The following Fedora 21 Security updates need testing: Age URL 79 https://admin.fedoraproject.org/updates/FEDORA-2014-15342/rubygem-actionpack-4.1.5-2.fc21 77 https://admin.fedoraproject.org/updates/FEDORA-2014-15413/rubygem-sprockets-2.12.1-3.fc21 55 https://admin.fedoraproject.org/updates/FEDORA-2014-16782/mutt-1.5.23-7.fc21 54 https://admin.fedoraproject.org/updates/FEDORA-2014-16833/asterisk-11.14.2-1.fc21 49 https://admin.fedoraproject.org/updates/FEDORA-2014-17195/httpd-2.4.10-15.fc21 46 https://admin.fedoraproject.org/updates/FEDORA-2014-17139/aeskulap-0.2.2-0.20beta1.fc21,orthanc-0.8.5-2.fc21,dcmtk-3.6.1-1.fc21 42 https://admin.fedoraproject.org/updates/FEDORA-2014-17567/mapserver-6.2.2-1.fc21 40 https://admin.fedoraproject.org/updates/FEDORA-2014-17635/dokuwiki-0-0.23.20140929b.fc21 30 https://admin.fedoraproject.org/updates/FEDORA-2015-0264/gcab-0.4-7.fc21 24 https://admin.fedoraproject.org/updates/FEDORA-2015-0594/strongswan-5.2.2-1.fc21 22 https://admin.fedoraproject.org/updates/FEDORA-2015-0620/chicken-4.9.0.1-3.fc21 19 https://admin.fedoraproject.org/updates/FEDORA-2015-0754/arc-5.21p-5.fc21 16 https://admin.fedoraproject.org/updates/FEDORA-2015-0938/android-tools-20141219git8393e50-2.fc21 15 https://admin.fedoraproject.org/updates/FEDORA-2015-1023/dump-0.4-0.24.b44.fc21 11 https://admin.fedoraproject.org/updates/FEDORA-2015-1062/jasper-1.900.1-30.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-1419/mantis-1.2.19-1.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-1467/openstack-glance-2014.1.3-4.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-1465/websvn-2.3.3-8.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1488/pigz-2.3.3-1.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-1570/qpid-cpp-0.30-9.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1632/virt-who-0.8-11.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1708/puppetlabs-stdlib-4.5.1-2.20150121git7a91f20.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1736/ntp-4.2.6p5-27.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1713/bugzilla-4.4.8-1.fc21.1 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1751/moodle-2.7.5-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1745/postgresql-9.3.6-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1733/perl-Gtk2-1.2495-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1772/roundcubemail-1.0.5-1.fc21 The following Fedora 21 Critical Path updates have yet to be approved: Age URL 11 https://admin.fedoraproject.org/updates/FEDORA-2015-1091/perl-Filter-1.54-1.fc21 11 https://admin.fedoraproject.org/updates/FEDORA-2015-1152/imlib2-1.4.6-3.fc21 11 https://admin.fedoraproject.org/updates/FEDORA-2015-1062/jasper-1.900.1-30.fc21 10 https://admin.fedoraproject.org/updates/FEDORA-2015-1254/rygel-0.24.3-1.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-1456/perl-Getopt-Long-2.43-1.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-1454/perl-Pod-Simple-3.29-1.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-1436/koji-1.9.0-10.fc21.gitcd45e886 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1488/pigz-2.3.3-1.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-1597/bind-9.9.6-7.P1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1669/highlight-3.21-1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1662/sqlite-3.8.8-2.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1641/perl-version-0.99.12-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1725/perl-Encode-2.70-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1768/selinux-policy-3.13.1-105.3.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1763/systemd-216-18.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1769/xorg-x11-drv-synaptics-1.8.1-3.fc21 The following builds have been pushed to Fedora 21 updates-testing 389-ds-base-1.3.3.8-1.fc21 389-ds-console-1.2.9-1.fc21 RackTables-0.20.10-1.fc21 claws-mail-3.11.1-6.fc21 cln-1.3.4-1.fc21 csvcat-0.1-20141205git858edfe.fc21 dnf-langpacks-0.7.0-2.fc21 dovecot-2.2.15-3.fc21 fdm-1.8-1.fc21 gammaray-2.2.1-3.fc21 gedit-3.14.3-1.fc21 idm-console-framework-1.1.9-1.fc21 kf5-kguiaddons-5.6.0-2.fc21 minised-1.15-1.fc21 moodle-2.7.5-1.fc21 ntp-4.2.6p5-27.fc21 open-vm-tools-9.4.6-6.fc21 openbabel-2.3.2-11.fc21 perl-Encode-2.70-1.fc21 perl-Gtk2-1.2495-1.fc21 pgp-tools-1.1.12-2.fc21 php-pecl-mongo-1.6.1-1.fc21 postgresql-9.3.6-1.fc21 publicsuffix-list-20150204-1.fc21 python-paho-mqtt-1.1-1.fc21 python-sphinx-1.2.3-1.fc21 roundcubemail-1.0.5-1.fc21 rpcbind-0.2.2-2.1.fc21 rubygem-hoe-3.13.1-1.fc21 rubygem-isolate-3.3.1-1.fc21 rubygem-marc-1.0.0-1.fc21 s3cmd-1.5.1.2-4.fc21 selinux-policy-3.13.1-105.3.fc21 systemd-216-18.fc21 xorg-x11-drv-synaptics-1.8.1-3.fc21 Details about builds: ================================================================================ 389-ds-base-1.3.3.8-1.fc21 (FEDORA-2015-1741) 389 Directory Server (base) -------------------------------------------------------------------------------- Update Information: release 1.3.3.8 -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 4 2015 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.3.3.8-1 - bump version to 1.3.3.8 - Ticket 48001 - ns-activate.pl fails to activate account if it was disabled on AD - Ticket 47963 - memberof skip nested groups breaks the plugin * Wed Jan 28 2015 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.3.3.7-2 - removed USE_64=1 which is not used any more. * Wed Jan 28 2015 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.3.3.7-1 - bump version to 1.3.3.7 - Coverity 12970 - Explicit null dereference - Ticket 47988: Schema learning mechanism, in replication, unable to extend an existing definition - Ticket 47996 - ldclt needs to support SSL Version range - Ticket 47738 - use PL_strcasestr