The following Fedora 20 Security updates need testing: Age URL 199 https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20 68 https://admin.fedoraproject.org/updates/FEDORA-2014-10451/geary-0.6.3-1.fc20 68 https://admin.fedoraproject.org/updates/FEDORA-2014-10468/icecream-1.0.1-8.20140822git.fc20 52 https://admin.fedoraproject.org/updates/FEDORA-2014-11430/ca-certificates-2014.2.1-1.1.fc20 45 https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20 36 https://admin.fedoraproject.org/updates/FEDORA-2014-12699/facter-1.7.6-1.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2014-14506/oath-toolkit-2.4.1-6.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-14674/drupal7-ckeditor-1.16-2.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-14791/mariadb-galera-5.5.40-2.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-14898/polarssl-1.2.12-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-14883/python-pillow-2.2.1-7.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-15108/mantis-1.2.17-4.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-14963/avr-binutils-2.24-3.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-15102/moodle-2.5.9-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-14833/arm-none-eabi-binutils-cs-2014.05.28-3.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-15130/kwebkitpart-1.3.4-5.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15228/libvirt-1.1.3.8-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15200/kernel-3.17.3-200.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 10 https://admin.fedoraproject.org/updates/FEDORA-2014-14389/colord-1.1.8-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-14728/xkeyboard-config-2.10.1-3.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-14798/device-mapper-persistent-data-0.4.1-2.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-14933/pciutils-3.3.0-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-14964/libtdb-1.3.1-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-14861/libpipeline-1.2.4-3.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-15054/perl-Pod-Usage-1.64-2.fc20,perl-Pod-Checker-1.60-292.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-15046/man-db-2.6.5-6.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-15120/dosfstools-3.0.27-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15165/llvm-3.4-10.fc20 The following builds have been pushed to Fedora 20 updates-testing Zim-0.62-2.fc20 kde-partitionmanager-1.1.0-3.fc20 libvirt-1.1.3.8-1.fc20 mock-1.2.1-1.fc20 php-5.5.19-2.fc20 python-shadowsocks-2.4.3-2.fc20 scummvm-tools-1.7.0-1.fc20 vim-latex-1.8.23-14.20141116.812.gitd0f31c9.fc20 vtun-3.0.3-9.fc20 xscreensaver-5.31-1.fc20 Details about builds: ================================================================================ Zim-0.62-2.fc20 (FEDORA-2014-15222) Desktop wiki & notekeeper -------------------------------------------------------------------------------- Update Information: Backport upstream bzr755 to fix mis-matched gtk and pygtk in Fedora/RHEL -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 16 2014 Robin Lee <cheeselee@xxxxxxxxxxxxxxxxx> - 0.62-2 - Backport upstream bzr755 to fix mis-matched gtk and pygtk in Fedora/RHEL -------------------------------------------------------------------------------- References: [ 1 ] Bug #1046099 - [abrt] Zim: ipc.py:756:call:ValueError: No such object: <RemoteObject: zim.gui.GtkInterface(file:///home/apjena/Dropbox/ZIM)> https://bugzilla.redhat.com/show_bug.cgi?id=1046099 -------------------------------------------------------------------------------- ================================================================================ kde-partitionmanager-1.1.0-3.fc20 (FEDORA-2014-15223) KDE Partition Manager -------------------------------------------------------------------------------- Update Information: Backport upstream patch to fix detection of devices without partition table. -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 16 2014 Mattia Verga <mattia.verga@xxxxxxxxxx> - 1.1.0-3 - Fix detection of devices without partition table * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Thu Jul 10 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.1.0-1 - 1.1.0 release, improve scriptlets/kde4 macro usage, include translations * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.3-14.20130815svn - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1086351 - kde-partitionmanager fails to see any devices after the first one https://bugzilla.redhat.com/show_bug.cgi?id=1086351 -------------------------------------------------------------------------------- ================================================================================ libvirt-1.1.3.8-1.fc20 (FEDORA-2014-15228) Library providing a simple virtualization API -------------------------------------------------------------------------------- Update Information: * Rebased to version 1.1.3.8 * CVE-2014-3633: out-of-bounds read in blockiotune (bz #1160823) * CVE-2014-3657: Potential deadlock in domain_conf (bz #1160824) * CVE-2014-7823: information leak with migratable flag (bz #1160822) -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 15 2014 Cole Robinson <crobinso@xxxxxxxxxx> - 1.1.3.8-1 - Rebased to version 1.1.3.8 - CVE-2014-3633: out-of-bounds read in blockiotune (bz #1160823) - CVE-2014-3657: Potential deadlock in domain_conf (bz #1160824) - CVE-2014-7823: information leak with migratable flag (bz #1160822) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1141131 - CVE-2014-3633 libvirt: qemu: out-of-bounds read access in qemuDomainGetBlockIoTune() due to invalid index https://bugzilla.redhat.com/show_bug.cgi?id=1141131 [ 2 ] Bug #1145667 - CVE-2014-3657 libvirt: domain_conf: domain deadlock DoS https://bugzilla.redhat.com/show_bug.cgi?id=1145667 [ 3 ] Bug #1160817 - CVE-2014-7823 libvirt: dumpxml: information leak with migratable flag https://bugzilla.redhat.com/show_bug.cgi?id=1160817 -------------------------------------------------------------------------------- ================================================================================ mock-1.2.1-1.fc20 (FEDORA-2014-15217) Builds packages inside chroots -------------------------------------------------------------------------------- Update Information: Bump in plugin ABI. New LVM plugin. Nosync for better IO performance. DNF support. Printing more useful output on terminal. Concurrent shell acces to buildroot. Executing package management commands. --enablerepo and --disablerepo options Short circuit options. Automatic initialization. Python 3 support. Experimental support for building using systemd-nspawn. Accept path as config. New compress_logs plugin. And lots of bugfixes. -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 15 2014 Miroslav Suchý <msuchy@xxxxxxxxxx> - 1.2.1-1 - allow mockchain to accept path as config - end yum's installroot path with a slash [RHBZ#1160428] - add --mount option [RHBZ#1162637] - add some missing bash completation strings - run --shell as root with --new-chroot - Don't fail scrub when there's no pool [RHBZ#1162631] - Globbing and tilde expansion - move restoring priviledges to finally [RHBZ#1162720] - Remove "Buildroot must be already initialized" note - Add missing --print-root-path to manpage - Do not print ANSI escape characters into log [RHBZ#1163037] - in site-defaults.cfg initialize dictionary of plugins [RHBZ#1162595] - Disable empty names and values in config_opts[macros] [RHBZ#1160765] - Disable single macros in -D cmd option [RHBZ#1160765] - rpmbuild is in /usr/bin [RHBZ#1161112] - man page for --macro-file [RHBZ#1160326] - Added option [--macro-file] to support external rpm macros file [RHBZ#1160326] - Don't output installation/build output when redirected - Better log message for intial buildroot installation - Be more specific when installing configs - Install into correct sitelib when using Python 3 - Fix nosync on aarch64 - wrap all remaining getcwd() [RHBZ#1159300] - do not use rpm in %post scriptlet [RHBZ#1131279] - Fix unclear legal host output [RHBZ#1159794] - allow running from directory, which is deleted [RHBZ#1159300] - create compress_logs plugin [RHBZ#1100923] - when default.cfg exists create default.cfg.rpmnew [RHBZ#1085308] - accept paths to target definition files [RHBZ#1126117] - set title bar in xterm [RHBZ#1126235] - pass --enablerepo/--disablerepo to yum in the same order as provided to mock [RHBZ#1154604] - Fix incorrect printing of binary strings on py3 - Add missing Requires rpm-python3 - Don't print Yum and build output when quiet - Prevent output being printed twice with --verbose (rhbz#1152971) - Fix printing non-ascii characters with output redirected (rhbz#1152952) - replace urlgrabber by python-requests - use python3 for Fedora22+ - Don't print we're doing rpmbuild -bb, when it may not be true - 'prep' choice missing in short-circuit option parser - Don't execute prebuild in short-circuit mode * Thu Oct 9 2014 Miroslav Suchý <msuchy@xxxxxxxxxx> - 1.2.0-1 - update configs for secondary architecture (Dan Horák) - caching of buildroots using LVM (Michael Simacek) - add support for DNF (Michael Simacek) - initial porting to python3 (Michael Simacek) - new config option nosync (Michael Simacek) - add CentOS extra repository [BZ# 1108402] - correctly create default.cfg on arm [BZ# 1033786] - postpone loading of rpm after chroot is set [BZ# 1111147] - use systemd-nspawn instead of chroot [RHBZ# 1132762] - in --copyout do not fail on symlinks [BZ# 971474] - allow to short circuit to prep phase [BZ# 966985] -------------------------------------------------------------------------------- References: [ 1 ] Bug #1160428 - mock 1.2.0 tries to install f21 packages in f19 chroot https://bugzilla.redhat.com/show_bug.cgi?id=1160428 [ 2 ] Bug #1162637 - Provide --umount counterpart for LVM plugin https://bugzilla.redhat.com/show_bug.cgi?id=1162637 [ 3 ] Bug #1162631 - With LVM plugin enabled, I can't scrub traditional directories https://bugzilla.redhat.com/show_bug.cgi?id=1162631 [ 4 ] Bug #1162720 - --copyout prints confusing errors when the copied file doesn't exist https://bugzilla.redhat.com/show_bug.cgi?id=1162720 [ 5 ] Bug #1163037 - Do not print ANSI escape characters into log https://bugzilla.redhat.com/show_bug.cgi?id=1163037 [ 6 ] Bug #1162595 - lvm_root_opts options in site-defaults.cfg don't work https://bugzilla.redhat.com/show_bug.cgi?id=1162595 [ 7 ] Bug #1160765 - empty and single values for rpm macros in mock cfg file and cmd option https://bugzilla.redhat.com/show_bug.cgi?id=1160765 [ 8 ] Bug #1161112 - pre-UsrMove profiles stopped working after update of mock https://bugzilla.redhat.com/show_bug.cgi?id=1161112 [ 9 ] Bug #1160326 - mock new command line option --macro-file for defining rpm macros file https://bugzilla.redhat.com/show_bug.cgi?id=1160326 [ 10 ] Bug #1159300 - running mock from chroot path directory produces "error retrieving current directory: getcwd" https://bugzilla.redhat.com/show_bug.cgi?id=1159300 [ 11 ] Bug #1131279 - mock package has a questionable scriptlet, leading to errors about rpm db version mismatch https://bugzilla.redhat.com/show_bug.cgi?id=1131279 [ 12 ] Bug #1159794 - invalid legal_host_arches option can cause unclear output https://bugzilla.redhat.com/show_bug.cgi?id=1159794 [ 13 ] Bug #1100923 - RFE: compress mock build logs when done building https://bugzilla.redhat.com/show_bug.cgi?id=1100923 [ 14 ] Bug #1085308 - mock: User configuration is lost during update https://bugzilla.redhat.com/show_bug.cgi?id=1085308 [ 15 ] Bug #1126117 - Mock should accept paths to target definition files https://bugzilla.redhat.com/show_bug.cgi?id=1126117 [ 16 ] Bug #1126235 - PROMPT_COMMAND does not include required escape codes https://bugzilla.redhat.com/show_bug.cgi?id=1126235 [ 17 ] Bug #1154604 - mock: enablerepo doesn't work if used after disablerepo https://bugzilla.redhat.com/show_bug.cgi?id=1154604 [ 18 ] Bug #1152971 - Verbose mode is repeating lines https://bugzilla.redhat.com/show_bug.cgi?id=1152971 [ 19 ] Bug #1152952 - [mock] UnicodeEncodeError: 'ascii' codec can't encode characters in position 6-7: ordinal not in range(128) https://bugzilla.redhat.com/show_bug.cgi?id=1152952 -------------------------------------------------------------------------------- ================================================================================ php-5.5.19-2.fc20 (FEDORA-2014-15061) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: 13 Nov 2014, PHP 5.5.19 Core: * Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in php_getopt()). (Stas) * Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined). (Nikita) * Fixed bug #68129 (parse_url() - incomplete support for empty usernames and passwords) (Tjerk) * Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy). (Dmitry) Fileinfo: * Fixed bug #66242 (libmagic: don't assume char is signed). (ArdB) * Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710) (Remi) FPM: * Implemented FR #55508 (listen and listen.allowed_clients should take IPv6 addresses). (Robin Gloster) GD: * Fixed bug #65171 (imagescale() fails without height param). (Remi) GMP: * Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP). (Remi) Mysqli: * Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support) (Keyur Govande) ODBC: * Fixed bug #68087 (ODBC not correctly reading DATE column when preceded by a VARCHAR column) (Keyur Govande) SPL: * Fixed bug #68128 (Regression in RecursiveRegexIterator) (Tjerk) CURL: * Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and CURL_SSLVERSION_TLSv1_2 constants if supported by libcurl (Rasmus) Backported from 5.5.20 FPM: * Fixed bug #68420 (listen=9000 listens to ipv6 localhost instead of all addresses). (Remi) * Fixed bug #68421 (access.format='%R' doesn't log ipv6 address). (Remi) * Fixed bug #68423 (PHP-FPM will no longer load all pools). (Remi) -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 16 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.5.19-2 - FPM: add upstream patch for https://bugs.php.net/68421 access.format=R doesn't log ipv6 address - FPM: add upstream patch for https://bugs.php.net/68420 listen=9000 listens to ipv6 localhost instead of all addresses - FPM: add upstream patch for https://bugs.php.net/68423 will no longer load all pools * Thu Nov 13 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.5.19-1 - Update to 5.5.19 http://www.php.net/releases/5_5_19.php - new version of systzdata patch, fix case sensitivity -------------------------------------------------------------------------------- ================================================================================ python-shadowsocks-2.4.3-2.fc20 (FEDORA-2014-15243) A fast tunnel proxy that help you get through firewalls -------------------------------------------------------------------------------- Update Information: Upstream release with python3 support -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 16 2014 Robin Lee <cheeselee@xxxxxxxxxxxxxxxxx> - 2.4.3-2 - Build a subpackage for python3 * Sun Nov 16 2014 Robin Lee <cheeselee@xxxxxxxxxxxxxxxxx> - 2.4.3-1 - Update to 2.4.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1143001 - python-shadowsocks-2.4.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1143001 -------------------------------------------------------------------------------- ================================================================================ scummvm-tools-1.7.0-1.fc20 (FEDORA-2014-15218) Tools for scummVM / S.C.U.M.M scripting language -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 12 2014 Christian Krause <chkr@xxxxxxxxxxxxxxxxx> - 1.7.0-1 - new upstream release -------------------------------------------------------------------------------- ================================================================================ vim-latex-1.8.23-14.20141116.812.gitd0f31c9.fc20 (FEDORA-2014-15241) Tools to view, edit and compile LaTeX documents in Vim -------------------------------------------------------------------------------- Update Information: New upstream release with several bug fixes and appdata support. -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 16 2014 Till Maas <opensource@xxxxxxxxx> - 1.8.23-14.20141116.812.gitd0f31c9 - Update to new release * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.8.23-13.20130116.788.git2ef9956 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1128816 - Add Addon metadata for GNOME Software to vim-latex https://bugzilla.redhat.com/show_bug.cgi?id=1128816 [ 2 ] Bug #1163518 - LaTeX-suite clobbers the "a" macro https://bugzilla.redhat.com/show_bug.cgi?id=1163518 -------------------------------------------------------------------------------- ================================================================================ vtun-3.0.3-9.fc20 (FEDORA-2014-15231) Virtual tunnel over TCP/IP networks -------------------------------------------------------------------------------- Update Information: added /etc/sysconfig/vtun environment file; updated unit files -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 14 2014 Gabriel Somlo <somlo at cmu.edu> 3.0.3-9 - added /etc/sysconfig/vtun environment file - updated unit files * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.0.3-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.0.3-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ xscreensaver-5.31-1.fc20 (FEDORA-2014-15229) X screen saver and locker -------------------------------------------------------------------------------- Update Information: New version 5.31 is released. -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 16 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1:5.31-1 - Update to 5.31 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
