The following Fedora 20 Security updates need testing: Age URL 77 https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20 30 https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionpack-4.0.0-5.fc20 28 https://admin.fedoraproject.org/updates/FEDORA-2014-15489/rubygem-sprockets-2.8.2-5.fc20 15 https://admin.fedoraproject.org/updates/FEDORA-2014-16250/cpio-2.11-28.fc20 13 https://admin.fedoraproject.org/updates/FEDORA-2014-16357/pyxdg-0.25-5.fc20 12 https://admin.fedoraproject.org/updates/FEDORA-2014-16459/gpgme-1.3.2-5.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2014-16572/links-2.8-4.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2014-16626/qemu-1.6.2-12.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2014-16494/mutt-1.5.23-4.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2014-16667/sagemath-6.1.1-6.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.2-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-16869/docker-io-1.4.0-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-16854/freetype-2.5.0-7.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-16932/libhtp-0.5.6-2.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-16838/rpm-4.11.3-2.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-16964/mpfr-3.1.2-5.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-17067/denyhosts-2.6-29.fc20.1 1 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-17107/ettercap-0.8.1-2.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-16530/nss-util-3.17.3-1.fc20,nss-3.17.3-2.fc20,nss-softokn-3.17.3-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-17153/httpd-2.4.10-2.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-17219/seamonkey-2.31-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-17222/subversion-1.8.11-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-16349/jasper-1.900.1-27.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-17245/mailx-12.5-11.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-17228/mediawiki-1.23.8-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-17229/php-5.5.20-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-17272/ca-certificates-2014.2.2-1.0.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-17274/mingw-jasper-1.900.1-25.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-17283/kernel-3.17.7-200.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 13 https://admin.fedoraproject.org/updates/FEDORA-2014-16357/pyxdg-0.25-5.fc20 12 https://admin.fedoraproject.org/updates/FEDORA-2014-16459/gpgme-1.3.2-5.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-16810/ppp-2.4.5-35.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-16964/mpfr-3.1.2-5.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-16530/nss-util-3.17.3-1.fc20,nss-3.17.3-2.fc20,nss-softokn-3.17.3-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-17263/dbus-1.6.28-3.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-17287/btrfs-progs-3.17.3-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-17231/hwdata-0.273-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-17272/ca-certificates-2014.2.2-1.0.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-16705/ibus-1.5.9-8.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-16349/jasper-1.900.1-27.fc20 The following builds have been pushed to Fedora 20 updates-testing babel-1.3-7.fc20 btrfs-progs-3.17.3-1.fc20 ca-certificates-2014.2.2-1.0.fc20 dbus-1.6.28-3.fc20 deluge-1.3.11-1.fc20 devilspie2-0.38-2.fc20 digikam-4.6.0-1.fc20 eigen3-3.2.3-1.fc20 fedmsg-notify-0.5.5-1.fc20 gnome-contacts-3.10.2-1.fc20 google-roboto-fonts-1.2-6.fc20 hwdata-0.273-1.fc20 ibus-1.5.9-8.fc20 jasper-1.900.1-27.fc20 kernel-3.17.7-200.fc20 kubernetes-0.7.0-18.0.git52e165a.fc20 mailx-12.5-11.fc20 mate-themes-extras-3.10.4-1.fc20 mediawiki-1.23.8-1.fc20 mingw-eigen3-3.2.3-1.fc20 mingw-jasper-1.900.1-25.fc20 mkvtoolnix-7.4.0-1.fc20 php-5.5.20-2.fc20 python-mutagen-1.27-1.fc20 python-nmap-0.3.4-2.fc20 python-sphinxcontrib-napoleon-0.2.8-2.fc20 zint-2.4.3-9.fc20 Details about builds: ================================================================================ babel-1.3-7.fc20 (FEDORA-2014-17261) Tools for internationalizing Python applications -------------------------------------------------------------------------------- Update Information: * removes the version portion of the egg dependency on pytz as that breaks with newer setuptools. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 17 2014 Toshio Kuratomi <toshio@xxxxxxxxxxxxxxxxx> - 1.3-7 - Remove pytz version requirement in egginfo as it confuses newer setuptools * Mon Jun 30 2014 Toshio Kuratomi <toshio@xxxxxxxxxxxxxxxxx> - 1.3-6 - Change python-setuptools-devel BR into python-setuptools * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Wed May 28 2014 Kalev Lember <kalevlember@xxxxxxxxx> - 1.3-4 - Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 -------------------------------------------------------------------------------- ================================================================================ btrfs-progs-3.17.3-1.fc20 (FEDORA-2014-17287) Userspace programs for btrfs -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 5 2014 Eric Sandeen <sandeen@xxxxxxxxxx> 3.17.3-1 - New upstream release * Fri Nov 21 2014 Eric Sandeen <sandeen@xxxxxxxxxx> 3.17.2-1 - New upstream release -------------------------------------------------------------------------------- ================================================================================ ca-certificates-2014.2.2-1.0.fc20 (FEDORA-2014-17272) The Mozilla CA root certificate bundle -------------------------------------------------------------------------------- Update Information: This is an update to the set of CA certificates released with NSS version 3.17.3 However, the package modifies the CA list to keep several legacy CAs still trusted for compatibility reasons. Please refer to the project URL for details. If you prefer to use the unchanged list provided by Mozilla, and if you accept any compatibility issues it may cause, an administrator may configure the system by executing the "ca-legacy disable" command. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 16 2014 Kai Engert <kaie@xxxxxxxxxx> - 2014.2.2-1.0 - Update to CKBI 2.2 from NSS 3.17.3 with legacy modifications - Update project URL -------------------------------------------------------------------------------- ================================================================================ dbus-1.6.28-3.fc20 (FEDORA-2014-17263) D-BUS message bus -------------------------------------------------------------------------------- Update Information: Several fixes for packaging bugs\r\n\r\n* Relax subpackage dependencies (#1175837)\r\n* Remove obsolete dbus.target.wants (#1084087)\r\n* Use --with-tests to conditionalize test dependencies\r\n* Add some more documentation from the upstream tarball\r\n* Use macroized systemd scriptlets (#850083)\r\n* Correct license description for multiple licenses\r\n* BR systemd-devel\r\n* Adapt to unversioned docdirs; don't ship all docs in main package.\r\n* Fix bogus dates in %changelog and tabs vs spaces warning. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 18 2014 David King <amigadave@xxxxxxxxxxxxx> - 1:1.6.28-3 - Relax subpackage dependencies (#1175837) * Thu Dec 4 2014 David King <amigadave@xxxxxxxxxxxxx> - 1:1.6.28-2 - Remove obsolete dbus.target.wants (#1084087) - Use --with-tests to conditionalize test dependencies - Tighten subpackage dependencies by using %{?_isa} - Add some more documentation from the upstream tarball - Use macroized systemd scriptlets (#850083) - Correct license description for multiple licenses - fix license handling - BR systemd-devel - Adapt to unversioned docdirs; don't ship all docs in main package. - Fix bogus dates in %changelog and tabs vs spaces warning. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1175837 - Cannot update dbus pkgs because of conflicts https://bugzilla.redhat.com/show_bug.cgi?id=1175837 [ 2 ] Bug #1084087 - dbus provides unused files https://bugzilla.redhat.com/show_bug.cgi?id=1084087 [ 3 ] Bug #850083 - Introduce new systemd-rpm macros in dbus spec file https://bugzilla.redhat.com/show_bug.cgi?id=850083 -------------------------------------------------------------------------------- ================================================================================ deluge-1.3.11-1.fc20 (FEDORA-2014-17299) A GTK+ BitTorrent client with support for DHT, UPnP, and PEX -------------------------------------------------------------------------------- Update Information: Update to 1.3.11\r\n\r\nGtkUI\r\n\r\n Fixed ImportError? for users with Twisted < 10\r\n #2698: Fixed column issue when disabling a plugin \r\n\r\nCore\r\n\r\n Fixed cache issue with libtorrent 0.16 on Windows\r\n #2555: Disabled use of SSLv3 protocol for DelugeRPC \r\n\r\nWebUI\r\n\r\n Modify SSL Context to allow >= TLSv1 protocol\r\n #2588: Fixed Size column to show total_wanted instead of total_size \nupdate to 1.3.10 -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 18 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.3.11-1 - update to 1.3.11 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1153456 - deluge-web is vulnerable to POODLE https://bugzilla.redhat.com/show_bug.cgi?id=1153456 -------------------------------------------------------------------------------- ================================================================================ devilspie2-0.38-2.fc20 (FEDORA-2014-17294) A window-matching utility -------------------------------------------------------------------------------- Update Information: Initial release. -------------------------------------------------------------------------------- ================================================================================ digikam-4.6.0-1.fc20 (FEDORA-2014-17291) A digital camera accessing & photo management application -------------------------------------------------------------------------------- Update Information: digiKam 4.6.0 See https://www.digikam.org/node/725 -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 18 2014 Alexey Kurov <nucleo@xxxxxxxxxxxxxxxxx> - 4.6.0-1 - digikam-4.6.0 * Wed Dec 10 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.5.0-3 - rebuild (marble) - drop libjpeg-turbo workarounds (not needed anymore) * Mon Nov 17 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.5.0-2 - fix/workaround FTBFS against newer libjpeg-turbo (kde#340944) -------------------------------------------------------------------------------- ================================================================================ eigen3-3.2.3-1.fc20 (FEDORA-2014-17250) A lightweight C++ template library for vector and matrix math -------------------------------------------------------------------------------- Update Information: Update to release 3.2.3, see http://eigen.tuxfamily.org/index.php?title=ChangeLog#Eigen_3.2.3 for details. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 18 2014 Sandro Mani <manisandro@xxxxxxxxx> - 3.2.3-1 - Update to release 3.2.3 - Drop upstreamed eigen3-ppc64.patch * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.2.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1175149 - eigen3-3.2.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1175149 -------------------------------------------------------------------------------- ================================================================================ fedmsg-notify-0.5.5-1.fc20 (FEDORA-2014-17253) Fedmsg Desktop Notifications -------------------------------------------------------------------------------- Update Information: * Make the topic grid scrollable * Fixed the distro-specific imports * Uses the abrt python API -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 17 2014 Luke Macken <lmacken@xxxxxxxxxx> - 0.5.5-1 - Latest upstream release * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1087076 - Fedmsg-notify height windows is not resizable. https://bugzilla.redhat.com/show_bug.cgi?id=1087076 -------------------------------------------------------------------------------- ================================================================================ gnome-contacts-3.10.2-1.fc20 (FEDORA-2014-17279) Contacts manager for GNOME -------------------------------------------------------------------------------- Update Information: Update to 3.10.2 -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 18 2014 David King <amigadave@xxxxxxxxxxxxx> - 3.10.2-1 - Update to 3.10.2 -------------------------------------------------------------------------------- ================================================================================ google-roboto-fonts-1.2-6.fc20 (FEDORA-2014-17236) Google Roboto fonts -------------------------------------------------------------------------------- Update Information: Update to what is presumably the latest release -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 17 2014 David Tardon <dtardon@xxxxxxxxxx> - 1.2-6 - Resolves: rhbz#1174935 update to what is presumably the latest release of the font * Mon Nov 24 2014 David Tardon <dtardon@xxxxxxxxxx> - 1.2-5 - use just Roboto as the font's name in metainfo * Thu Nov 20 2014 David Tardon <dtardon@xxxxxxxxxx> - 1.2-4 - add AppData files * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1174935 - Roboto Black and Roboto Condensed have bad metadata which results in misrendered web pages (among other things) https://bugzilla.redhat.com/show_bug.cgi?id=1174935 -------------------------------------------------------------------------------- ================================================================================ hwdata-0.273-1.fc20 (FEDORA-2014-17231) Hardware identification and configuration data -------------------------------------------------------------------------------- Update Information: Updated pci, usb and vendor ids. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 18 2014 Michal Minar <miminar@xxxxxxxxxx> 0.273-1 - Updated pci, usb and vendor ids. -------------------------------------------------------------------------------- ================================================================================ ibus-1.5.9-8.fc20 (FEDORA-2014-16705) Intelligent Input Bus for Linux OS -------------------------------------------------------------------------------- Update Information: This fix replaces 'US' with 'EN' icon on ibus panel icon. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 18 2014 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.9-8 - Updated ibus-HEAD.patch to fix #1175595 ibus-x11 freeze * Mon Dec 8 2014 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.9-7 - Added ibus-1136623-lost-by-another-focus.patch to fix #1136623 * Mon Dec 8 2014 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.9-6 - Updated ibus-xx-increase-timeout.patch to fix #1163722 - Updated ibus-HEAD.patch for upstream #1747, #1748, #1753 and gnome #703020, gnome #730628 * Wed Nov 12 2014 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.9-5 - rhbz#1161871 Added BR of python and python3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1163722 - ibus freezes while switching input method https://bugzilla.redhat.com/show_bug.cgi?id=1163722 [ 2 ] Bug #1136623 - The input context is disabled with the popup window https://bugzilla.redhat.com/show_bug.cgi?id=1136623 [ 3 ] Bug #1175595 - [Fedora] using "PreeditType: OverTheSpot" child window input freezes https://bugzilla.redhat.com/show_bug.cgi?id=1175595 -------------------------------------------------------------------------------- ================================================================================ jasper-1.900.1-27.fc20 (FEDORA-2014-16349) Implementation of the JPEG-2000 standard, Part 1 -------------------------------------------------------------------------------- Update Information: Fixes various flaws: CVE-2014-9029, CVE-2014-8138, CVE-2014-8137 -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 18 2014 Jiri Popelka <jpopelka@xxxxxxxxxx> - 1.900.1-27 - CVE-2014-8137 - double-free in jas_iccattrval_destroy() (oCERT-2014-012) (#1175761) - CVE-2014-8138 - heap overflow in jp2_decode() (oCERT-2014-012) (#1175761) * Thu Dec 4 2014 Jiri Popelka <jpopelka@xxxxxxxxxx> - 1.900.1-26 - CVE-2014-9029 - incorrect component number check in COC, RGN and QCC marker segment decoders (#1170650) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1167537 - CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009) https://bugzilla.redhat.com/show_bug.cgi?id=1167537 [ 2 ] Bug #1173157 - CVE-2014-8137 jasper: double-free in in jas_iccattrval_destroy() (oCERT-2014-012) https://bugzilla.redhat.com/show_bug.cgi?id=1173157 [ 3 ] Bug #1173162 - CVE-2014-8138 jasper: heap overflow in jp2_decode() (oCERT-2014-012) https://bugzilla.redhat.com/show_bug.cgi?id=1173162 -------------------------------------------------------------------------------- ================================================================================ kernel-3.17.7-200.fc20 (FEDORA-2014-17283) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 3.17.7 stable update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 16 2014 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - 3.17.7-200 - Linux v3.17.7 * Tue Dec 16 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - CVE-2014-8559 deadlock due to incorrect usage of rename_lock (rhbz 1159313 1173814) - Add patch from Josh Stone to restore var-tracking via Kconfig (rhbz 1126580) * Mon Dec 15 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Fix ppc64 boot with smt-enabled=off (rhbz 1173806) - CVE-2014-8133 x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS (rhbz 1172797 1174374) * Fri Dec 12 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Remove pointless warning in cfg80211 (rhbz 1172543) * Wed Dec 10 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Fix MSI issues on another Samsung pci-e SSD (rhbz 1084928) - Fix UAS crashes with Seagate and Fresco Logic drives (rhbz 1164945) - CVE-2014-8134 fix espfix for 32-bit KVM paravirt guests (rhbz 1172765 1172769) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1159313 - CVE-2014-8559 Kernel: fs: deadlock due to incorrect usage of rename_lock https://bugzilla.redhat.com/show_bug.cgi?id=1159313 [ 2 ] Bug #1172797 - CVE-2014-8133 kernel: x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS https://bugzilla.redhat.com/show_bug.cgi?id=1172797 [ 3 ] Bug #1172765 - CVE-2014-8134 kernel: x86: espfix not working for 32-bit KVM paravirt guests https://bugzilla.redhat.com/show_bug.cgi?id=1172765 -------------------------------------------------------------------------------- ================================================================================ kubernetes-0.7.0-18.0.git52e165a.fc20 (FEDORA-2014-17286) Container cluster management -------------------------------------------------------------------------------- Update Information: Bump to upstream 52e165a4fd720d1703ebc31bd6660e01334227b8 -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 16 2014 Eric Paris <eparis@xxxxxxxxxx> - 0.7.0-18.0.git52e165a - Bump to upstream 52e165a4fd720d1703ebc31bd6660e01334227b8 * Mon Dec 15 2014 Eric Paris <eparis@xxxxxxxxxx> - 0.6-297.0.git5ef34bf - Bump to upstream 5ef34bf52311901b997119cc49eff944c610081b * Wed Dec 3 2014 Eric Paris <eparis@xxxxxxxxxx> - Replace patch to use old googlecode/go.net/ with BuildRequires on golang.org/x/net/ -------------------------------------------------------------------------------- ================================================================================ mailx-12.5-11.fc20 (FEDORA-2014-17245) Enhanced implementation of the mailx command -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2004-2771, CVE-2014-7844 -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 17 2014 jchaloup <jchaloup@xxxxxxxxxx> - 12.5-11 - Security fix for CVE-2004-2771, CVE-2014-7844 resolves: #1174903 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1162783 - CVE-2004-2771 CVE-2014-7844 mailx: command execution flaw https://bugzilla.redhat.com/show_bug.cgi?id=1162783 -------------------------------------------------------------------------------- ================================================================================ mate-themes-extras-3.10.4-1.fc20 (FEDORA-2014-17249) Extra gtk-2/3 themes for gtk based desktops -------------------------------------------------------------------------------- Update Information: - update to 3.10.4 - more improvements for csd applications - improvements for Submarine themes, Smoothly themes, - Zukitwo color themes and GnomishBeige theme -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 17 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 3.10.4-1 - update to 3.10.4 - more improvements for csd applications - improvements for Submarine themes, Smoothly themes, - Zukitwo color themes and GnomishBeige theme -------------------------------------------------------------------------------- ================================================================================ mediawiki-1.23.8-1.fc20 (FEDORA-2014-17228) A wiki engine -------------------------------------------------------------------------------- Update Information: * (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which could lead to xss. Permission to edit MediaWiki namespace is required to exploit this.\r\n* (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as part of its name.\r\n* (bug T74222) The original patch for T74222 was reverted as unnecessary.\r\n -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 18 2014 Michael Cronenworth <mike@xxxxxxxxxx> - 1.23.8-1 - Update to 1.23.8 - (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which could lead to xss. Permission to edit MediaWiki namespace is required to exploit this. - (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as part of its name. - (bug T74222) The original patch for T74222 was reverted as unnecessary. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1175828 - mediawiki: multiple vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=1175828 -------------------------------------------------------------------------------- ================================================================================ mingw-eigen3-3.2.3-1.fc20 (FEDORA-2014-17288) MinGW lightweight C++ template library for vector and matrix math -------------------------------------------------------------------------------- Update Information: Update to release 3.2.3, see http://eigen.tuxfamily.org/index.php?title=ChangeLog#Eigen_3.2.3 for details. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 18 2014 Sandro Mani <manisandro@xxxxxxxxx> - 3.2.3-1 - Update to release 3.2.3 -------------------------------------------------------------------------------- ================================================================================ mingw-jasper-1.900.1-25.fc20 (FEDORA-2014-17274) MinGW Windows Jasper library -------------------------------------------------------------------------------- Update Information: Fixes for CVE-2014-8137 and CVE-2014-8138 -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 18 2014 Michael Cronenworth <mike@xxxxxxxxxx> - 1.900.1-25 - Fixes for CVE-2014-8137 and CVE-2014-8138 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1173157 - CVE-2014-8137 jasper: double-free in in jas_iccattrval_destroy() (oCERT-2014-012) https://bugzilla.redhat.com/show_bug.cgi?id=1173157 [ 2 ] Bug #1173162 - CVE-2014-8138 jasper: heap overflow in jp2_decode() (oCERT-2014-012) https://bugzilla.redhat.com/show_bug.cgi?id=1173162 -------------------------------------------------------------------------------- ================================================================================ mkvtoolnix-7.4.0-1.fc20 (FEDORA-2014-17248) Matroska container manipulation utilities -------------------------------------------------------------------------------- Update Information: Multiple bugfixes and enhancements. Please see upstream changelog (https://www.bunkus.org/videotools/mkvtoolnix/doc/ChangeLog) for more details. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 17 2014 Dominik Mierzejewski <rpm@xxxxxxxxxxxxxx> 7.4.0-1 - update to 7.4.0 - drop obsolete patch (upstream bug #1090) - shorten desktop and icon file installation commands * Thu Dec 4 2014 Dominik Mierzejewski <rpm@xxxxxxxxxxxxxx> 7.3.0-1 - update to 7.3.0 - enable unit tests - use system boost code fragment and pugixml * Thu Oct 2 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 7.2.0-2 - update icon/mime scriptlets * Sun Sep 21 2014 Dominik Mierzejewski <rpm@xxxxxxxxxxxxxx> 7.2.0-1 - update to 7.2.0 * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 7.0.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1157464 - mkvtoolnix-7.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1157464 -------------------------------------------------------------------------------- ================================================================================ php-5.5.20-2.fc20 (FEDORA-2014-17229) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: 18 Dec 2014, PHP 5.5.20\\r\\n\\r\\nCore:\\r\\n* Fixed bug #68091 (Some Zend headers lack appropriate extern "C" blocks). (Adam)\\r\\n* Fixed bug #68185 ("Inconsistent insteadof definition."