Fedora 20 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 20 Security updates need testing:
 Age  URL
 178  https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20
  72  https://admin.fedoraproject.org/updates/FEDORA-2014-9474/pipelight-0.2.7.3-3.fc20
  47  https://admin.fedoraproject.org/updates/FEDORA-2014-10451/geary-0.6.3-1.fc20
  47  https://admin.fedoraproject.org/updates/FEDORA-2014-10468/icecream-1.0.1-8.20140822git.fc20
  31  https://admin.fedoraproject.org/updates/FEDORA-2014-11430/ca-certificates-2014.2.1-1.1.fc20
  23  https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20
  14  https://admin.fedoraproject.org/updates/FEDORA-2014-12699/facter-1.7.6-1.fc20
   9  https://admin.fedoraproject.org/updates/FEDORA-2014-12991/deluge-1.3.10-1.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-13302/php-ZendFramework2-2.3.3-2.fc20
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-13371/asterisk-11.13.1-1.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-13444/webkitgtk3-2.2.8-2.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-13571/file-5.19-7.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-13574/php-Smarty-3.1.21-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-13555/wpa_supplicant-2.0-12.fc20


The following Fedora 20 Critical Path updates have yet to be approved:
 Age URL
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-13347/qtwebkit-2.3.4-1.fc20
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-13353/perl-Encode-2.54-3.fc20
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-13348/libpcap-1.5.3-2.fc20
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-13377/libfm-1.2.3-1.fc20,pcmanfm-1.2.3-1.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-13448/libsoup-2.44.2-2.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-13444/webkitgtk3-2.2.8-2.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-13441/gdb-7.7.1-21.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-13374/xdg-utils-1.1.0-0.31.rc2.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-13191/cups-1.7.5-11.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-13575/xulrunner-33.0-2.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-13571/file-5.19-7.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-13555/wpa_supplicant-2.0-12.fc20


The following builds have been pushed to Fedora 20 updates-testing

    CutyCapt-0-0.5.20130714svn.fc20
    file-5.19-7.fc20
    golang-github-BurntSushi-toml-0-0.3.git2ceedfe.fc20
    golang-github-coreos-go-etcd-0.2.0-0.4.rc1.git6fe04d5.fc20
    julia-0.3.2-1.fc20
    kernel-3.16.6-202.fc20
    mate-notification-daemon-1.8.1-1.fc20
    nginx-1.4.7-5.fc20
    nodejs-object-inspect-1.0.0-1.fc20
    nodejs-resumer-0.0.0-1.fc20
    oxygen-gtk2-1.4.6-1.fc20
    peervpn-0.040-1.fc20
    php-Smarty-3.1.21-1.fc20
    python-docker-py-0.5.3-2.fc20
    python-fedora-0.3.36-2.fc20
    weechat-1.0.1-2.fc20
    wpa_supplicant-2.0-12.fc20
    xulrunner-33.0-2.fc20

Details about builds:


================================================================================
 CutyCapt-0-0.5.20130714svn.fc20 (FEDORA-2014-13552)
 A small command-line utility to capture WebKit's rendering of a web page
--------------------------------------------------------------------------------
Update Information:

fix QPrinter FBTFS
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 22 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0-0.5.20130714svn
- fix QPrinter FBTFS
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0-0.4.20130714svn
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Fri Jun  6 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0-0.3.20130714svn
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 file-5.19-7.fc20 (FEDORA-2014-13571)
 A utility for determining file types
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2014-3710
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 23 2014 Jan Kaluza <jkaluza@xxxxxxxxxx> - 5.19-7
- fix #1155464 - fix for CVE-2014-3710
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1155071 - CVE-2014-3710 file: out-of-bounds read in elf note headers
        https://bugzilla.redhat.com/show_bug.cgi?id=1155071
--------------------------------------------------------------------------------


================================================================================
 golang-github-BurntSushi-toml-0-0.3.git2ceedfe.fc20 (FEDORA-2014-13562)
 TOML parser and encoder for Go with reflection
--------------------------------------------------------------------------------
Update Information:

