Fedora 20 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 20 Security updates need testing:
 Age  URL
  85  https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20
  37  https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionpack-4.0.0-5.fc20
  36  https://admin.fedoraproject.org/updates/FEDORA-2014-15489/rubygem-sprockets-2.8.2-5.fc20
  23  https://admin.fedoraproject.org/updates/FEDORA-2014-16250/cpio-2.11-28.fc20
  21  https://admin.fedoraproject.org/updates/FEDORA-2014-16357/pyxdg-0.25-5.fc20
  15  https://admin.fedoraproject.org/updates/FEDORA-2014-16572/links-2.8-4.fc20
  15  https://admin.fedoraproject.org/updates/FEDORA-2014-16494/mutt-1.5.23-4.fc20
  13  https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.fc20
  13  https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.2-1.fc20
  13  https://admin.fedoraproject.org/updates/FEDORA-2014-16869/docker-io-1.4.0-1.fc20
  13  https://admin.fedoraproject.org/updates/FEDORA-2014-16854/freetype-2.5.0-7.fc20
  13  https://admin.fedoraproject.org/updates/FEDORA-2014-16932/libhtp-0.5.6-2.fc20
  13  https://admin.fedoraproject.org/updates/FEDORA-2014-16838/rpm-4.11.3-2.fc20
  12  https://admin.fedoraproject.org/updates/FEDORA-2014-16964/mpfr-3.1.2-5.fc20
  10  https://admin.fedoraproject.org/updates/FEDORA-2014-17067/denyhosts-2.6-29.fc20.1
   9  https://admin.fedoraproject.org/updates/FEDORA-2014-17107/ettercap-0.8.1-2.fc20
   9  https://admin.fedoraproject.org/updates/FEDORA-2014-16530/nss-util-3.17.3-1.fc20,nss-3.17.3-2.fc20,nss-softokn-3.17.3-1.fc20
   9  https://admin.fedoraproject.org/updates/FEDORA-2014-17153/httpd-2.4.10-2.fc20
   9  https://admin.fedoraproject.org/updates/FEDORA-2014-17222/subversion-1.8.11-1.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-16349/jasper-1.900.1-27.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-17245/mailx-12.5-11.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-17303/libssh-0.6.4-1.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-17272/ca-certificates-2014.2.2-1.0.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-17415/thermostat-1.0.6-1.fc20
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-17461/roundcubemail-1.0.4-2.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-17520/glpi-0.84.8-3.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-17596/mingw-curl-7.39.0-1.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-17587/mingw-openssl-1.0.1j-1.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-17570/mingw-dbus-1.6.28-1.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-17573/mingw-libxml2-2.9.2-1.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-17603/mingw-binutils-2.24-5.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-17580/mingw-freetype-2.5.4-1.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-17559/mapserver-6.2.2-1.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-17561/mingw-libjpeg-turbo-1.3.1-4.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-17641/dokuwiki-0-0.23.20140929b.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-17624/mingw-pcre-8.33-4.fc20


The following Fedora 20 Critical Path updates have yet to be approved:
 Age URL
  13  https://admin.fedoraproject.org/updates/FEDORA-2014-16810/ppp-2.4.5-35.fc20
   9  https://admin.fedoraproject.org/updates/FEDORA-2014-16530/nss-util-3.17.3-1.fc20,nss-3.17.3-2.fc20,nss-softokn-3.17.3-1.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-17287/btrfs-progs-3.17.3-1.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-16705/ibus-1.5.9-8.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-16349/jasper-1.900.1-27.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-17495/pulseaudio-5.0-25.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-17528/xorg-x11-drv-synaptics-1.7.7-1.fc20


The following builds have been pushed to Fedora 20 updates-testing

    archlinux-keyring-20141218-1.fc20
    clamtk-5.12-1.fc20
    dokuwiki-0-0.23.20140929b.fc20
    fldigi-3.22.04-1.fc20
    flrig-1.3.19-1.fc20
    libgta-1.0.7-1.fc20
    mingw-pcre-8.33-4.fc20
    nodejs-node-int64-0.3.2-1.fc20
    par-1.52-15.fc20
    python-docker-py-0.7.0-1.fc20

Details about builds:


================================================================================
 archlinux-keyring-20141218-1.fc20 (FEDORA-2014-17620)
 GPG keys used by Arch distribution to sign packages
--------------------------------------------------------------------------------
Update Information:

New upstream release.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 24 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> - 20141218-1
- New upstream release (#1176858).
* Wed Sep 10 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> - 20140908-1
- New upstream release (#1140086).
--------------------------------------------------------------------------------