- incorrectly triggered). (Julien)\\r\\n* Fixed bug #68370 ("unset($this)" can make the program crash). (Laruence)\\r\\n* Fixed bug #68545 (NULL pointer dereference in unserialize.c). (Anatol)\\r\\n* Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142) (Stefan Esser)\\r\\n\\r\\nDate:\\r\\n* Fixed day_of_week function as it could sometimes return negative values internally. (Derick)\\r\\n\\r\\nFPM:\\r\\n* Fixed bug #68381 (fpm_unix_init_main ignores log_level). (David Zuelke, Remi)\\r\\n* Fixed bug #68420 (listen=9000 listens to ipv6 localhost instead of all addresses). (Remi)\\r\\n* Fixed bug #68421 (access.format='%R' doesn't log ipv6 address). (Remi)\\r\\n* Fixed bug #68423 (PHP-FPM will no longer load all pools). (Remi)\\r\\n* Fixed bug #68428 (listen.allowed_clients is IPv4 only). (Remi)\\r\\n* Fixed bug #68452 (php-fpm man page is oudated). (Remi)\\r\\n* Fixed request #68458 (Change pm.start_servers default warning to notice). (David Zuelke, Remi)\\r\\n* Fixed bug #68463 (listen.allowed_clients can silently result in no allowed access). (Remi)\\r\\n* Fixed request #68391 (php-fpm conf files loading order). (Florian Margaine, Remi)\\r\\n* Fixed bug #68478 (access.log don't use prefix). (Remi)\\r\\n\\r\\nMcrypt:\\r\\n* Fixed possible read after end of buffer and use after free. (Dmitry)\\r\\n\\r\\nPDO_pgsql:\\r\\n* Fixed bug #66584 (Segmentation fault on statement deallocation) (Matteo)\\r\\n* Fixed bug #67462 (PDO_PGSQL::beginTransaction() wrongly throws exception when not in transaction) (Matteo)\\r\\n* Fixed bug #68351 (PDO::PARAM_BOOL and ATTR_EMULATE_PREPARES misbehaving) (Matteo)\\r\\n\\r\\nzlib:\\r\\n* Fixed bug #53829 (Compiling PHP with large file support will replace function gzopen by gzopen64) (Sascha Kettler, Matteo)\\r\\n -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 18 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.5.20-2 - Update to 5.5.20 (real) http://www.php.net/releases/5_5_20.php - php-xmlrpc requires php-xml * Wed Dec 10 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.5.20-1 - Update to 5.5.20 http://www.php.net/releases/5_5_20.php -------------------------------------------------------------------------------- References: [ 1 ] Bug #1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize() https://bugzilla.redhat.com/show_bug.cgi?id=1175718 -------------------------------------------------------------------------------- ================================================================================ python-mutagen-1.27-1.fc20 (FEDORA-2014-17254) Mutagen is a Python module to handle audio meta-data -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 15 2014 Michele Baldessari <michele@xxxxxxxxxx> - 1.27-1 - New upstream release - Only use macro style for buildroot * Sun Nov 23 2014 Michele Baldessari <michele@xxxxxxxxxx> - 1.26-1 - Fixed homepage and source URL - Set python2-devel as BR - Fix documentation building and shipping - Fix spelling errors in description * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.20-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ python-nmap-0.3.4-2.fc20 (FEDORA-2014-17230) A python library which helps in using nmap port scanner -------------------------------------------------------------------------------- Update Information: Fix package naming (rhbz#1174115) -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 17 2014 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 0.3.4-2 - Fix package naming (rhbz#1174115) * Wed Aug 6 2014 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 0.3.4-1 - Switch to py3 - Update the URL and the source URL - Update to latest upstream version 0.3.4 * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.3.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1174115 - Package built for python3, should be named python3-nmap! https://bugzilla.redhat.com/show_bug.cgi?id=1174115 -------------------------------------------------------------------------------- ================================================================================ python-sphinxcontrib-napoleon-0.2.8-2.fc20 (FEDORA-2014-17258) Sphinx napoleon extension -------------------------------------------------------------------------------- Update Information: Initial release. -------------------------------------------------------------------------------- ================================================================================ zint-2.4.3-9.fc20 (FEDORA-2014-17260) Barcode generator library -------------------------------------------------------------------------------- Update Information: This update fixes https://bugzilla.redhat.com/show_bug.cgi?id=1174324 -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 18 2014 Martin Gieseking <martin.gieseking@xxxxxx> 2.4.3-9 - Fixed https://bugzilla.redhat.com/show_bug.cgi?id=1174324 * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.4.3-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.4.3-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1174324 - [abrt] zint-qt: __stack_chk_fail_local(): zint-qt killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1174324 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
