The following Fedora 21 Security updates need testing: Age URL 56 https://admin.fedoraproject.org/updates/FEDORA-2014-15342/rubygem-actionpack-4.1.5-2.fc21 55 https://admin.fedoraproject.org/updates/FEDORA-2014-15413/rubygem-sprockets-2.12.1-3.fc21 33 https://admin.fedoraproject.org/updates/FEDORA-2014-16782/mutt-1.5.23-7.fc21 32 https://admin.fedoraproject.org/updates/FEDORA-2014-16880/libhtp-0.5.16-1.fc21 32 https://admin.fedoraproject.org/updates/FEDORA-2014-16833/asterisk-11.14.2-1.fc21 27 https://admin.fedoraproject.org/updates/FEDORA-2014-17195/httpd-2.4.10-15.fc21 23 https://admin.fedoraproject.org/updates/FEDORA-2014-17139/aeskulap-0.2.2-0.20beta1.fc21,orthanc-0.8.5-2.fc21,dcmtk-3.6.1-1.fc21 20 https://admin.fedoraproject.org/updates/FEDORA-2014-17567/mapserver-6.2.2-1.fc21 18 https://admin.fedoraproject.org/updates/FEDORA-2014-17635/dokuwiki-0-0.23.20140929b.fc21 7 https://admin.fedoraproject.org/updates/FEDORA-2015-0331/xen-4.4.1-12.fc21 7 https://admin.fedoraproject.org/updates/FEDORA-2015-0301/exiv2-0.24-4.fc21 7 https://admin.fedoraproject.org/updates/FEDORA-2015-0264/gcab-0.4-7.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-0432/gd-2.1.0-8.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-0461/cross-binutils-2.25-3.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-0594/strongswan-5.2.2-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0667/python-pillow-2.6.1-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0692/elfutils-0.161-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0620/chicken-4.9.0.1-3.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0660/libsndfile-1.0.25-14.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0724/kernel-3.18.2-200.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0714/python-django-1.6.10-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0717/drupal7-context-3.6-1.fc21 The following Fedora 21 Critical Path updates have yet to be approved: Age URL 7 https://admin.fedoraproject.org/updates/FEDORA-2015-0357/setup-2.9.0-3.fc21 7 https://admin.fedoraproject.org/updates/FEDORA-2015-0312/gupnp-av-0.12.7-1.fc21,gssdp-0.14.11-1.fc21,gupnp-0.20.13-1.fc21 7 https://admin.fedoraproject.org/updates/FEDORA-2015-0301/exiv2-0.24-4.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-0440/lz4-r127-1.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-0420/libxcb-1.11-3.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2015-0493/rest-0.7.92-6.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2015-0522/gvfs-1.22.3-1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-0582/evolution-mapi-3.12.10-1.fc21,evolution-ews-3.12.10-1.fc21,evolution-3.12.10-1.fc21,evolution-data-server-3.12.10-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0725/langtable-0.0.29-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0721/samba-4.1.15-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0702/mesa-10.4.2-1.20150112.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0613/ntfs-3g-2014.2.15-7.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0660/libsndfile-1.0.25-14.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0637/tracker-1.2.5-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0692/elfutils-0.161-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0615/libedit-3.1-9.20141030cvs.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0672/libical-1.0-9.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-0628/btrfs-progs-3.18.1-1.fc21 The following builds have been pushed to Fedora 21 updates-testing boost-1.55.0-8.fc21 ceph-0.80.7-3.fc21 drupal7-context-3.6-1.fc21 drupal7-rules-2.8-1.fc21 greybird-1.5-1.fc21 irclib-1.10-1.fc21 kde-print-manager-4.14.3-2.fc21 kernel-3.18.2-200.fc21 langtable-0.0.29-1.fc21 libdwarf-20150112-1.fc21 mesa-10.4.2-1.20150112.fc21 python-django-1.6.10-1.fc21 python-sphinxcontrib-napoleon-0.2.9-1.fc21 python-txsocksx-1.13.0.3-5.fc21 samba-4.1.15-1.fc21 ugene-1.15.1-1.fc21 voms-clients-java-3.0.5-1.fc21 xfdashboard-0.3.5-1.fc21 xfe-1.40-1.fc21 Details about builds: ================================================================================ boost-1.55.0-8.fc21 (FEDORA-2015-0712) The free peer-reviewed portable C++ source libraries -------------------------------------------------------------------------------- Update Information: - Build libboost_python and libboost_python3 such that they depend on their respective libpython's. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 9 2015 Petr Machata <pmachata@xxxxxxxxxx> - 1.55.0-8 - Build libboost_python and libboost_python3 such that they depend on their respective libpython's. (boost-1.55.0-python-libpython_dep.patch, boost-1.55.0-python-abi_letters.patch) - Fix Boost.Python test suite so that PyImport_AppendInittab is called before PyInitialize, which broke the test suite with Python 3. (boost-1.55.0-python-test-PyImport_AppendInittab.patch) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1102667 - boost-python has no linkage-to or dependency on libpython https://bugzilla.redhat.com/show_bug.cgi?id=1102667 -------------------------------------------------------------------------------- ================================================================================ ceph-0.80.7-3.fc21 (FEDORA-2015-0723) User space components of the Ceph file system -------------------------------------------------------------------------------- Update Information: This update fixes the issue when /usr/bin/ceph command got stuck on exit indefinitely. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 14 2015 Boris Ranto <branto@xxxxxxxxxx> - 1:0.80.7-3 - Fix rhbz#1155335 -- /usr/bin/ceph hangs indefinitely -------------------------------------------------------------------------------- References: [ 1 ] Bug #1155335 - ceph mon_status hangs https://bugzilla.redhat.com/show_bug.cgi?id=1155335 -------------------------------------------------------------------------------- ================================================================================ drupal7-context-3.6-1.fc21 (FEDORA-2015-0717) Allows contextual conditions and reactions management -------------------------------------------------------------------------------- Update Information: [SA-CONTRIB-2015-004 - Context - Open Redirect](https://www.drupal.org/node/2403351) -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 13 2015 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 3.6-1 - Updated to 3.6 (DRUPAL-SA-CONTRIB-2015-004 / BZ #1180429) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1180429 - drupal7-context-3.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1180429 -------------------------------------------------------------------------------- ================================================================================ drupal7-rules-2.8-1.fc21 (FEDORA-2015-0722) React on events and conditionally evaluate actions -------------------------------------------------------------------------------- Update Information: ## 7.x-2.8 * Issue #2013513 by EmanueleQuinto, das-peter: Action: type conversion for token * Issue #2324587 by fago: Rules might be triggered too early in the bootstrap * Issue #1810656 by pjcdawkins, moonray, GoddamnNoise, deggertsen, nielsdefeyter, xandeadx: Rules UI does not work with JQuery 1.7+ * Issue #2161847 by axel.rutz, maikeru, Mschudders | kenorb: Fixed Fatal error: Unsupported operand types in rules.module on line 227. * Issue #2190553 by das-peter, fago: Add locking to cache rebuild to avoid stampeding. * Issue #2014065 by heddn, fago | jhodgdon: UI very confusing for Data Comparison for Boolean values. * Issue #2103079 by axel.rutz, lootoo: Allow providing Rules metadata assertions for lists of entities. * Issue #2206545 by pjcdawkins, sanchiz: Replace field_info_fields() with field_info_field_map() for Drupal >= 7.22. * Issue #1077700 by arithmetric: Add Drush integration for en/disabling rules. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 13 2015 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 2.8-1 - Updated to 2.8 (BZ #1180431) - Spec cleanup - Removed RPM README b/c it only explained common Drupal workflow - %license usage -------------------------------------------------------------------------------- References: [ 1 ] Bug #1180431 - drupal7-rules-2.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1180431 -------------------------------------------------------------------------------- ================================================================================ greybird-1.5-1.fc21 (FEDORA-2015-0719) A clean minimalistic theme for Xfce, GTK+ 2 and 3 -------------------------------------------------------------------------------- Update Information: Drop upstreamed patches -------------------------------------------------------------------------------- ChangeLog: * Sat Jan 10 2015 Kevin Fenzi <kevin@xxxxxxxxx> 1.5-1 - Update to 1.5, drop upstreamed patches -------------------------------------------------------------------------------- ================================================================================ irclib-1.10-1.fc21 (FEDORA-2015-0705) Java implementation of the IRC protocol -------------------------------------------------------------------------------- Update Information: Initial import (#976049). -------------------------------------------------------------------------------- References: [ 1 ] Bug #976049 - Review Request: irclib - Java implementation of the IRC protocol https://bugzilla.redhat.com/show_bug.cgi?id=976049 -------------------------------------------------------------------------------- ================================================================================ kde-print-manager-4.14.3-2.fc21 (FEDORA-2015-0704) Printer management for KDE -------------------------------------------------------------------------------- Update Information: Fix problems with modal dialogs (and hidden password prompts). -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 14 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.14.3-2 - KDE Print Manager can't save printer options (#1096940, kde#328014) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1096940 - KDE Print Manager can't save printer options https://bugzilla.redhat.com/show_bug.cgi?id=1096940 -------------------------------------------------------------------------------- ================================================================================ kernel-3.18.2-200.fc21 (FEDORA-2015-0724) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 3.18.2 kernel rebase contains several new features as well as several fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 13 2015 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - 3.18.2-200 - Linux v3.18.2 * Mon Jan 12 2015 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - CVE-2014-9585 ASLR brute-force possible for vdso (rhbz 1181054 1181056) - Backlight fixes for Samsung and Dell machines (rhbz 1094948 1115713 1163574) - Add various UAS quirks (rhbz 1124119) - Add patch to fix loop in VDSO (rhbz 1178975) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1181054 - CVE-2014-9585 kernel: ASLR bruteforce possible for vdso library https://bugzilla.redhat.com/show_bug.cgi?id=1181054 -------------------------------------------------------------------------------- ================================================================================ langtable-0.0.29-1.fc21 (FEDORA-2015-0725) Guessing reasonable defaults for locale, keyboard layout, territory, and language. -------------------------------------------------------------------------------- Update Information: add CW, cmn, hak, lzh, quz, the -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 14 2015 Mike FABIAN <mfabian@xxxxxxxxxx> - 0.0.29-1 - add CW, cmn, hak, lzh, quz, the * Wed Sep 24 2014 Mike FABIAN <mfabian@xxxxxxxxxx> - 0.0.28-1 - Do not used translations tagged with 'variant' in CLDR - Rename Uyghur keyboard cn(uig) → cn(ug) (for xkeyboard-config >= 2.12, shipped with Fedora 21 Alpha) -------------------------------------------------------------------------------- ================================================================================ libdwarf-20150112-1.fc21 (FEDORA-2015-0707) Library to access the DWARF Debugging file format -------------------------------------------------------------------------------- Update Information: Update to 20150112 upstream release -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 14 2015 Tom Hughes <tom@xxxxxxxxxx> - 20150112-1 - Update to 20150112 upstream release - Switch back to dwarfdump, as dwarfdump2 is deprecated upstream -------------------------------------------------------------------------------- References: [ 1 ] Bug #1181976 - libdwarf-20150112 is available https://bugzilla.redhat.com/show_bug.cgi?id=1181976 [ 2 ] Bug #1177758 - Use after free vulnerability in Dwarfdump. https://bugzilla.redhat.com/show_bug.cgi?id=1177758 -------------------------------------------------------------------------------- ================================================================================ mesa-10.4.2-1.20150112.fc21 (FEDORA-2015-0702) Mesa graphics libraries -------------------------------------------------------------------------------- Update Information: 10.4.2 -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 12 2015 Igor Gnatenko <ignatenkobrain@xxxxxxxxxxxxxxxxx> - 10.4.2-1.20150112 - 10.4.2 -------------------------------------------------------------------------------- ================================================================================ python-django-1.6.10-1.fc21 (FEDORA-2015-0714) A high-level Python Web framework -------------------------------------------------------------------------------- Update Information: fix CVE-2015-0219 (rhbz#1181939) -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 14 2015 Matthias Runge <mrunge@xxxxxxxxxx> - 1.6.10-1 - fix CVE-2015-0219 (rhbz#1181939) - fix CVE-2015-0220 (rhbz#1181943) - fix CVE-2015-0221 (rhbz#1181946) - fix CVE-2015-0222 (rhbz#1181951) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1179679 - CVE-2015-0221 Django: denial of service attack against django.views.static.serve https://bugzilla.redhat.com/show_bug.cgi?id=1179679 [ 2 ] Bug #1179672 - CVE-2015-0219 Django: WSGI header spoofing via underscore/dash conflation https://bugzilla.redhat.com/show_bug.cgi?id=1179672 [ 3 ] Bug #1179675 - CVE-2015-0220 Django: Mitigated possible XSS attack via user-supplied redirect URLs https://bugzilla.redhat.com/show_bug.cgi?id=1179675 [ 4 ] Bug #1179685 - CVE-2015-0222 Django: database denial of service with ModelMultipleChoiceField https://bugzilla.redhat.com/show_bug.cgi?id=1179685 -------------------------------------------------------------------------------- ================================================================================ python-sphinxcontrib-napoleon-0.2.9-1.fc21 (FEDORA-2015-0718) Sphinx napoleon extension -------------------------------------------------------------------------------- Update Information: New upstream version. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 14 2015 Michal Minar <miminar@xxxxxxxxxx> 0.2.9-1 - New upstream version. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1181551 - python-sphinxcontrib-napoleon-0.2.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1181551 -------------------------------------------------------------------------------- ================================================================================ python-txsocksx-1.13.0.3-5.fc21 (FEDORA-2015-0700) Twisted client endpoints for SOCKS{4,4a,5} -------------------------------------------------------------------------------- Update Information: Escape macros in comments and bump release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1179949 - Review Request: python-txsocksx - Twisted client endpoints for SOCKS{4,4a,5} https://bugzilla.redhat.com/show_bug.cgi?id=1179949 -------------------------------------------------------------------------------- ================================================================================ samba-4.1.15-1.fc21 (FEDORA-2015-0721) Server and Client software to interoperate with Windows machines -------------------------------------------------------------------------------- Update Information: Update to Samba 4.1.14. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 13 2015 - Andreas Schneider <asn@xxxxxxxxxx> - 4.1.15-1 - Update to Samba 4.1.14. - resolves: #1175710 - Fix auth with long hostnames. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1175710 - Authentication fails when netbios/hostname is longer than MAX_NETBIOSNAME_LEN-1 https://bugzilla.redhat.com/show_bug.cgi?id=1175710 -------------------------------------------------------------------------------- ================================================================================ ugene-1.15.1-1.fc21 (FEDORA-2015-0720) Integrated bioinformatics toolkit -------------------------------------------------------------------------------- Update Information: This is a patch release that contains several major bug fixes and minor interface improvements requested by users. The full list of changes done in this release can be found in our bug tracker - http://ugene.unipro.ru/tracker/secure/IssueNavigator.jspa…; Click here (http://ugene.unipro.ru/tracker/secure/IssueNavigator.jspa…;) to go to the Unipro UGENE downloads page and download UGENE 1.15.1. Important changes in this major release 1.15.0 include: 1. Quick search in a sequence without creation of annotations 2. PCR in silico 3. NGS: a) Spades de novo assembler b) Export of a short reads assembly coverage c) Raw NGS filtering workflow samples 4. Circular View and circular sequences: a) Support of all algorithms for circular sequences: ORF, restriction sites, BLAST, etc. b) Circular View visualisation settings 5. Shared database: a) Support of shared databases in the UGENE Workflow Designer 6. Usability improvements: a) Welcome page b) Remembering of Options Panel setting within one Important changes in this major release 1.15.0 include: 1. Quick search in a sequence without creation of annotations 2. PCR in silico 3. NGS: a) Spades de novo assembler b) Export of a short reads assembly coverage c) Raw NGS filtering workflow samples 4. Circular View and circular sequences: a) Support of all algorithms for circular sequences: ORF, restriction sites, BLAST, etc. b) Circular View visualisation settings 5. Shared database: a) Support of shared databases in the UGENE Workflow Designer 6. Usability improvements: a) Welcome page b) Remembering of Options Panel setting within one -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 14 2015 Yuliya Algaer <yalgaer@xxxxxxxxx> 1.15.1-1 - New upstream release -------------------------------------------------------------------------------- ================================================================================ voms-clients-java-3.0.5-1.fc21 (FEDORA-2015-0710) Virtual Organization Membership Service Java clients -------------------------------------------------------------------------------- Update Information: The Virtual Organization Membership Service (VOMS) is an attribute authority which serves as central repository for VO user authorization information, providing support for sorting users into group hierarchies, keeping track of their roles and other attributes in order to issue trusted attribute certificates and SAML assertions used in the Grid environment for authorization purposes. This package provides the Java version of the command line clients for VOMS: voms-proxy-init, voms-proxy-destroy and voms-proxy-info. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1165354 - Review Request: voms-clients-java - Virtual Organization Membership Service Java clients https://bugzilla.redhat.com/show_bug.cgi?id=1165354 -------------------------------------------------------------------------------- ================================================================================ xfdashboard-0.3.5-1.fc21 (FEDORA-2015-0708) GNOME shell like dashboard for Xfce -------------------------------------------------------------------------------- Update Information: Update to 0.3.5 -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 12 2015 Mukundan Ragavan <nonamedotc@xxxxxxxxxxxxxxxxx> - 0.3.5-1 - Update to 0.3.5 -------------------------------------------------------------------------------- ================================================================================ xfe-1.40-1.fc21 (FEDORA-2015-0716) X File Explorer File Manager -------------------------------------------------------------------------------- Update Information: New version 1.40 is released. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 13 2015 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.40-1 - 1.40 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
