Fedora 20 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 20 Security updates need testing:
 Age  URL
  98  https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20
  50  https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionpack-4.0.0-5.fc20
  49  https://admin.fedoraproject.org/updates/FEDORA-2014-15489/rubygem-sprockets-2.8.2-5.fc20
  28  https://admin.fedoraproject.org/updates/FEDORA-2014-16494/mutt-1.5.23-4.fc20
  27  https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.fc20
  27  https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.2-1.fc20
  27  https://admin.fedoraproject.org/updates/FEDORA-2014-16932/libhtp-0.5.6-2.fc20
  22  https://admin.fedoraproject.org/updates/FEDORA-2014-17153/httpd-2.4.10-2.fc20
  20  https://admin.fedoraproject.org/updates/FEDORA-2014-17272/ca-certificates-2014.2.2-1.0.fc20
  18  https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20
  15  https://admin.fedoraproject.org/updates/FEDORA-2014-17559/mapserver-6.2.2-1.fc20
  13  https://admin.fedoraproject.org/updates/FEDORA-2014-17641/dokuwiki-0-0.23.20140929b.fc20
   5  https://admin.fedoraproject.org/updates/FEDORA-2015-0072/drupal6-flag-2.1-3.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2015-0259/owasp-esapi-java-2.1.0-2.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2015-0345/xen-4.3.3-9.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-0451/docker-io-1.4.1-4.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-0418/curl-7.32.0-18.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-0471/cross-binutils-2.25-3.fc20


The following Fedora 20 Critical Path updates have yet to be approved:
 Age URL
   8  https://admin.fedoraproject.org/updates/FEDORA-2014-17748/kdelibs-4.14.3-8.fc20
   5  https://admin.fedoraproject.org/updates/FEDORA-2015-0082/btrfs-progs-3.18-1.fc20
   5  https://admin.fedoraproject.org/updates/FEDORA-2015-0086/perl-Filter-1.53-1.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-0220/xorg-x11-drv-synaptics-1.7.7-2.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-0422/samba-4.1.14-2.fc20


The following builds have been pushed to Fedora 20 updates-testing

    barman-1.3.3-2.fc20
    cross-binutils-2.25-3.fc20
    docker-io-1.4.1-4.fc20
    fence-agents-4.0.14-1.fc20
    gnucash-2.6.5-1.fc20
    ikiwiki-3.20141016-1.fc20
    mate-settings-daemon-1.8.2-2.fc20
    python-biopython-1.65-1.fc20
    stunnel-5.08-1.fc20
    x2goserver-4.0.1.18-5.fc20
    xfdesktop-4.10.3-3.fc20

Details about builds:


================================================================================
 barman-1.3.3-2.fc20 (FEDORA-2015-0452)
 Backup and Recovery Manager for PostgreSQL
--------------------------------------------------------------------------------
Update Information:

Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1132819 - barman-1.3.3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1132819
--------------------------------------------------------------------------------


================================================================================
 cross-binutils-2.25-3.fc20 (FEDORA-2015-0471)
 A GNU collection of cross-compilation binary utilities
--------------------------------------------------------------------------------
Update Information:

Upgrade to binutils-2.25 thus fixing a number of security bugs
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan  7 2015 David Howells <dhowells@xxxxxxxxxx> - 2.25-2
- Fix up the target for SH64 and cease mixing 32-bit SH targets with SH64.
- SH64: Work around flags not getting set on incremental link of .a into .o [binutils bz 17288].
* Mon Jan  5 2015 David Howells <dhowells@xxxxxxxxxx> - 2.25-1
- Sync with binutils-2.25 to pick up fixes.
  Resolves: BZ #1162577, #1162601, #1162611, #1162625
* Thu Nov 13 2014 David Howells <dhowells@xxxxxxxxxx> - 2.24-7
- Fix problems with the ar program reported in FSF PR 17533.
  Resolves: BZ #1162672, #1162659
* Wed Nov 12 2014 David Howells <dhowells@xxxxxxxxxx> - 2.24-6
- Sync with binutils to pick up fixes.
- Backport binutils 2.4 upstream branch to pick up more fixes.
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.24-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1162577 - CVE-2014-8501 cross-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162577
  [ 2 ] Bug #1162601 - CVE-2014-8502 cross-binutils: binutils: heap overflow in objdump [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162601
  [ 3 ] Bug #1162611 - CVE-2014-8503 cross-binutils: binutils: stack overflow in objdump when parsing specially crafted ihex file [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162611
  [ 4 ] Bug #1162625 - CVE-2014-8504 cross-binutils: binutils: stack overflow in the SREC parser [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162625
  [ 5 ] Bug #1162659 - cross-binutils: binutils: directory traversal vulnerability [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162659
  [ 6 ] Bug #1162672 - cross-binutils: binutils: out of bounds memory write [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1162672
--------------------------------------------------------------------------------


