The following Fedora 20 Security updates need testing: Age URL 79 https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20 32 https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionpack-4.0.0-5.fc20 31 https://admin.fedoraproject.org/updates/FEDORA-2014-15489/rubygem-sprockets-2.8.2-5.fc20 17 https://admin.fedoraproject.org/updates/FEDORA-2014-16250/cpio-2.11-28.fc20 16 https://admin.fedoraproject.org/updates/FEDORA-2014-16357/pyxdg-0.25-5.fc20 14 https://admin.fedoraproject.org/updates/FEDORA-2014-16459/gpgme-1.3.2-5.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2014-16572/links-2.8-4.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2014-16626/qemu-1.6.2-12.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2014-16494/mutt-1.5.23-4.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.2-1.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2014-16869/docker-io-1.4.0-1.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2014-16854/freetype-2.5.0-7.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2014-16932/libhtp-0.5.6-2.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2014-16838/rpm-4.11.3-2.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-16964/mpfr-3.1.2-5.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-17067/denyhosts-2.6-29.fc20.1 3 https://admin.fedoraproject.org/updates/FEDORA-2014-17107/ettercap-0.8.1-2.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-16530/nss-util-3.17.3-1.fc20,nss-3.17.3-2.fc20,nss-softokn-3.17.3-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-17153/httpd-2.4.10-2.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-17219/seamonkey-2.31-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-17222/subversion-1.8.11-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-16349/jasper-1.900.1-27.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-17245/mailx-12.5-11.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-17228/mediawiki-1.23.8-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-17229/php-5.5.20-2.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-17272/ca-certificates-2014.2.2-1.0.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-17274/mingw-jasper-1.900.1-25.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-17303/libssh-0.6.4-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-17415/thermostat-1.0.6-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-17461/roundcubemail-1.0.4-2.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 8 https://admin.fedoraproject.org/updates/FEDORA-2014-16810/ppp-2.4.5-35.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-16530/nss-util-3.17.3-1.fc20,nss-3.17.3-2.fc20,nss-softokn-3.17.3-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-17287/btrfs-progs-3.17.3-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-16705/ibus-1.5.9-8.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-16349/jasper-1.900.1-27.fc20 The following builds have been pushed to Fedora 20 updates-testing 4Pane-3.0-5.fc20 aeskulap-0.2.2-0.20beta1.fc20 dcmtk-3.6.1-1.fc20 git-review-1.24-3.fc20 mdds-0.11.2-1.fc20 musique-1.4-1.fc20 nemo-2.4.4-2.fc20 orthanc-0.8.5-2.fc20 owncloud-7.0.4-2.fc20 php-google-apiclient-1.0.6-0.3.beta.fc20 phpMyAdmin-4.3.3-1.fc20 python-tilestache-1.49.11-3.fc20 roundcubemail-1.0.4-2.fc20 rubygem-domain_name-0.5.23-1.fc20 scidavis-1.D8-6.fc20 subsurface-4.3-1.fc20 waffle-1.5.0-1.fc20 Details about builds: ================================================================================ 4Pane-3.0-5.fc20 (FEDORA-2014-17438) Multi-pane, detailed-list file manager -------------------------------------------------------------------------------- Update Information: Include man page -------------------------------------------------------------------------------- ChangeLog: * Sun Dec 21 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 3.0-5 - Add man page, appdata (on F-21+) -------------------------------------------------------------------------------- ================================================================================ aeskulap-0.2.2-0.20beta1.fc20 (FEDORA-2014-17089) A full open source replacement for commercially available DICOM viewers -------------------------------------------------------------------------------- Update Information: This upgrade to latest upstream snapshot fixes a setuid vulnerability. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 16 2014 Mario Ceresa <mrceresa AT fedoraproject DOT org> - 0.2.2-0.20beta1 - Bump up for dcmtk rebuild * Fri Aug 15 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.2.2-0.19beta1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.2.2-0.18beta1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1104041 - CVE-2013-6825 dcmtk: possible privilege escalation if setuid() fails [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1104041 -------------------------------------------------------------------------------- ================================================================================ dcmtk-3.6.1-1.fc20 (FEDORA-2014-17089) Offis DICOM Toolkit (DCMTK) -------------------------------------------------------------------------------- Update Information: This upgrade to latest upstream snapshot fixes a setuid vulnerability. -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 15 2014 Mario Ceresa <mrceresa AT fedoraproject DOT org> - 3.6.1-1 - Upgraded to new upstream version. - Various fixes to the specfile - Fixes CVE-2013-6825 dcmtk: possible privilege escalation if setuid() fails * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.6.0-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.6.0-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1104041 - CVE-2013-6825 dcmtk: possible privilege escalation if setuid() fails [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1104041 -------------------------------------------------------------------------------- ================================================================================ git-review-1.24-3.fc20 (FEDORA-2014-17459) A Git helper for integration with Gerrit -------------------------------------------------------------------------------- Update Information: This update corrects an unreadable manpage. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 11 2014 Pete Zaitcev <zaitcev@xxxxxxxxxx> - 1.24-3 - Fix up the man page (#1170410) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1170410 - git-review's man page needs help https://bugzilla.redhat.com/show_bug.cgi?id=1170410 -------------------------------------------------------------------------------- ================================================================================ mdds-0.11.2-1.fc20 (FEDORA-2014-17447) A collection of multi-dimensional data structures and indexing algorithms -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- ChangeLog: * Sun Dec 21 2014 David Tardon <dtardon@xxxxxxxxxx> - 0.11.2-1 - new upstream release -------------------------------------------------------------------------------- ================================================================================ musique-1.4-1.fc20 (FEDORA-2014-17446) A music player designed by and for people that love music -------------------------------------------------------------------------------- Update Information: Updated to new upstream version 1.4 -------------------------------------------------------------------------------- ChangeLog: * Sat Dec 20 2014 Germán A. Racca <skytux@xxxxxxxxxxxxxxxxx> - 1.4-1 - Updated to new upstream version 1.4 - Re-created patch to use system qtsingleapplication * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Wed Aug 13 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.3-3 - rebuild (qt/phonon) * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ nemo-2.4.4-2.fc20 (FEDORA-2014-17434) File manager for Cinnamon -------------------------------------------------------------------------------- Update Information: - add patch to fix nemo desktop font colour\r\n- raise thunbnail file size limit -------------------------------------------------------------------------------- ChangeLog: * Sun Dec 21 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.4.4-2 - add patch to fix nemo desktop font colour - raise thunbnail file size limit -------------------------------------------------------------------------------- References: [ 1 ] Bug #1176370 - "Adwaita" default gtk-theme results in incorrect title bar and desktop icon text colors https://bugzilla.redhat.com/show_bug.cgi?id=1176370 -------------------------------------------------------------------------------- ================================================================================ orthanc-0.8.5-2.fc20 (FEDORA-2014-17089) RESTful DICOM server for healthcare and medical research -------------------------------------------------------------------------------- Update Information: This upgrade to latest upstream snapshot fixes a setuid vulnerability. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 16 2014 Mario Ceresa <mrceresa@xxxxxxxxx> 0.8.5-2 - Rebuild for dcmtk update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1104041 - CVE-2013-6825 dcmtk: possible privilege escalation if setuid() fails [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1104041 -------------------------------------------------------------------------------- ================================================================================ owncloud-7.0.4-2.fc20 (FEDORA-2014-17441) Private file sync and share server -------------------------------------------------------------------------------- Update Information: This update backports ownCloud support for v1.x of the Google API PHP library (plus some associated bug fixes) from upstream (it will be a part of the 8.x upstream release series), and drops ownCloud's bundled copy of the 0.6 version of the library. The update to the library package itself is a minor one which simply provides a new dependency according to the packaging guidelines.\r\n\r\nThe 0.6 version of the library is deprecated and has been for some time, and bundling is to be avoided when possible. There are many bug fixes in v1.x of the library compared to 0.6, and combined with the bug fixes to ownCloud's integration code, this update should substantially improve the experience of using Google Drive as an external storage provider with the Fedora ownCloud packages. -------------------------------------------------------------------------------- ChangeLog: * Sat Dec 20 2014 Adam Williamson <awilliam@xxxxxxxxxx> - 7.0.4-2 - backport upstream support for google PHP lib 1.x and unbundle it * Tue Dec 9 2014 Adam Williamson <awilliam@xxxxxxxxxx> - 7.0.4-1 - new release 7.0.4 -------------------------------------------------------------------------------- ================================================================================ php-google-apiclient-1.0.6-0.3.beta.fc20 (FEDORA-2014-17441) Client library for Google APIs -------------------------------------------------------------------------------- Update Information: This update backports ownCloud support for v1.x of the Google API PHP library (plus some associated bug fixes) from upstream (it will be a part of the 8.x upstream release series), and drops ownCloud's bundled copy of the 0.6 version of the library. The update to the library package itself is a minor one which simply provides a new dependency according to the packaging guidelines.\r\n\r\nThe 0.6 version of the library is deprecated and has been for some time, and bundling is to be avoided when possible. There are many bug fixes in v1.x of the library compared to 0.6, and combined with the bug fixes to ownCloud's integration code, this update should substantially improve the experience of using Google Drive as an external storage provider with the Fedora ownCloud packages. -------------------------------------------------------------------------------- ChangeLog: * Sat Dec 20 2014 Adam Williamson <awilliam@xxxxxxxxxx> - 1.0.6-0.3.beta - use new ASL 2.0 directory - add Packagist/Composer provide * Fri Nov 7 2014 Adam Williamson <awilliam@xxxxxxxxxx> - 1.0.6-0.2.beta - apply CA trust store path substitution to Curl as well as Stream * Fri Nov 7 2014 Adam Williamson <awilliam@xxxxxxxxxx> - 1.0.6-0.1.beta - new upstream release 1.0.6-beta * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.3-0.3.beta - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ phpMyAdmin-4.3.3-1.fc20 (FEDORA-2014-17440) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information: phpMyAdmin 4.3.3.0 (2014-12-21)\r\n===============================\r\n\r\n - The "Recently used tables" setting should be with Nav panel\r\n - Can't disable Favorites\r\n - Version Check Broken\r\n - AJAX request infinite loop\r\n - Attributes field size smaller than others\r\n - Cannot remove table ordering on a Mac\r\n - Fix initial replication configuration\r\n - Undefined index central_columnswork\r\n - Don't have default blowfish_secret\r\n - Some error popups fade away too quickly\r\n - Consistency in borders\r\n - $cfg['Error_Handler']['display'] no longer necessary\r\n - Leading and trailing whitespace in column name -------------------------------------------------------------------------------- ChangeLog: * Sun Dec 21 2014 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 4.3.3-1 - Upgrade to 4.3.3 * Fri Dec 12 2014 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 4.3.2-1 - Upgrade to 4.3.2 * Thu Dec 11 2014 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 4.3.1-2 - Use %{pkgname} rather %{name} in %post scriptlet (#1173189) -------------------------------------------------------------------------------- ================================================================================ python-tilestache-1.49.11-3.fc20 (FEDORA-2014-17433) A stylish alternative for caching your map tiles -------------------------------------------------------------------------------- Update Information: New package python-tilestache -------------------------------------------------------------------------------- References: [ 1 ] Bug #1147356 - Review Request: python-tilestache - A stylish alternative for caching your map tiles https://bugzilla.redhat.com/show_bug.cgi?id=1147356 -------------------------------------------------------------------------------- ================================================================================ roundcubemail-1.0.4-2.fc20 (FEDORA-2014-17461) Round Cube Webmail is a browser-based multilingual IMAP client -------------------------------------------------------------------------------- Update Information: This update provides Roundcube 1.0.4. This is a stable security update: the security fix is described by upstream as "Fix possible CSRF attacks to some address book operations as well as to the ACL and Managesieve plugins." More details on the update are available at http://roundcube.net/news/2014/12/18/update-1.0.4-released/ . The update should apply without any special handling by the system administrator. -------------------------------------------------------------------------------- ChangeLog: * Sat Dec 20 2014 Adam Williamson <awilliam@xxxxxxxxxx> - 1.0.4-2 - drop tinymce bbcode plugin for safety (CVE-2012-4230) * Sat Dec 20 2014 Adam Williamson <awilliam@xxxxxxxxxx> - 1.0.4-1 - new release 1.0.4 (security update) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1091438 - CVE-2012-4230 tinymce: XSS attacks via security policy bypass https://bugzilla.redhat.com/show_bug.cgi?id=1091438 -------------------------------------------------------------------------------- ================================================================================ rubygem-domain_name-0.5.23-1.fc20 (FEDORA-2014-17464) Domain Name manipulation library for Ruby -------------------------------------------------------------------------------- Update Information: New version 0.5.23 is released. -------------------------------------------------------------------------------- ChangeLog: * Sun Dec 21 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 0.5.23-1 - 0.5.23 -------------------------------------------------------------------------------- ================================================================================ scidavis-1.D8-6.fc20 (FEDORA-2014-17460) Application for Scientific Data Analysis and Visualization -------------------------------------------------------------------------------- Update Information: Add scidavis to Fedora, added find_lang macro missing in release 5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1127636 - Review Request: scidavis - Application for Scientific Data Analysis and Visualization https://bugzilla.redhat.com/show_bug.cgi?id=1127636 -------------------------------------------------------------------------------- ================================================================================ subsurface-4.3-1.fc20 (FEDORA-2014-17437) A feature-full divelog in Qt -------------------------------------------------------------------------------- Update Information: Updates subsurface to 4.3 -------------------------------------------------------------------------------- ChangeLog: * Sat Dec 20 2014 Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> - 4.3 - Update to 4.3 -------------------------------------------------------------------------------- ================================================================================ waffle-1.5.0-1.fc20 (FEDORA-2014-17451) Platform independent GL API layer -------------------------------------------------------------------------------- Update Information: 1.5.0 release -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 16 2014 Dave Airlie <airlied@xxxxxxxxxx> 1.5.0-1 - 1.5.0 release -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
