Fedora 20 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 20 Security updates need testing:
 Age  URL
  69  https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20
  49  https://admin.fedoraproject.org/updates/FEDORA-2014-6551/chicken-4.8.0.6-2.fc20
  47  https://admin.fedoraproject.org/updates/FEDORA-2014-6615/drupal7-views-3.8-1.fc20
  21  https://admin.fedoraproject.org/updates/FEDORA-2014-5497/openstack-keystone-2013.2.3-4.fc20
  20  https://admin.fedoraproject.org/updates/FEDORA-2014-7523/readline-6.2-10.fc20
  18  https://admin.fedoraproject.org/updates/FEDORA-2014-7551/asterisk-11.10.2-2.fc20
  18  https://admin.fedoraproject.org/updates/FEDORA-2014-7577/claws-mail-3.10.1-1.fc20,claws-mail-plugins-3.10.1-1.fc20
  18  https://admin.fedoraproject.org/updates/FEDORA-2014-7613/perl-Email-Address-1.905-1.fc20
  15  https://admin.fedoraproject.org/updates/FEDORA-2014-7697/dpkg-1.16.15-1.fc20
   9  https://admin.fedoraproject.org/updates/FEDORA-2014-7896/zarafa-7.1.10-1.fc20
   9  https://admin.fedoraproject.org/updates/FEDORA-2014-7936/python3-3.3.2-16.fc20
   8  https://admin.fedoraproject.org/updates/FEDORA-2014-7954/openstack-nova-2013.2.3-2.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-8032/ansible-1.6.6-1.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-8021/docker-io-1.0.0-6.fc20
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-7657/couchdb-1.6.0-6.fc20,erlang-ibrowse-4.0.1-1.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-8098/pnp4nagios-0.6.22-2.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-8099/lz4-r119-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-8189/krb5-1.11.5-8.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-8227/ocsinventory-2.0.5-8.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-8208/libXfont-1.4.8-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-8065/rubygem-activerecord-4.0.0-4.fc20


The following Fedora 20 Critical Path updates have yet to be approved:
 Age URL
  12  https://admin.fedoraproject.org/updates/FEDORA-2014-7789/libndp-1.3-1.fc20
  10  https://admin.fedoraproject.org/updates/FEDORA-2014-7857/python-mako-1.0.0-1.fc20
  10  https://admin.fedoraproject.org/updates/FEDORA-2014-7868/gnome-shell-3.10.4-6.fc20
   8  https://admin.fedoraproject.org/updates/FEDORA-2014-7968/perl-Pod-Usage-1.64-1.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-8109/libfm-1.2.1-1.fc20,pcmanfm-1.2.1-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-8208/libXfont-1.4.8-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-8185/fontconfig-2.11.0-2.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-8189/krb5-1.11.5-8.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-8186/xorg-x11-drv-qxl-0.1.1-4.fc20


The following builds have been pushed to Fedora 20 updates-testing

    alglib-3.8.2-5.fc20
    conky-1.9.0-8.20140617gitab826d.fc20
    freight-0.3.5-4.fc20
    hornetq-2.4.1-3.fc20
    libXfont-1.4.8-1.fc20
    lmiwbem-0.2.0-6.fc20
    nx-libs-3.5.0.27-1.fc20
    ocsinventory-2.0.5-8.fc20
    perl-IO-Socket-IP-0.30-2.fc20
    perl-Module-Package-Au-2-1.fc20
    perl-SOCKS-0.03-1.fc20
    php-horde-Horde-Compress-Fast-1.0.3-1.fc20
    php-horde-Horde-Imap-Client-2.23.2-1.fc20
    php-horde-Horde-Mime-2.4.3-1.fc20
    python-django-pyscss-1.0.1-2.fc20
    python-tox-1.7.1-1.fc20
    qpid-proton-0.7-3.fc20
    rubygem-activerecord-4.0.0-4.fc20
    se-sandbox-runner-1.6.12-1.fc20
    x11trace-1.3.1-7.fc20

Details about builds:


================================================================================
 alglib-3.8.2-5.fc20 (FEDORA-2014-8219)
 A numerical analysis and data processing library
--------------------------------------------------------------------------------
Update Information:

Disable builds for non x86 and non arm architectures, since upstream does not support them.
Initial package.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1109490 - Review Request: alglib - A numerical analysis and data processing library
        https://bugzilla.redhat.com/show_bug.cgi?id=1109490
--------------------------------------------------------------------------------


================================================================================
 conky-1.9.0-8.20140617gitab826d.fc20 (FEDORA-2014-8212)
 A system monitor for X
--------------------------------------------------------------------------------
Update Information:

This update fixes crash with lua scripts.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul  9 2014 Miroslav Lichvar <mlichvar@xxxxxxxxxx> - 1.9.0-8.20140617gitab826d.fc20
- build with lua-5.1 (#1117120)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1117120 - [abrt] conky: luaH_getstr(): conky killed by SIGSEGV
        https://bugzilla.redhat.com/show_bug.cgi?id=1117120
--------------------------------------------------------------------------------


================================================================================
 freight-0.3.5-4.fc20 (FEDORA-2014-8217)
 A modern take on the Debian archive
--------------------------------------------------------------------------------
Update Information:

New package for easy management of Debian archives
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1115049 - Review Request: freight - A modern take on the Debian archive
        https://bugzilla.redhat.com/show_bug.cgi?id=1115049
--------------------------------------------------------------------------------


================================================================================
 hornetq-2.4.1-3.fc20 (FEDORA-2014-8231)
 High performance messaging system
--------------------------------------------------------------------------------
Update Information:

Adds missing jars that are required by WildFly.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.4.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri Mar 28 2014 Michael Simacek <msimacek@xxxxxxxxxx> - 2.4.1-2
- Use Requires: java-headless rebuild (#1067528)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1116959 - Wildfly do not install in Fedora 20 PPC64
        https://bugzilla.redhat.com/show_bug.cgi?id=1116959
--------------------------------------------------------------------------------


================================================================================
 libXfont-1.4.8-1.fc20 (FEDORA-2014-8208)
 X.Org X11 libXfont runtime library
--------------------------------------------------------------------------------
Update Information:

- libXfont 1.4.8 (rhbz#1100441)
- Fixes: CVE-2014-0209, CVE-2014-0210, CVE-2014-0211 (rhbz#1097397)

--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul  9 2014 Hans de Goede <hdegoede@xxxxxxxxxx> - 1.4.8-1
- libXfont 1.4.8 (rhbz#1100441)
- Fixes: CVE-2014-0209, CVE-2014-0210, CVE-2014-0211 (rhbz#1097397)
* Mon Jun  9 2014 Adam Jackson <ajax@xxxxxxxxxx> 1.4.7-2
- Fix FTBFS against new fontproto
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1096593 - CVE-2014-0209 libXfont: integer overflow of allocations in font metadata file parsing
        https://bugzilla.redhat.com/show_bug.cgi?id=1096593
  [ 2 ] Bug #1096597 - CVE-2014-0210 libXfont: unvalidated length fields when parsing xfs protocol replies
        https://bugzilla.redhat.com/show_bug.cgi?id=1096597
  [ 3 ] Bug #1096601 - CVE-2014-0211 libXfont: integer overflows calculating memory needs for xfs replies
        https://bugzilla.redhat.com/show_bug.cgi?id=1096601
--------------------------------------------------------------------------------


================================================================================
 lmiwbem-0.2.0-6.fc20 (FEDORA-2014-8216)
 Python WBEM Client
--------------------------------------------------------------------------------
Update Information:

fix deadlocks related to Python's GIL
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul  9 2014 Peter Hatina <phatina@xxxxxxxxxx> - 0.2.0-6
- fix deadlocks related to Python's GIL
--------------------------------------------------------------------------------


================================================================================
 nx-libs-3.5.0.27-1.fc20 (FEDORA-2014-8215)
 NX X11 protocol compression libraries
--------------------------------------------------------------------------------
Update Information:

Update to 3.5.0.27:

- Add kernel socket namespace support. Fixes failing nxproxy/nxagent execution on systems where pam_namespace.so is in use.
- Fix xkeyboard-2.6 incompatibility issues. (Maybe not all of them, so please report back...).
- Fix PPC64 support. (Thanks to Mihai Moldovan for digging into this!!!)
- New option: -state <statefile>. More accurately detect the current session state via an external status file. This is part of the bugfix for X2Go BTS issue #302.
- Allow clipboard={none,client,server,both} as NX option.
- Plus some minor issues

--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul  7 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.5.0.27-1
- Update to 3.5.0.27
- Drop aarch64 patch applied upstream
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.5.0.24-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May  7 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.5.0.24-2
- Add patch for aarch64 support attempt
* Wed May  7 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.5.0.24-1
- Update to 3.5.0.24
- Drop format patch applied upstream
* Tue May  6 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.5.0.23-1
- Update to 3.5.0.23
- Drop ppc64 and imake patches applied upstream
* Fri Jan 24 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.5.0.22-3
- Add patch to fix imake build
- Add patch to fix -Werror=format-security build
* Fri Jan 24 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.5.0.22-2
- Set compile flags properly on arm and ppc64
- Add patch to fix ppc64 build
--------------------------------------------------------------------------------


================================================================================
 ocsinventory-2.0.5-8.fc20 (FEDORA-2014-8227)
 Open Computer and Software Inventory Next Generation
--------------------------------------------------------------------------------
Update Information:

Upstream XSS security fix for CVE-2014-4722
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul  9 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.0.5-8
- XSS security fix for CVE-2014-4722
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1117205 - CVE-2014-4722 ocsinventory: multiple stored XSS vulnerabilities
        https://bugzilla.redhat.com/show_bug.cgi?id=1117205
--------------------------------------------------------------------------------


================================================================================
 perl-IO-Socket-IP-0.30-2.fc20 (FEDORA-2014-8225)
 Drop-in replacement for IO::Socket::INET supporting both IPv4 and IPv6
--------------------------------------------------------------------------------
Update Information:

The 0.30-2 release fixes multihoming, especially with IO::Socket::SSL, really.
This release fixes connect to multihomed peer in case IO::Socket::IP is sub-classed.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul  9 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 0.30-2
- Fix multihomed SSL (bug #1116600)
* Mon Jul  7 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 0.30-1
- 0.30 bump
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1116600 - perl-IO-Socket-IP-0.30 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1116600
--------------------------------------------------------------------------------


================================================================================
 perl-Module-Package-Au-2-1.fc20 (FEDORA-2014-8206)
 Reusable Module::Install bits
--------------------------------------------------------------------------------
Update Information:

New package: Reusable Module::Install bits
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #886192 - Review Request: perl-Module-Package-Au - Reusable Module::Install bits
        https://bugzilla.redhat.com/show_bug.cgi?id=886192
--------------------------------------------------------------------------------


================================================================================
 perl-SOCKS-0.03-1.fc20 (FEDORA-2014-8220)
 SOCKS Perl module
--------------------------------------------------------------------------------
Update Information:

Initial release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1115846 - Review Request: perl-SOCKS - SOCKS Perl module
        https://bugzilla.redhat.com/show_bug.cgi?id=1115846
--------------------------------------------------------------------------------


================================================================================
 php-horde-Horde-Compress-Fast-1.0.3-1.fc20 (FEDORA-2014-8230)
 Fast Compression Library
--------------------------------------------------------------------------------
Update Information:

Horde_Compress_Fast 1.0.3
* [mms] Relax overly strict string type checking when compressing/decompressing.

--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul  9 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.0.3-1
- Update to 1.0.3
--------------------------------------------------------------------------------


================================================================================
 php-horde-Horde-Imap-Client-2.23.2-1.fc20 (FEDORA-2014-8214)
 Horde IMAP abstraction interface
--------------------------------------------------------------------------------
Update Information:

Horde_Imap_Client 2.23.2
* [mms] Determination of approximate part size should be done at IMAP level, not within Horde_Mime_Part.
* [mms] Fix regression in handling invalid DateTime data due to a BC-incompatible change in PHP.

Horde_Mime 2.4.3
* [mms] Fix determination of part size when the part contains explicit sizing information.

--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul  9 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.23.2-1
- Update to 2.23.2
--------------------------------------------------------------------------------


================================================================================
 php-horde-Horde-Mime-2.4.3-1.fc20 (FEDORA-2014-8214)
 Horde MIME Library
--------------------------------------------------------------------------------
Update Information:

Horde_Imap_Client 2.23.2
* [mms] Determination of approximate part size should be done at IMAP level, not within Horde_Mime_Part.
* [mms] Fix regression in handling invalid DateTime data due to a BC-incompatible change in PHP.

Horde_Mime 2.4.3
* [mms] Fix determination of part size when the part contains explicit sizing information.

--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul  9 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.4.3-1
- Update to 2.4.3
--------------------------------------------------------------------------------


================================================================================
 python-django-pyscss-1.0.1-2.fc20 (FEDORA-2014-8209)
 Makes it easier to use PySCSS in Django
--------------------------------------------------------------------------------
Update Information:

Initial package import
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1117281 - Review Request: python-django-pyscss - Makes it easier to use PySCSS in Django
        https://bugzilla.redhat.com/show_bug.cgi?id=1117281
--------------------------------------------------------------------------------


================================================================================
 python-tox-1.7.1-1.fc20 (FEDORA-2014-8222)
 Virtualenv-based automation of test activities
--------------------------------------------------------------------------------
Update Information:

update to 1.7.1 (rhbz#111797)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul  8 2014 Matthias Runge <mrunge@xxxxxxxxxx> - 1.7.1-1
- update to 1.7.1 (rhbz#111797)
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.6.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue Sep 24 2013 Matthias Runge <mrunge@xxxxxxxxxx> - 1.6.1-1
- update to 1.6.1
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #111797 - Bad: 3CSOHO100B-TX network card not recognized
        https://bugzilla.redhat.com/show_bug.cgi?id=111797
--------------------------------------------------------------------------------


================================================================================
 qpid-proton-0.7-3.fc20 (FEDORA-2014-8226)
 A high performance, lightweight messaging library
--------------------------------------------------------------------------------
Update Information:

Removed intra-package comments which cause error messages on package uninstall.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul  8 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.7-3
- Removed intra-package comments which cause error messages on package uninstall.
* Sun Jun  8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 rubygem-activerecord-4.0.0-4.fc20 (FEDORA-2014-8065)
 Implements the ActiveRecord pattern for ORM
--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2014-3483 rubygem-activerecord: SQL injection vulnerability in 'range' quoting and its regression
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul  9 2014 Josef Stribny <jstribny@xxxxxxxxxx> - 1:4.0.0-4
- Fix CVE-2014-3483 regression
* Thu Jul  3 2014 Josef Stribny <jstribny@xxxxxxxxxx> - 1:4.0.0-3
- Fix CVE-2014-3483
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1115777 - CVE-2014-3483 rubygem-activerecord: SQL injection vulnerability in 'range' quoting [fedora-20]
        https://bugzilla.redhat.com/show_bug.cgi?id=1115777
--------------------------------------------------------------------------------


================================================================================
 se-sandbox-runner-1.6.12-1.fc20 (FEDORA-2014-8210)
 Qt wrapper for SELinux Sandbox
--------------------------------------------------------------------------------
Update Information:

fixed building a list of included path;
fixed setting a working directories
& their SELinux labels;
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul  8 2014 Fl@sh <kaperang07@xxxxxxxxx> - 1.6.12-1
- version updated;
--------------------------------------------------------------------------------


================================================================================
 x11trace-1.3.1-7.fc20 (FEDORA-2014-8228)
 A program for X11 protocol tracing
--------------------------------------------------------------------------------
Update Information:

Package renamed from xtrace to avoid name conflict with glibc utility
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test





[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux