Fedora 20 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 20 Security updates need testing:
 Age  URL
 134  https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20
  84  https://admin.fedoraproject.org/updates/FEDORA-2014-7551/asterisk-11.10.2-2.fc20
  83  https://admin.fedoraproject.org/updates/FEDORA-2014-7613/perl-Email-Address-1.905-1.fc20
  35  https://admin.fedoraproject.org/updates/FEDORA-2014-9281/drupal6-6.33-1.fc20
  28  https://admin.fedoraproject.org/updates/FEDORA-2014-9474/pipelight-0.2.7.3-3.fc20
  22  https://admin.fedoraproject.org/updates/FEDORA-2014-9641/polkit-qt-0.112.0-1.fc20
  22  https://admin.fedoraproject.org/updates/FEDORA-2014-9621/ca-certificates-2014.2.1-1.0.fc20
  21  https://admin.fedoraproject.org/updates/FEDORA-2014-9706/rubygem-activerecord-4.0.0-5.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-10451/geary-0.6.3-1.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-10458/torque-3.0.4-5.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-10479/knot-1.5.2-1.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-10322/apache-poi-3.10.1-1.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-10371/openstack-glance-2013.2.3-5.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-10468/icecream-1.0.1-8.20140822git.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-10497/haproxy-1.5.4-1.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-10626/xerces-j2-2.11.0-17.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-10632/pdns-recursor-3.6.1-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-10729/not-yet-commons-ssl-0.3.15-2.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-10732/libreoffice-4.2.6.3-3.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-10789/mod_gnutls-0.5.10-13.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-10802/moodle-2.5.8-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-10790/squid-3.3.13-2.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-10786/python-oauth2-1.5.211-7.fc20


The following Fedora 20 Critical Path updates have yet to be approved:
 Age URL
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-10421/libbluray-0.6.2-1.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-10410/orc-0.4.22-2.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-10571/usbmuxd-1.0.9-0.6.c24463e.fc20,libusbmuxd-1.0.9-4.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-10585/p11-kit-0.20.6-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-10783/gcc-4.8.3-7.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-10801/evolution-3.10.4-4.fc20


The following builds have been pushed to Fedora 20 updates-testing

    amanda-3.3.6-1.fc20
    evolution-3.10.4-4.fc20
    gcc-4.8.3-7.fc20
    ikiwiki-3.20140831-1.fc20
    java-1.7.0-openjdk-1.7.0.65-2.5.2.5.fc20
    mod_gnutls-0.5.10-13.fc20
    moodle-2.5.8-1.fc20
    orthanc-0.8.3-1.fc20
    pyp2rpm-1.1.1-1.fc20
    python-ldaptor-0.0.44-6.20140909gitc30f30d9.fc20
    python-oauth2-1.5.211-7.fc20
    squid-3.3.13-2.fc20
    ssdeep-2.11-1.fc20
    xorg-x11-xinit-1.3.4-1.fc20
    xscreensaver-5.30-1.fc20

Details about builds:


================================================================================
 amanda-3.3.6-1.fc20 (FEDORA-2014-10800)
 A network-capable tape backup solution
--------------------------------------------------------------------------------
Update Information:

New upstream version (#1136889)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep 12 2014 Petr Hracek <phracek@xxxxxxxxxx> - 3.3.6-1
- New upstream version (#1136889)
- Remove patch amanda-3.3.1-stdio
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1136889 - Includefile directive in disklist bug
        https://bugzilla.redhat.com/show_bug.cgi?id=1136889
--------------------------------------------------------------------------------


================================================================================
 evolution-3.10.4-4.fc20 (FEDORA-2014-10801)
 Mail and calendar client for GNOME
--------------------------------------------------------------------------------
Update Information:

Add a backport of an upstream patch for this bug report.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep 12 2014 Milan Crha <mcrha@xxxxxxxxxx> - 3.10.4-4
- Add patch for RH bug #1089966 (Large text attachment locks up Evolution)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1089966 - rtf attachment locks up evolution 3.10.4-2.fc20
        https://bugzilla.redhat.com/show_bug.cgi?id=1089966
--------------------------------------------------------------------------------


================================================================================
 gcc-4.8.3-7.fc20 (FEDORA-2014-10783)
 Various compilers (C, C++, Objective-C, Java, ...)
--------------------------------------------------------------------------------
Update Information:

This update should fix bugs that could cause miscompilation of the Linux kernel with -g, among many other fixed bugs.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 11 2014 Jakub Jelinek <jakub@xxxxxxxxxx> 4.8.3-7
- update from the 4.8 branch
  - fix ppc32 libgo.so.4 to avoid RWE PT_GNU_STACK
* Wed Sep 10 2014 Jakub Jelinek <jakub@xxxxxxxxxx> 4.8.3-6
- update from the 4.8 branch (#1140019)
  - PRs c++/58714, c++/59823, c++/59956, c++/60241, c++/60361, c++/61959,
	c/61271, debug/55794, debug/60655, debug/61923, fortran/61999,
	fortran/62214, fortran/62270, ipa/61986, ipa/62015, libgfortran/62188,
	libstdc++/58962, libstdc++/61946, middle-end/61010, middle-end/61045,
	middle-end/62103, rtl-optimization/62004, rtl-optimization/62030,
	target/61996, target/62038, target/62195, testsuite/56194,
	tree-optimization/60196, tree-optimization/60707,
	tree-optimization/61452, tree-optimization/62073,
	tree-optimization/62075, tree-optimization/63189
* Thu Aug 21 2014 Richard Henderson <rth@xxxxxxxxxx> 4.8.3-5
- backport aarch64 unwind info improvements (#1132636)
* Fri Aug  1 2014 Jakub Jelinek <jakub@xxxxxxxxxx> 4.8.3-4
- update from the 4.8 branch
  - PRs fortran/61780, libobjc/61920, target/47230, tree-optimization/61375,
	tree-optimization/61964
  - fix libgfortran overflows on allocation (CVE-2014-5044)
- backport ibm-ldouble performance improvements (#1090620)
* Wed Jul 30 2014 Jakub Jelinek <jakub@xxxxxxxxxx> 4.8.3-3
- on ppc64le use -mtune=power8 by default (#1123484)
* Thu Jul 17 2014 Jakub Jelinek <jakub@xxxxxxxxxx> 4.8.3-2
- update from the 4.8 branch
  - PRs c++/61500, c++/61539, c++/61647, fortran/58883, fortran/61459,
	middle-end/53590, rtl-optimization/61801, target/61542, target/61586,
	tree-optimization/61306, tree-optimization/61684
- for rhel 7.1 keep the old 4.8.2 pathnames and use 4.8.3 symlinks
- merge in aarch64 support (#1070290)
- small improvements on s390x for z196 and later (#1088542)
- make sure OpenMP outlined artificial functions have DW_AT_name (#844959)
--------------------------------------------------------------------------------


================================================================================
 ikiwiki-3.20140831-1.fc20 (FEDORA-2014-10795)
 A wiki compiler
--------------------------------------------------------------------------------
Update Information:

Update to the latest stable version.

ikiwiki 3.20140831 released with these changes:
* Make --no-gettime work in initial build. Closes: http://bugs.debian.org/755075


--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep  5 2014 Thomas Moschny <thomas.moschny@xxxxxx> - 3.20140831-1
- Update to 3.20140831.
* Fri Aug 29 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 3.20140815-2
- Perl 5.20 rebuild
--------------------------------------------------------------------------------


================================================================================
 java-1.7.0-openjdk-1.7.0.65-2.5.2.5.fc20 (FEDORA-2014-10797)
 OpenJDK Runtime Environment
--------------------------------------------------------------------------------
Update Information:

Fixed headless support
Update to  release of IcedTea 2.5.2, “Back in the Groovy”

http://blog.fuseyism.com/index.php/2014/09/02/icedtea-2-5-2-released-back-in-the-groovy/


    Backports
        S8049480: Current versions of Java can’t verify jars signed and timestamped with Java 9
        S8051012, LP1360392: Regression in verifier for <init> method call from inside of a branch
    Bug fixes
        PR1903: [REGRESSION] Bug reports now lack IcedTea version & distribution packaging information
        PR1948: Only try and symlink debuginfo if STRIP_POLICY is other than no_strip
        PR1948: Fix indenting
        PR1966: Move to new OpenJDK bug URL format
        RH1015432: java-1.7.0-openjdk: Fails on PPC with StackOverflowError (revised fix for PPC32)
    PPC & AIX port
        Adapt AIX port to 5049299: (process) Use posix_spawn, not fork, on S10 to avoid swap exhaustion
        Adapt aix to 8022507
        Fix aix after 8022507: SIGSEGV at ParMarkBitMap::verify_clear()
        S8050942: PPC64: implement template interpreter for ppc64le
        S8050972: Concurrency problem in PcDesc cache

--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 11 2014 Jiri Vanek  <jvanek@xxxxxxxxxx> - 1.7.0.65-2.5.2.5
- fixed headless to become headless again
 - jre/lib/archinstall/libjavagtk.so
 - jre/bin/policytool
 - jre-abrt/lib/archinstall/libjavagtk.so
 - all three added to not headless exclude list
* Tue Sep  2 2014 Jiri Vanek  <jvanek@xxxxxxxxxx> - 1.7.0.65-2.5.2
- updated to icedtea7-forest 2.5.2
- removed patch404 gtk3ToBeReverted.patch
- removed patch405 pr1864_smartcardIO.patch
* Tue Jul 22 2014 Jiri Vanek  <jvanek@xxxxxxxxxx> - 1.7.0.65-2.5.1.4
- excluded libmawt.so from autorequires/autoprovides
- see https://bugzilla.redhat.com/show_bug.cgi?id=1111349
--------------------------------------------------------------------------------


================================================================================
 mod_gnutls-0.5.10-13.fc20 (FEDORA-2014-10789)
 GnuTLS module for the Apache HTTP server
--------------------------------------------------------------------------------
Update Information:

config change to use system policy (rhbz#1109115)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep 12 2014 Jiri Kastner <jkastner@xxxxxxxxxx> - 0.5.10-13
- config change to use system policy (rhbz#1109115)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.10-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.10-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu Jan 23 2014 Joe Orton <jorton@xxxxxxxxxx> - 0.5.10-10
- fix _httpd_mmn expansion in absence of httpd-devel
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1109115 - Use the system crypto policy unless otherwise specified
        https://bugzilla.redhat.com/show_bug.cgi?id=1109115
--------------------------------------------------------------------------------


================================================================================
 moodle-2.5.8-1.fc20 (FEDORA-2014-10802)
 A Course Management System
--------------------------------------------------------------------------------
Update Information:

Update to current releases to address security issues.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep 12 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 2.5.8-1
- 2.5.8, fix for security issues.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1139991 - moodle: security issues fixed in versions 2.7.2, 2.6.5, and 2.5.8 [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1139991
  [ 2 ] Bug #1139990 - moodle: security issues fixed in versions 2.7.2, 2.6.5, and 2.5.8 [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1139990
--------------------------------------------------------------------------------


================================================================================
 orthanc-0.8.3-1.fc20 (FEDORA-2014-10791)
 RESTful DICOM server for healthcare and medical research
--------------------------------------------------------------------------------
Update Information:

New upstream version
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep 12 2014 Sebastien Jodogne <s.jodogne@xxxxxxxxx> 0.8.3-1
- New upstream version
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.8.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 pyp2rpm-1.1.1-1.fc20 (FEDORA-2014-10796)
 Convert Python packages to RPM SPECFILES
--------------------------------------------------------------------------------
Update Information:

Update to v 1.1.1
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep 12 2014 Robert Kuska <rkuska@xxxxxxxxxx> - 1.1.1-1
- Update to 1.1.1
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1.0b-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue May 13 2014 Bohuslav Kabrda <bkabrda@xxxxxxxxxx> - 1.1.0b-2
- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4
--------------------------------------------------------------------------------


================================================================================
 python-ldaptor-0.0.44-6.20140909gitc30f30d9.fc20 (FEDORA-2014-10782)
 Python LDAP client library
--------------------------------------------------------------------------------
Update Information:

Use twisted fork + various bug fixes
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep 12 2014 Haïkel Guémar <hguemar@xxxxxxxxxxxxxxxxx> - 0.0.44-6.20140909gitc30f30d9
- Use twisted fork + various bug fixes
--------------------------------------------------------------------------------


================================================================================
 python-oauth2-1.5.211-7.fc20 (FEDORA-2014-10786)
 Python support for improved oauth
--------------------------------------------------------------------------------
Update Information:

Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep 12 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.5.211-7
- Fix CVE-2013-4346 and CVE-2013-4347 (thanks to Philippe Makowski)
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.5.211-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1007746 - CVE-2013-4346 python-oauth2: _check_signature() ignores the nonce value when validating signed urls
        https://bugzilla.redhat.com/show_bug.cgi?id=1007746
  [ 2 ] Bug #1007758 - CVE-2013-4347 python-oauth2: Uses poor PRNG in nonce
        https://bugzilla.redhat.com/show_bug.cgi?id=1007758
--------------------------------------------------------------------------------


================================================================================
 squid-3.3.13-2.fc20 (FEDORA-2014-10790)
 The Squid proxy caching server
--------------------------------------------------------------------------------
Update Information:

This updated fixes CVE-2014-6270.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 11 2014 Michal Luscon <mluscon@xxxxxxxxxx> - 7:3.3.13-2
- Fixed: CVE-2014-6270
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1139967 - CVE-2014-6270 squid: off-by-one error in snmpHandleUdp() leading to a bss-based buffer overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=1139967
--------------------------------------------------------------------------------


================================================================================
 ssdeep-2.11-1.fc20 (FEDORA-2014-10803)
 Compute context triggered piecewise hashes
--------------------------------------------------------------------------------
Update Information:

Version 2.11 - 11 Sep 2014

New Features
* Added fuzzy_clone function to the API.

Bug Fixes
* Fixed edge case on signature generaion. Behavior now matches v2.9 again.

--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep 12 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.11-1
- update to 2.11
--------------------------------------------------------------------------------


================================================================================
 xorg-x11-xinit-1.3.4-1.fc20 (FEDORA-2014-10799)
 X.Org X11 X Window System xinit startup scripts
--------------------------------------------------------------------------------
Update Information:

- New upstream release 1.3.4
- Resolves #806491 #990213 #1006029
- Remove stale ck-xinit-session references from xinitrc-common (#910969)
- Make startx pass "-nolisten tcp" by default, use -listen as server option to disable this (#1111684)
- Teach Xclients script about lxde (#488602)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 11 2014 Hans de Goede <hdegoede@xxxxxxxxxx> - 1.3.4-1
- New upstream release 1.3.4
- Resolves #806491 #990213 #1006029
- Remove stale ck-xinit-session references from xinitrc-common (#910969)
- Make startx pass "-nolisten tcp" by default, use -listen as server
  option to disable this (#1111684)
- Teach Xclients script about lxde (#488602)
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.2-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun  8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.2-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue Mar 25 2014 Hans de Goede <hdegoede@xxxxxxxxxx> - 1.3.2-11
- Fix startx ignoring a server or display passed on the cmdline (#960955)
- Drop Fedora custom patch to unset XDG_SESSION_COOKIE, this was only for CK
* Thu Jan 23 2014 Dave Airlie <airlied@xxxxxxxxxx> 1.3.2-10
- fix for ppc64le enable (#1056742)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #806491 - systemd-logind not tracking startx sessions
        https://bugzilla.redhat.com/show_bug.cgi?id=806491
  [ 2 ] Bug #990213 - startx contains empty line before the #! line
        https://bugzilla.redhat.com/show_bug.cgi?id=990213
  [ 3 ] Bug #1006029 - xorg-x11-xinit-1.3.3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1006029
  [ 4 ] Bug #910969 - Please remove any reference to ConsoleKit from X11/xinit/xinitrc-common
        https://bugzilla.redhat.com/show_bug.cgi?id=910969
  [ 5 ] Bug #1111684 - startx doesn't add -nolisten tcp by default
        https://bugzilla.redhat.com/show_bug.cgi?id=1111684
  [ 6 ] Bug #488602 - RfE: Support for LXDE in the Xclients script
        https://bugzilla.redhat.com/show_bug.cgi?id=488602
--------------------------------------------------------------------------------


================================================================================
 xscreensaver-5.30-1.fc20 (FEDORA-2014-10785)
 X screen saver and locker
--------------------------------------------------------------------------------
Update Information:

New version 5.30 is released.


Some array index oversize fixes detected by gcc49 sanitizer
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep 12 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1:5.30-1
- Update to 5.30
* Sat Sep  6 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1:5.29-3
- Remove GtkDialog:has-separator usage to suppress warning for
  xscreensaver-demo on Fedora 21 and above
* Thu Sep  4 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1:5.29-2
- gcc49 sanitizer array elements oversize fixes
- Make parallel build actually work
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1:5.29-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test





[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux