The following Fedora 20 Security updates need testing: Age URL 72 https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20 52 https://admin.fedoraproject.org/updates/FEDORA-2014-6551/chicken-4.8.0.6-2.fc20 50 https://admin.fedoraproject.org/updates/FEDORA-2014-6615/drupal7-views-3.8-1.fc20 23 https://admin.fedoraproject.org/updates/FEDORA-2014-7523/readline-6.2-10.fc20 21 https://admin.fedoraproject.org/updates/FEDORA-2014-7551/asterisk-11.10.2-2.fc20 21 https://admin.fedoraproject.org/updates/FEDORA-2014-7613/perl-Email-Address-1.905-1.fc20 18 https://admin.fedoraproject.org/updates/FEDORA-2014-7697/dpkg-1.16.15-1.fc20 12 https://admin.fedoraproject.org/updates/FEDORA-2014-7936/python3-3.3.2-16.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2014-8021/docker-io-1.0.0-6.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2014-8099/lz4-r119-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-8189/krb5-1.11.5-8.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-8227/ocsinventory-2.0.5-8.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-8208/libXfont-1.4.8-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-8065/rubygem-activerecord-4.0.0-4.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-7657/couchdb-1.6.0-9.fc20,erlang-ibrowse-4.0.1-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-7896/zarafa-7.1.10-2.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-5497/openstack-keystone-2013.2.3-5.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8308/php-ZendFramework-1.12.7-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8316/polarssl-1.2.11-1.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 11 https://admin.fedoraproject.org/updates/FEDORA-2014-7968/perl-Pod-Usage-1.64-1.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2014-8109/libfm-1.2.1-1.fc20,pcmanfm-1.2.1-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-8305/gdb-7.7.1-17.fc20 The following builds have been pushed to Fedora 20 updates-testing golang-googlecode-net-0-0.15.hg84a4013f96e0.fc20 httrack-3.48.17-1.fc20 lynis-1.5.7-1.fc20 nfs-ganesha-2.1.0-4.fc20 perl-Net-DNS-0.78-1.fc20 php-ZendFramework-1.12.7-1.fc20 polarssl-1.2.11-1.fc20 python-fedmsg-meta-fedora-infrastructure-0.2.15-2.fc20 vit-1.2-1.fc20 wine-1.7.22-1.fc20 wxGTK3-3.0.1-1.fc20 youtube-dl-2014.07.11.3-1.fc20 Details about builds: ================================================================================ golang-googlecode-net-0-0.15.hg84a4013f96e0.fc20 (FEDORA-2014-8320) Supplementary Go networking libraries -------------------------------------------------------------------------------- Update Information: don't fail on ipv6 test bz1056185 revert golang >= 1.2 version requirement -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 11 2014 Vincent Batts <vbatts@xxxxxxxxxxxxxxxxx> - 0-0.15.hg84a4013f96e0 - don't fail on ipv6 test bz1056185 * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0-0.14.hg84a4013f96e0 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri Jan 17 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> 0-0.13.hg84a4013f96e0 - golang exclusivearch for el6+ - add check * Fri Jan 17 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> 0-0.12.hg84a4013f96e0 - revert golang >= 1.2 version requirement * Wed Jan 15 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> 0-0.11.hg84a4013f96e0 - require golang 1.2 and up -------------------------------------------------------------------------------- References: [ 1 ] Bug #1056185 - go test code.google.com/p/go.net/ipv6 test fails https://bugzilla.redhat.com/show_bug.cgi?id=1056185 -------------------------------------------------------------------------------- ================================================================================ httrack-3.48.17-1.fc20 (FEDORA-2014-8318) Website copier and offline browser -------------------------------------------------------------------------------- Update Information: 3.48-17 * Fixed: URL list not working anymore * Fixed: FTBFS on ARM * Fixed: buggy FFFD (replacement character) in place of leading non-ascii character such as Chinese ones * Fixed: FTBFS when compiling with zlib versions < 1.2.70 * Fixed: buggy SVG (Smiling Spectre) * Fixed: do not uncompress .tgz advertised as "streamed" (Smiling Spectre) * Fixed: NULL pointer dereferencing in back_unserialize (htsback.c:976) * Fixed: library development files * Fixed: --advanced-maxlinks broken (Localhost) * Fixed: -devel package should now be standalone * Fixed: assertion failure at htscore.c:244 (len + liensbuf->string_buffer_size < liensbuf->string_buffer_capa) * Fixed: injection-proof templates * Fixed: htshash.c:330 assertion failure ("error invalidating hash entry") * Fixed: Windows 2000 regression (fantozzi.usenet) * Fixed: code cleanup (aliasing issues, const correctness, safe strings) * New: handle --advanced-maxlinks=0 to disable maximum link limits * New: updated ZIP routines (zlib 1.2.8) * Fixed: broken 32-bit version * Fixed: assertion "segOutputSize < segSize assertion fails at htscharset.c:993" * Fixed: new zlib version fixing CVE-2004-0797 and CVE-2005-2096 * Fixed: more reliable crash reporting * Fixed: fixed infamous "hashtable internal error: cuckoo/stash collision" errors * Fixed: safety cleanup in many strings operations * Fixed: buggy option pannels * New: Enforce check against CVE-2014-0160 * New: improved hashtables to speedup large mirrors * New: added unit tests * New: Added %a option, allowing to define the "Accept:" header line. * New: Added %X option, to define additional request header lines. * New: Added option '-%t', preserving the original file type (which may produce non-browseable file locally) * Fixed: remove scope id (% character) in dotted address resolution (especially for catchurl proxy) * Fixed: build fixes, including for Android, non-SSL releases * Fixed: buggy keep-alive handling, leading to waste connections * Fixed: removed chroot and setuid features (this is definitely not our business) * Fixed: removed MMS (Microsoft Media Server) ripping code (mmsrip) (dead protocol, unmaintained code, licensing issues) * Fixed: type mishandling when processing a redirect (such as a .PDF redirecting to another .PDF, with a text/html type tagged in the redirect message) * Fixed: infinite loop when attempting to download a file:/// directory on Unix (gp)<br/> * Fixed: removed background DNS resolution, prone to bugs * Fixed: do not choke on Windows 2000 because of missing SetDllDirectory() * Fixed: %h custom build structure parameter not taken in account -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 11 2014 Christopher Meng <rpm@xxxxxxxx> - 3.48.17-1 - Update to 3.48.17 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1118625 - httrack-3.48.14 is available https://bugzilla.redhat.com/show_bug.cgi?id=1118625 -------------------------------------------------------------------------------- ================================================================================ lynis-1.5.7-1.fc20 (FEDORA-2014-8311) Security and system auditing tool -------------------------------------------------------------------------------- Update Information: 1.5.7 (2014-07-09) New: - Implementation of SafePerms function - Added notification when exceptions are found Changes: - Fix for error_log handling in nginx -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 11 2014 Christopher Meng <rpm@xxxxxxxx> - 1.5.7-1 - Update to 1.5.7 -------------------------------------------------------------------------------- ================================================================================ nfs-ganesha-2.1.0-4.fc20 (FEDORA-2014-8314) Ganesha NFS Server -------------------------------------------------------------------------------- Update Information: keep fsal .so files, implementation now uses them static libuid2grp -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 11 2014 Kaleb S. KEITHLEY <kkeithle at redhat.com> 2.1.0-4 - keep fsal .so files, implementation now uses them * Tue Jul 1 2014 Kaleb S. KEITHLEY <kkeithle at redhat.com> 2.1.0-3 - static libuid2grp * Tue Jul 1 2014 Kaleb S. KEITHLEY <kkeithle at redhat.com> 2.1.0-2 - add libuid2grp.so * Mon Jun 30 2014 Kaleb S. KEITHLEY <kkeithle at redhat.com> 2.1.0-1 - nfs-ganesha-2.1.0 GA * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.0.0-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ perl-Net-DNS-0.78-1.fc20 (FEDORA-2014-8323) DNS resolver modules for Perl -------------------------------------------------------------------------------- Update Information: Updated to 0.78, various bugfixes and multiline TXT rdata printing support -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 12 2014 Paul Wouters <pwouters@xxxxxxxxxx> - 0.78-1 - Updated to 0.78, various bugfixes and multiline TXT rdata printing support * Sat Jun 14 2014 Paul Wouters <pwouters@xxxxxxxxxx> - 0.77-1 - Updated to 0.77, a "quickfix release" fixing AXFR support * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.76-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ php-ZendFramework-1.12.7-1.fc20 (FEDORA-2014-8308) Leading open-source PHP framework -------------------------------------------------------------------------------- Update Information: Update to 1.12.7 fixes CVE-2014-4914 aka. ZF2014-04: Potential SQL injection in the ORDER implementation of Zend_Db_Select -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 12 2014 Felix Kaechele <felix@xxxxxxxxxx> - 1.12.7-1 - update to 1.12.7 - fixes http://framework.zend.com/security/advisory/ZF2014-04 / CVE-2014-4914 * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.12.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1117545 - CVE-2014-4914 Zend FrameWork: ZF2014-04: Potential SQL injection in the ORDER implementation of Zend_Db_Select https://bugzilla.redhat.com/show_bug.cgi?id=1117545 -------------------------------------------------------------------------------- ================================================================================ polarssl-1.2.11-1.fc20 (FEDORA-2014-8316) Light-weight cryptographic and SSL/TLS library -------------------------------------------------------------------------------- Update Information: - Update to 1.2.11 - CVE-2014-4911 (rhbz#1118929, rhbz#1118930) -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 12 2014 Morten Stevens <mstevens@xxxxxxxxxxxxxxx> - 1.2.11-1 - Update to 1.2.11 - CVE-2014-4911 (rhbz#1118929, rhbz#1118930) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1118929 - CVE-2014-4911 PolarSSL: Denial of Service against GCM enabled servers (and clients) https://bugzilla.redhat.com/show_bug.cgi?id=1118929 -------------------------------------------------------------------------------- ================================================================================ python-fedmsg-meta-fedora-infrastructure-0.2.15-2.fc20 (FEDORA-2014-8321) Metadata providers for Fedora Infrastructure's fedmsg deployment -------------------------------------------------------------------------------- Update Information: Fix edge case with github status messages. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 11 2014 Ralph Bean <rbean@xxxxxxxxxx> - 0.2.15-2 - Patch to handle github edge case. * Thu Jul 10 2014 Ralph Bean <rbean@xxxxxxxxxx> - 0.2.15-1 - New kerneltest processor - Fixes to pkgdb, coprs, elections, github, and releng. -------------------------------------------------------------------------------- ================================================================================ vit-1.2-1.fc20 (FEDORA-2014-8319) A minimalist Taskwarrior full-screen terminal interface with Vim key bindings -------------------------------------------------------------------------------- Update Information: * New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1112072 - Review Request: vit - A minimalist Taskwarrior full-screen terminal interface with Vim key bindings https://bugzilla.redhat.com/show_bug.cgi?id=1112072 -------------------------------------------------------------------------------- ================================================================================ wine-1.7.22-1.fc20 (FEDORA-2014-8312) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information: * Support for Unicode bracketing pairs. * Improved Internet cookie support. * OS X CoreAudio driver uses AUHAL instead of AudioQueue. * Initial support for geographical information. * Support for critical sections in the C runtime. * Unicode data updated to Unicode 7.0. * Support for interlaced PNG encoding. * Initial stub for the Packager library. * Various bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 11 2014 Michael Cronenworth <mike@xxxxxxxxxx> - 1.7.22-1 - version upgrade * Wed Jul 9 2014 Michael Cronenworth <mike@xxxxxxxxxx> - 1.7.21-2 - Fixes for EPEL7 (rhbz#1117422) * Tue Jul 1 2014 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 1.7.21-1 - version upgrade -------------------------------------------------------------------------------- References: [ 1 ] Bug #1114366 - wine-1.7.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1114366 -------------------------------------------------------------------------------- ================================================================================ wxGTK3-3.0.1-1.fc20 (FEDORA-2014-8306) GTK port of the wxWidgets GUI library -------------------------------------------------------------------------------- Update Information: Bump to 3.0.1 RH#1111903 -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 5 2014 Jeremy Newton <alexjnewt@xxxxxxxxxxx> - 3.0.1-1 - Bump to 3.0.1 RH#1076617 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1111903 - wxGTK3-3.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1111903 -------------------------------------------------------------------------------- ================================================================================ youtube-dl-2014.07.11.3-1.fc20 (FEDORA-2014-8324) A small command-line program to download online videos -------------------------------------------------------------------------------- Update Information: Update to 2014.07.11.3 -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 12 2014 Christopher Meng <rpm@xxxxxxxx> - 2014.07.11.3-1 - Update to 2014.07.11.3 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