================================================================================
 clamtk-5.12-1.fc20 (FEDORA-2014-17618)
 Easy to use graphical user interface for Clam anti virus
--------------------------------------------------------------------------------
Update Information:

Update to 5.12.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 25 2014 Dave M. <dave.nerd@xxxxxxxxx> - 5.12-1
- Updated to release 5.12.
--------------------------------------------------------------------------------


================================================================================
 dokuwiki-0-0.23.20140929b.fc20 (FEDORA-2014-17641)
 Standards compliant simple to use wiki
--------------------------------------------------------------------------------
Update Information:

Update to the 2014-09-29b release which contains various fixes, notably:\\r\\n\\r\\nSecurity:\\r\\n* CVE-2014-9253 - XSS via SFW file upload\\r\\n* CVE-2012-6662 - jquery-ui XSS vulnerability\\r\\n\\r\\nBugfixes:\\r\\n* dokuwiki requires php-xml (RHBZ#1061477)\\r\\n* wrong SELinux file context for writable files/directories (RHBZ#1064524)\\r\\n* drop httpd requirement (RHBZ#1164396)\\r\\n
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec 26 2014 Adam Tkac <vonsch@xxxxxxxxx> - 0.0.23.20140929b
- update to the latest upstream
- drop requirement of httpd (#1164396)
- fix SELinux file contexts (#1064524)
- require php-xml (#1061477)
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0-0.22.20131208
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1064524 - Wrong SELinux type in dokuwiki-selinux package
        https://bugzilla.redhat.com/show_bug.cgi?id=1064524
  [ 2 ] Bug #1150134 - dokuwiki: various security flaws [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1150134
  [ 3 ] Bug #1174333 - CVE-2014-9253 dokuwiki: XSS via SFW file upload [epel-6]
        https://bugzilla.redhat.com/show_bug.cgi?id=1174333
  [ 4 ] Bug #1061477 - wiki:syntax page requires php-xml to render
        https://bugzilla.redhat.com/show_bug.cgi?id=1061477
  [ 5 ] Bug #1150133 - dokuwiki: various security flaws [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1150133
  [ 6 ] Bug #1174331 - CVE-2014-9253 dokuwiki: XSS via SFW file upload [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1174331
  [ 7 ] Bug #1161816 - dokuwiki is 5 months out of date, 2 versions and 3 hotfixes behind
        https://bugzilla.redhat.com/show_bug.cgi?id=1161816
  [ 8 ] Bug #1174332 - CVE-2014-9253 dokuwiki: XSS via SFW file upload [epel-5]
        https://bugzilla.redhat.com/show_bug.cgi?id=1174332
  [ 9 ] Bug #1101095 - New release available - 2014-05-05 "Ponder Stibbons"
        https://bugzilla.redhat.com/show_bug.cgi?id=1101095
  [ 10 ] Bug #1164396 - dokuwiki requires apache
        https://bugzilla.redhat.com/show_bug.cgi?id=1164396
  [ 11 ] Bug #1166099 - CVE-2012-6662 dokuwiki: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1166099
--------------------------------------------------------------------------------


================================================================================
 fldigi-3.22.04-1.fc20 (FEDORA-2014-17623)
 Digital modem program for Linux
--------------------------------------------------------------------------------
Update Information:

flrig - Version 1.3.19 * maintenance release\r\n\r\n   xmlrpc error handling\r\n     * improve xmlrpc error handling\r\n       - require 5 consecutive connect errors before closing and\r\nreopening connection\r\n\r\n   Kenwood transceivers\r\n     * Changed use of sendCommand function to wait_char function when\r\nappropriate\r\n\r\n   TS450S\r\n     * wait_char(...) substituted for waitN in backend\r\n     * added read bandwidth values before setting.\r\n       - 8.33 MHz filter value never changed\r\n       - 455 kHz filter value iaw with UI\r\n\r\n   Transceiver timeout\r\n     * Restored timout to sendCommand even if nread is zero\r\n\r\n   Scripts\r\n     * removed binary build from builddist.sh\r\n\r\n   Yaesu\r\n     * Changed get query to use waitN(...)\r\n\r\nfldigi - Version 3.22.04 * maintenance release\r\n   - quick fix for main window title issue\r\n\r\n   xmlrpc\r\n     * fix for xmlrpc transceiver naming\nVersion 3.22.03 * maintenance release\\r\\n\\r\\n  * changed all berlios lists references to source forge\\r\\n\\r\\n  * CW xmt filter\\r\\n    - Added user selectable Windowed-sinc transmit bandpass filter. \\r\\n    - Useful for tuning transmit sound at QRQ operating speeds.\\r\\n\\r\\n  * CW configuration\\r\\n    - updated documentation for the new bandpass transmit shaping\\r\\n\\r\\n  * DTMF\\r\\n    - Corrected dtmf command execution within trx tx loop\\r\\n\\r\\n  * FFT filter\\r\\n    - Corrected initialization of fft filter.\\r\\n\\r\\n  * ARQ/KISS IO state conflict\\r\\n    - Ensure all state flags reflect selected mode.\\r\\n    - Toggle IO mode in software.\\r\\n\\r\\n  * Window title\\r\\n    - changed to append vice replace window title with transceiver name\\r\\n\\r\\n  * Xmt Audio Stream\\r\\n    - Restored MT63 output power\\r\\n    - Modified output audio stream processing to prevent audio codec roll over\\r\\n\\r\\n  * RX Text\\r\\n    - reject Mousewheel (3rd mouse button) closure when in Rx text panel\\r\\n\\r\\n  * OpenBSD\\r\\n    - compatibility fixes for OpenBSD\\r\\n\\r\
\n  * LOGGER EXPORT\\r\\n    - Corrected struct position of log field 'QSL_VIA'\\r\\n\\r\\n  * Documentation\\r\\n    - Removed references to Precompiled Binaries\\r\\n    - Added illustration of command line parameters\\r\\n      . on Win8.1\\r\\n      . on Mint UI launcher properties\\r\\n\\r\\n  * LOG lookup\\r\\n    - Changed debug level to VERBOSE; easier to see response without DEBUG clutter\\r\\n\\r\\n  * Lion/Yosemite madness\\r\\n    - OS-X changed allowable application behavior after user presses the Red-X \\r\\n      "I'm outta here" button.  Fix to prevent system uncaught exception behavior.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec 26 2014 Richard Shaw <hobbes1069@xxxxxxxxx> - 3.22.04-1
- Update to latest upstream release.
* Thu Dec 25 2014 Richard Shaw <hobbes1069@xxxxxxxxx> - 3.22.03-1
- Update to latest upstream release.
* Mon Dec  1 2014 Richard Shaw <hobbes1069@xxxxxxxxx> - 3.22.02-1
- Update to latest upstream release.
--------------------------------------------------------------------------------


================================================================================
 flrig-1.3.19-1.fc20 (FEDORA-2014-17623)
 Transceiver control program
--------------------------------------------------------------------------------
Update Information:

flrig - Version 1.3.19 * maintenance release\r\n\r\n   xmlrpc error handling\r\n     * improve xmlrpc error handling\r\n       - require 5 consecutive connect errors before closing and\r\nreopening connection\r\n\r\n   Kenwood transceivers\r\n     * Changed use of sendCommand function to wait_char function when\r\nappropriate\r\n\r\n   TS450S\r\n     * wait_char(...) substituted for waitN in backend\r\n     * added read bandwidth values before setting.\r\n       - 8.33 MHz filter value never changed\r\n       - 455 kHz filter value iaw with UI\r\n\r\n   Transceiver timeout\r\n     * Restored timout to sendCommand even if nread is zero\r\n\r\n   Scripts\r\n     * removed binary build from builddist.sh\r\n\r\n   Yaesu\r\n     * Changed get query to use waitN(...)\r\n\r\nfldigi - Version 3.22.04 * maintenance release\r\n   - quick fix for main window title issue\r\n\r\n   xmlrpc\r\n     * fix for xmlrpc transceiver naming\nVersion 3.22.03 * maintenance release\\r\\n\\r\\n  * changed all berlios lists references to source forge\\r\\n\\r\\n  * CW xmt filter\\r\\n    - Added user selectable Windowed-sinc transmit bandpass filter. \\r\\n    - Useful for tuning transmit sound at QRQ operating speeds.\\r\\n\\r\\n  * CW configuration\\r\\n    - updated documentation for the new bandpass transmit shaping\\r\\n\\r\\n  * DTMF\\r\\n    - Corrected dtmf command execution within trx tx loop\\r\\n\\r\\n  * FFT filter\\r\\n    - Corrected initialization of fft filter.\\r\\n\\r\\n  * ARQ/KISS IO state conflict\\r\\n    - Ensure all state flags reflect selected mode.\\r\\n    - Toggle IO mode in software.\\r\\n\\r\\n  * Window title\\r\\n    - changed to append vice replace window title with transceiver name\\r\\n\\r\\n  * Xmt Audio Stream\\r\\n    - Restored MT63 output power\\r\\n    - Modified output audio stream processing to prevent audio codec roll over\\r\\n\\r\\n  * RX Text\\r\\n    - reject Mousewheel (3rd mouse button) closure when in Rx text panel\\r\\n\\r\\n  * OpenBSD\\r\\n    - compatibility fixes for OpenBSD\\r\\n\\r\
\n  * LOGGER EXPORT\\r\\n    - Corrected struct position of log field 'QSL_VIA'\\r\\n\\r\\n  * Documentation\\r\\n    - Removed references to Precompiled Binaries\\r\\n    - Added illustration of command line parameters\\r\\n      . on Win8.1\\r\\n      . on Mint UI launcher properties\\r\\n\\r\\n  * LOG lookup\\r\\n    - Changed debug level to VERBOSE; easier to see response without DEBUG clutter\\r\\n\\r\\n  * Lion/Yosemite madness\\r\\n    - OS-X changed allowable application behavior after user presses the Red-X \\r\\n      "I'm outta here" button.  Fix to prevent system uncaught exception behavior.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec 26 2014 Richard Shaw <hobbes1069@xxxxxxxxx> - 1.3.19-1
- Update to latest upstream release.
--------------------------------------------------------------------------------


================================================================================
 libgta-1.0.7-1.fc20 (FEDORA-2014-17628)
 Library that implements the Generic Tagged Arrays file format
--------------------------------------------------------------------------------
Update Information:

"A few potential memory leaks have been fixed, and a missing error check was added."\r\n\r\nhttp://lists.gnu.org/archive/html/gta-list/2014-12/msg00000.html
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 25 2014 Volker Fröhlich <volker27@xxxxxx> - 1.0.7-1
- New upstream release
- Install the cmake find script
* Wed Dec 17 2014 Volker Fröhlich <volker27@xxxxxx> - 1.0.6-1
- New upstream release
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue Apr  1 2014 Volker Fröhlich <volker27@xxxxxx> - 1.0.4-3
- Rebuild for imagemagick ABI version 16
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1176904 - libgta-1.0.7 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1176904
--------------------------------------------------------------------------------


================================================================================
 mingw-pcre-8.33-4.fc20 (FEDORA-2014-17624)
 MinGW Windows pcre library
--------------------------------------------------------------------------------
Update Information:

Fix CVE-2014-8964
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 25 2014 Yaakov Selkowitz <yselkowi@xxxxxxxxxx> - 8.33-4
- Add upstream patches from main pcre package
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1177278 - CVE-2014-8964 mingw-pcre: pcre: incorrect handling of zero-repeat assertion conditions [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1177278
--------------------------------------------------------------------------------


================================================================================
 nodejs-node-int64-0.3.2-1.fc20 (FEDORA-2014-17645)
 Support for representing 64-bit integers in JavaScript
--------------------------------------------------------------------------------
Update Information:

Initial package
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1176893 - Review Request: nodejs-node-int64 - Support for representing 64-bit integers in JavaScript
        https://bugzilla.redhat.com/show_bug.cgi?id=1176893
--------------------------------------------------------------------------------


================================================================================
 par-1.52-15.fc20 (FEDORA-2014-17648)
 Paragraph reformatter, vaguely like fmt, but more elaborate
--------------------------------------------------------------------------------
Update Information:

Added protection against null dereference to previous patch.\nAdded patch to fix segfault with multibyte characters.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 25 2014 David Levine <par.packager@xxxxxxxxx> - 1.52-14
- Added protection against null dereference to previous patch.
* Wed Dec 24 2014 David Levine <par.packager@xxxxxxxxx> - 1.52-14
- Added patch to fix segfault with multibyte characters [Bug 962221].
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.52-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Fri Jun  6 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.52-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #962221 - [abrt] par-1.52-8.fc18: freelines: Process /usr/bin/par was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=962221
--------------------------------------------------------------------------------


================================================================================
 python-docker-py-0.7.0-1.fc20 (FEDORA-2014-17627)
 An API client for docker written in Python
--------------------------------------------------------------------------------
Update Information:

Update to 0.7.0 (RHBZ #1176950)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 25 2014 Igor Gnatenko <ignatenko@xxxxxxxxxxxx> - 0.7.0-1
- Update to 0.7.0 (RHBZ #1176950)
* Mon Dec  1 2014 Tomas Radej <tradej@xxxxxxxxxx> - 0.6.0-2
- Added Python 3 subpackage
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1176950 - python-docker-py-0.7.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1176950
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test




[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux