The following Fedora 21 Security updates need testing: Age URL 50 https://admin.fedoraproject.org/updates/FEDORA-2014-15342/rubygem-actionpack-4.1.5-2.fc21 49 https://admin.fedoraproject.org/updates/FEDORA-2014-15413/rubygem-sprockets-2.12.1-3.fc21 27 https://admin.fedoraproject.org/updates/FEDORA-2014-16782/mutt-1.5.23-7.fc21 26 https://admin.fedoraproject.org/updates/FEDORA-2014-16880/libhtp-0.5.16-1.fc21 26 https://admin.fedoraproject.org/updates/FEDORA-2014-16833/asterisk-11.14.2-1.fc21 21 https://admin.fedoraproject.org/updates/FEDORA-2014-17195/httpd-2.4.10-15.fc21 17 https://admin.fedoraproject.org/updates/FEDORA-2014-17139/aeskulap-0.2.2-0.20beta1.fc21,orthanc-0.8.5-2.fc21,dcmtk-3.6.1-1.fc21 14 https://admin.fedoraproject.org/updates/FEDORA-2014-17567/mapserver-6.2.2-1.fc21 12 https://admin.fedoraproject.org/updates/FEDORA-2014-17635/dokuwiki-0-0.23.20140929b.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-0046/smack-4.0.6-1.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-0078/drupal6-flag-2.1-3.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-0301/exiv2-0.24-4.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-0322/owasp-esapi-java-2.1.0-1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-0264/gcab-0.4-7.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0331/xen-4.4.1-12.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0432/gd-2.1.0-8.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0415/curl-7.37.0-12.fc21 The following Fedora 21 Critical Path updates have yet to be approved: Age URL 12 https://admin.fedoraproject.org/updates/FEDORA-2014-17633/llvm-3.5.0-6.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-0091/gawk-4.1.1-6.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-0227/dbus-1.8.14-1.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-0204/man-db-2.6.7.1-13.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-0271/gnutls-3.3.11-2.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-0312/gupnp-av-0.12.7-1.fc21,gssdp-0.14.11-1.fc21,gupnp-0.20.13-1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-0266/libxshmfence-1.2-1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-0301/exiv2-0.24-4.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0440/lz4-r127-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0415/curl-7.37.0-12.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0420/libxcb-1.11-3.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0357/setup-2.9.0-3.fc21 The following builds have been pushed to Fedora 21 updates-testing asymptote-2.32-5.fc21 batik-1.8-0.16.svn1230816.fc21 blosc-1.5.2-1.fc21 curl-7.37.0-12.fc21 gd-2.1.0-8.fc21 globus-common-15.27-1.fc21 globus-gridftp-server-7.18-1.fc21 globus-xio-5.2-1.fc21 gtksourceview3-3.14.3-1.fc21 libxcb-1.11-3.fc21 lz4-r127-1.fc21 mate-notification-daemon-1.8.1-2.fc21 mate-power-manager-1.8.1-2.fc21 perl-CHI-0.59-1.fc21 perl-Inline-Struct-0.18-1.fc21 perl-POSIX-strftime-Compiler-0.41-1.fc21 perl-Params-Validate-1.16-1.fc21 perl-Test-CheckManifest-1.29-1.fc21 perl-WWW-OrangeHRM-Client-0.9.1-1.fc21 pg-semver-0.5.0-2.fc21 python-blosc-1.2.4-1.fc21 python-pandas-0.15.2-1.fc21 python-pyroute2-0.3.4-1.fc21 Details about builds: ================================================================================ asymptote-2.32-5.fc21 (FEDORA-2015-0421) Descriptive vector graphics language -------------------------------------------------------------------------------- Update Information: Fix asymptote to use eps2write. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 7 2015 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> 2.32-5 - actually apply fix * Tue Jan 6 2015 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> 2.32-4 - use eps2write instead of epswrite (upstream bug 180) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1177875 - asymptote is using an output device deprecated by ghostscript https://bugzilla.redhat.com/show_bug.cgi?id=1177875 -------------------------------------------------------------------------------- ================================================================================ batik-1.8-0.16.svn1230816.fc21 (FEDORA-2015-0412) Scalable Vector Graphics for Java -------------------------------------------------------------------------------- Update Information: Split css jars into subpackage to make it possible to require only it when needed. -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 8 2014 Alexander Kurtakov <akurtako@xxxxxxxxxx> 1.8-0.16.svn1230816 - Split css in subpackage. -------------------------------------------------------------------------------- ================================================================================ blosc-1.5.2-1.fc21 (FEDORA-2015-0438) A high performance compressor optimized for binary data -------------------------------------------------------------------------------- Update Information: Update to latest version. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 6 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> - 1.5.2-1 - Update to 1.5.2 (#1115808) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1115808 - blosc-1.5.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1115808 [ 2 ] Bug #1116894 - python-blosc-1.2.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1116894 -------------------------------------------------------------------------------- ================================================================================ curl-7.37.0-12.fc21 (FEDORA-2015-0415) A utility for getting files from remote servers (FTP, HTTP, and others) -------------------------------------------------------------------------------- Update Information: - reject CRLFs in URLs passed to proxy (CVE-2014-8150) -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Kamil Dudka <kdudka@xxxxxxxxxx> 7.37.0-12 - reject CRLFs in URLs passed to proxy (CVE-2014-8150) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1178692 - CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn() https://bugzilla.redhat.com/show_bug.cgi?id=1178692 -------------------------------------------------------------------------------- ================================================================================ gd-2.1.0-8.fc21 (FEDORA-2015-0432) A graphics library for quick creation of PNG or JPEG images -------------------------------------------------------------------------------- Update Information: Previous patch of #1076676 introduced memory leak. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Jozef Mlich <jmlich@xxxxxxxxxx - 2.1.0-8 - Resolves: #1076676 CVE-2014-2497 Previous patch indroduced memory leak. Using upstream version. https://bitbucket.org/libgd/gd-libgd/commits/463c3bd09bfe8e924e19acad7a2a6af16953a704 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1076676 - CVE-2014-2497 gd: NULL pointer dereference in gdImageCreateFromXpm() https://bugzilla.redhat.com/show_bug.cgi?id=1076676 -------------------------------------------------------------------------------- ================================================================================ globus-common-15.27-1.fc21 (FEDORA-2015-0439) Globus Toolkit - Common Library -------------------------------------------------------------------------------- Update Information: Updates from upstream. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 7 2015 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 15.27-1 - GT6 update (globus_list_from_string) -------------------------------------------------------------------------------- ================================================================================ globus-gridftp-server-7.18-1.fc21 (FEDORA-2015-0439) Globus Toolkit - Globus GridFTP Server -------------------------------------------------------------------------------- Update Information: Updates from upstream. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 7 2015 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 7.18-1 - GT6 update (net mgr support) -------------------------------------------------------------------------------- ================================================================================ globus-xio-5.2-1.fc21 (FEDORA-2015-0439) Globus Toolkit - Globus XIO Framework -------------------------------------------------------------------------------- Update Information: Updates from upstream. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 7 2015 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 5.2-1 - GT6 update (GLOBUS_XIO_GET_STRING_OPTIONS, GLOBUS_XIO_GET_DRIVER_NAME) -------------------------------------------------------------------------------- ================================================================================ gtksourceview3-3.14.3-1.fc21 (FEDORA-2015-0413) A library for viewing source files -------------------------------------------------------------------------------- Update Information: Update to 3.14.3 -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 David King <amigadave@xxxxxxxxxxxxx> - 3.14.3-1 - Update to 3.14.3 -------------------------------------------------------------------------------- ================================================================================ libxcb-1.11-3.fc21 (FEDORA-2015-0420) A C binding to the X11 protocol -------------------------------------------------------------------------------- Update Information: Clean up SPEC file, enable XInput extension (#1177701) -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Simone Caronni <negativo17@xxxxxxxxx> - 1.11-3 - Clean up SPEC file, fix rpmlint warnings. - Enable XInput extension (#1177701). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1177701 - Packaging bug: libxcb-xinput does not get packaged https://bugzilla.redhat.com/show_bug.cgi?id=1177701 -------------------------------------------------------------------------------- ================================================================================ lz4-r127-1.fc21 (FEDORA-2015-0440) Extremely fast compression algorithm -------------------------------------------------------------------------------- Update Information: - Fixed a bug in LZ4 HC streaming mode - New lz4frame API integrated into liblz4 - Fixed a GCC 4.9 bug on highest performance settings -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 7 2015 pjp <pjp@xxxxxxxxxxxxxxxxx> - r127-1 - Fixed a bug in LZ4 HC streaming mode - New lz4frame API integrated into liblz4 - Fixed a GCC 4.9 bug on highest performance settings -------------------------------------------------------------------------------- References: [ 1 ] Bug #1176911 - lz4-127 is available https://bugzilla.redhat.com/show_bug.cgi?id=1176911 [ 2 ] Bug #1170243 - [abrt] lz4: LZ4HC_InsertAndFindBestMatch(): lz4 killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1170243 -------------------------------------------------------------------------------- ================================================================================ mate-notification-daemon-1.8.1-2.fc21 (FEDORA-2015-0427) Notification daemon for MATE Desktop -------------------------------------------------------------------------------- Update Information: - fixed-logic-in-a-couple-of-places - rhbz (#1142441) -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.8.1-2 - fixed-logic-in-a-couple-of-places - rhbz (#1142441) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1142441 - [abrt] mate-notification-daemon: notify_stack_set_location(): mate-notification-daemon killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1142441 -------------------------------------------------------------------------------- ================================================================================ mate-power-manager-1.8.1-2.fc21 (FEDORA-2015-0417) MATE power management service -------------------------------------------------------------------------------- Update Information: - fix mate-power-manager brightness pop-up is a blank square - rhbz (#1142224) -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.8.1-2 - fix mate-power-manager brightness pop-up is a blank square - rhbz (#1142224) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1142224 - mate-power-manager brightness pop-up is a blank square https://bugzilla.redhat.com/show_bug.cgi?id=1142224 -------------------------------------------------------------------------------- ================================================================================ perl-CHI-0.59-1.fc21 (FEDORA-2015-0414) Unified cache handling interface -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 0.59-1 - Upstream update. - Reflect upstream URL having changed. -------------------------------------------------------------------------------- ================================================================================ perl-Inline-Struct-0.18-1.fc21 (FEDORA-2015-0410) Manipulate C structures directly from Perl -------------------------------------------------------------------------------- Update Information: A new release of Inline::Struct is available for Fedora. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Petr Šabata <contyk@xxxxxxxxxx> - 0.18-1 - 0.18 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1178392 - perl-Inline-Struct-0.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1178392 -------------------------------------------------------------------------------- ================================================================================ perl-POSIX-strftime-Compiler-0.41-1.fc21 (FEDORA-2015-0441) GNU C library compatible strftime for loggers and servers -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 0.41-1 - Upstream update. - Remove BR: perl(CPAN::Meta), BR: perl(CPAN::Meta::Prereqs). -------------------------------------------------------------------------------- ================================================================================ perl-Params-Validate-1.16-1.fc21 (FEDORA-2015-0408) Params-Validate Perl module -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 1.16-1 - Upstream update. - Reflect upstream changes. -------------------------------------------------------------------------------- ================================================================================ perl-Test-CheckManifest-1.29-1.fc21 (FEDORA-2015-0434) Check if your Manifest matches your distro -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 1.29-1 - Upstream update. -------------------------------------------------------------------------------- ================================================================================ perl-WWW-OrangeHRM-Client-0.9.1-1.fc21 (FEDORA-2015-0409) Client for OrangeHRM -------------------------------------------------------------------------------- Update Information: This release make a check for successful log in more robust. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Petr Pisar <ppisar@xxxxxxxxxx> - 0.9.1-1 - 0.9.1 bump -------------------------------------------------------------------------------- ================================================================================ pg-semver-0.5.0-2.fc21 (FEDORA-2015-0426) A semantic version data type for PostgreSQL -------------------------------------------------------------------------------- Update Information: Fix issues found by review -------------------------------------------------------------------------------- References: [ 1 ] Bug #1173683 - Review Request: pg-semver - A semantic version data type for PostgreSQL https://bugzilla.redhat.com/show_bug.cgi?id=1173683 -------------------------------------------------------------------------------- ================================================================================ python-blosc-1.2.4-1.fc21 (FEDORA-2015-0438) Python wrapper for the blosc high performance compressor -------------------------------------------------------------------------------- Update Information: Update to latest version. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 6 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> - 1.2.4-1 - Update to 1.2.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1115808 - blosc-1.5.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1115808 [ 2 ] Bug #1116894 - python-blosc-1.2.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1116894 -------------------------------------------------------------------------------- ================================================================================ python-pandas-0.15.2-1.fc21 (FEDORA-2015-0444) Python library providing high-performance data analysis tools -------------------------------------------------------------------------------- Update Information: This is a minor release from 0.15.1 and includes a large number of bug fixes along with several new features, enhancements, and performance improvements. A small number of API changes were necessary to fix existing bugs. We recommend that all users upgrade to this version. Full details: http://pandas.pydata.org/pandas-docs/version/0.15.2/whatsnew.html#v0-15-2-december-12-2014 -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 17 2014 Sergio Pascual <sergiopr@xxxxxxxxxxxxxxxxx> - 0.15.2-1 - New release of pandas 0.15.2 -------------------------------------------------------------------------------- ================================================================================ python-pyroute2-0.3.4-1.fc21 (FEDORA-2015-0419) Pure Python netlink library -------------------------------------------------------------------------------- Update Information: Network namespaces support -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Peter V. Saveliev <peter@xxxxxxxxxx> 0.3.4-1 - Network namespaces support - Veth, tuntap - Route metrics -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