================================================================================
 docker-io-1.4.1-4.fc20 (FEDORA-2015-0451)
 Automates deployment of containerized applications
--------------------------------------------------------------------------------
Update Information:

allow unitfile to use /etc/sysconfig/docker-network
Security fix for CVE-2014-9357, CVE-2014-9358, CVE-2014-9356
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan  8 2015 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 1.4.1-4
- allow unitfile to use /etc/sysconfig/docker-network
- MountFlags private
* Fri Dec 19 2014 Dan Walsh <dwalsh@xxxxxxxxxx> - 1.4.1-3
- Add check to run unit tests
* Thu Dec 18 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 1.4.1-2
- update and rename logrotate cron script
- install /etc/sysconfig/docker-network
* Wed Dec 17 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 1.4.1-1
- Resolves: rhbz#1175144 - update to upstream v1.4.1
- Resolves: rhbz#1175097, rhbz#1127570 - subpackages
for fish and zsh completion and vim syntax highlighting
- Provide subpackage to run logrotate on running containers as a daily cron
job
* Thu Dec 11 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 1.4.0-2
- update metaprovides
* Thu Dec 11 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 1.4.0-1
- Resolves: rhbz#1173324
- Resolves: rhbz#1172761 - CVE-2014-9356
- Resolves: rhbz#1172782 - CVE-2014-9357
- Resolves: rhbz#1172787 - CVE-2014-9358
- update to upstream v1.4.0
- override DOCKER_CERT_PATH in sysconfig instead of patching the source
- create dockerroot user if doesn't exist prior
- update metaprovides
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1172782 - CVE-2014-9357 docker: Escalation of privileges during decompression of LZMA archives
        https://bugzilla.redhat.com/show_bug.cgi?id=1172782
  [ 2 ] Bug #1172761 - CVE-2014-9356 docker: Path traversal during processing of absolute symlinks
        https://bugzilla.redhat.com/show_bug.cgi?id=1172761
  [ 3 ] Bug #1172787 - CVE-2014-9358 docker: Path traversal and spoofing opportunities presented through image identifiers
        https://bugzilla.redhat.com/show_bug.cgi?id=1172787
--------------------------------------------------------------------------------


================================================================================
 fence-agents-4.0.14-1.fc20 (FEDORA-2015-0475)
 Fence Agents for Red Hat Cluster
--------------------------------------------------------------------------------
Update Information:

new upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan  8 2015 Marek Grac <mgrac@xxxxxxxxxx> - 4.0.14-1
- new upstream release
- new packages fence-agents-zvm and fence-agents-emerson
--------------------------------------------------------------------------------


================================================================================
 gnucash-2.6.5-1.fc20 (FEDORA-2015-0474)
 Finance management application
--------------------------------------------------------------------------------
Update Information:

This updates GnuCash to the latest upstream release, 2.6.5, which contains a variety of bugfixes. For more information, see the upstream release notes at http://gnucash.org/#n-141216-2.6.5.news.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan  8 2015 Bill Nottingham <notting@xxxxxxxx> - 2.6.5-1
- update to 2.6.5 (#1176892) which fixes guile cache issues (#1151870) and charts (#1157203)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1151870 - gnucash-2.6.4-1.fc20.x86_64 doesn't launch
        https://bugzilla.redhat.com/show_bug.cgi?id=1151870
  [ 2 ] Bug #1176892 - gnucash-2.6.5 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1176892
  [ 3 ] Bug #1157203 - Bar charts all messed up after latest gnucash update
        https://bugzilla.redhat.com/show_bug.cgi?id=1157203
--------------------------------------------------------------------------------


================================================================================
 ikiwiki-3.20141016-1.fc20 (FEDORA-2015-0449)
 A wiki compiler
--------------------------------------------------------------------------------
Update Information:

Update to version 3.20141016.

See https://ikiwiki.info/news/version_3.20141016/ for the list of changes.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2014 Thomas Moschny <thomas.moschny@xxxxxx> - 3.20141016-1
- Update to 3.20141016.
--------------------------------------------------------------------------------


================================================================================
 mate-settings-daemon-1.8.2-2.fc20 (FEDORA-2015-0464)
 MATE Desktop settings daemon
--------------------------------------------------------------------------------
Update Information:

- fix rhbz (1102581)
--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1102581 - [abrt] mate-settings-daemon: on_screen_size_changed(): mate-settings-daemon killed by SIGSEGV
        https://bugzilla.redhat.com/show_bug.cgi?id=1102581
--------------------------------------------------------------------------------


================================================================================
 python-biopython-1.65-1.fc20 (FEDORA-2015-0453)
 Python tools for computational molecular biology
--------------------------------------------------------------------------------
Update Information:

python-biopython-1.65 is available
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan  8 2015 Luis Bazan <lbazan@xxxxxxxxxxxxxxxxx> - 1.65-1
- New upstream version
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1176949 - python-biopython-1.65 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1176949
--------------------------------------------------------------------------------


================================================================================
 stunnel-5.08-1.fc20 (FEDORA-2015-0477)
 An SSL-encrypting socket wrapper
--------------------------------------------------------------------------------
Update Information:

new upstream release.
New upstream release.
New upstream release.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 11 2014 Avesh Agarwal <avagarwa@xxxxxxxxxx> - 5.08-1
- 1163349: New upstream release 5.08
* Sun Nov 23 2014 Avesh Agarwal <avagarwa@xxxxxxxxxx> - 5.08b6-1
- 1163349: New upstream beta release 5.08b6
- Fixed incorrect reporting of fips status in configure.ac
  at compile time, requires autoconf automake at buildtime
- Fixed default OpenSSL directory issue by using with-ssl
- Updates local patches
- 1155977: Fixes man page issues
* Tue Nov  4 2014 Avesh Agarwal <avagarwa@xxxxxxxxxx> - 5.07-1
- New upstream release 5.07
* Fri Oct 17 2014 Avesh Agarwal <avagarwa@xxxxxxxxxx> - 5.06-1
- New upstream release 5.06
- Addresses Poodle security issue
* Wed Oct  8 2014 Avesh Agarwal <avagarwa@xxxxxxxxxx> - 5.05b5-1
- rhbz #1144393: New upstream beta release
- systemd socket activation support
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1154004 - stunnel-5.07 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1154004
--------------------------------------------------------------------------------


================================================================================
 x2goserver-4.0.1.18-5.fc20 (FEDORA-2015-0473)
 X2Go Server
--------------------------------------------------------------------------------
Update Information:

Fix local desktop sharing breakage (bug #1180303)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan  8 2015 Orion Poplawski <orion@xxxxxxxxxxxxx> - 4.0.1.18-5
- Fix local desktop sharing breakage (bug #1180303)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1180303 - can't connect to local desktop since the version released on Dec 25,2014
        https://bugzilla.redhat.com/show_bug.cgi?id=1180303
--------------------------------------------------------------------------------


================================================================================
 xfdesktop-4.10.3-3.fc20 (FEDORA-2015-0472)
 Desktop manager for the Xfce Desktop Environment
--------------------------------------------------------------------------------
Update Information:

Add patch with fix for crash in timed desktop backdrop changes. Fixes bug #1174160
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan  8 2015 Kevin Fenzi <kevin@xxxxxxxxx> 4.10.3-3
- Add patch with fix for crash in timed desktop backdrop changes. Fixes bug #1174160
* Thu Nov 27 2014 Mukundan Ragavan <nonamedotc@xxxxxxxxxxxxxxxxx> - 4.10.3-2
- bump release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1174160 - [abrt] xfdesktop: xfdesktop_backdrop_list_choose_random(): xfdesktop killed by SIGSEGV
        https://bugzilla.redhat.com/show_bug.cgi?id=1174160
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test




[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux