The following Fedora 20 Security updates need testing: Age URL 134 https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20 84 https://admin.fedoraproject.org/updates/FEDORA-2014-7551/asterisk-11.10.2-2.fc20 83 https://admin.fedoraproject.org/updates/FEDORA-2014-7613/perl-Email-Address-1.905-1.fc20 35 https://admin.fedoraproject.org/updates/FEDORA-2014-9281/drupal6-6.33-1.fc20 28 https://admin.fedoraproject.org/updates/FEDORA-2014-9474/pipelight-0.2.7.3-3.fc20 22 https://admin.fedoraproject.org/updates/FEDORA-2014-9641/polkit-qt-0.112.0-1.fc20 22 https://admin.fedoraproject.org/updates/FEDORA-2014-9621/ca-certificates-2014.2.1-1.0.fc20 21 https://admin.fedoraproject.org/updates/FEDORA-2014-9706/rubygem-activerecord-4.0.0-5.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-10451/geary-0.6.3-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-10458/torque-3.0.4-5.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-10479/knot-1.5.2-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-10322/apache-poi-3.10.1-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-10371/openstack-glance-2013.2.3-5.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-10468/icecream-1.0.1-8.20140822git.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-10497/haproxy-1.5.4-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-10626/xerces-j2-2.11.0-17.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-10632/pdns-recursor-3.6.1-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-10729/not-yet-commons-ssl-0.3.15-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-10732/libreoffice-4.2.6.3-3.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-10789/mod_gnutls-0.5.10-13.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-10802/moodle-2.5.8-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-10790/squid-3.3.13-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-10786/python-oauth2-1.5.211-7.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 3 https://admin.fedoraproject.org/updates/FEDORA-2014-10421/libbluray-0.6.2-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-10410/orc-0.4.22-2.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-10571/usbmuxd-1.0.9-0.6.c24463e.fc20,libusbmuxd-1.0.9-4.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-10585/p11-kit-0.20.6-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-10783/gcc-4.8.3-7.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-10801/evolution-3.10.4-4.fc20 The following builds have been pushed to Fedora 20 updates-testing amanda-3.3.6-1.fc20 evolution-3.10.4-4.fc20 gcc-4.8.3-7.fc20 ikiwiki-3.20140831-1.fc20 java-1.7.0-openjdk-1.7.0.65-2.5.2.5.fc20 mod_gnutls-0.5.10-13.fc20 moodle-2.5.8-1.fc20 orthanc-0.8.3-1.fc20 pyp2rpm-1.1.1-1.fc20 python-ldaptor-0.0.44-6.20140909gitc30f30d9.fc20 python-oauth2-1.5.211-7.fc20 squid-3.3.13-2.fc20 ssdeep-2.11-1.fc20 xorg-x11-xinit-1.3.4-1.fc20 xscreensaver-5.30-1.fc20 Details about builds: ================================================================================ amanda-3.3.6-1.fc20 (FEDORA-2014-10800) A network-capable tape backup solution -------------------------------------------------------------------------------- Update Information: New upstream version (#1136889) -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 12 2014 Petr Hracek <phracek@xxxxxxxxxx> - 3.3.6-1 - New upstream version (#1136889) - Remove patch amanda-3.3.1-stdio -------------------------------------------------------------------------------- References: [ 1 ] Bug #1136889 - Includefile directive in disklist bug https://bugzilla.redhat.com/show_bug.cgi?id=1136889 -------------------------------------------------------------------------------- ================================================================================ evolution-3.10.4-4.fc20 (FEDORA-2014-10801) Mail and calendar client for GNOME -------------------------------------------------------------------------------- Update Information: Add a backport of an upstream patch for this bug report. -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 12 2014 Milan Crha <mcrha@xxxxxxxxxx> - 3.10.4-4 - Add patch for RH bug #1089966 (Large text attachment locks up Evolution) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1089966 - rtf attachment locks up evolution 3.10.4-2.fc20 https://bugzilla.redhat.com/show_bug.cgi?id=1089966 -------------------------------------------------------------------------------- ================================================================================ gcc-4.8.3-7.fc20 (FEDORA-2014-10783) Various compilers (C, C++, Objective-C, Java, ...) -------------------------------------------------------------------------------- Update Information: This update should fix bugs that could cause miscompilation of the Linux kernel with -g, among many other fixed bugs. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 11 2014 Jakub Jelinek <jakub@xxxxxxxxxx> 4.8.3-7 - update from the 4.8 branch - fix ppc32 libgo.so.4 to avoid RWE PT_GNU_STACK * Wed Sep 10 2014 Jakub Jelinek <jakub@xxxxxxxxxx> 4.8.3-6 - update from the 4.8 branch (#1140019) - PRs c++/58714, c++/59823, c++/59956, c++/60241, c++/60361, c++/61959, c/61271, debug/55794, debug/60655, debug/61923, fortran/61999, fortran/62214, fortran/62270, ipa/61986, ipa/62015, libgfortran/62188, libstdc++/58962, libstdc++/61946, middle-end/61010, middle-end/61045, middle-end/62103, rtl-optimization/62004, rtl-optimization/62030, target/61996, target/62038, target/62195, testsuite/56194, tree-optimization/60196, tree-optimization/60707, tree-optimization/61452, tree-optimization/62073, tree-optimization/62075, tree-optimization/63189 * Thu Aug 21 2014 Richard Henderson <rth@xxxxxxxxxx> 4.8.3-5 - backport aarch64 unwind info improvements (#1132636) * Fri Aug 1 2014 Jakub Jelinek <jakub@xxxxxxxxxx> 4.8.3-4 - update from the 4.8 branch - PRs fortran/61780, libobjc/61920, target/47230, tree-optimization/61375, tree-optimization/61964 - fix libgfortran overflows on allocation (CVE-2014-5044) - backport ibm-ldouble performance improvements (#1090620) * Wed Jul 30 2014 Jakub Jelinek <jakub@xxxxxxxxxx> 4.8.3-3 - on ppc64le use -mtune=power8 by default (#1123484) * Thu Jul 17 2014 Jakub Jelinek <jakub@xxxxxxxxxx> 4.8.3-2 - update from the 4.8 branch - PRs c++/61500, c++/61539, c++/61647, fortran/58883, fortran/61459, middle-end/53590, rtl-optimization/61801, target/61542, target/61586, tree-optimization/61306, tree-optimization/61684 - for rhel 7.1 keep the old 4.8.2 pathnames and use 4.8.3 symlinks - merge in aarch64 support (#1070290) - small improvements on s390x for z196 and later (#1088542) - make sure OpenMP outlined artificial functions have DW_AT_name (#844959) -------------------------------------------------------------------------------- ================================================================================ ikiwiki-3.20140831-1.fc20 (FEDORA-2014-10795) A wiki compiler -------------------------------------------------------------------------------- Update Information: Update to the latest stable version. ikiwiki 3.20140831 released with these changes: * Make --no-gettime work in initial build. Closes: http://bugs.debian.org/755075 -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 5 2014 Thomas Moschny <thomas.moschny@xxxxxx> - 3.20140831-1 - Update to 3.20140831. * Fri Aug 29 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 3.20140815-2 - Perl 5.20 rebuild -------------------------------------------------------------------------------- ================================================================================ java-1.7.0-openjdk-1.7.0.65-2.5.2.5.fc20 (FEDORA-2014-10797) OpenJDK Runtime Environment -------------------------------------------------------------------------------- Update Information: Fixed headless support Update to release of IcedTea 2.5.2, “Back in the Groovy” http://blog.fuseyism.com/index.php/2014/09/02/icedtea-2-5-2-released-back-in-the-groovy/ Backports S8049480: Current versions of Java can’t verify jars signed and timestamped with Java 9 S8051012, LP1360392: Regression in verifier for <init> method call from inside of a branch Bug fixes PR1903: [REGRESSION] Bug reports now lack IcedTea version & distribution packaging information PR1948: Only try and symlink debuginfo if STRIP_POLICY is other than no_strip PR1948: Fix indenting PR1966: Move to new OpenJDK bug URL format RH1015432: java-1.7.0-openjdk: Fails on PPC with StackOverflowError (revised fix for PPC32) PPC & AIX port Adapt AIX port to 5049299: (process) Use posix_spawn, not fork, on S10 to avoid swap exhaustion Adapt aix to 8022507 Fix aix after 8022507: SIGSEGV at ParMarkBitMap::verify_clear() S8050942: PPC64: implement template interpreter for ppc64le S8050972: Concurrency problem in PcDesc cache -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 11 2014 Jiri Vanek <jvanek@xxxxxxxxxx> - 1.7.0.65-2.5.2.5 - fixed headless to become headless again - jre/lib/archinstall/libjavagtk.so - jre/bin/policytool - jre-abrt/lib/archinstall/libjavagtk.so - all three added to not headless exclude list * Tue Sep 2 2014 Jiri Vanek <jvanek@xxxxxxxxxx> - 1.7.0.65-2.5.2 - updated to icedtea7-forest 2.5.2 - removed patch404 gtk3ToBeReverted.patch - removed patch405 pr1864_smartcardIO.patch * Tue Jul 22 2014 Jiri Vanek <jvanek@xxxxxxxxxx> - 1.7.0.65-2.5.1.4 - excluded libmawt.so from autorequires/autoprovides - see https://bugzilla.redhat.com/show_bug.cgi?id=1111349 -------------------------------------------------------------------------------- ================================================================================ mod_gnutls-0.5.10-13.fc20 (FEDORA-2014-10789) GnuTLS module for the Apache HTTP server -------------------------------------------------------------------------------- Update Information: config change to use system policy (rhbz#1109115) -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 12 2014 Jiri Kastner <jkastner@xxxxxxxxxx> - 0.5.10-13 - config change to use system policy (rhbz#1109115) * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.10-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.10-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu Jan 23 2014 Joe Orton <jorton@xxxxxxxxxx> - 0.5.10-10 - fix _httpd_mmn expansion in absence of httpd-devel -------------------------------------------------------------------------------- References: [ 1 ] Bug #1109115 - Use the system crypto policy unless otherwise specified https://bugzilla.redhat.com/show_bug.cgi?id=1109115 -------------------------------------------------------------------------------- ================================================================================ moodle-2.5.8-1.fc20 (FEDORA-2014-10802) A Course Management System -------------------------------------------------------------------------------- Update Information: Update to current releases to address security issues. -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 12 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 2.5.8-1 - 2.5.8, fix for security issues. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1139991 - moodle: security issues fixed in versions 2.7.2, 2.6.5, and 2.5.8 [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1139991 [ 2 ] Bug #1139990 - moodle: security issues fixed in versions 2.7.2, 2.6.5, and 2.5.8 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1139990 -------------------------------------------------------------------------------- ================================================================================ orthanc-0.8.3-1.fc20 (FEDORA-2014-10791) RESTful DICOM server for healthcare and medical research -------------------------------------------------------------------------------- Update Information: New upstream version -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 12 2014 Sebastien Jodogne <s.jodogne@xxxxxxxxx> 0.8.3-1 - New upstream version * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.8.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ pyp2rpm-1.1.1-1.fc20 (FEDORA-2014-10796) Convert Python packages to RPM SPECFILES -------------------------------------------------------------------------------- Update Information: Update to v 1.1.1 -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 12 2014 Robert Kuska <rkuska@xxxxxxxxxx> - 1.1.1-1 - Update to 1.1.1 * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1.0b-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Tue May 13 2014 Bohuslav Kabrda <bkabrda@xxxxxxxxxx> - 1.1.0b-2 - Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 -------------------------------------------------------------------------------- ================================================================================ python-ldaptor-0.0.44-6.20140909gitc30f30d9.fc20 (FEDORA-2014-10782) Python LDAP client library -------------------------------------------------------------------------------- Update Information: Use twisted fork + various bug fixes -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 12 2014 Haïkel Guémar <hguemar@xxxxxxxxxxxxxxxxx> - 0.0.44-6.20140909gitc30f30d9 - Use twisted fork + various bug fixes -------------------------------------------------------------------------------- ================================================================================ python-oauth2-1.5.211-7.fc20 (FEDORA-2014-10786) Python support for improved oauth -------------------------------------------------------------------------------- Update Information: Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 12 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.5.211-7 - Fix CVE-2013-4346 and CVE-2013-4347 (thanks to Philippe Makowski) * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.5.211-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1007746 - CVE-2013-4346 python-oauth2: _check_signature() ignores the nonce value when validating signed urls https://bugzilla.redhat.com/show_bug.cgi?id=1007746 [ 2 ] Bug #1007758 - CVE-2013-4347 python-oauth2: Uses poor PRNG in nonce https://bugzilla.redhat.com/show_bug.cgi?id=1007758 -------------------------------------------------------------------------------- ================================================================================ squid-3.3.13-2.fc20 (FEDORA-2014-10790) The Squid proxy caching server -------------------------------------------------------------------------------- Update Information: This updated fixes CVE-2014-6270. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 11 2014 Michal Luscon <mluscon@xxxxxxxxxx> - 7:3.3.13-2 - Fixed: CVE-2014-6270 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1139967 - CVE-2014-6270 squid: off-by-one error in snmpHandleUdp() leading to a bss-based buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1139967 -------------------------------------------------------------------------------- ================================================================================ ssdeep-2.11-1.fc20 (FEDORA-2014-10803) Compute context triggered piecewise hashes -------------------------------------------------------------------------------- Update Information: Version 2.11 - 11 Sep 2014 New Features * Added fuzzy_clone function to the API. Bug Fixes * Fixed edge case on signature generaion. Behavior now matches v2.9 again. -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 12 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.11-1 - update to 2.11 -------------------------------------------------------------------------------- ================================================================================ xorg-x11-xinit-1.3.4-1.fc20 (FEDORA-2014-10799) X.Org X11 X Window System xinit startup scripts -------------------------------------------------------------------------------- Update Information: - New upstream release 1.3.4 - Resolves #806491 #990213 #1006029 - Remove stale ck-xinit-session references from xinitrc-common (#910969) - Make startx pass "-nolisten tcp" by default, use -listen as server option to disable this (#1111684) - Teach Xclients script about lxde (#488602) -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 11 2014 Hans de Goede <hdegoede@xxxxxxxxxx> - 1.3.4-1 - New upstream release 1.3.4 - Resolves #806491 #990213 #1006029 - Remove stale ck-xinit-session references from xinitrc-common (#910969) - Make startx pass "-nolisten tcp" by default, use -listen as server option to disable this (#1111684) - Teach Xclients script about lxde (#488602) * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.2-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.2-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Tue Mar 25 2014 Hans de Goede <hdegoede@xxxxxxxxxx> - 1.3.2-11 - Fix startx ignoring a server or display passed on the cmdline (#960955) - Drop Fedora custom patch to unset XDG_SESSION_COOKIE, this was only for CK * Thu Jan 23 2014 Dave Airlie <airlied@xxxxxxxxxx> 1.3.2-10 - fix for ppc64le enable (#1056742) -------------------------------------------------------------------------------- References: [ 1 ] Bug #806491 - systemd-logind not tracking startx sessions https://bugzilla.redhat.com/show_bug.cgi?id=806491 [ 2 ] Bug #990213 - startx contains empty line before the #! line https://bugzilla.redhat.com/show_bug.cgi?id=990213 [ 3 ] Bug #1006029 - xorg-x11-xinit-1.3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1006029 [ 4 ] Bug #910969 - Please remove any reference to ConsoleKit from X11/xinit/xinitrc-common https://bugzilla.redhat.com/show_bug.cgi?id=910969 [ 5 ] Bug #1111684 - startx doesn't add -nolisten tcp by default https://bugzilla.redhat.com/show_bug.cgi?id=1111684 [ 6 ] Bug #488602 - RfE: Support for LXDE in the Xclients script https://bugzilla.redhat.com/show_bug.cgi?id=488602 -------------------------------------------------------------------------------- ================================================================================ xscreensaver-5.30-1.fc20 (FEDORA-2014-10785) X screen saver and locker -------------------------------------------------------------------------------- Update Information: New version 5.30 is released. Some array index oversize fixes detected by gcc49 sanitizer -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 12 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1:5.30-1 - Update to 5.30 * Sat Sep 6 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1:5.29-3 - Remove GtkDialog:has-separator usage to suppress warning for xscreensaver-demo on Fedora 21 and above * Thu Sep 4 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1:5.29-2 - gcc49 sanitizer array elements oversize fixes - Make parallel build actually work * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1:5.29-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test