The following Fedora 20 Security updates need testing: Age URL 97 https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20 50 https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionpack-4.0.0-5.fc20 49 https://admin.fedoraproject.org/updates/FEDORA-2014-15489/rubygem-sprockets-2.8.2-5.fc20 27 https://admin.fedoraproject.org/updates/FEDORA-2014-16494/mutt-1.5.23-4.fc20 26 https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.fc20 26 https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.2-1.fc20 26 https://admin.fedoraproject.org/updates/FEDORA-2014-16932/libhtp-0.5.6-2.fc20 21 https://admin.fedoraproject.org/updates/FEDORA-2014-17153/httpd-2.4.10-2.fc20 20 https://admin.fedoraproject.org/updates/FEDORA-2014-17272/ca-certificates-2014.2.2-1.0.fc20 17 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20 14 https://admin.fedoraproject.org/updates/FEDORA-2014-17559/mapserver-6.2.2-1.fc20 12 https://admin.fedoraproject.org/updates/FEDORA-2014-17641/dokuwiki-0-0.23.20140929b.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-0072/drupal6-flag-2.1-3.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-0259/owasp-esapi-java-2.1.0-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0345/xen-4.3.3-9.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0418/curl-7.32.0-18.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 8 https://admin.fedoraproject.org/updates/FEDORA-2014-17748/kdelibs-4.14.3-8.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-0082/btrfs-progs-3.18-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-0086/perl-Filter-1.53-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2015-0220/xorg-x11-drv-synaptics-1.7.7-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0418/curl-7.32.0-18.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0422/samba-4.1.14-2.fc20 The following builds have been pushed to Fedora 20 updates-testing asymptote-2.32-5.fc20 blosc-1.5.2-1.fc20 curl-7.32.0-18.fc20 darktable-1.6.0-1.fc20 gettext-0.18.3.2-5.fc20 globus-common-15.27-1.fc20 globus-gridftp-server-7.18-1.fc20 globus-xio-5.2-1.fc20 lz4-r127-1.fc20 mate-notification-daemon-1.8.1-2.fc20 mate-power-manager-1.8.1-2.fc20 perl-CHI-0.59-1.fc20 perl-POSIX-strftime-Compiler-0.41-1.fc20 perl-Params-Validate-1.16-1.fc20 perl-Test-CheckManifest-1.29-1.fc20 perl-WWW-OrangeHRM-Client-0.9.1-1.fc20 pg-semver-0.5.0-2.fc20 python-blosc-1.2.4-1.fc20 python-pyroute2-0.3.4-1.fc20 samba-4.1.14-2.fc20 wireshark-1.10.12-1.fc20 Details about builds: ================================================================================ asymptote-2.32-5.fc20 (FEDORA-2015-0442) Descriptive vector graphics language -------------------------------------------------------------------------------- Update Information: Fix asymptote to use eps2write. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 7 2015 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> 2.32-5 - actually apply fix * Tue Jan 6 2015 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> 2.32-4 - use eps2write instead of epswrite (upstream bug 180) * Fri Aug 15 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.32-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.32-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Tue May 27 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.32-1 - update to 2.32 * Sun May 18 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.31-1 - 2.31 * Fri May 16 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.29-1 - update to 2.29 * Mon May 12 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.28-1 - update to 2.28 * Tue Apr 22 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.25-1 - update to 2.25 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1177875 - asymptote is using an output device deprecated by ghostscript https://bugzilla.redhat.com/show_bug.cgi?id=1177875 -------------------------------------------------------------------------------- ================================================================================ blosc-1.5.2-1.fc20 (FEDORA-2015-0411) A high performance compressor optimized for binary data -------------------------------------------------------------------------------- Update Information: Update to latest version. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 6 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> - 1.5.2-1 - Update to 1.5.2 (#1115808) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1115808 - blosc-1.5.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1115808 [ 2 ] Bug #1116894 - python-blosc-1.2.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1116894 -------------------------------------------------------------------------------- ================================================================================ curl-7.32.0-18.fc20 (FEDORA-2015-0418) A utility for getting files from remote servers (FTP, HTTP, and others) -------------------------------------------------------------------------------- Update Information: - reject CRLFs in URLs passed to proxy (CVE-2014-8150) -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Kamil Dudka <kdudka@xxxxxxxxxx> 7.32.0-18 - reject CRLFs in URLs passed to proxy (CVE-2014-8150) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1178692 - CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn() https://bugzilla.redhat.com/show_bug.cgi?id=1178692 -------------------------------------------------------------------------------- ================================================================================ darktable-1.6.0-1.fc20 (FEDORA-2015-0423) Utility to organize and develop raw images -------------------------------------------------------------------------------- Update Information: upgrade to 1.6.0. Could require a clean .cache/darktable or .config/darktable Darktable 1.6rc1 -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 9 2014 Edouard Bourguignon <madko@xxxxxxxxxxx> - 1.6.0-1 - Darktable 1.6.0 stable * Sat Dec 6 2014 Edouard Bourguignon <madko@xxxxxxxxxxx> - 1.5.1-0.2 - Add missing darktable-cmstest * Sat Dec 6 2014 Edouard Bourguignon <madko@xxxxxxxxxxx> - 1.5.1-0.1 - Darktable 1.6 rc1 * Wed Nov 26 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.4.2-4 - rebuild (openexr) * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1175625 - Update Fedora 20's Darktable to 1.6 https://bugzilla.redhat.com/show_bug.cgi?id=1175625 -------------------------------------------------------------------------------- ================================================================================ gettext-0.18.3.2-5.fc20 (FEDORA-2015-0184) GNU libraries and utilities for producing multi-lingual messages -------------------------------------------------------------------------------- Update Information: - remove unnecessary git dependency from -devel subpackage - unset GREP_OPTIONS and other harmful envvar in autopoint -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Daiki Ueno <dueno@xxxxxxxxxx> - 0.18.3.2-5 - apply patch to unset GREP_OPTIONS in autopoint (#801374) * Mon Jan 5 2015 Daiki Ueno <dueno@xxxxxxxxxx> - 0.18.3.2-4 - remove git dependency from -devel subpackage (#1161284) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1161284 - git dependency https://bugzilla.redhat.com/show_bug.cgi?id=1161284 [ 2 ] Bug #801374 - autopoint fails if GREP_OPTIONS contains -n https://bugzilla.redhat.com/show_bug.cgi?id=801374 -------------------------------------------------------------------------------- ================================================================================ globus-common-15.27-1.fc20 (FEDORA-2015-0424) Globus Toolkit - Common Library -------------------------------------------------------------------------------- Update Information: Updates from upstream. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 7 2015 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 15.27-1 - GT6 update (globus_list_from_string) -------------------------------------------------------------------------------- ================================================================================ globus-gridftp-server-7.18-1.fc20 (FEDORA-2015-0424) Globus Toolkit - Globus GridFTP Server -------------------------------------------------------------------------------- Update Information: Updates from upstream. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 7 2015 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 7.18-1 - GT6 update (net mgr support) -------------------------------------------------------------------------------- ================================================================================ globus-xio-5.2-1.fc20 (FEDORA-2015-0424) Globus Toolkit - Globus XIO Framework -------------------------------------------------------------------------------- Update Information: Updates from upstream. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 7 2015 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 5.2-1 - GT6 update (GLOBUS_XIO_GET_STRING_OPTIONS, GLOBUS_XIO_GET_DRIVER_NAME) -------------------------------------------------------------------------------- ================================================================================ lz4-r127-1.fc20 (FEDORA-2015-0435) Extremely fast compression algorithm -------------------------------------------------------------------------------- Update Information: - Fixed a bug in LZ4 HC streaming mode - New lz4frame API integrated into liblz4 - Fixed a GCC 4.9 bug on highest performance settings -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 7 2015 pjp <pjp@xxxxxxxxxxxxxxxxx> - r127-1 - Fixed a bug in LZ4 HC streaming mode - New lz4frame API integrated into liblz4 - Fixed a GCC 4.9 bug on highest performance settings -------------------------------------------------------------------------------- References: [ 1 ] Bug #1176911 - lz4-127 is available https://bugzilla.redhat.com/show_bug.cgi?id=1176911 [ 2 ] Bug #1170243 - [abrt] lz4: LZ4HC_InsertAndFindBestMatch(): lz4 killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1170243 -------------------------------------------------------------------------------- ================================================================================ mate-notification-daemon-1.8.1-2.fc20 (FEDORA-2015-0430) Notification daemon for MATE Desktop -------------------------------------------------------------------------------- Update Information: - fixed-logic-in-a-couple-of-places - rhbz (#1142441) -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.8.1-2 - fixed-logic-in-a-couple-of-places - rhbz (#1142441) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1142441 - [abrt] mate-notification-daemon: notify_stack_set_location(): mate-notification-daemon killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1142441 -------------------------------------------------------------------------------- ================================================================================ mate-power-manager-1.8.1-2.fc20 (FEDORA-2015-0443) MATE power management service -------------------------------------------------------------------------------- Update Information: - fix mate-power-manager brightness pop-up is a blank square - rhbz (#1142224) -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.8.1-2 - fix mate-power-manager brightness pop-up is a blank square - rhbz (#1142224) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1142224 - mate-power-manager brightness pop-up is a blank square https://bugzilla.redhat.com/show_bug.cgi?id=1142224 -------------------------------------------------------------------------------- ================================================================================ perl-CHI-0.59-1.fc20 (FEDORA-2015-0437) Unified cache handling interface -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 0.59-1 - Upstream update. - Reflect upstream URL having changed. -------------------------------------------------------------------------------- ================================================================================ perl-POSIX-strftime-Compiler-0.41-1.fc20 (FEDORA-2015-0431) GNU C library compatible strftime for loggers and servers -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 0.41-1 - Upstream update. - Remove BR: perl(CPAN::Meta), BR: perl(CPAN::Meta::Prereqs). -------------------------------------------------------------------------------- ================================================================================ perl-Params-Validate-1.16-1.fc20 (FEDORA-2015-0416) Params-Validate Perl module -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 1.16-1 - Upstream update. - Reflect upstream changes. -------------------------------------------------------------------------------- ================================================================================ perl-Test-CheckManifest-1.29-1.fc20 (FEDORA-2015-0425) Check if your Manifest matches your distro -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 1.29-1 - Upstream update. -------------------------------------------------------------------------------- ================================================================================ perl-WWW-OrangeHRM-Client-0.9.1-1.fc20 (FEDORA-2015-0436) Client for OrangeHRM -------------------------------------------------------------------------------- Update Information: This release make a check for successful log in more robust. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Petr Pisar <ppisar@xxxxxxxxxx> - 0.9.1-1 - 0.9.1 bump -------------------------------------------------------------------------------- ================================================================================ pg-semver-0.5.0-2.fc20 (FEDORA-2015-0433) A semantic version data type for PostgreSQL -------------------------------------------------------------------------------- Update Information: Fix issues found by review -------------------------------------------------------------------------------- References: [ 1 ] Bug #1173683 - Review Request: pg-semver - A semantic version data type for PostgreSQL https://bugzilla.redhat.com/show_bug.cgi?id=1173683 -------------------------------------------------------------------------------- ================================================================================ python-blosc-1.2.4-1.fc20 (FEDORA-2015-0411) Python wrapper for the blosc high performance compressor -------------------------------------------------------------------------------- Update Information: Update to latest version. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 6 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> - 1.2.4-1 - Update to 1.2.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1115808 - blosc-1.5.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1115808 [ 2 ] Bug #1116894 - python-blosc-1.2.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1116894 -------------------------------------------------------------------------------- ================================================================================ python-pyroute2-0.3.4-1.fc20 (FEDORA-2015-0428) Pure Python netlink library -------------------------------------------------------------------------------- Update Information: Network namespaces support -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Peter V. Saveliev <peter@xxxxxxxxxx> 0.3.4-1 - Network namespaces support - Veth, tuntap - Route metrics -------------------------------------------------------------------------------- ================================================================================ samba-4.1.14-2.fc20 (FEDORA-2015-0422) Server and Client software to interoperate with Windows machines -------------------------------------------------------------------------------- Update Information: Remove alternatives for libwbclient. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 7 2015 - Andreas Schneider <asn@xxxxxxxxxx> - 4.1.14-2 - Remove alternatives for libwbclient. -------------------------------------------------------------------------------- ================================================================================ wireshark-1.10.12-1.fc20 (FEDORA-2015-0429) Network traffic analyzer -------------------------------------------------------------------------------- Update Information: Ver. 1.10.12 -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Peter Hatina <phatina@xxxxxxxxxx> - 1.10.12-1 - Ver. 1.10.12 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
