The following Fedora 20 Security updates need testing: Age URL 120 https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20 73 https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionpack-4.0.0-5.fc20 72 https://admin.fedoraproject.org/updates/FEDORA-2014-15489/rubygem-sprockets-2.8.2-5.fc20 50 https://admin.fedoraproject.org/updates/FEDORA-2014-16494/mutt-1.5.23-4.fc20 49 https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.fc20 49 https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.2-1.fc20 44 https://admin.fedoraproject.org/updates/FEDORA-2014-17153/httpd-2.4.10-2.fc20 40 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20 37 https://admin.fedoraproject.org/updates/FEDORA-2014-17559/mapserver-6.2.2-1.fc20 35 https://admin.fedoraproject.org/updates/FEDORA-2014-17641/dokuwiki-0-0.23.20140929b.fc20 19 https://admin.fedoraproject.org/updates/FEDORA-2015-0577/strongswan-5.2.2-1.fc20 17 https://admin.fedoraproject.org/updates/FEDORA-2015-0633/chicken-4.9.0.1-3.fc20 14 https://admin.fedoraproject.org/updates/FEDORA-2015-0773/arc-5.21p-5.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.35.rc3.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2015-1007/dump-0.4-0.24.b44.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1151/rubygem-passenger-4.0.53-3.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1085/puppetlabs-stdlib-4.5.1-1.20150121git7a91f20.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1101/php-5.5.21-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1133/seamonkey-2.32-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1162/community-mysql-5.5.41-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1125/mingw-jasper-1.900.1-26.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1159/jasper-1.900.1-28.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1165/patch-2.7.3-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-1176/privoxy-3.0.23-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-1191/vorbis-tools-1.4.0-13.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-1294/qpid-cpp-0.30-7.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1439/websvn-2.3.3-8.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1354/firefox-35.0.1-3.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1364/mantis-1.2.19-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1263/maradns-2.0.11-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1497/kernel-3.18.5-100.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1510/pigz-2.3.3-1.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 11 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.35.rc3.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2015-0959/redhat-rpm-config-9.1.0-55.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2015-1033/sddm-0.10.0-3.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1095/perl-Filter-1.54-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1165/patch-2.7.3-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1159/jasper-1.900.1-28.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-1214/hwdata-0.274-2.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-1285/polkit-0.112-7.fc20.1 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1425/perl-Getopt-Long-2.43-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1434/perl-Pod-Simple-3.29-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1448/koji-1.9.0-10.fc20.gitcd45e886 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1384/cairo-1.14.0-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1423/amor-14.12.1-1.fc20,ark-14.12.1-1.fc20,audiocd-kio-14.12.1-1.fc20,blinken-14.12.1-1.fc20,cantor-14.12.1-1.fc20,dragon-14.12.1-1.fc20,filelight-14.12.1-1.fc20,jovie-14.12.1-2.fc20,juk-14.12.1-1.fc20,kaccessible-14.12.1-1.fc20,kalzium-14.12.1-1.fc20,kamera-14.12.1-1.fc20,kanagram-4.14.3-3.fc20,kbruch-14.12.1-1.fc20,kcalc-14.12.1-1.fc20,kcharselect-14.12.1-1.fc20,kcolorchooser-14.12.1-1.fc20,kcron-14.12.1-2.fc20,kdeartwork-14.12.1-1.fc20,kde-baseapps-14.12.1-1.fc20,kde-base-artwork-14.12.1-1.fc20,kdegraphics-mobipocket-14.12.1-1.fc20,kdegraphics-strigi-analyzer-14.12.1-1.fc20,kdegraphics-thumbnailers-14.12.1-1.fc20,kdelibs-4.14.4-2.fc20,kdenetwork-filesharing-14.12.1-1.fc20,kdenetwork-strigi-analyzers-14.12.1-1.fc20,kdepim-4.14.4-2.fc20,kdepimlibs-4.14.4-1.fc20,kdepim-runtime-4.14.4-1.fc20,kdeplasma-addons-4.14.3-3.fc20,kde-runtime-14.12.1-2.fc20,kde-wallpapers-14.12.1-1.fc20,kdf-14.12.1-1.fc20,kdnssd-14.12.1-1.fc20,kfloppy-14.12.1-1.fc20,kgamma-14.12.1-1.fc20,kgeography-14.12.1-1.fc20,kget-14.12.1-1.fc20,kgpg-14.12.1-1.fc20,khangman-4.14.3-3.fc20,kiten-14.12.1-1.fc20,klettres-14.12.1-1.fc20,kmag-14.12.1-1.fc20,kmousetool-14.12.1-1.fc20,kmouth-14.12.1-1.fc20,kmplot-14.12.1-1.fc20,kolourpaint-14.12.1-1.fc20,kopete-14.12.1-1.fc20,kppp-14.12.1-1.fc20,kqtquickcharts-14.12.1-1.fc20,krdc-14.12.1-1.fc20,kremotecontrol-14.12.1-1.fc20,krfb-14.12.1-1.fc20,kruler-14.12.1-1.fc20,ksaneplugin-14.12.1-1.fc20,kscd-14.12.1-1.fc20,ksnapshot-14.12.1-1.fc20,kstars-14.12.1-1.fc20,ksystemlog-14.12.1-2.fc20,kteatime-14.12.1-1.fc20,ktimer-14.12.1-1.fc20,ktouch-14.12.1-1.fc20,kturtle-14.12.1-1.fc20,ktux-14.12.1-1.fc20,kuser-14.12.1-2.fc20,kwalletmanager-14.12.1-1.fc20,kwordquiz-14.12.1-1.fc20,libkcddb-14.12.1-1.fc20,libkcompactdisc-14.12.1-1.fc20,libkdcraw-14.12.1-1.fc20,libkdeedu-14.12.1-3.fc20,libkexiv2-14.12.1-1.fc20,libkipi-14.12.1-1.fc20,libksane-14.12.1-1.fc20,marble-14.12.1-1.fc20,oxygen-icon-theme-14.12.1-1.fc20,pairs-14.12.1-1.fc20,rocs-14.12.1-2.fc20,step-14.12.1-1.fc2 0,superkaramba-14.12.1-1.fc20,svgpart-14.12.1-1.fc20,sweeper-14.12.1-1.fc20,calligra-2.8.7-4.fc20,digikam-4.6.0-1.fc20.1,kdeedu-data-14.12.1-3.fc20,kde-workspace-4.11.15-3.fc20,kphotoalbum-4.5-4.fc20,subsurface-4.3-1.fc20.1 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1420/zip-3.0-10.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1354/firefox-35.0.1-3.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1398/selinux-policy-3.12.1-197.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1497/kernel-3.18.5-100.fc20 The following builds have been pushed to Fedora 20 updates-testing coin-or-Ipopt-3.12.0-1.fc20 dovecot-2.2.15-2.fc20 icecat-31.4.0-2.fc20 iotop-0.6-4.fc20 kernel-3.18.5-100.fc20 maradns-2.0.11-1.fc20 openambit-0.3-2.git5f2b784.fc20 pcsc-tools-1.4.23-1.fc20 php-aws-sdk-2.7.17-1.fc20 pigz-2.3.3-1.fc20 pulseaudio-equalizer-2.7-14.fc20 rubygem-rmagick-2.13.4-2.fc20 Details about builds: ================================================================================ coin-or-Ipopt-3.12.0-1.fc20 (FEDORA-2015-1516) Interior Point OPTimizer -------------------------------------------------------------------------------- Update Information: - **Update to 3.12.0** Correct aarch64 build (#1185848) - **Fix libraries's symlinks (bz#1152812)** - **Update to 3.11.10** - **Fix libraries's symlinks (bz#1152812)** - **Update to 3.11.10** -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 27 2015 Antonio Trande <sagitterATfedoraproject.org> - 3.12.0-1 - Update to 3.12.0 (bz#1152812) * Mon Jan 26 2015 pcpa <paulo.cesar.pereira.de.andrade@xxxxxxxxx> - 3.11.10-3 - Correct aarch64 build (#1185848) * Fri Jan 23 2015 Antonio Trande <sagitterATfedoraproject.org> - 3.11.10-2 - Fix libraries's symlinks (bz#1152812) * Mon Jan 19 2015 Antonio Trande <sagitterATfedoraproject.org> - 3.11.10-1 - Update to 3.11.10 * Sun Oct 26 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - 3.11.9-4 - Update config.guess config.sub for new arch (aarch64/ppc64le) support -------------------------------------------------------------------------------- References: [ 1 ] Bug #1185848 - package fails to build on aarch64 due to very old config.{guess,sub} files https://bugzilla.redhat.com/show_bug.cgi?id=1185848 [ 2 ] Bug #1152812 - Dynamic library file should be symlink https://bugzilla.redhat.com/show_bug.cgi?id=1152812 [ 3 ] Bug #1183505 - coin-or-Ipopt-3.11.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1183505 -------------------------------------------------------------------------------- ================================================================================ dovecot-2.2.15-2.fc20 (FEDORA-2015-1500) Secure imap and pop3 server -------------------------------------------------------------------------------- Update Information: - fix crash related to logging BYE notifications (#1176282) - update pigeonhole to 0.4.6 -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 5 2015 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 1:2.2.15-2 - fix crash related to logging BYE notifications (#1176282) - update pigeonhole to 0.4.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1176282 - [abrt] dovecot: strlen(): log killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1176282 -------------------------------------------------------------------------------- ================================================================================ icecat-31.4.0-2.fc20 (FEDORA-2015-1481) GNU version of Firefox browser -------------------------------------------------------------------------------- Update Information: - **Update to 31.4.0** - **Added MPLv2.0 license of HTML5-video-everywhere extension** -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 29 2015 Antonio Trande <sagitterATfedoraproject.org> - 31.4.0-2 - Added %license macro * Thu Jan 29 2015 Antonio Trande <sagitterATfedoraproject.org> - 31.4.0-1 - Update to 31.4.0 - Added MPLv2.0 license of HTML5-video-everywhere extension - Description updated * Mon Jan 26 2015 David Tardon <dtardon@xxxxxxxxxx> - 31.2.0-8 - rebuild for ICU 54.1 * Wed Jan 21 2015 Antonio Trande <sagitterATfedoraproject.org> - 31.2.0-7 - Package now requires system-bookmarks (bz#1184297) * Wed Nov 26 2014 Antonio Trande <sagitterATfedoraproject.org> - 31.2.0-6 - libjpeg-turbo unbundled (bz#1164815) -------------------------------------------------------------------------------- ================================================================================ iotop-0.6-4.fc20 (FEDORA-2015-1515) Top like utility for I/O -------------------------------------------------------------------------------- Update Information: do not raise an exception when nocbreak() fails on exit -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 30 2015 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 0.6-4 - always ignore nocbreak errors, there is way too many false positives (#1035503) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1035503 - [abrt] iotop-0.6-1.fc19: wrapper.py:49:wrapper:error: nocbreak() returned ERR https://bugzilla.redhat.com/show_bug.cgi?id=1035503 -------------------------------------------------------------------------------- ================================================================================ kernel-3.18.5-100.fc20 (FEDORA-2015-1497) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 3.18.5 stable update contains a number of important fixes across the tree. The 3.18.4 stable update contains a number new features and drivers as well as several important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 30 2015 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - 3.18.5-100 - Linux v3.18.5 * Thu Jan 29 2015 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Backport patch from Rob Clark to toggle i915 state machine checks - Disable i915 state checks * Wed Jan 28 2015 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - 3.18.4-100 - Linux v3.18.4 * Thu Jan 15 2015 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - 3.17.8-201 - CVE-2014-8160 iptables restriction bypass (rhbz 1182059 1182063) * Mon Jan 12 2015 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - CVE-2014-9585 ASLR brute-force possible for vdso (rhbz 1181054 1181056) - Backlight fixes for Samsung and Dell machines (rhbz 1094948 1115713 1163574) - Add various UAS quirks (rhbz 1124119) - Add patch to fix loop in VDSO (rhbz 1178975) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1186448 - CVE-2015-0239 kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code https://bugzilla.redhat.com/show_bug.cgi?id=1186448 -------------------------------------------------------------------------------- ================================================================================ maradns-2.0.11-1.fc20 (FEDORA-2015-1263) Authoritative and recursive DNS server made with security in mind -------------------------------------------------------------------------------- Update Information: This upgrade fixes CERT VU#264212 (infinite referral loop) along with few other fixes. Full details at http://samiam.org/blog/2015-01-25.html -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 30 2015 Tomasz Torcz <ttorcz@xxxxxxxxxxxxxxxxx> - 2.0.11-1 - new upstream version * Sun Jan 25 2015 Tomasz Torcz <ttorcz@xxxxxxxxxxxxxxxxx> - 2.0.10-1 - new upstream version with important security fix - http://samiam.org/blog/2015-01-25.html -------------------------------------------------------------------------------- ================================================================================ openambit-0.3-2.git5f2b784.fc20 (FEDORA-2015-1513) Open software for the Suunto Ambit(2) -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1185582 - Review Request: openambit - Open software for the Suunto Ambit(2) https://bugzilla.redhat.com/show_bug.cgi?id=1185582 -------------------------------------------------------------------------------- ================================================================================ pcsc-tools-1.4.23-1.fc20 (FEDORA-2015-1512) Tools to be used with smart cards and PC/SC -------------------------------------------------------------------------------- Update Information: Update to the current upstream version. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 30 2015 Tomáš Mráz <tmraz@xxxxxxxxxx> - 1.4.23-1 - upgrade to a latest upstream version - include latest smartcard_list.txt (#1183327) * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.17-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Fri Jun 6 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.17-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1183327 - SmartCard database outdated https://bugzilla.redhat.com/show_bug.cgi?id=1183327 -------------------------------------------------------------------------------- ================================================================================ php-aws-sdk-2.7.17-1.fc20 (FEDORA-2015-1474) Amazon Web Services framework for PHP -------------------------------------------------------------------------------- Update Information: ## 2.7.17 - 2015-01-27 * Added support for `getShippingLabel` to the AWS Import/Export client. * Updated the AWS Lambda client. ## 2.7.16 - 2015-01-20 * Added support for custom security groups to the Amazon EMR client. * Added support for the latest APIs to the Amazon Cognito Identity client. * Added support for ClassicLink to the Auto Scaling client. * Added the ability to set a client's API version to "latest" for forwards compatibility with v3. ## 2.7.15 - 2015-01-15 * Added support for [HLS Content Protection](https://aws.amazon.com/releasenotes/3388917394239147) to the Elastic Transcoder client. * Updated client factory logic to add the `SignatureListener`, even when `NullCredentials` have been specified. This way, you can update a client's credentials later if you want to begin signing requests. ## 2.7.14 - 2015-01-09 * Fixed a regression in the CloudSearch Domain client (#448). ## 2.7.13 - 2015-01-08 * Added the Amazon EC2 Container Service client. * Added the Amazon CloudHSM client. * Added support for dynamic fields to the Amazon CloudSearch client. * Added support for the ClassicLink feature to the Amazon EC2 client. * Updated the Amazon RDS client to use the latest 2014-10-31 API. * Updated S3 signature so retries use a new Date header on each attempt. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 29 2015 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 2.7.17-1 - Updated to 2.7.17 (BZ #1180500) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1180500 - php-aws-sdk-2.7.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1180500 -------------------------------------------------------------------------------- ================================================================================ pigz-2.3.3-1.fc20 (FEDORA-2015-1510) Parallel implementation of gzip -------------------------------------------------------------------------------- Update Information: Update to 2.3.3, fixes CVE-2015-1191: - Return zero exit code when only warnings are issued - Increase speed of unlzw (Unix compress decompression) - Update zopfli to current google state - Allow larger maximum blocksize (-b), now 512 MiB - Do not require that -d precede -N, -n, -T options - Strip any path from header name for -dN or -dNT - Remove use of PATH_MAX (PATH_MAX is not reliable) - Do not abort on inflate data error, do remaining files - Check gzip header CRC if present - Improve decompression error detection and reporting -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 30 2015 Orion Poplawski <orion@xxxxxxxxxxxxx> - 2.3.3-1 - Update to 2.3.3, fixes CVE-2015-1191 (bug #1181045) * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.3.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.3.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1181045 - CVE-2015-1191 pigz: directory traversal vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1181045 -------------------------------------------------------------------------------- ================================================================================ pulseaudio-equalizer-2.7-14.fc20 (FEDORA-2015-1506) A 15 Bands Equalizer for PulseAudio -------------------------------------------------------------------------------- Update Information: - Fixing missing $HOME/.pulse dir -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 30 2015 Jaromir Capik <jcapik@xxxxxxxxxx> - 2.7-14 - Fixing crashes when $HOME/.pulse missing (#1183283) * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.7-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1185103 - [abrt] pulseaudio-equalizer: pulseaudio-equalizer.py:46:GetSettings:IOError: [Errno 2] No such file or directory: '/home/arcademan/.pulse/equalizerrc' https://bugzilla.redhat.com/show_bug.cgi?id=1185103 -------------------------------------------------------------------------------- ================================================================================ rubygem-rmagick-2.13.4-2.fc20 (FEDORA-2015-1475) Ruby binding to ImageMagick -------------------------------------------------------------------------------- Update Information: This is a new package -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