instead of strcasestr - Ticket 47462 - Stop using DES in the reversible password encryption plug-in - Ticket 47807 - SLAPI_REQUESTOR_ISROOT not set for extended operation plugins - Ticket 47991 - upgrade script fails if /etc and /var are on different file systems - Ticket 47989 - Windows Sync accidentally cleared raw_entry - Ticket 47964 - v2 - Incorrect search result after replacing an empty attribute - Ticket 47934 - nsslapd-db-locks modify not taking into account. - Ticket 47617 - replication changelog trimming setting validation - Ticket 47905 - Bad manipulation of passwordhistory - Ticket 47973 - During schema reload sometimes the search returns no results - Ticket 47981 - COS cache doesn't properly mark vattr cache as invalid when there are multiple suffixes - Ticket 47980 - Nested COS definitions can be incorrectly processed - Ticket 47451 - Dynamic plugins - fixed thread synchronization - Ticket 47750 - During delete operation do not refresh cache entry if it is a tombstone - Ticket 47947 - start dirsrv after chrony on RHEL7 and Fedora - fix jenkins warning - Ticket 47526 - Additional fix for ticket 47526 v3 - Ticket 47451 - Add Dynamic Plugin CI Suite - Ticket 47965 - Fix coverity issues (2014/12/16) - Ticket 47451 - Fix jenkins errors - Ticket 47451 - Dynamic Plugin - various fixes - Ticket 47935 - Error: failed to open an LDAP connection to host 'example.org' port '389' as user 'cn=Directory Manager'. Error: unknown. - Ticket 47750 - Need to refresh cache entry after called betxn postop plugins - Ticket 47942 - DS hangs during online total update - Ticket 47960 - cookie_change_info returns random negative number if there was no change in a tree - Ticket 47960 - cookie_change_info returns random negative number if there was no change in a tree - Ticket 47722 - Using the filter file does not work - Ticket 47636 - Error log levels not displayed correctly - Ticket 47965 - Fix coverity issues (2014/11/24) - Ticket 47969 - Fix coverity issue - Ticket 47949 - logconv.pl -- support parsing/showing/reporting different protocol versions - Ticket 47525 - Crash if setting invalid plugin config area for MemberOf Plugin - Ticket 47970 - add lib389 testcase - Ticket 47970 - Account lockout attributes incorrectly updated after failed SASL Bind - Ticket 47969 - COS memory leak when rebuilding the cache - Ticket 47967 - cos_cache_build_definition_list does not stop during server shutdown - Ticket 47451 - Running a plugin task can crash the server - Ticket 47963 - skip nested groups breaks memberof fixup task - Ticket 47963 - RFE - memberOf - add option to skip nested group lookups during delete operations - Ticket 47810 - RI plugin does not return result code if update fails - Ticket 47950 - Bind DN tracking unable to write to internalModifiersName without special permissions - Ticket 47958 - Memory leak in password admin if the admin entry does not exist - Ticket 47952 - PasswordAdminDN attribute is not properly returned to client - Ticket 47451 - Need to unregister tasks created by plugins - Ticket 47928 - Disable SSL v3, by default. - Ticket 47953 - Should not check aci syntax when deleting an aci - Ticket 47948 - ldap_sasl_bind fails assertion (ld != NULL) if it is called from chainingdb_bind over SSL/startTLS - Ticket 47945 - Add SSL/TLS version info to the access log - Ticket 47939 - Malformed cookie for LDAP Sync makes DS crash - Ticket 47937 - Crash in entry_add_present_values_wsi_multi_valued - Ticket 47928 - CI test: added test cases for ticket 47928 - Ticket 47553 - Enhance ACIs to have more control over MODRDN operations -------------------------------------------------------------------------------- ================================================================================ 389-ds-console-1.2.9-1.fc21 (FEDORA-2015-1755) 389 Directory Server Management Console -------------------------------------------------------------------------------- Update Information: release 1.2.9 -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 4 2015 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.2.9-1 - Bumped version to 1.2.9 - Bug 1184175 - DS Console always sets nsSSL3 to "on" when a securty setting is adjusted (DS 47994) - Bug 916045 - RFE: Winsync loses connection with AD objects when they move from the console. (#47380) - Bug 1173281 - DS console - right clicking an object does not select that object (#135) - Bug 1134688 - DS Console does not correctly disable SSL (#47887) - Bug 963254 - DS instance cannot be restored from remote console (#47485) - Ticket 47886 - DS Console - mouse wheel speed very slow - Bug 758983 - DS Console should timeout when mismatched port and protocol combination is chosen (#176) - Bug 1173283 - DS Console - java exception when refreshing schema (#47883) - Bug 1173284 - Window too large for Manage password policy (#96) -------------------------------------------------------------------------------- ================================================================================ RackTables-0.20.10-1.fc21 (FEDORA-2015-1758) A data-center asset management system -------------------------------------------------------------------------------- Update Information: Rebase to v0.20.10 Rebase to v0.20.9 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Colin Coe <colin.coe@xxxxxxxxx> - 0.20.10-1 - Rebase to v0.20.10 * Fri Jan 16 2015 Colin Coe <colin.coe@xxxxxxxxx> - 0.20.9-1 - Rebase to v0.20.9 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1186291 - RackTables-0.20.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1186291 [ 2 ] Bug #977277 - RackTables-0.20.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=977277 -------------------------------------------------------------------------------- ================================================================================ claws-mail-3.11.1-6.fc21 (FEDORA-2015-1739) Email client and news reader based on GTK+ -------------------------------------------------------------------------------- Update Information: Fix crash in clamav plugin dialog Add workaround for crashes in gtk_cmctree Add workaround for crashes in gtk_cmctree -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 4 2015 Andreas Bierfert <andreas.bierfert@xxxxxxxxxxxxx> - 3.11.1-6 - fix clamav preferences crash (rhbz#118891, rhbz#118774) * Tue Feb 3 2015 Andreas Bierfert <andreas.bierfert@xxxxxxxxxxxxx> - 3.11.1-5 - enable gdata plugin on epel * Tue Feb 3 2015 Andreas Bierfert <andreas.bierfert@xxxxxxxxxxxxx> - 3.11.1-4 - workaround for crashes in gtk_cmctree (rhbz#1172963, rhbz#1165158) - enable tnef plugin on epel - disable bsfilter plugin on epel -------------------------------------------------------------------------------- References: [ 1 ] Bug #1187744 - [abrt] claws-mail: g_type_check_instance_cast(): claws-mail killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1187744 [ 2 ] Bug #1188919 - [abrt] claws-mail: g_type_check_instance_cast(): claws-mail killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1188919 [ 3 ] Bug #1165158 - [abrt] claws-mail: gtk_cmctree_is_viewable(): claws-mail killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1165158 [ 4 ] Bug #1172963 - [abrt] claws-mail: gtk_cmctree_node_get_row_data(): claws-mail killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1172963 -------------------------------------------------------------------------------- ================================================================================ cln-1.3.4-1.fc21 (FEDORA-2015-1764) Class Library for Numbers -------------------------------------------------------------------------------- Update Information: Update to the latest version(should be updated long ago) -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 15 2014 Christopher Meng <rpm@xxxxxxxx> - 1.3.4-1 - Update to 1.3.4 -------------------------------------------------------------------------------- ================================================================================ csvcat-0.1-20141205git858edfe.fc21 (FEDORA-2015-1749) Efficiently concatenate CSVs or other tabular text files -------------------------------------------------------------------------------- Update Information: New package, please test with: csvcat.sh file1 file2 [...] > concatenated.csv -------------------------------------------------------------------------------- References: [ 1 ] Bug #1177406 - Review Request: csvcat - Efficiently concatenate CSVs or other tabular text files https://bugzilla.redhat.com/show_bug.cgi?id=1177406 -------------------------------------------------------------------------------- ================================================================================ dnf-langpacks-0.7.0-2.fc21 (FEDORA-2015-1756) Langpacks plugin for dnf -------------------------------------------------------------------------------- Update Information: Added python3-dnf-langpacks sub-package update to 0.7.0 release -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 3 2015 Parag Nemade <pnemade AT redhat DOT com> - 0.7.0-2 - Added python3-dnf-langpacks sub-package * Mon Feb 2 2015 Parag Nemade <pnemade AT redhat DOT com> - 0.7.0-1 - update to 0.7.0 release -------------------------------------------------------------------------------- ================================================================================ dovecot-2.2.15-3.fc21 (FEDORA-2015-1766) Secure imap and pop3 server -------------------------------------------------------------------------------- Update Information: fixes mbox istream crashes - fix crash related to logging BYE notifications (#1176282) - update pigeonhole to 0.4.6 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 1:2.2.15-3 - fix mbox istream crashes (#1189198, #1186504) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1189198 - dovecot IMAP crashes on mbox files https://bugzilla.redhat.com/show_bug.cgi?id=1189198 [ 2 ] Bug #1176282 - [abrt] dovecot: strlen(): log killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1176282 [ 3 ] Bug #1186504 - [abrt] dovecot: default_fatal_finish(): imap killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1186504 -------------------------------------------------------------------------------- ================================================================================ fdm-1.8-1.fc21 (FEDORA-2015-1764) A simple lightweight tool of fetching, filtering and delivering emails -------------------------------------------------------------------------------- Update Information: Update to the latest version(should be updated long ago) -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 28 2015 Christopher Meng <rpm@xxxxxxxx> - 1.8-1 - Update to 1.8 -------------------------------------------------------------------------------- ================================================================================ gammaray-2.2.1-3.fc21 (FEDORA-2015-1774) A tool for examining internals of Qt applications -------------------------------------------------------------------------------- Update Information: Update to 2.2.1 - default to Qt 5 build - split probes to -qt5 and -qt4 subpackages -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 3 2015 Daniel Vrátil <dvratil@xxxxxxxxxx> - 2.2.1-3 - fix typo * Tue Feb 3 2015 Daniel Vrátil <dvratil@xxxxxxxxxx> - 2.2.1-2 - drop ambiguous BuildArch * Tue Feb 3 2015 Daniel Vrátil <dvratil@xxxxxxxxxx> - 2.2.1-1 - Update to 2.2.1 - Default to Qt 5 build now - Provide probes for Qt 5 and Qt 4 in -qt5 and -qt4 subpackages * Wed Jan 7 2015 Orion Poplawski <orion@xxxxxxxxxxxxx> - 2.1.1-2 - Rebuild for hdf5 1.8.4 -------------------------------------------------------------------------------- ================================================================================ gedit-3.14.3-1.fc21 (FEDORA-2015-1767) Text editor for the GNOME desktop -------------------------------------------------------------------------------- Update Information: Update to 3.14.3 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Ignacio Casal Quinteiro <icq@xxxxxxxxx> - 2:3.14.3-1 - Update to 3.14.3 -------------------------------------------------------------------------------- ================================================================================ idm-console-framework-1.1.9-1.fc21 (FEDORA-2015-1765) Identity Management Console Framework -------------------------------------------------------------------------------- Update Information: release 1.1.9 -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 4 2015 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.1.9-1 - Bump version to 1.1.9 - Ticket 47929 - idm-console-framework - set default min to tls1.0 - Ticket 47946 - ACI's are replaced by "ACI_ALL" after editing group of ACI's including invalid one - Ticket 47929 - Console - add tls1.1 support - Ticket 47472 - Entries cannot be highlighted in the "Edit Aci" Rights panel - Ticket 47364 - Console does not support passwords containing 8-bit characters - Ticket 47604 - idm-console-framework: remove versioned jars from /usr/share/java - Ticket 47480 - Admin Console "server restart dialog" disppears after clicking OK - Ticket 47467 - Improve CRL import dialog text - Ticket 362 - Directory Console generates insufficient key strength * Fri Aug 29 2014 Mark Reynolds <mreynolds@xxxxxxxxxx> - 1.1.7-9 - Bug 1022104 - Remove versioned jarfiles from _javadir -------------------------------------------------------------------------------- ================================================================================ kf5-kguiaddons-5.6.0-2.fc21 (FEDORA-2015-1722) KDE Frameworks 5 Tier 1 addon with various classes on top of QtGui -------------------------------------------------------------------------------- Update Information: BR qt5-qtx11extras-devel -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Daniel Vrátil <dvratil@xxxxxxxxxx> - 5.6.0-2 - BR qt5-qtx11extras-devel -------------------------------------------------------------------------------- ================================================================================ minised-1.15-1.fc21 (FEDORA-2015-1734) A smaller, cheaper, faster SED implementation -------------------------------------------------------------------------------- Update Information: The 1.15 version fixes some Kleene star operator relates bugs and includes some code cleanups. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 20 2015 Christopher Meng <rpm@xxxxxxxx> - 1.15-1 - Update to 1.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1150999 - minised-1.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=1150999 -------------------------------------------------------------------------------- ================================================================================ moodle-2.7.5-1.fc21 (FEDORA-2015-1751) A Course Management System -------------------------------------------------------------------------------- Update Information: The following security notifications have now been made public: ============================================================================== MSA-15-0001: Insufficient access check in LTI module Description: Absence of capability check in AJAX backend script could allow any enrolled user to search the list of registered tools Issue summary: mod/lti/ajax.php security problems Severity/Risk: Minor Versions affected: 2.8 to 2.8.1, 2.7 to 2.7.3, 2.6 to 2.6.6 and earlier unsupported versions Versions fixed: 2.8.2, 2.7.4 and 2.6.7 Reported by: Petr Skoda Issue no.: MDL-47920 CVE identifier: CVE-2015-0211 Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47920 ============================================================================== MSA-15-0002: XSS vulnerability in course request pending approval page Description: Course summary on course request pending approval page was displayed to the manager unescaped and could be used for XSS attack Issue summary: XSS in course request pending approval page (Privilege Escalation?) Severity/Risk: Serious Versions affected: 2.8 to 2.8.1, 2.7 to 2.7.3, 2.6 to 2.6.6 and earlier unsupported versions Versions fixed: 2.8.2, 2.7.4 and 2.6.7 Reported by: Skylar Kelty Issue no.: MDL-48368 Workaround: Grant permission moodle/course:request only to trusted users CVE identifier: CVE-2015-0212 Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48368 ============================================================================== MSA-15-0003: CSRF possible in Glossary module Description: Two files in the Glossary module lacked a session key check potentially allowing cross-site request forgery Issue summary: Multiple CSRF in mod glossary Severity/Risk: Serious Versions affected: 2.8 to 2.8.1, 2.7 to 2.7.3, 2.6 to 2.6.6 and earlier unsupported versions Versions fixed: 2.8.2, 2.7.4 and 2.6.7 Reported by: Ankit Agarwal Issue no.: MDL-48106 CVE identifier: CVE-2015-0213 Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48106 ============================================================================== MSA-15-0004: Information leak through messaging functions in web-services Description: Through web-services it was possible to access messaging-related functions such as people search even if messaging is disabled on the site Issue summary: Messages external functions doesn't check if messaging is enabled Severity/Risk: Minor Versions affected: 2.8 to 2.8.1, 2.7 to 2.7.3, 2.6 to 2.6.6 and earlier unsupported versions Versions fixed: 2.8.2, 2.7.4 and 2.6.7 Reported by: Juan Leyva Issue no.: MDL-48329 Workaround: Disable web services or disable individual message-related functions CVE identifier: CVE-2015-0214 Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48329 ============================================================================== MSA-15-0005: Insufficient access check in calendar functions in web-services Description: Through web-services it was possible to get information about calendar events which user did not have enough permissions to see Issue summary: calendar/externallib.php lacks self::validate_context($context); Severity/Risk: Minor Versions affected: 2.8 to 2.8.1, 2.7 to 2.7.3, 2.6 to 2.6.6 and earlier unsupported versions Versions fixed: 2.8.2, 2.7.4 and 2.6.7 Reported by: Petr Skoda Issue no.: MDL-48017 CVE identifier: CVE-2015-0215 Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48017 ============================================================================== MSA-15-0006: Capability to grade Lesson module is missing XSS bitmask Description: Users with capability to grade in Lesson module were not reported as users with XSS risk but their feedback was displayed without cleaning Issue summary: mod/lesson:grade capability missing RISK_XSS but essay feedback is displayed with noclean=true Severity/Risk: Minor Versions affected: 2.8 to 2.8.1 Versions fixed: 2.8.2 Reported by: Damyon Wiese Issue no.: MDL-48034 CVE identifier: CVE-2015-0216 Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48034 ============================================================================== MSA-15-0007: ReDoS possible in the multimedia filter Description: Not optimal regular expression in the filter could be exploited to create extra server load or make particular page unavailable Issue summary: ReDOS in the multimedia filter Severity/Risk: Serious Versions affected: 2.8 to 2.8.1, 2.7 to 2.7.3, 2.6 to 2.6.6 and earlier unsupported versions Versions fixed: 2.8.2, 2.7.4 and 2.6.7 Reported by: Nicolas Martignoni Issue no.: MDL-48546 Workaround: Disable multimedia filter CVE identifier: CVE-2015-0217 Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48546 ============================================================================== MSA-15-0008: Forced logout through Shibboleth authentication plugin Description: It was possible to forge a request to logout users even when not authenticated through Shibboleth Issue summary: Forced logout via auth/shibboleth/logout.php Severity/Risk: Serious Versions affected: 2.8 to 2.8.1, 2.7 to 2.7.3, 2.6 to 2.6.6 and earlier unsupported versions Versions fixed: 2.8.2, 2.7.4 and 2.6.7 Reported by: Petr Skoda Issue no.: MDL-47964 Workaround: Deny access to file auth/shibboleth/logout.php in webserver configuration CVE identifier: CVE-2015-0218 Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47964 ============================================================================== -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Jon Ciesla <limburgher@xxxxxxxxx> - 2.7.5-1 - 2.7.5, fix for security issues. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1183695 - CVE-2015-0218 CVE-2015-0212 CVE-2015-0213 CVE-2015-0211 CVE-2015-0216 CVE-2015-0217 CVE-2015-0214 CVE-2015-0215 moodle: new update fixes several security issues [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1183695 [ 2 ] Bug #1183694 - CVE-2015-0218 CVE-2015-0212 CVE-2015-0213 CVE-2015-0211 CVE-2015-0216 CVE-2015-0217 CVE-2015-0214 CVE-2015-0215 moodle: new update fixes several security issues [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1183694 -------------------------------------------------------------------------------- ================================================================================ ntp-4.2.6p5-27.fc21 (FEDORA-2015-1736) The NTP daemon and utilities -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2014-9297, CVE-2014-9298 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Miroslav Lichvar <mlichvar@xxxxxxxxxx> 4.2.6p5-27 - validate lengths of values in extension fields (CVE-2014-9297) - drop packets with spoofed source address ::1 (CVE-2014-9298) * Thu Jan 29 2015 Miroslav Lichvar <mlichvar@xxxxxxxxxx> 4.2.6p5-26 - require timedatex (#1136905) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1184572 - CVE-2014-9298 ntp: drop packets with source address ::1 https://bugzilla.redhat.com/show_bug.cgi?id=1184572 [ 2 ] Bug #1184573 - CVE-2014-9297 ntp: vallen in extension fields are not validated https://bugzilla.redhat.com/show_bug.cgi?id=1184573 -------------------------------------------------------------------------------- ================================================================================ open-vm-tools-9.4.6-6.fc21 (FEDORA-2015-1738) Open Virtual Machine Tools for virtual machines hosted on VMware -------------------------------------------------------------------------------- Update Information: This update fixes the missing NetIpRouteConfigInfo (BZ#1189295). -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 4 2015 Ravindra Kumar <ravindrakumar@xxxxxxxxxx> - 9.4.6-6 - Added a patch for missing NetIpRouteConfigInfo (BZ#1189295) * Mon Jan 26 2015 David Tardon <dtardon@xxxxxxxxxx> - 9.4.6-5 - rebuild for ICU 54.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1189295 - open-vm-tools does not report NetIpRouteConfigInfo to vSphere APIs https://bugzilla.redhat.com/show_bug.cgi?id=1189295 -------------------------------------------------------------------------------- ================================================================================ openbabel-2.3.2-11.fc21 (FEDORA-2015-1735) Chemistry software file format converter -------------------------------------------------------------------------------- Update Information: Unify patches which disable tests on ppc64, s390(x), arm and enable -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 27 2015 Marcin Juszkiewicz <mjuszkiewicz@xxxxxxxxxx> - 2.3.2-11 - Unify patches which disable tests on ppc64, s390(x), arm and enable result also for aarch64. rhbugs: #1108103 #1094491 #1094513 * Fri Jan 16 2015 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 2.3.2-10 - Rebuild for https://fedoraproject.org/wiki/Changes/Ruby_2.2 - Remove deprecated Config:: usage -------------------------------------------------------------------------------- References: [ 1 ] Bug #1108103 - FTBFS: several unit tests fail on ppc64 https://bugzilla.redhat.com/show_bug.cgi?id=1108103 [ 2 ] Bug #1094491 - openbabel testsuite is failing on ARM https://bugzilla.redhat.com/show_bug.cgi?id=1094491 [ 3 ] Bug #1094513 - openbabel testsuite is failing on ppc64, ppc64le, aarch64 https://bugzilla.redhat.com/show_bug.cgi?id=1094513 -------------------------------------------------------------------------------- ================================================================================ perl-Encode-2.70-1.fc21 (FEDORA-2015-1725) Character encodings in Perl -------------------------------------------------------------------------------- Update Information: This release brings a new encguess(1) tool which as a wrapper around Encoding::Guess Perl module. This release corrects handling taint flag when encoding MIME, it fixes documentation and some compiler warnings. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Petr Pisar <ppisar@xxxxxxxxxx> - 1:2.70-1 - 2.70 bump * Fri Jan 23 2015 Petr Pisar <ppisar@xxxxxxxxxx> - 1:2.68-1 - 2.68 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1185328 - perl-Encode-2.68 is available https://bugzilla.redhat.com/show_bug.cgi?id=1185328 -------------------------------------------------------------------------------- ================================================================================ perl-Gtk2-1.2495-1.fc21 (FEDORA-2015-1733) Perl interface to the 2.x series of the Gimp Toolkit library -------------------------------------------------------------------------------- Update Information: Update to 1.2495 to resolve an incorrect memory management issue in Gtk2::Gdk::Display::list_devices, which can potentially lead to arbitrary code execution. -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 4 2015 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.2495-1 - update to 1.2495 * Mon Jan 5 2015 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.2494-1 - update to 1.2494 * Wed Dec 10 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.2493-1 - update to 1.2493 * Mon Sep 1 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.2492-3 - Perl 5.20 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1188219 - perl-Gtk2: incorrect memory management in Gtk2::Gdk::Display::list_devices https://bugzilla.redhat.com/show_bug.cgi?id=1188219 -------------------------------------------------------------------------------- ================================================================================ pgp-tools-1.1.12-2.fc21 (FEDORA-2015-1726) Collection of several utilities related to OpenPGP -------------------------------------------------------------------------------- Update Information: New upstream release with bugfies. Minore bugfixing release from updatream. -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 4 2015 Jochen Schmitt <Jochen herr-schmitt de> - 1.1.12-2 - New upstream release * Wed Jan 21 2015 Jochen Schmitt <Jochen herr-schmitt de> - 1.1.10-2 - Fix dependency issue agains perl(for) (#1184547) * Sat Jan 10 2015 Jochen Schmitt <Jochen herr-schmitt de> - 1.1.10-1 - New upstream release -------------------------------------------------------------------------------- ================================================================================ php-pecl-mongo-1.6.1-1.fc21 (FEDORA-2015-1750) PHP MongoDB database driver -------------------------------------------------------------------------------- Update Information: >From upstream announcement: We are glad to announce the release of version 1.6.0 of the MongoDB PHP driver. It supports all new features for MongoDB 3.0, including: * Support for WiredTiger, and other storage engines. * Support for the new SCRAM-SHA-1 SASL authentication mechanism * Support for 50 replica set members For full fixed bug list, see: * 1.6.0: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10007&version=14800 * 1.6.1: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10007&version=14825 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.6.1-1 - Update to 1.6.1 (stable) -------------------------------------------------------------------------------- ================================================================================ postgresql-9.3.6-1.fc21 (FEDORA-2015-1745) PostgreSQL client programs -------------------------------------------------------------------------------- Update Information: update to 9.3.6 per release notes http://www.postgresql.org/docs/9.3/static/release-9-3-6.html, CVE-2015-0241, CVE-2015-0242, CVE-2015-0243, CVE-2015-0244 -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 4 2015 Pavel Raiskup <praiskup@xxxxxxxxxx> - 9.3.6-1 - update to 9.3.6 per release notes http://www.postgresql.org/docs/9.3/static/release-9-3-6.html -------------------------------------------------------------------------------- ================================================================================ publicsuffix-list-20150204-1.fc21 (FEDORA-2015-1723) Cross-vendor public domain suffix database -------------------------------------------------------------------------------- Update Information: The latest revision - 20150204 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Yanko Kaneti <yaneti@xxxxxxxxxxx> - 20150204-1 - The latest revision - 20150204 - Initial version for review - 20141124-1 -------------------------------------------------------------------------------- ================================================================================ python-paho-mqtt-1.1-1.fc21 (FEDORA-2015-1760) A Python MQTT version 3.1/3.1.1 client class -------------------------------------------------------------------------------- Update Information: Update to new upstream version 1.1 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 1.1-1 - Update to new upstream version 1.1 -------------------------------------------------------------------------------- ================================================================================ python-sphinx-1.2.3-1.fc21 (FEDORA-2015-1748) Python documentation generator -------------------------------------------------------------------------------- Update Information: - Update to latest upstream release, see CHANGES file for new features and bugfixes - License file now tagged as %license instead of %doc - Complete LaTeX builder deps - Make test output verbose - Add BRs needed to enable all tests -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Michel Alexandre Salim <salimma@xxxxxxxxxxxxxxxxx> - 1.2.3-1 - Update to 1.2.3 - Mark license file with %license instead of %doc * Thu Feb 5 2015 Michel Alexandre Salim <salimma@xxxxxxxxxxxxxxxxx> - 1.2.2-10 - Complete LaTeX builder deps (fixes bz#882166) - Make test output verbose - Add BRs needed to enable all tests * Tue Feb 3 2015 Michel Alexandre Salim <salimma@xxxxxxxxxxxxxxxxx> - 1.2.2-9 - python3-sphinx package also Provides: python3-sphinx-latex * Tue Feb 3 2015 Michel Alexandre Salim <salimma@xxxxxxxxxxxxxxxxx> - 1.2.2-8 - If a separate LaTeX subpackage is not generated, the main package should have a virtual Provides: for it (bz#1187989) * Tue Jan 27 2015 Michel Alexandre Salim <salimma@xxxxxxxxxxxxxxxxx> - 1.2.2-7 - Disable separate LaTeX builder for now (bz#1185574) * Thu Jan 22 2015 Michel Alexandre Salim <salimma@xxxxxxxxxxxxxxxxx> - 1.2.2-6 - Split off LaTeX builder into its own subpackages, to remove TeXLive dependencies from the main package. Thanks to Robert Kuska <rkuska@xxxxxxxxxx> for feedback - Clean up python3-sphinx's locale files, they ended up in the python2 package. Share the locale files in /usr/share instead -------------------------------------------------------------------------------- References: [ 1 ] Bug #1148845 - "make latexpdf" fails with a pristine sphinx project (texlive issues?) https://bugzilla.redhat.com/show_bug.cgi?id=1148845 [ 2 ] Bug #882166 - make latex does not work out of the box https://bugzilla.redhat.com/show_bug.cgi?id=882166 [ 3 ] Bug #1148037 - python-sphinx contains python3 files https://bugzilla.redhat.com/show_bug.cgi?id=1148037 -------------------------------------------------------------------------------- ================================================================================ roundcubemail-1.0.5-1.fc21 (FEDORA-2015-1772) Round Cube Webmail is a browser-based multilingual IMAP client -------------------------------------------------------------------------------- Update Information: Cross-site scripting vulnerability has been fixed in Roundcube 1.0.5 version. http://roundcube.net/news/2015/01/24/security-update-1.0.5/ http://trac.roundcube.net/wiki/Changelog#RELEASE1.0.5 http://trac.roundcube.net/ticket/1490227 CVE request: http://www.openwall.com/lists/oss-security/2015/01/31/3 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Jon Ciesla <limburgher@xxxxxxxxx> - 1.0.5-1 - Fix for security issues. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1188203 - CVE-2015-1433 roundcubemail: crooss-site scripting in style attribute handling [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1188203 [ 2 ] Bug #1188202 - CVE-2015-1433 roundcubemail: crooss-site scripting in style attribute handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1188202 -------------------------------------------------------------------------------- ================================================================================ rpcbind-0.2.2-2.1.fc21 (FEDORA-2015-1678) Universal Addresses to RPC Program Number Mapper -------------------------------------------------------------------------------- Update Information: commit 2a4dad119847f2ffd7511279b3cd3861fe90eaa4 Author: Steve Dickson <steved@xxxxxxxxxx> Date: Wed Feb 4 09:17:49 2015 -0500 Updated to the latest rc release: rpcbind-0_2_3-rc1 (bz 1095021) Signed-off-by: Steve Dickson <steved@xxxxxxxxxx> * Thu Feb 5 2015 Steve Dickson <steved@xxxxxxxxxx> - 0.2.2-2.1 - Added xlogging debugging to rpcbind -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Steve Dickson <steved@xxxxxxxxxx> - 0.2.2-2.1 - Added xlogging debugging to rpcbind * Wed Feb 4 2015 Steve Dickson <steved@xxxxxxxxxx> - 0.2.2-2.0 - Updated to the latest rc release: rpcbind-0_2_3-rc1 (bz 1095021) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1095021 - systemd integration patches/assorted fixes https://bugzilla.redhat.com/show_bug.cgi?id=1095021 -------------------------------------------------------------------------------- ================================================================================ rubygem-hoe-3.13.1-1.fc21 (FEDORA-2015-1757) Hoe is a simple rake/rubygems helper for project Rakefiles -------------------------------------------------------------------------------- Update Information: New version 3.13.1 is released. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 3.13.1-1 - 3.13.1 -------------------------------------------------------------------------------- ================================================================================ rubygem-isolate-3.3.1-1.fc21 (FEDORA-2015-1740) Very simple RubyGems sandbox -------------------------------------------------------------------------------- Update Information: New version 3.3.1 is released. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 3.3.1-1 - 3.3.1 -------------------------------------------------------------------------------- ================================================================================ rubygem-marc-1.0.0-1.fc21 (FEDORA-2015-1743) Ruby library for MARC catalog -------------------------------------------------------------------------------- Update Information: New version 1.0.0 is released. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.0.0-1 - 1.0.0 -------------------------------------------------------------------------------- ================================================================================ s3cmd-1.5.1.2-4.fc21 (FEDORA-2015-1754) Tool for accessing Amazon Simple Storage Service -------------------------------------------------------------------------------- Update Information: upstream 1.5.1.2, mostly bug fixes upstream 1.5.0 final -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 4 2015 Matt Domsch <mdomsch@xxxxxxxxxxxxxxxxx> - 1.5.1.2-4 - upstream 1.5.1.2, mostly bug fixes - remove ez_setup, add dependency on python-setuptools * Mon Jan 12 2015 Matt Domsch <mdomsch@xxxxxxxxxxxxxxxxx> - 1.5.0-1 - upstream 1.5.0 final -------------------------------------------------------------------------------- ================================================================================ selinux-policy-3.13.1-105.3.fc21 (FEDORA-2015-1768) SELinux policy configuration -------------------------------------------------------------------------------- Update Information: More info: http://koji.fedoraproject.org/koji/buildinfo?buildID=609261 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Lukas Vrabec <lvrabec@xxxxxxxxxx> 3.13.1-105.3 - apmd needs sys_resource when shutting down the machine - Allow upsmon_t to read urandom device. * Mon Feb 2 2015 Lukas Vrabec <lvrabec@xxxxxxxxxx> 3.13.1-105.2 - Added boolean xdm_bind_vnc_tcp_port. BZ(1187975) - Allow svirt sandbox domains to read /proc/mtrr - Allow sshd_t to manage gssd keyring - Allow docker to attach to the sandbox and user domains tun devices - Dontaudit network connections related to thumb_t. BZ(1187981) - Allow dovecot domains to use sys_resouce - Allow svirt sandbox domains to read /proc/mtrr - Allow polipo_deamon connect to all ephemeral ports. BZ(1187723) - Allow sshd_t to manage gssd keyring -------------------------------------------------------------------------------- References: [ 1 ] Bug #1063827 - selinux avc for httpd accessing KEYRING ccache type https://bugzilla.redhat.com/show_bug.cgi?id=1063827 [ 2 ] Bug #1172908 - SELinux is preventing dovecot from using the sys_resource capability. https://bugzilla.redhat.com/show_bug.cgi?id=1172908 [ 3 ] Bug #1181338 - SELinux is preventing openvpn from 'relabelfrom' accesses on the tun_socket Unknown. https://bugzilla.redhat.com/show_bug.cgi?id=1181338 [ 4 ] Bug #1185621 - SELinux is preventing systemctl from using the 'setrlimit' accesses on a process. https://bugzilla.redhat.com/show_bug.cgi?id=1185621 [ 5 ] Bug #1186072 - SELinux is preventing /usr/sbin/upsmon from 'read' accesses on the chr_file random. https://bugzilla.redhat.com/show_bug.cgi?id=1186072 [ 6 ] Bug #1187723 - SELinux is preventing /usr/bin/polipo from 'name_connect' accesses on the tcp_socket port 35651. https://bugzilla.redhat.com/show_bug.cgi?id=1187723 [ 7 ] Bug #1187975 - SELinux blocks LightDM VNC server https://bugzilla.redhat.com/show_bug.cgi?id=1187975 [ 8 ] Bug #1187981 - SELinux is preventing souphttpsrc0:sr from 'name_connect' accesses on the tcp_socket port 80. https://bugzilla.redhat.com/show_bug.cgi?id=1187981 [ 9 ] Bug #1189382 - SELinux is preventing /usr/bin/systemctl from using the 'sys_resource' capabilities. https://bugzilla.redhat.com/show_bug.cgi?id=1189382 -------------------------------------------------------------------------------- ================================================================================ systemd-216-18.fc21 (FEDORA-2015-1763) A System and Service Manager -------------------------------------------------------------------------------- Update Information: RFE: journal: automatically rotate the file if it is unlinked (#1171719);Add the touchpad hwdb (#1189319) -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Jan Synáček <jsynacek@xxxxxxxxxx> - 216-18 - RFE: journal: automatically rotate the file if it is unlinked (#1171719) - Add the touchpad hwdb (#1189319) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1171719 - RFE: journal: automatically rotate the file if it is unlinked https://bugzilla.redhat.com/show_bug.cgi?id=1171719 [ 2 ] Bug #1189319 - add the touchpad hwdb https://bugzilla.redhat.com/show_bug.cgi?id=1189319 -------------------------------------------------------------------------------- ================================================================================ xorg-x11-drv-synaptics-1.8.1-3.fc21 (FEDORA-2015-1769) Xorg X11 Synaptics touchpad input driver -------------------------------------------------------------------------------- Update Information: Fix missing bits and bobs for the X1 Carbon quirks (#1189329) -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Peter Hutterer <peter.hutterer@xxxxxxxxxx> 1.8.1-3 - Fix missing bits and bobs for the X1 Carbon quirks (#1189329) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1189329 - xorg-x11-drv-synaptics-1.8.1-2.fc21 patch for new Lenovo touchpads is incorrect https://bugzilla.redhat.com/show_bug.cgi?id=1189329 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
