The following Fedora 20 Security updates need testing: Age URL 83 https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20 35 https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionpack-4.0.0-5.fc20 34 https://admin.fedoraproject.org/updates/FEDORA-2014-15489/rubygem-sprockets-2.8.2-5.fc20 20 https://admin.fedoraproject.org/updates/FEDORA-2014-16250/cpio-2.11-28.fc20 19 https://admin.fedoraproject.org/updates/FEDORA-2014-16357/pyxdg-0.25-5.fc20 18 https://admin.fedoraproject.org/updates/FEDORA-2014-16459/gpgme-1.3.2-5.fc20 13 https://admin.fedoraproject.org/updates/FEDORA-2014-16572/links-2.8-4.fc20 13 https://admin.fedoraproject.org/updates/FEDORA-2014-16494/mutt-1.5.23-4.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.2-1.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2014-16869/docker-io-1.4.0-1.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2014-16854/freetype-2.5.0-7.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2014-16932/libhtp-0.5.6-2.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2014-16838/rpm-4.11.3-2.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2014-16964/mpfr-3.1.2-5.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2014-17067/denyhosts-2.6-29.fc20.1 6 https://admin.fedoraproject.org/updates/FEDORA-2014-17107/ettercap-0.8.1-2.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-16530/nss-util-3.17.3-1.fc20,nss-3.17.3-2.fc20,nss-softokn-3.17.3-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-17153/httpd-2.4.10-2.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-17219/seamonkey-2.31-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-17222/subversion-1.8.11-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-16349/jasper-1.900.1-27.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-17245/mailx-12.5-11.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-17228/mediawiki-1.23.8-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-17229/php-5.5.20-2.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-17272/ca-certificates-2014.2.2-1.0.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-17274/mingw-jasper-1.900.1-25.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-17303/libssh-0.6.4-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-17415/thermostat-1.0.6-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-17461/roundcubemail-1.0.4-2.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-17520/glpi-0.84.8-3.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-17596/mingw-curl-7.39.0-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-17587/mingw-openssl-1.0.1j-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-17570/mingw-dbus-1.6.28-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-17573/mingw-libxml2-2.9.2-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-17603/mingw-binutils-2.24-5.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-17580/mingw-freetype-2.5.4-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-17559/mapserver-6.2.2-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-17561/mingw-libjpeg-turbo-1.3.1-4.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 11 https://admin.fedoraproject.org/updates/FEDORA-2014-16810/ppp-2.4.5-35.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-16530/nss-util-3.17.3-1.fc20,nss-3.17.3-2.fc20,nss-softokn-3.17.3-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-17287/btrfs-progs-3.17.3-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-16705/ibus-1.5.9-8.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-16349/jasper-1.900.1-27.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-17495/pulseaudio-5.0-25.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-17528/xorg-x11-drv-synaptics-1.7.7-1.fc20 The following builds have been pushed to Fedora 20 updates-testing bluedevil-2.1-1.fc20 calligra-2.8.7-3.fc20 dnf-langpacks-0.6.0-1.fc20 drupal7-google_analytics-2.1-1.fc20 drupal7-webform-4.2-1.fc20 flannel-0.2.0-1.fc20 fprobe-ulog-1.2-1.fc20 golang-github-abbot-go-http-auth-0-0.1.gitc0ef453.fc20 golang-github-ghodss-yaml-0-0.2.git4fb5c72.fc20 golang-github-jonboulle-clockwork-0-0.1.git3f831b6.fc20 golang-github-spf13-cobra-0-0.5.gite1e66f7.fc20 google-roboto-fonts-1.2-8.fc20 jpegoptim-1.4.2-1.fc20 libbluedevil-2.1-1.fc20 mapserver-6.2.2-1.fc20 mingw-binutils-2.24-5.fc20 mingw-crt-3.3.0-1.fc20 mingw-curl-7.39.0-1.fc20 mingw-dbus-1.6.28-1.fc20 mingw-freetype-2.5.4-1.fc20 mingw-gcc-4.8.4-1.fc20 mingw-headers-3.3.0-1.fc20 mingw-libjpeg-turbo-1.3.1-4.fc20 mingw-libxml2-2.9.2-1.fc20 mingw-openssl-1.0.1j-1.fc20 mingw-winpthreads-3.3.0-1.fc20 nodejs-browser-request-0.3.3-1.fc20 nodejs-crc32-stream-0.3.1-1.fc20 nodejs-dtree-0.0.7-1.fc20 nodejs-end-of-stream-1.1.0-1.fc20 nodejs-hash_file-0.1.1-1.fc20 nodejs-minstache-1.2.0-1.fc20 phoronix-test-suite-5.4.1-1.fc20 sqlitebrowser-3.4.0-1.fc20 virtme-0.0.2-1.fc20 vtun-3.0.3-11.fc20 Details about builds: ================================================================================ bluedevil-2.1-1.fc20 (FEDORA-2014-16998) Bluetooth stack for KDE -------------------------------------------------------------------------------- Update Information: New Bluedevil 2.1 stable release, see also: http://davidrosca.blogspot.com/2014/12/bluedevil-21-released.html -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 23 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.1-1 - 2.1 * Sun Dec 14 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.0.0-2 - pull in upstream fix for systray icon visibility when offline (kde#341768) * Sat Dec 13 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.0.0-1 - 2.0 * Fri Aug 15 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.0.0-0.15.36f0438agit20140630 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Tue Aug 12 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.0.0-0.14.36f0438agit20140630 - update mime scriptlet -------------------------------------------------------------------------------- ================================================================================ calligra-2.8.7-3.fc20 (FEDORA-2014-17551) An integrated office suite -------------------------------------------------------------------------------- Update Information: Make calligra installable without pulling in calligra-kexi unconditionally. -------------------------------------------------------------------------------- ChangeLog: * Sun Dec 21 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.8.7-3 - move libcalligradb to -libs, likoreport now depends on it (#1176398) * Wed Dec 10 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.8.7-2 - rebuild (marble) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1176398 - calligra-libs requires Kexi https://bugzilla.redhat.com/show_bug.cgi?id=1176398 -------------------------------------------------------------------------------- ================================================================================ dnf-langpacks-0.6.0-1.fc20 (FEDORA-2014-17578) Langpacks plugin for dnf -------------------------------------------------------------------------------- Update Information: update to 0.6.0 release -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 23 2014 Parag Nemade <pnemade AT redhat DOT com> - 0.6.0-1 - update to 0.6.0 release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1151849 - Output is not clear, unicode warning for some languages. https://bugzilla.redhat.com/show_bug.cgi?id=1151849 [ 2 ] Bug #1151850 - [dnf langinstall] Message for already installed language can be more informative https://bugzilla.redhat.com/show_bug.cgi?id=1151850 -------------------------------------------------------------------------------- ================================================================================ drupal7-google_analytics-2.1-1.fc20 (FEDORA-2014-17575) Adds the Google Analytics web statistics tracking system to your website -------------------------------------------------------------------------------- Update Information: - Updated to 2.1 (BZ #1173033; release notes https://www.drupal.org/node/2384245) -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 24 2014 Peter Borsa <peter.borsa@xxxxxxxxx> - 2.1-1 - Updated to 2.1 (BZ #1173033; release notes https://www.drupal.org/node/2384245) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1173033 - drupal7-google_analytics-2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1173033 -------------------------------------------------------------------------------- ================================================================================ drupal7-webform-4.2-1.fc20 (FEDORA-2014-17579) Webform is the module for making surveys in Drupal -------------------------------------------------------------------------------- Update Information: - Update to 4.2\r\n- Release notes can be found at https://www.drupal.org/node/2381793 -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 23 2014 Peter Borsa <peter.borsa@xxxxxxxxx> 4.2-1 - Update to 4.2 - Release notes can be found at https://www.drupal.org/node/2381793 * Tue Nov 25 2014 Peter Borsa <peter.borsa@xxxxxxxxx> 4.1-1 - Update to 4.1 - Release notes can be found at https://www.drupal.org/node/2351973 * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.0-0.3.beta3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1150458 - drupal7-webform-4.