The following Fedora 20 Security updates need testing: Age URL 98 https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20 50 https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionpack-4.0.0-5.fc20 49 https://admin.fedoraproject.org/updates/FEDORA-2014-15489/rubygem-sprockets-2.8.2-5.fc20 28 https://admin.fedoraproject.org/updates/FEDORA-2014-16494/mutt-1.5.23-4.fc20 27 https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.fc20 27 https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.2-1.fc20 27 https://admin.fedoraproject.org/updates/FEDORA-2014-16932/libhtp-0.5.6-2.fc20 22 https://admin.fedoraproject.org/updates/FEDORA-2014-17153/httpd-2.4.10-2.fc20 20 https://admin.fedoraproject.org/updates/FEDORA-2014-17272/ca-certificates-2014.2.2-1.0.fc20 18 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20 15 https://admin.fedoraproject.org/updates/FEDORA-2014-17559/mapserver-6.2.2-1.fc20 13 https://admin.fedoraproject.org/updates/FEDORA-2014-17641/dokuwiki-0-0.23.20140929b.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-0072/drupal6-flag-2.1-3.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2015-0259/owasp-esapi-java-2.1.0-2.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-0345/xen-4.3.3-9.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0451/docker-io-1.4.1-4.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0418/curl-7.32.0-18.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0471/cross-binutils-2.25-3.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 8 https://admin.fedoraproject.org/updates/FEDORA-2014-17748/kdelibs-4.14.3-8.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-0082/btrfs-progs-3.18-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-0086/perl-Filter-1.53-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-0220/xorg-x11-drv-synaptics-1.7.7-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0422/samba-4.1.14-2.fc20 The following builds have been pushed to Fedora 20 updates-testing barman-1.3.3-2.fc20 cross-binutils-2.25-3.fc20 docker-io-1.4.1-4.fc20 fence-agents-4.0.14-1.fc20 gnucash-2.6.5-1.fc20 ikiwiki-3.20141016-1.fc20 mate-settings-daemon-1.8.2-2.fc20 python-biopython-1.65-1.fc20 stunnel-5.08-1.fc20 x2goserver-4.0.1.18-5.fc20 xfdesktop-4.10.3-3.fc20 Details about builds: ================================================================================ barman-1.3.3-2.fc20 (FEDORA-2015-0452) Backup and Recovery Manager for PostgreSQL -------------------------------------------------------------------------------- Update Information: Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1132819 - barman-1.3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1132819 -------------------------------------------------------------------------------- ================================================================================ cross-binutils-2.25-3.fc20 (FEDORA-2015-0471) A GNU collection of cross-compilation binary utilities -------------------------------------------------------------------------------- Update Information: Upgrade to binutils-2.25 thus fixing a number of security bugs -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 7 2015 David Howells <dhowells@xxxxxxxxxx> - 2.25-2 - Fix up the target for SH64 and cease mixing 32-bit SH targets with SH64. - SH64: Work around flags not getting set on incremental link of .a into .o [binutils bz 17288]. * Mon Jan 5 2015 David Howells <dhowells@xxxxxxxxxx> - 2.25-1 - Sync with binutils-2.25 to pick up fixes. Resolves: BZ #1162577, #1162601, #1162611, #1162625 * Thu Nov 13 2014 David Howells <dhowells@xxxxxxxxxx> - 2.24-7 - Fix problems with the ar program reported in FSF PR 17533. Resolves: BZ #1162672, #1162659 * Wed Nov 12 2014 David Howells <dhowells@xxxxxxxxxx> - 2.24-6 - Sync with binutils to pick up fixes. - Backport binutils 2.4 upstream branch to pick up more fixes. * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.24-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1162577 - CVE-2014-8501 cross-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162577 [ 2 ] Bug #1162601 - CVE-2014-8502 cross-binutils: binutils: heap overflow in objdump [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162601 [ 3 ] Bug #1162611 - CVE-2014-8503 cross-binutils: binutils: stack overflow in objdump when parsing specially crafted ihex file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162611 [ 4 ] Bug #1162625 - CVE-2014-8504 cross-binutils: binutils: stack overflow in the SREC parser [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162625 [ 5 ] Bug #1162659 - cross-binutils: binutils: directory traversal vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162659 [ 6 ] Bug #1162672 - cross-binutils: binutils: out of bounds memory write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1162672 -------------------------------------------------------------------------------- ================================================================================ docker-io-1.4.1-4.fc20 (FEDORA-2015-0451) Automates deployment of containerized applications -------------------------------------------------------------------------------- Update Information: allow unitfile to use /etc/sysconfig/docker-network Security fix for CVE-2014-9357, CVE-2014-9358, CVE-2014-9356 -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 1.4.1-4 - allow unitfile to use /etc/sysconfig/docker-network - MountFlags private * Fri Dec 19 2014 Dan Walsh <dwalsh@xxxxxxxxxx> - 1.4.1-3 - Add check to run unit tests * Thu Dec 18 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 1.4.1-2 - update and rename logrotate cron script - install /etc/sysconfig/docker-network * Wed Dec 17 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 1.4.1-1 - Resolves: rhbz#1175144 - update to upstream v1.4.1 - Resolves: rhbz#1175097, rhbz#1127570 - subpackages for fish and zsh completion and vim syntax highlighting - Provide subpackage to run logrotate on running containers as a daily cron job * Thu Dec 11 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 1.4.0-2 - update metaprovides * Thu Dec 11 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 1.4.0-1 - Resolves: rhbz#1173324 - Resolves: rhbz#1172761 - CVE-2014-9356 - Resolves: rhbz#1172782 - CVE-2014-9357 - Resolves: rhbz#1172787 - CVE-2014-9358 - update to upstream v1.4.0 - override DOCKER_CERT_PATH in sysconfig instead of patching the source - create dockerroot user if doesn't exist prior - update metaprovides -------------------------------------------------------------------------------- References: [ 1 ] Bug #1172782 - CVE-2014-9357 docker: Escalation of privileges during decompression of LZMA archives https://bugzilla.redhat.com/show_bug.cgi?id=1172782 [ 2 ] Bug #1172761 - CVE-2014-9356 docker: Path traversal during processing of absolute symlinks https://bugzilla.redhat.com/show_bug.cgi?id=1172761 [ 3 ] Bug #1172787 - CVE-2014-9358 docker: Path traversal and spoofing opportunities presented through image identifiers https://bugzilla.redhat.com/show_bug.cgi?id=1172787 -------------------------------------------------------------------------------- ================================================================================ fence-agents-4.0.14-1.fc20 (FEDORA-2015-0475) Fence Agents for Red Hat Cluster -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Marek Grac <mgrac@xxxxxxxxxx> - 4.0.14-1 - new upstream release - new packages fence-agents-zvm and fence-agents-emerson -------------------------------------------------------------------------------- ================================================================================ gnucash-2.6.5-1.fc20 (FEDORA-2015-0474) Finance management application -------------------------------------------------------------------------------- Update Information: This updates GnuCash to the latest upstream release, 2.6.5, which contains a variety of bugfixes. For more information, see the upstream release notes at http://gnucash.org/#n-141216-2.6.5.news. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Bill Nottingham <notting@xxxxxxxx> - 2.6.5-1 - update to 2.6.5 (#1176892) which fixes guile cache issues (#1151870) and charts (#1157203) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1151870 - gnucash-2.6.4-1.fc20.x86_64 doesn't launch https://bugzilla.redhat.com/show_bug.cgi?id=1151870 [ 2 ] Bug #1176892 - gnucash-2.6.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1176892 [ 3 ] Bug #1157203 - Bar charts all messed up after latest gnucash update https://bugzilla.redhat.com/show_bug.cgi?id=1157203 -------------------------------------------------------------------------------- ================================================================================ ikiwiki-3.20141016-1.fc20 (FEDORA-2015-0449) A wiki compiler -------------------------------------------------------------------------------- Update Information: Update to version 3.20141016. See https://ikiwiki.info/news/version_3.20141016/ for the list of changes. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 18 2014 Thomas Moschny <thomas.moschny@xxxxxx> - 3.20141016-1 - Update to 3.20141016. -------------------------------------------------------------------------------- ================================================================================ mate-settings-daemon-1.8.2-2.fc20 (FEDORA-2015-0464) MATE Desktop settings daemon -------------------------------------------------------------------------------- Update Information: - fix rhbz (1102581) -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1102581 - [abrt] mate-settings-daemon: on_screen_size_changed(): mate-settings-daemon killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1102581 -------------------------------------------------------------------------------- ================================================================================ python-biopython-1.65-1.fc20 (FEDORA-2015-0453) Python tools for computational molecular biology -------------------------------------------------------------------------------- Update Information: python-biopython-1.65 is available -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Luis Bazan <lbazan@xxxxxxxxxxxxxxxxx> - 1.65-1 - New upstream version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1176949 - python-biopython-1.65 is available https://bugzilla.redhat.com/show_bug.cgi?id=1176949 -------------------------------------------------------------------------------- ================================================================================ stunnel-5.08-1.fc20 (FEDORA-2015-0477) An SSL-encrypting socket wrapper -------------------------------------------------------------------------------- Update Information: new upstream release. New upstream release. New upstream release. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 11 2014 Avesh Agarwal <avagarwa@xxxxxxxxxx> - 5.08-1 - 1163349: New upstream release 5.08 * Sun Nov 23 2014 Avesh Agarwal <avagarwa@xxxxxxxxxx> - 5.08b6-1 - 1163349: New upstream beta release 5.08b6 - Fixed incorrect reporting of fips status in configure.ac at compile time, requires autoconf automake at buildtime - Fixed default OpenSSL directory issue by using with-ssl - Updates local patches - 1155977: Fixes man page issues * Tue Nov 4 2014 Avesh Agarwal <avagarwa@xxxxxxxxxx> - 5.07-1 - New upstream release 5.07 * Fri Oct 17 2014 Avesh Agarwal <avagarwa@xxxxxxxxxx> - 5.06-1 - New upstream release 5.06 - Addresses Poodle security issue * Wed Oct 8 2014 Avesh Agarwal <avagarwa@xxxxxxxxxx> - 5.05b5-1 - rhbz #1144393: New upstream beta release - systemd socket activation support -------------------------------------------------------------------------------- References: [ 1 ] Bug #1154004 - stunnel-5.07 is available https://bugzilla.redhat.com/show_bug.cgi?id=1154004 -------------------------------------------------------------------------------- ================================================================================ x2goserver-4.0.1.18-5.fc20 (FEDORA-2015-0473) X2Go Server -------------------------------------------------------------------------------- Update Information: Fix local desktop sharing breakage (bug #1180303) -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Orion Poplawski <orion@xxxxxxxxxxxxx> - 4.0.1.18-5 - Fix local desktop sharing breakage (bug #1180303) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1180303 - can't connect to local desktop since the version released on Dec 25,2014 https://bugzilla.redhat.com/show_bug.cgi?id=1180303 -------------------------------------------------------------------------------- ================================================================================ xfdesktop-4.10.3-3.fc20 (FEDORA-2015-0472) Desktop manager for the Xfce Desktop Environment -------------------------------------------------------------------------------- Update Information: Add patch with fix for crash in timed desktop backdrop changes. Fixes bug #1174160 -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 8 2015 Kevin Fenzi <kevin@xxxxxxxxx> 4.10.3-3 - Add patch with fix for crash in timed desktop backdrop changes. Fixes bug #1174160 * Thu Nov 27 2014 Mukundan Ragavan <nonamedotc@xxxxxxxxxxxxxxxxx> - 4.10.3-2 - bump release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1174160 - [abrt] xfdesktop: xfdesktop_backdrop_list_choose_random(): xfdesktop killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1174160 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
