The following Fedora 20 Security updates need testing: Age URL 178 https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20 72 https://admin.fedoraproject.org/updates/FEDORA-2014-9474/pipelight-0.2.7.3-3.fc20 47 https://admin.fedoraproject.org/updates/FEDORA-2014-10451/geary-0.6.3-1.fc20 47 https://admin.fedoraproject.org/updates/FEDORA-2014-10468/icecream-1.0.1-8.20140822git.fc20 31 https://admin.fedoraproject.org/updates/FEDORA-2014-11430/ca-certificates-2014.2.1-1.1.fc20 23 https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20 14 https://admin.fedoraproject.org/updates/FEDORA-2014-12699/facter-1.7.6-1.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2014-12991/deluge-1.3.10-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-13302/php-ZendFramework2-2.3.3-2.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-13371/asterisk-11.13.1-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-13444/webkitgtk3-2.2.8-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13571/file-5.19-7.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13574/php-Smarty-3.1.21-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13555/wpa_supplicant-2.0-12.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 5 https://admin.fedoraproject.org/updates/FEDORA-2014-13347/qtwebkit-2.3.4-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-13353/perl-Encode-2.54-3.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-13348/libpcap-1.5.3-2.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-13377/libfm-1.2.3-1.fc20,pcmanfm-1.2.3-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-13448/libsoup-2.44.2-2.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-13444/webkitgtk3-2.2.8-2.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-13441/gdb-7.7.1-21.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-13374/xdg-utils-1.1.0-0.31.rc2.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-13191/cups-1.7.5-11.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13575/xulrunner-33.0-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13571/file-5.19-7.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13555/wpa_supplicant-2.0-12.fc20 The following builds have been pushed to Fedora 20 updates-testing CutyCapt-0-0.5.20130714svn.fc20 file-5.19-7.fc20 golang-github-BurntSushi-toml-0-0.3.git2ceedfe.fc20 golang-github-coreos-go-etcd-0.2.0-0.4.rc1.git6fe04d5.fc20 julia-0.3.2-1.fc20 kernel-3.16.6-202.fc20 mate-notification-daemon-1.8.1-1.fc20 nginx-1.4.7-5.fc20 nodejs-object-inspect-1.0.0-1.fc20 nodejs-resumer-0.0.0-1.fc20 oxygen-gtk2-1.4.6-1.fc20 peervpn-0.040-1.fc20 php-Smarty-3.1.21-1.fc20 python-docker-py-0.5.3-2.fc20 python-fedora-0.3.36-2.fc20 weechat-1.0.1-2.fc20 wpa_supplicant-2.0-12.fc20 xulrunner-33.0-2.fc20 Details about builds: ================================================================================ CutyCapt-0-0.5.20130714svn.fc20 (FEDORA-2014-13552) A small command-line utility to capture WebKit's rendering of a web page -------------------------------------------------------------------------------- Update Information: fix QPrinter FBTFS -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0-0.5.20130714svn - fix QPrinter FBTFS * Fri Aug 15 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0-0.4.20130714svn - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Fri Jun 6 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0-0.3.20130714svn - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ file-5.19-7.fc20 (FEDORA-2014-13571) A utility for determining file types -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2014-3710 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2014 Jan Kaluza <jkaluza@xxxxxxxxxx> - 5.19-7 - fix #1155464 - fix for CVE-2014-3710 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1155071 - CVE-2014-3710 file: out-of-bounds read in elf note headers https://bugzilla.redhat.com/show_bug.cgi?id=1155071 -------------------------------------------------------------------------------- ================================================================================ golang-github-BurntSushi-toml-0-0.3.git2ceedfe.fc20 (FEDORA-2014-13562) TOML parser and encoder for Go with reflection -------------------------------------------------------------------------------- Update Information: Bump to upstream 2ceedfee35ad3848e49308ab0c9a4f640cfb5fb2 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2014 jchaloup <jchaloup@xxxxxxxxxx> - 0-0.3.git2ceedfe - Bump to upstream 2ceedfee35ad3848e49308ab0c9a4f640cfb5fb2 - spec file polishing to follow go draft related: #1120865 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1120865 - Review Request: golang-github-BurntSushi-toml https://bugzilla.redhat.com/show_bug.cgi?id=1120865 -------------------------------------------------------------------------------- ================================================================================ golang-github-coreos-go-etcd-0.2.0-0.4.rc1.git6fe04d5.fc20 (FEDORA-2014-13573) The official etcd v0.2 client library for Go -------------------------------------------------------------------------------- Update Information: Choose the correct architecture -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2014 jchaloup <jchaloup@xxxxxxxxxx> - 0.2.0-0.4.rc1.git6fe04d5 - Choose the correct architecture related: #1141807 * Thu Oct 23 2014 jchaloup <jchaloup@xxxxxxxxxx> - 0.2.0-0.3.rc1.git6fe04d5 - Bump to upstream 6fe04d580dfb71c9e34cbce2f4df9eefd1e1241e resolves: #1141807 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1141807 - Review Request: golang-github-coreos-go-etcd - The official etcd v0.2 client library for Go https://bugzilla.redhat.com/show_bug.cgi?id=1141807 -------------------------------------------------------------------------------- ================================================================================ julia-0.3.2-1.fc20 (FEDORA-2014-13560) High-level, high-performance dynamic language for technical computing -------------------------------------------------------------------------------- Update Information: New upstream release. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2014 Milan Bouchet-Valat <nalimilan@xxxxxxx> - 0.3.2-1 - New upstream release. -------------------------------------------------------------------------------- ================================================================================ kernel-3.16.6-202.fc20 (FEDORA-2014-13558) The Linux kernel -------------------------------------------------------------------------------- Update Information: CVE fixes in KVM, ext4, and SCTP. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - 3.16.6-202 - CVE-2014-3688 sctp: remote memory pressure from excessive queuing (rhbz 1155745 1155751) - CVE-2014-3687 sctp: panic on duplicate ASCONF chunks (rhbz 1155731 1155738) - CVE-2014-3673 sctp: panic with malformed ASCONF chunks (rhbz 1147850 1155727) - CVE-2014-3690 kvm: invalid host cr4 handling (rhbz 1153322 1155372) - Add patch to fix synaptics forcepad issues (rhbz 1153381) - Add patch to fix wifi on X550VB machines (rhbz 1089731) * Fri Oct 17 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - CVE-2014-8086 ext4: race condition (rhbz 1151353 1152608) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1151353 - CVE-2014-8086 Kernel: fs: ext4 race condition https://bugzilla.redhat.com/show_bug.cgi?id=1151353 [ 2 ] Bug #1153322 - CVE-2014-3690 kernel: kvm: vmx: invalid host cr4 handling across vm entries https://bugzilla.redhat.com/show_bug.cgi?id=1153322 [ 3 ] Bug #1147850 - CVE-2014-3673 kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks https://bugzilla.redhat.com/show_bug.cgi?id=1147850 [ 4 ] Bug #1155745 - CVE-2014-3688 kernel: net: sctp: remote memory pressure from excessive queueing https://bugzilla.redhat.com/show_bug.cgi?id=1155745 [ 5 ] Bug #1155731 - CVE-2014-3687 kernel: net: sctp: fix panic on duplicate ASCONF chunks https://bugzilla.redhat.com/show_bug.cgi?id=1155731 -------------------------------------------------------------------------------- ================================================================================ mate-notification-daemon-1.8.1-1.fc20 (FEDORA-2014-13550) Notification daemon for MATE Desktop -------------------------------------------------------------------------------- Update Information: - update to 1.8.1 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.8.1-1 - update to 1.8.1 - removed upreamed patch -------------------------------------------------------------------------------- ================================================================================ nginx-1.4.7-5.fc20 (FEDORA-2014-13557) A high performance web server and reverse proxy server -------------------------------------------------------------------------------- Update Information: * use default.d directory * add vim files -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 1:1.4.7-5 - use default.d directory * Wed Oct 22 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 1:1.4.7-4 - add vim files (#1142849) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1142298 - RFE: nginx + php + webapp https://bugzilla.redhat.com/show_bug.cgi?id=1142298 [ 2 ] Bug #1142849 - [RFE] include nginx vim files https://bugzilla.redhat.com/show_bug.cgi?id=1142849 -------------------------------------------------------------------------------- ================================================================================ nodejs-object-inspect-1.0.0-1.fc20 (FEDORA-2014-13563) String representations of objects in node and the browser -------------------------------------------------------------------------------- Update Information: New node modules -------------------------------------------------------------------------------- References: [ 1 ] Bug #1123069 - Review Request: nodejs-resumer - A stream that starts paused and resumes on the next tick https://bugzilla.redhat.com/show_bug.cgi?id=1123069 [ 2 ] Bug #1123071 - Review Request: nodejs-object-inspect - String representations of objects in node and the browser https://bugzilla.redhat.com/show_bug.cgi?id=1123071 -------------------------------------------------------------------------------- ================================================================================ nodejs-resumer-0.0.0-1.fc20 (FEDORA-2014-13563) A stream that starts paused and resumes on the next tick -------------------------------------------------------------------------------- Update Information: New node modules -------------------------------------------------------------------------------- References: [ 1 ] Bug #1123069 - Review Request: nodejs-resumer - A stream that starts paused and resumes on the next tick https://bugzilla.redhat.com/show_bug.cgi?id=1123069 [ 2 ] Bug #1123071 - Review Request: nodejs-object-inspect - String representations of objects in node and the browser https://bugzilla.redhat.com/show_bug.cgi?id=1123071 -------------------------------------------------------------------------------- ================================================================================ oxygen-gtk2-1.4.6-1.fc20 (FEDORA-2014-13566) Oxygen GTK+2 theme -------------------------------------------------------------------------------- Update Information: oxygen-gtk2 1.4.6 - Fixes a serious crash inside eclipse (kde bug 339174) - Fix some rendering issue for checkboxes when low contrast is used for color palette See https://projects.kde.org/news/276 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Alexey Kurov <nucleo@xxxxxxxxxxxxxxxxx> - 1.4.6-1 - oxygen-gtk2-1.4.6 * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ peervpn-0.040-1.fc20 (FEDORA-2014-13559) A VPN software using full mesh network topology -------------------------------------------------------------------------------- Update Information: Updated to 0.040 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Jan Cholasta <jcholast@xxxxxxxxxx> - 0.040-1 - Updated to 0.040 -------------------------------------------------------------------------------- ================================================================================ php-Smarty-3.1.21-1.fc20 (FEDORA-2014-13574) Template/Presentation Framework for PHP -------------------------------------------------------------------------------- Update Information: New upstream release, fix CVE-2014-8350 New upstream release New upstream release New upstream release -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2014 Johan Cwiklinski <johan AT x-tnd DOT be> - 3.1.21-1 - New upstream release - Fix version constant - Fix requires * Wed Oct 15 2014 Johan Cwiklinski <johan AT x-tnd DOT be> - 3.1.20-1 - New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1155846 - CVE-2014-8350 php-Smarty: secure mode bypass https://bugzilla.redhat.com/show_bug.cgi?id=1155846 -------------------------------------------------------------------------------- ================================================================================ python-docker-py-0.5.3-2.fc20 (FEDORA-2014-13553) An API client for docker written in Python -------------------------------------------------------------------------------- Update Information: versioned python-requests req only for f21+ Resolves: rhbz#1145511 - version bump to 0.5.0 correct bogus date -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 0.5.3-2 - versioned python-requests req only for f21+ * Wed Oct 22 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 0.5.3-1 - Resolves: rhbz#1153991 - update to 0.5.3 * Tue Sep 23 2014 Tom Prince <tom.prince@xxxxxxxxxxxxx> - 0.5.0-2 - Specify depedencies to match those in setup.py * Mon Sep 22 2014 Tom Prince <tom.prince@xxxxxxxxxxxxx> - 0.5.0-1 - Resolves: rhbz#1145511 - version bump to 0.5.0 * Tue Aug 26 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 0.4.0-3 - correct bogus date * Tue Aug 26 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 0.4.0-2 - rewrite BR&R conditionals for docker/docker-io * Thu Aug 21 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 0.4.0-1 - update to 0.4.0 - Resolves: rhbz#1132604 (epel7 only) * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.3.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1145511 - python-docker-py-0.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1145511 -------------------------------------------------------------------------------- ================================================================================ python-fedora-0.3.36-2.fc20 (FEDORA-2014-13554) Python modules for talking to Fedora Infrastructure Services -------------------------------------------------------------------------------- Update Information: Backport the fix to flask-fas-openid merged upstream at https://github.com/fedora-infra/python-fedora/pull/108 New upstream release fixing logging in openidbaseclient * Update to new upstream: https://github.com/fedora-infra/python-fedora/blob/develop/NEWS * Update to new upstream: https://github.com/fedora-infra/python-fedora/blob/develop/NEWS New upstream release fixing logging in openidbaseclient * Update to new upstream: https://github.com/fedora-infra/python-fedora/blob/develop/NEWS * Update to new upstream: https://github.com/fedora-infra/python-fedora/blob/develop/NEWS -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2014 Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> - 0.3.36-2 - Backport the flask-fas-openid fix merged upstream at: https://github.com/fedora-infra/python-fedora/pull/108 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1150301 - Using "pkgdb-cli" leads to "NameError: name 'NullHandler' is not defined" https://bugzilla.redhat.com/show_bug.cgi?id=1150301 -------------------------------------------------------------------------------- ================================================================================ weechat-1.0.1-2.fc20 (FEDORA-2014-13572) Portable, fast, light and extensible IRC client -------------------------------------------------------------------------------- Update Information: fix default ca-bundle.crt location (#1151748) -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 1.0.1-2 - fix default ca-bundle.crt location (#1151748) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1151748 - WeeChat does not use the correct default SSL/TLS CA certificate file https://bugzilla.redhat.com/show_bug.cgi?id=1151748 -------------------------------------------------------------------------------- ================================================================================ wpa_supplicant-2.0-12.fc20 (FEDORA-2014-13555) WPA/WPA2/IEEE 802.1X Supplicant -------------------------------------------------------------------------------- Update Information: This update fixes a possible security issue executing scripts with wpa_cli. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Dan Williams <dcbw@xxxxxxxxxx> - 1:2.0-12 - Use os_exec() for action script execution (CVE-2014-3686) * Thu Aug 21 2014 Kevin Fenzi <kevin@xxxxxxxxx> - 1:2.0-11 - Rebuild for rpm bug 1131960 * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1:2.0-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1:2.0-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1151259 - CVE-2014-3686 wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue https://bugzilla.redhat.com/show_bug.cgi?id=1151259 -------------------------------------------------------------------------------- ================================================================================ xulrunner-33.0-2.fc20 (FEDORA-2014-13575) XUL Runtime for Gecko Applications -------------------------------------------------------------------------------- Update Information: Second arch fixes. Update to latest upstream - Xulrunner 33. Update to latest upstream - Firefox 31. Update to latest upstream - Xulrunner 33. Update to latest upstream - Firefox 31. Update to latest upstream - Xulrunner 33. Update to latest upstream - Firefox 31. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Dan Horák <dan[at]danny.cz> - 33.0-2 - Fix filelist for secondary arches * Thu Oct 16 2014 Martin Stransky <stransky@xxxxxxxxxx> - 33.0-1 - Update to 33.0 * Sat Sep 20 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 32.0.2-1 - Update to 32.0.2 - sync fixes to the same as firefox * Tue Sep 9 2014 Martin Stransky <stransky@xxxxxxxxxx> - 32.0-2 - move /sdk/bin to xulrunner libdir -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test