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1150458 -------------------------------------------------------------------------------- ================================================================================ flannel-0.2.0-1.fc20 (FEDORA-2014-17612) Etcd address management agent for overlay networks -------------------------------------------------------------------------------- Update Information: update to upstream v0.2.0 -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 23 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 0.2.0-1 - update to upstream v0.2.0 - append FLANNEL_OPTIONS variable to unitfile command - systemd-units merged into systemd for fedora18+ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1176844 - add ${FLANNEL_OPTIONS} to flanneld.service unitfile https://bugzilla.redhat.com/show_bug.cgi?id=1176844 -------------------------------------------------------------------------------- ================================================================================ fprobe-ulog-1.2-1.fc20 (FEDORA-2014-17594) NetFlow probe -------------------------------------------------------------------------------- Update Information: Update to 1.2 - Uses libnetfilter_log_libipulog compatibility library to work with NFLOG iptables target. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 23 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 1.2-1 - Update to 1.2 (fixes bug #1172032) * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ golang-github-abbot-go-http-auth-0-0.1.gitc0ef453.fc20 (FEDORA-2014-17600) Basic and Digest HTTP Authentication for golang http -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1175673 - Review Request: golang-github-abbot-go-http-auth - Basic and Digest HTTP Authentication for golang http https://bugzilla.redhat.com/show_bug.cgi?id=1175673 -------------------------------------------------------------------------------- ================================================================================ golang-github-ghodss-yaml-0-0.2.git4fb5c72.fc20 (FEDORA-2014-17583) A better way to marshal and unmarshal YAML in Golang -------------------------------------------------------------------------------- Update Information: Bump to 4fb5c728a37b361a1e971a3bb3d785fcc96b6ef5 -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 24 2014 jchaloup <jchaloup@xxxxxxxxxx> - 0-0.2.git92ff9d3 - Bump to 4fb5c728a37b361a1e971a3bb3d785fcc96b6ef5 related: #1172603 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1172603 - Review Request: golang-github-ghodss-yaml - A better way to marshal and unmarshal YAML in Golang https://bugzilla.redhat.com/show_bug.cgi?id=1172603 -------------------------------------------------------------------------------- ================================================================================ golang-github-jonboulle-clockwork-0-0.1.git3f831b6.fc20 (FEDORA-2014-17591) A fake clock for golang -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1175771 - Review Request: golang-github-jonboulle-clockwork - A fake clock for golang https://bugzilla.redhat.com/show_bug.cgi?id=1175771 -------------------------------------------------------------------------------- ================================================================================ golang-github-spf13-cobra-0-0.5.gite1e66f7.fc20 (FEDORA-2014-17615) A Commander for modern go CLI interactions -------------------------------------------------------------------------------- Update Information: Bump to e1e66f7b4e667751cf530ddb6e72b79d6eeb0235 -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 24 2014 jchaloup <jchaloup@xxxxxxxxxx> - 0-0.5.gitb1e90a7 - Bump to e1e66f7b4e667751cf530ddb6e72b79d6eeb0235 related: #1085881 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1085881 - Review Request: golang-github-spf13-cobra - A Commander for modern go CLI interactions https://bugzilla.redhat.com/show_bug.cgi?id=1085881 -------------------------------------------------------------------------------- ================================================================================ google-roboto-fonts-1.2-8.fc20 (FEDORA-2014-17605) Google Roboto fonts -------------------------------------------------------------------------------- Update Information: Fix placement of fontconfig .conf files.\nUpdate to what is presumably the latest release -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 23 2014 David Tardon <dtardon@xxxxxxxxxx> - 1.2-8 - revert the previous "update" - Resolves: rhbz#1174935 fix font metadata * Tue Dec 23 2014 David Tardon <dtardon@xxxxxxxxxx> - 1.2-7 - drop obsolete requires * Wed Dec 17 2014 David Tardon <dtardon@xxxxxxxxxx> - 1.2-6 - Resolves: rhbz#1174935 update to what is presumably the latest release of the font * Mon Nov 24 2014 David Tardon <dtardon@xxxxxxxxxx> - 1.2-5 - use just Roboto as the font's name in metainfo * Thu Nov 20 2014 David Tardon <dtardon@xxxxxxxxxx> - 1.2-4 - add AppData files * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1174935 - Roboto Black and Roboto Condensed have bad metadata which results in misrendered web pages (among other things) https://bugzilla.redhat.com/show_bug.cgi?id=1174935 -------------------------------------------------------------------------------- ================================================================================ jpegoptim-1.4.2-1.fc20 (FEDORA-2014-17608) Utility to optimize JPEG files -------------------------------------------------------------------------------- Update Information: Update to version 1.4.2 -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 23 2014 Denis Fateyev <denis@xxxxxxxxxxx> - 1.4.2-1 - Update to version 1.4.2 * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1176901 - jpegoptim-1.4.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1176901 -------------------------------------------------------------------------------- ================================================================================ libbluedevil-2.1-1.fc20 (FEDORA-2014-16998) A Qt wrapper for bluez -------------------------------------------------------------------------------- Update Information: New Bluedevil 2.1 stable release, see also: http://davidrosca.blogspot.com/2014/12/bluedevil-21-released.html -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 23 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.1-1 - 2.1 * Sat Dec 13 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.0-1 - 2.0 * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.0-0.10.rc1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ mapserver-6.2.2-1.fc20 (FEDORA-2014-17559) Environment for building spatially-enabled internet applications -------------------------------------------------------------------------------- Update Information: Update to latest 6.2 release -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 23 2014 Pavel Lisý <pali@xxxxxxxxxxxxxxxxx> - 6.2.2-1 - Update to latest 6.2 release - BZ 1048689 - CVE-2013-7262 mapserver: SQL injections with postgis TIME filters - BZ 747409 - MapServer uses internal AGG and does not depend on agg-devel -------------------------------------------------------------------------------- References: [ 1 ] Bug #1048689 - CVE-2013-7262 mapserver: SQL injections with postgis TIME filters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1048689 [ 2 ] Bug #747409 - Port from ELGIS: Simplfy spec https://bugzilla.redhat.com/show_bug.cgi?id=747409 -------------------------------------------------------------------------------- ================================================================================ mingw-binutils-2.24-5.fc20 (FEDORA-2014-17603) Cross-compiled version of binutils for Win32 and Win64 environments -------------------------------------------------------------------------------- Update Information: Fix various CVE's -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 23 2014 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 2.24-5 - Fix CVE-2014-8501 (RHBZ #1162578 #1162583) - Fix CVE-2014-8502 (RHBZ #1162602) - Fix CVE-2014-8503 (RHBZ #1162612) - Fix CVE-2014-8504 (RHBZ #1162626) - Fix CVE-2014-8737 (RHBZ #1162660) - Fix CVE-2014-8738 (RHBZ #1162673) * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.24-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.24-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri May 30 2014 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 2.24-2 - Fix FTBFS against gcc 4.9 * Sat Jan 11 2014 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 2.24-1 - Update to 2.24 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1162578 - CVE-2014-8501 mingw-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162578 [ 2 ] Bug #1162602 - CVE-2014-8502 mingw-binutils: binutils: heap overflow in objdump [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162602 [ 3 ] Bug #1162612 - CVE-2014-8503 mingw-binutils: binutils: stack overflow in objdump when parsing specially crafted ihex file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162612 [ 4 ] Bug #1162626 - CVE-2014-8504 mingw-binutils: binutils: stack overflow in the SREC parser [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162626 [ 5 ] Bug #1162660 - mingw-binutils: binutils: directory traversal vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162660 [ 6 ] Bug #1162673 - mingw-binutils: binutils: out of bounds memory write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162673 -------------------------------------------------------------------------------- ================================================================================ mingw-crt-3.3.0-1.fc20 (FEDORA-2014-17552) MinGW Windows cross-compiler runtime -------------------------------------------------------------------------------- Update Information: Updated mingw toolchain to mingw-w64 v3.3.0 and gcc 4.8.4 -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 5 2014 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 3.3.0-1 - Update to 3.3.0 -------------------------------------------------------------------------------- ================================================================================ mingw-curl-7.39.0-1.fc20 (FEDORA-2014-17596) MinGW Windows port of curl and libcurl -------------------------------------------------------------------------------- Update Information: * Update to 7.39.0 -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 23 2014 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 7.39.0-1 - Update to 7.39.0 - Fixes CVE-2014-3707 (RHBZ #1160724) - Fixes CVE-2014-3620 CVE-2014-3613 (RHBZ #1140037) * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 7.37.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1140037 - CVE-2014-3620 CVE-2014-3613 mingw-curl: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1140037 [ 2 ] Bug #1160724 - CVE-2014-3707 mingw-curl: curl: incorrect handle duplication after COPYPOSTFIELDS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1160724 -------------------------------------------------------------------------------- ================================================================================ mingw-dbus-1.6.28-1.fc20 (FEDORA-2014-17570) MinGW Windows port of D-Bus -------------------------------------------------------------------------------- Update Information: * Update to 1.8.12\\r\\n* Fixes various CVE's -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 22 2014 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 1.6.28-1 - Update to 1.6.28 - Fixes CVE-2014-7824 (RHBZ #1173557) - Fixes CVE-2014-3638 CVE-2014-3639 CVE-2014-3636 CVE-2014-3637 and CVE-2014-3635 (RHBZ #1142582) - Fixes CVE-2014-3477 (RHBZ #1117395) - Fixes CVE-2014-3533 CVE-2014-3532 (RHBZ #1115637) * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.6.12-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1173557 - CVE-2014-7824 mingw-dbus: dbus: local denial of service via incomplete fix for CVE-2014-3636 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1173557 [ 2 ] Bug #1142582 - CVE-2014-3638 CVE-2014-3639 CVE-2014-3636 CVE-2014-3637 CVE-2014-3635 mingw-dbus: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1142582 [ 3 ] Bug #1115637 - CVE-2014-3533 CVE-2014-3532 mingw-dbus: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1115637 [ 4 ] Bug #1117395 - CVE-2014-3477 mingw-dbus: dbus: denial of service flaw in dbus-daemon [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1117395 -------------------------------------------------------------------------------- ================================================================================ mingw-freetype-2.5.4-1.fc20 (FEDORA-2014-17580) Free and portable font rendering engine -------------------------------------------------------------------------------- Update Information: * Update to 2.5.4\r\n* Updated subpixel rendering patch to 2.5.3 -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 23 2014 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 2.5.4-1 - Update to 2.5.4 - Fixes RHBZ #1172635 * Thu Jul 10 2014 Nicola Fontana <ntd@xxxxxxxxx> - 2.5.3-3 - Update subpixel rendering patch to 2.5.3 (RHBZ #1118276) * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.5.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1118276 - Subpixel rendering patch invalid https://bugzilla.redhat.com/show_bug.cgi?id=1118276 [ 2 ] Bug #1172635 - mingw-freetype: freetype: OOB stack-based read/write in cf2_hintmap_build() (incomplete fix for CVE-2014-2240). [fedora-20] https://bugzilla.redhat.com/show_bug.cgi?id=1172635 -------------------------------------------------------------------------------- ================================================================================ mingw-gcc-4.8.4-1.fc20 (FEDORA-2014-17552) MinGW Windows cross-compiler (GCC) for C -------------------------------------------------------------------------------- Update Information: Updated mingw toolchain to mingw-w64 v3.3.0 and gcc 4.8.4 -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 22 2014 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 4.8.4-1 - Update to 4.8.4 -------------------------------------------------------------------------------- ================================================================================ mingw-headers-3.3.0-1.fc20 (FEDORA-2014-17552) Win32/Win64 header files -------------------------------------------------------------------------------- Update Information: Updated mingw toolchain to mingw-w64 v3.3.0 and gcc 4.8.4 -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 5 2014 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 3.3.0-1 - Update to 3.3.0 - Backported upstream commit ea45fb3 (add tsattrs.h header) as this is required by the most recent mingw-wine-gecko -------------------------------------------------------------------------------- ================================================================================ mingw-libjpeg-turbo-1.3.1-4.fc20 (FEDORA-2014-17561) MinGW Windows Libjpeg-turbo library -------------------------------------------------------------------------------- Update Information: Fix CVE-2014-9092 -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 22 2014 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 1.3.1-4 - Fix CVE-2014-9092 (RHBZ #1169851 #1169853) * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1169851 - CVE-2014-9092 mingw-libjpeg-turbo: libjpeg-turbo: denial of service via specially-crafted JPEG file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1169851 -------------------------------------------------------------------------------- ================================================================================ mingw-libxml2-2.9.2-1.fc20 (FEDORA-2014-17573) MinGW Windows libxml2 XML processing library -------------------------------------------------------------------------------- Update Information: Update to libxml2 2.9.2 -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 23 2014 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 2.9.2-1 - Update to 2.9.2 - Avoid corrupting the xml catalogs - Fix CVE-2014-0191 (RHBZ #1107557) * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.9.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1107557 - CVE-2014-0191 mingw-libxml2: libxml2: external parameter entity loaded when entity substitution is disabled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1107557 -------------------------------------------------------------------------------- ================================================================================ mingw-openssl-1.0.1j-1.fc20 (FEDORA-2014-17587) MinGW port of the OpenSSL toolkit -------------------------------------------------------------------------------- Update Information: * Synced with native openssl-1.0.1j-3.fc22\r\n* Add support for RFC 5649\r\n* Prevent compiler warning "Please include winsock2.h before windows.h" when using the OpenSSL headers\r\n* Fixes various CVE's -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 22 2014 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 1.0.1j-1 - Synced with native openssl-1.0.1j-3.fc22 - Add support for RFC 5649 - Prevent compiler warning "Please include winsock2.h before windows.h" when using the OpenSSL headers - Fixes various CVE's (RHBZ #1127889 #1127709 #1152851) * Thu Aug 21 2014 Marc-André Lureau <marcandre.lureau@xxxxxxxxxx> - 1.0.1i-1 - Synced with native openssl-1.0.1i-3.fc21 - Fixes various flaws (RHBZ#1096234 and RHBZ#1127705) CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 CVE-2014-3509 CVE-2014-0221 CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 CVE-2010-5298 CVE-2014-3470 * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.1e-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1152851 - CVE-2014-3566 mingw-openssl: openssl: Padding Oracle On Downgraded Legacy Encryption attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1152851 [ 2 ] Bug #1096234 - CVE-2014-0221 CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 CVE-2010-5298 CVE-2014-3470 mingw-openssl: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1096234 [ 3 ] Bug #1127705 - CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511 CVE-2014-3510 CVE-2014-3508 CVE-2014-3509 mingw-openssl: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1127705 -------------------------------------------------------------------------------- ================================================================================ mingw-winpthreads-3.3.0-1.fc20 (FEDORA-2014-17552) MinGW pthread library -------------------------------------------------------------------------------- Update Information: Updated mingw toolchain to mingw-w64 v3.3.0 and gcc 4.8.4 -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 5 2014 Erik van Pienbroek <epienbro@xxxxxxxxxxxxxxxxx> - 3.3.0-1 - Update to 3.3.0 -------------------------------------------------------------------------------- ================================================================================ nodejs-browser-request-0.3.3-1.fc20 (FEDORA-2014-17593) Browser port of the Node.js 'request' package -------------------------------------------------------------------------------- Update Information: Initial packaging -------------------------------------------------------------------------------- References: [ 1 ] Bug #1173387 - Review Request: nodejs-browser-request - Browser port of the Node.js 'request' package https://bugzilla.redhat.com/show_bug.cgi?id=1173387 -------------------------------------------------------------------------------- ================================================================================ nodejs-crc32-stream-0.3.1-1.fc20 (FEDORA-2014-17598) A streaming CRC32 checksumer -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1176887 - Review Request: nodejs-crc32-stream - A streaming CRC32 checksumer https://bugzilla.redhat.com/show_bug.cgi?id=1176887 -------------------------------------------------------------------------------- ================================================================================ nodejs-dtree-0.0.7-1.fc20 (FEDORA-2014-17574) Command-line tool to view the dependency tree of any single js file -------------------------------------------------------------------------------- Update Information: Initial packaging -------------------------------------------------------------------------------- References: [ 1 ] Bug #1171750 - Review Request: nodejs-dtree - Command-line tool to view the dependency tree of any single js file https://bugzilla.redhat.com/show_bug.cgi?id=1171750 -------------------------------------------------------------------------------- ================================================================================ nodejs-end-of-stream-1.1.0-1.fc20 (FEDORA-2014-17589) Call a callback when a readable/writable/duplex stream has completed or failed -------------------------------------------------------------------------------- Update Information: Initial packaging -------------------------------------------------------------------------------- References: [ 1 ] Bug #1176809 - Review Request: nodejs-end-of-stream - Call a callback when a readable/writable/duplex stream has completed or failed https://bugzilla.redhat.com/show_bug.cgi?id=1176809 -------------------------------------------------------------------------------- ================================================================================ nodejs-hash_file-0.1.1-1.fc20 (FEDORA-2014-17590) A simple utility for getting a hash of a file -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1176880 - Review Request: nodejs-hash_file - A simple utility for getting a hash of a file https://bugzilla.redhat.com/show_bug.cgi?id=1176880 -------------------------------------------------------------------------------- ================================================================================ nodejs-minstache-1.2.0-1.fc20 (FEDORA-2014-17542) Mini mustache template engine -------------------------------------------------------------------------------- Update Information: Initial packaging -------------------------------------------------------------------------------- References: [ 1 ] Bug #1173206 - Review Request: nodejs-minstache - Mini mustache template engine https://bugzilla.redhat.com/show_bug.cgi?id=1173206 -------------------------------------------------------------------------------- ================================================================================ phoronix-test-suite-5.4.1-1.fc20 (FEDORA-2014-17563) An Automated, Open-Source Testing Framework -------------------------------------------------------------------------------- Update Information: Update to new upstream release -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 24 2014 Markus Mayer <lotharlutz@xxxxxx> 5.4.1-1 - new upstream release * Thu Oct 2 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 5.2.1-2 - update mime scriptlets -------------------------------------------------------------------------------- ================================================================================ sqlitebrowser-3.4.0-1.fc20 (FEDORA-2014-17562) Create, design, and edit SQLite database files -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1173375 - Review Request: sqlitebrowser - Create, design, and edit SQLite database files https://bugzilla.redhat.com/show_bug.cgi?id=1173375 -------------------------------------------------------------------------------- ================================================================================ virtme-0.0.2-1.fc20 (FEDORA-2014-17607) Virtualize the running distro or a simple rootfs -------------------------------------------------------------------------------- Update Information: New upstream version. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 23 2014 Andy Lutomirski <luto@xxxxxxx> - 0.0.2-1 - New upstream version. -------------------------------------------------------------------------------- ================================================================================ vtun-3.0.3-11.fc20 (FEDORA-2014-17545) Virtual tunnel over TCP/IP networks -------------------------------------------------------------------------------- Update Information: enhanced service file (remove "KillMode", use default "cgroup" mode) -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 23 2014 Gabriel Somlo <somlo at cmu.edu> 3.0.3-11 - enhanced service file (remove "KillMode", use default "cgroup" mode) -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
