activerecord: SQL injection vulnerability in 'range' quoting [fedora-20] https://bugzilla.redhat.com/show_bug.cgi?id=1115777 -------------------------------------------------------------------------------- ================================================================================ se-sandbox-runner-1.6.12-1.fc20 (FEDORA-2014-8210) Qt wrapper for SELinux Sandbox -------------------------------------------------------------------------------- Update Information: fixed building a list of included path; fixed setting a working directories & their SELinux labels; -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 8 2014 Fl@sh <kaperang07@xxxxxxxxx> - 1.6.12-1 - version updated; -------------------------------------------------------------------------------- ================================================================================ x11trace-1.3.1-7.fc20 (FEDORA-2014-8228) A program for X11 protocol tracing -------------------------------------------------------------------------------- Update Information: Package renamed from xtrace to avoid name conflict with glibc utility -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
