The following Fedora 20 Security updates need testing: Age URL 183 https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20 77 https://admin.fedoraproject.org/updates/FEDORA-2014-9474/pipelight-0.2.7.3-3.fc20 52 https://admin.fedoraproject.org/updates/FEDORA-2014-10451/geary-0.6.3-1.fc20 52 https://admin.fedoraproject.org/updates/FEDORA-2014-10468/icecream-1.0.1-8.20140822git.fc20 37 https://admin.fedoraproject.org/updates/FEDORA-2014-11430/ca-certificates-2014.2.1-1.1.fc20 29 https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20 20 https://admin.fedoraproject.org/updates/FEDORA-2014-12699/facter-1.7.6-1.fc20 15 https://admin.fedoraproject.org/updates/FEDORA-2014-12991/deluge-1.3.10-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-13574/php-Smarty-3.1.21-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-13720/wss4j-1.6.17-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-13783/hostapd-2.3-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-13781/subscription-manager-1.13.6-1.fc20,python-rhsm-1.13.6-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-13777/Pound-2.6-8.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-13879/xml-security-1.5.7-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-14091/wget-1.16-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-14033/qemu-1.6.2-10.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-14058/mokutil-0.2.0-1.fc20,shim-signed-0.8-3 0 https://admin.fedoraproject.org/updates/FEDORA-2014-14069/pidgin-2.10.10-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-14113/tnftp-20141031-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13791/konversation-1.5-7.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 11 https://admin.fedoraproject.org/updates/FEDORA-2014-13348/libpcap-1.5.3-2.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2014-13377/libfm-1.2.3-1.fc20,pcmanfm-1.2.3-1.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2014-13448/libsoup-2.44.2-2.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-13575/xulrunner-33.0-2.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-13756/sddm-0.10.0-2.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-13875/python-nss-0.16.0-0.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-13873/device-mapper-persistent-data-0.4.1-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-13775/ibus-1.5.9-4.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-14080/perl-5.18.4-291.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-14032/systemd-208-26.fc20,kmod-15-2.fc20 The following builds have been pushed to Fedora 20 updates-testing atlas-3.8.4-12.fc20 dyninst-8.2.1-1.fc20 golang-github-cpuguy83-go-md2man-1-2.fc20 nodejs-seq-0.3.5-3.fc20 pdns-recursor-3.6.2-1.fc20 perl-Email-Sender-1.300016-1.fc20 perl-Locale-Maketext-Fuzzy-0.11-1.fc20 perl-Net-DNS-SEC-0.21-1.fc20 perl-qpid-0.30-1.fc20 python-qpid_messaging-0.30-1.fc20 qpid-cpp-0.30-3.fc20 stunnel-5.06-1.fc20 tnftp-20141031-1.fc20 wget-1.16-1.fc20 Details about builds: ================================================================================ atlas-3.8.4-12.fc20 (FEDORA-2014-14136) Automatically Tuned Linear Algebra Software -------------------------------------------------------------------------------- Update Information: added pkgconfig file -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 24 2014 Frantisek Kluknavsky <fkluknav@xxxxxxxxxx> - 3.8.4-12 - added pkgconfig file - disabled cpu throttling detection to be able to rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1062023 - Atlas should have rpm macros https://bugzilla.redhat.com/show_bug.cgi?id=1062023 -------------------------------------------------------------------------------- ================================================================================ dyninst-8.2.1-1.fc20 (FEDORA-2014-14103) An API for Run-time Code Generation -------------------------------------------------------------------------------- Update Information: Update to point release 8.2.1. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 31 2014 Josh Stone <jistone@xxxxxxxxxx> - 8.2.1-1 - Update to point release 8.2.1. -------------------------------------------------------------------------------- ================================================================================ golang-github-cpuguy83-go-md2man-1-2.fc20 (FEDORA-2014-14085) Process markdown into manpages -------------------------------------------------------------------------------- Update Information: Resolves: rhbz#1156492 - initial fedora upload -------------------------------------------------------------------------------- References: [ 1 ] Bug #1156492 - Review Request: golang-github-cpuguy83-go-md2man - Process markdown into manpages https://bugzilla.redhat.com/show_bug.cgi?id=1156492 -------------------------------------------------------------------------------- ================================================================================ nodejs-seq-0.3.5-3.fc20 (FEDORA-2014-14099) An asynchronous flow control library -------------------------------------------------------------------------------- Update Information: Initial package. Fix chainsaw module dependency version Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1142050 - Review Request: nodejs-seq - An asynchronous flow control library https://bugzilla.redhat.com/show_bug.cgi?id=1142050 -------------------------------------------------------------------------------- ================================================================================ pdns-recursor-3.6.2-1.fc20 (FEDORA-2014-14109) Modern, advanced and high performance recursing/non authoritative name server -------------------------------------------------------------------------------- Update Information: - Update to 3.6.2 - Enable security status polling Version 3.6.2 is a bugfix update to 3.6.1. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 31 2014 Morten Stevens <mstevens@xxxxxxxxxxxxxxx> - 3.6.2-1 - Update to 3.6.2 - Enable security status polling -------------------------------------------------------------------------------- ================================================================================ perl-Email-Sender-1.300016-1.fc20 (FEDORA-2014-14116) A library for sending email -------------------------------------------------------------------------------- Update Information: Update to the latest version -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 31 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.300016-1 - 1.300016 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1159047 - Please update to at least v1.300011 https://bugzilla.redhat.com/show_bug.cgi?id=1159047 -------------------------------------------------------------------------------- ================================================================================ perl-Locale-Maketext-Fuzzy-0.11-1.fc20 (FEDORA-2014-14108) Maketext from already interpolated strings -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 19 2013 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 0.11-1 - Upstream upgrade. - Modernize spec. -------------------------------------------------------------------------------- ================================================================================ perl-Net-DNS-SEC-0.21-1.fc20 (FEDORA-2014-14132) DNSSEC modules for Perl -------------------------------------------------------------------------------- Update Information: Updated to 0.21, restores canonicalization of a RRSIG’s Signer Name -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 31 2014 Paul Wouters <pwouters@xxxxxxxxxx> - 0.21-1 - Updated to 0.21, restores canonicalization of a RRSIG’s Signer Name * Thu Aug 28 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.20-2 - Perl 5.20 rebuild -------------------------------------------------------------------------------- ================================================================================ perl-qpid-0.30-1.fc20 (FEDORA-2014-14128) Perl bindings for the Qpid messaging framework -------------------------------------------------------------------------------- Update Information: Rebased on Qpid 0.30 rebased. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 6 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.30-1 - Rebased on Qpid 0.30 rebased. - Upstream tarball was renamed to qpid-cpp-#.##.tar.gz. * Wed Aug 27 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.28-7 - Perl 5.20 rebuild * Mon Aug 18 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.28-6 - Fixed a typo in the requires. * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.28-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Fri Aug 15 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.28-4 - Updated the virtual package dependencies. Thu Jun 12 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 0.28-3 - qpid-cpp now builds on ARM * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.28-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu Jun 5 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.28-1 - Rebase on Qpid 0.28. - Changed the upstream tarball to be the monolithic Qpid sources. -------------------------------------------------------------------------------- ================================================================================ python-qpid_messaging-0.30-1.fc20 (FEDORA-2014-14094) Python bindings for the Qpid messaging framework -------------------------------------------------------------------------------- Update Information: Rebased on Qpid 0.30 release. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 6 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.30-1 - Rebased on Qpid 0.30 release. - Changed upstream source tarball to the monolithic Qpid sources. * Mon Aug 18 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.28-4 - Updated requires on virtual Qpid packages. * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.28-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.28-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu Jun 5 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.28-1 - Rebased on Qpid 0.28. -------------------------------------------------------------------------------- ================================================================================ qpid-cpp-0.30-3.fc20 (FEDORA-2014-14127) Libraries for Qpid C++ client applications -------------------------------------------------------------------------------- Update Information: Enabled building the linear store. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 14 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.30-3 - Enabled building the linear store. - Added qpid-cpp-server-linearstore package. - QPID-6150: qpid-qls-analyze tool cannot find Python modules * Wed Oct 8 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.30-2 - Readded the qpid-tools subpackage rather than moving it to a new package. * Thu Oct 2 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.30-1 - Rebased on Qpid 0.30. - Upstream tarball filename changed from qpid-##.#.tar.gz to qpid-cpp-##.#.tar.gz. - qpid-tools moved out to a separate package. - Moved qpid-send and qpid-receive to the qpid-cpp-client-devel package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1159008 - juno qpid: install qpid-cpp-server' returned 1: Error: Package: qpid-cpp-client-0.30-3.fc21.x86_64 https://bugzilla.redhat.com/show_bug.cgi?id=1159008 -------------------------------------------------------------------------------- ================================================================================ stunnel-5.06-1.fc20 (FEDORA-2014-14102) An SSL-encrypting socket wrapper -------------------------------------------------------------------------------- Update Information: New upstream release. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 17 2014 Avesh Agarwal <avagarwa@xxxxxxxxxx> - 5.06-1 - New upstream release 5.06 - Addresses Poodle security issue * Wed Oct 8 2014 Avesh Agarwal <avagarwa@xxxxxxxxxx> - 5.05b5-1 - rhbz #1144393: New upstream beta release - systemd socket activation support -------------------------------------------------------------------------------- ================================================================================ tnftp-20141031-1.fc20 (FEDORA-2014-14113) FTP (File Transfer Protocol) client from NetBSD -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2014-8517 -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 31 2014 David Cantrell <dcantrell@xxxxxxxxxx> - 20141031-1 - Upgrade to tnftp-20141031 to fix CVE-2014-8517 (#1158287) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1158286 - CVE-2014-8517 tnftp: ftp client could be forced to execute arbitrary commands https://bugzilla.redhat.com/show_bug.cgi?id=1158286 -------------------------------------------------------------------------------- ================================================================================ wget-1.16-1.fc20 (FEDORA-2014-14091) A utility for retrieving files using the HTTP or FTP protocols -------------------------------------------------------------------------------- Update Information: Security update -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 31 2014 Tomas Hozza <thozza@xxxxxxxxxx> - 1.16-1 - update to 1.16 - fixes CVE-2014-4877 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1139181 - CVE-2014-4877 wget: FTP symlink arbitrary filesystem access https://bugzilla.redhat.com/show_bug.cgi?id=1139181 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test