Bump to upstream 2ceedfee35ad3848e49308ab0c9a4f640cfb5fb2
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 23 2014 jchaloup <jchaloup@xxxxxxxxxx> - 0-0.3.git2ceedfe
- Bump to upstream 2ceedfee35ad3848e49308ab0c9a4f640cfb5fb2
- spec file polishing to follow go draft
  related: #1120865
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1120865 - Review Request: golang-github-BurntSushi-toml
        https://bugzilla.redhat.com/show_bug.cgi?id=1120865
--------------------------------------------------------------------------------


================================================================================
 golang-github-coreos-go-etcd-0.2.0-0.4.rc1.git6fe04d5.fc20 (FEDORA-2014-13573)
 The official etcd v0.2 client library for Go
--------------------------------------------------------------------------------
Update Information:

Choose the correct architecture
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 23 2014 jchaloup <jchaloup@xxxxxxxxxx> - 0.2.0-0.4.rc1.git6fe04d5
- Choose the correct architecture
  related: #1141807
* Thu Oct 23 2014 jchaloup <jchaloup@xxxxxxxxxx> - 0.2.0-0.3.rc1.git6fe04d5
- Bump to upstream 6fe04d580dfb71c9e34cbce2f4df9eefd1e1241e
  resolves: #1141807
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1141807 - Review Request: golang-github-coreos-go-etcd - The official etcd v0.2 client library for Go
        https://bugzilla.redhat.com/show_bug.cgi?id=1141807
--------------------------------------------------------------------------------


================================================================================
 julia-0.3.2-1.fc20 (FEDORA-2014-13560)
 High-level, high-performance dynamic language for technical computing
--------------------------------------------------------------------------------
Update Information:

New upstream release.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 23 2014 Milan Bouchet-Valat <nalimilan@xxxxxxx> - 0.3.2-1
- New upstream release.
--------------------------------------------------------------------------------


================================================================================
 kernel-3.16.6-202.fc20 (FEDORA-2014-13558)
 The Linux kernel
--------------------------------------------------------------------------------
Update Information:

CVE fixes in KVM, ext4, and SCTP.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 22 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - 3.16.6-202
- CVE-2014-3688 sctp: remote memory pressure from excessive queuing (rhbz 1155745 1155751)
- CVE-2014-3687 sctp: panic on duplicate ASCONF chunks (rhbz 1155731 1155738)
- CVE-2014-3673 sctp: panic with malformed ASCONF chunks (rhbz 1147850 1155727)
- CVE-2014-3690 kvm: invalid host cr4 handling (rhbz 1153322 1155372)
- Add patch to fix synaptics forcepad issues (rhbz 1153381)
- Add patch to fix wifi on X550VB machines (rhbz 1089731)
* Fri Oct 17 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx>
- CVE-2014-8086 ext4: race condition (rhbz 1151353 1152608)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1151353 - CVE-2014-8086 Kernel: fs: ext4 race condition
        https://bugzilla.redhat.com/show_bug.cgi?id=1151353
  [ 2 ] Bug #1153322 - CVE-2014-3690 kernel: kvm: vmx: invalid host cr4 handling across vm entries
        https://bugzilla.redhat.com/show_bug.cgi?id=1153322
  [ 3 ] Bug #1147850 - CVE-2014-3673 kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks
        https://bugzilla.redhat.com/show_bug.cgi?id=1147850
  [ 4 ] Bug #1155745 - CVE-2014-3688 kernel: net: sctp: remote memory pressure from excessive queueing
        https://bugzilla.redhat.com/show_bug.cgi?id=1155745
  [ 5 ] Bug #1155731 - CVE-2014-3687 kernel: net: sctp: fix panic on duplicate ASCONF chunks
        https://bugzilla.redhat.com/show_bug.cgi?id=1155731
--------------------------------------------------------------------------------


================================================================================
 mate-notification-daemon-1.8.1-1.fc20 (FEDORA-2014-13550)
 Notification daemon for MATE Desktop
--------------------------------------------------------------------------------
Update Information:

- update to 1.8.1
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 23 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.8.1-1
- update to 1.8.1
- removed upreamed patch
--------------------------------------------------------------------------------


================================================================================
 nginx-1.4.7-5.fc20 (FEDORA-2014-13557)
 A high performance web server and reverse proxy server
--------------------------------------------------------------------------------
Update Information:

 * use default.d directory
 * add vim files
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 22 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 1:1.4.7-5
- use default.d directory
* Wed Oct 22 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 1:1.4.7-4
- add vim files (#1142849)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1142298 - RFE: nginx + php + webapp
        https://bugzilla.redhat.com/show_bug.cgi?id=1142298
  [ 2 ] Bug #1142849 - [RFE] include nginx vim files
        https://bugzilla.redhat.com/show_bug.cgi?id=1142849
--------------------------------------------------------------------------------


================================================================================
 nodejs-object-inspect-1.0.0-1.fc20 (FEDORA-2014-13563)
 String representations of objects in node and the browser
--------------------------------------------------------------------------------
Update Information:

New node modules
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1123069 - Review Request: nodejs-resumer - A stream that starts paused and resumes on the next tick
        https://bugzilla.redhat.com/show_bug.cgi?id=1123069
  [ 2 ] Bug #1123071 - Review Request: nodejs-object-inspect - String representations of objects in node and the browser
        https://bugzilla.redhat.com/show_bug.cgi?id=1123071
--------------------------------------------------------------------------------


================================================================================
 nodejs-resumer-0.0.0-1.fc20 (FEDORA-2014-13563)
 A stream that starts paused and resumes on the next tick
--------------------------------------------------------------------------------
Update Information:

New node modules
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1123069 - Review Request: nodejs-resumer - A stream that starts paused and resumes on the next tick
        https://bugzilla.redhat.com/show_bug.cgi?id=1123069
  [ 2 ] Bug #1123071 - Review Request: nodejs-object-inspect - String representations of objects in node and the browser
        https://bugzilla.redhat.com/show_bug.cgi?id=1123071
--------------------------------------------------------------------------------


================================================================================
 oxygen-gtk2-1.4.6-1.fc20 (FEDORA-2014-13566)
 Oxygen GTK+2 theme
--------------------------------------------------------------------------------
Update Information:

oxygen-gtk2 1.4.6

- Fixes a serious crash inside eclipse (kde bug 339174)
- Fix some rendering issue for checkboxes when low contrast is used for color palette

See https://projects.kde.org/news/276
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 22 2014 Alexey Kurov <nucleo@xxxxxxxxxxxxxxxxx> - 1.4.6-1
- oxygen-gtk2-1.4.6
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 peervpn-0.040-1.fc20 (FEDORA-2014-13559)
 A VPN software using full mesh network topology
--------------------------------------------------------------------------------
Update Information:

Updated to 0.040
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 22 2014 Jan Cholasta <jcholast@xxxxxxxxxx> - 0.040-1
- Updated to 0.040
--------------------------------------------------------------------------------


================================================================================
 php-Smarty-3.1.21-1.fc20 (FEDORA-2014-13574)
 Template/Presentation Framework for PHP
--------------------------------------------------------------------------------
Update Information:

New upstream release, fix CVE-2014-8350
New upstream release
New upstream release
New upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 23 2014 Johan Cwiklinski <johan AT x-tnd DOT be> - 3.1.21-1
- New upstream release
- Fix version constant
- Fix requires
* Wed Oct 15 2014 Johan Cwiklinski <johan AT x-tnd DOT be> - 3.1.20-1
- New upstream release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1155846 - CVE-2014-8350 php-Smarty: secure mode bypass
        https://bugzilla.redhat.com/show_bug.cgi?id=1155846
--------------------------------------------------------------------------------


================================================================================
 python-docker-py-0.5.3-2.fc20 (FEDORA-2014-13553)
 An API client for docker written in Python
--------------------------------------------------------------------------------
Update Information:

versioned python-requests req only for f21+
Resolves: rhbz#1145511 - version bump to 0.5.0
correct bogus date
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 23 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 0.5.3-2
- versioned python-requests req only for f21+
* Wed Oct 22 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 0.5.3-1
- Resolves: rhbz#1153991 - update to 0.5.3
* Tue Sep 23 2014 Tom Prince <tom.prince@xxxxxxxxxxxxx> - 0.5.0-2
- Specify depedencies to match those in setup.py
* Mon Sep 22 2014 Tom Prince <tom.prince@xxxxxxxxxxxxx> - 0.5.0-1
- Resolves: rhbz#1145511 - version bump to 0.5.0
* Tue Aug 26 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 0.4.0-3
- correct bogus date
* Tue Aug 26 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 0.4.0-2
- rewrite BR&R conditionals for docker/docker-io
* Thu Aug 21 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 0.4.0-1
- update to 0.4.0
- Resolves: rhbz#1132604 (epel7 only)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.3.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1145511 - python-docker-py-0.5.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1145511
--------------------------------------------------------------------------------


================================================================================
 python-fedora-0.3.36-2.fc20 (FEDORA-2014-13554)
 Python modules for talking to Fedora Infrastructure Services
--------------------------------------------------------------------------------
Update Information:

Backport the fix to flask-fas-openid merged upstream at https://github.com/fedora-infra/python-fedora/pull/108
New upstream release fixing logging in openidbaseclient

* Update to new upstream: https://github.com/fedora-infra/python-fedora/blob/develop/NEWS

* Update to new upstream: https://github.com/fedora-infra/python-fedora/blob/develop/NEWS

New upstream release fixing logging in openidbaseclient

* Update to new upstream: https://github.com/fedora-infra/python-fedora/blob/develop/NEWS

* Update to new upstream: https://github.com/fedora-infra/python-fedora/blob/develop/NEWS

--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 23 2014 Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> - 0.3.36-2
- Backport the flask-fas-openid fix merged upstream at:
  https://github.com/fedora-infra/python-fedora/pull/108
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1150301 - Using "pkgdb-cli" leads to "NameError: name 'NullHandler' is not defined"
        https://bugzilla.redhat.com/show_bug.cgi?id=1150301
--------------------------------------------------------------------------------


================================================================================
 weechat-1.0.1-2.fc20 (FEDORA-2014-13572)
 Portable, fast, light and extensible IRC client
--------------------------------------------------------------------------------
Update Information:

fix default ca-bundle.crt location (#1151748)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 22 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 1.0.1-2
- fix default ca-bundle.crt location (#1151748)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1151748 - WeeChat does not use the correct default SSL/TLS CA certificate file
        https://bugzilla.redhat.com/show_bug.cgi?id=1151748
--------------------------------------------------------------------------------


================================================================================
 wpa_supplicant-2.0-12.fc20 (FEDORA-2014-13555)
 WPA/WPA2/IEEE 802.1X Supplicant
--------------------------------------------------------------------------------
Update Information:

This update fixes a possible security issue executing scripts with wpa_cli.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 22 2014 Dan Williams <dcbw@xxxxxxxxxx> - 1:2.0-12
- Use os_exec() for action script execution (CVE-2014-3686)
* Thu Aug 21 2014 Kevin Fenzi <kevin@xxxxxxxxx> - 1:2.0-11
- Rebuild for rpm bug 1131960
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1:2.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun  8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1:2.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1151259 - CVE-2014-3686 wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue
        https://bugzilla.redhat.com/show_bug.cgi?id=1151259
--------------------------------------------------------------------------------


================================================================================
 xulrunner-33.0-2.fc20 (FEDORA-2014-13575)
 XUL Runtime for Gecko Applications
--------------------------------------------------------------------------------
Update Information:

Second arch fixes.
Update to latest upstream - Xulrunner 33.
Update to latest upstream - Firefox 31.
Update to latest upstream - Xulrunner 33.
Update to latest upstream - Firefox 31.
Update to latest upstream - Xulrunner 33.
Update to latest upstream - Firefox 31.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 22 2014 Dan Horák <dan[at]danny.cz> - 33.0-2
- Fix filelist for secondary arches
* Thu Oct 16 2014 Martin Stransky <stransky@xxxxxxxxxx> - 33.0-1
- Update to 33.0
* Sat Sep 20 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 32.0.2-1
- Update to 32.0.2
- sync fixes to the same as firefox
* Tue Sep  9 2014 Martin Stransky <stransky@xxxxxxxxxx> - 32.0-2
- move /sdk/bin to xulrunner libdir
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test





[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux