Fedora 21 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 21 Security updates need testing:
 Age  URL
  79  https://admin.fedoraproject.org/updates/FEDORA-2014-15342/rubygem-actionpack-4.1.5-2.fc21
  77  https://admin.fedoraproject.org/updates/FEDORA-2014-15413/rubygem-sprockets-2.12.1-3.fc21
  55  https://admin.fedoraproject.org/updates/FEDORA-2014-16782/mutt-1.5.23-7.fc21
  54  https://admin.fedoraproject.org/updates/FEDORA-2014-16833/asterisk-11.14.2-1.fc21
  49  https://admin.fedoraproject.org/updates/FEDORA-2014-17195/httpd-2.4.10-15.fc21
  46  https://admin.fedoraproject.org/updates/FEDORA-2014-17139/aeskulap-0.2.2-0.20beta1.fc21,orthanc-0.8.5-2.fc21,dcmtk-3.6.1-1.fc21
  42  https://admin.fedoraproject.org/updates/FEDORA-2014-17567/mapserver-6.2.2-1.fc21
  40  https://admin.fedoraproject.org/updates/FEDORA-2014-17635/dokuwiki-0-0.23.20140929b.fc21
  30  https://admin.fedoraproject.org/updates/FEDORA-2015-0264/gcab-0.4-7.fc21
  24  https://admin.fedoraproject.org/updates/FEDORA-2015-0594/strongswan-5.2.2-1.fc21
  22  https://admin.fedoraproject.org/updates/FEDORA-2015-0620/chicken-4.9.0.1-3.fc21
  19  https://admin.fedoraproject.org/updates/FEDORA-2015-0754/arc-5.21p-5.fc21
  16  https://admin.fedoraproject.org/updates/FEDORA-2015-0938/android-tools-20141219git8393e50-2.fc21
  15  https://admin.fedoraproject.org/updates/FEDORA-2015-1023/dump-0.4-0.24.b44.fc21
  11  https://admin.fedoraproject.org/updates/FEDORA-2015-1062/jasper-1.900.1-30.fc21
   6  https://admin.fedoraproject.org/updates/FEDORA-2015-1419/mantis-1.2.19-1.fc21
   6  https://admin.fedoraproject.org/updates/FEDORA-2015-1467/openstack-glance-2014.1.3-4.fc21
   6  https://admin.fedoraproject.org/updates/FEDORA-2015-1465/websvn-2.3.3-8.fc21
   5  https://admin.fedoraproject.org/updates/FEDORA-2015-1488/pigz-2.3.3-1.fc21
   2  https://admin.fedoraproject.org/updates/FEDORA-2015-1570/qpid-cpp-0.30-9.fc21
   1  https://admin.fedoraproject.org/updates/FEDORA-2015-1632/virt-who-0.8-11.fc21
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-1708/puppetlabs-stdlib-4.5.1-2.20150121git7a91f20.fc21
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-1736/ntp-4.2.6p5-27.fc21
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-1713/bugzilla-4.4.8-1.fc21.1
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-1751/moodle-2.7.5-1.fc21
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-1745/postgresql-9.3.6-1.fc21
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-1733/perl-Gtk2-1.2495-1.fc21
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-1772/roundcubemail-1.0.5-1.fc21


The following Fedora 21 Critical Path updates have yet to be approved:
 Age URL
  11  https://admin.fedoraproject.org/updates/FEDORA-2015-1091/perl-Filter-1.54-1.fc21
  11  https://admin.fedoraproject.org/updates/FEDORA-2015-1152/imlib2-1.4.6-3.fc21
  11  https://admin.fedoraproject.org/updates/FEDORA-2015-1062/jasper-1.900.1-30.fc21
  10  https://admin.fedoraproject.org/updates/FEDORA-2015-1254/rygel-0.24.3-1.fc21
   6  https://admin.fedoraproject.org/updates/FEDORA-2015-1456/perl-Getopt-Long-2.43-1.fc21
   6  https://admin.fedoraproject.org/updates/FEDORA-2015-1454/perl-Pod-Simple-3.29-1.fc21
   6  https://admin.fedoraproject.org/updates/FEDORA-2015-1436/koji-1.9.0-10.fc21.gitcd45e886
   5  https://admin.fedoraproject.org/updates/FEDORA-2015-1488/pigz-2.3.3-1.fc21
   2  https://admin.fedoraproject.org/updates/FEDORA-2015-1597/bind-9.9.6-7.P1.fc21
   1  https://admin.fedoraproject.org/updates/FEDORA-2015-1669/highlight-3.21-1.fc21
   1  https://admin.fedoraproject.org/updates/FEDORA-2015-1662/sqlite-3.8.8-2.fc21
   1  https://admin.fedoraproject.org/updates/FEDORA-2015-1641/perl-version-0.99.12-1.fc21
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-1725/perl-Encode-2.70-1.fc21
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-1768/selinux-policy-3.13.1-105.3.fc21
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-1763/systemd-216-18.fc21
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-1769/xorg-x11-drv-synaptics-1.8.1-3.fc21


The following builds have been pushed to Fedora 21 updates-testing

    389-ds-base-1.3.3.8-1.fc21
    389-ds-console-1.2.9-1.fc21
    RackTables-0.20.10-1.fc21
    claws-mail-3.11.1-6.fc21
    cln-1.3.4-1.fc21
    csvcat-0.1-20141205git858edfe.fc21
    dnf-langpacks-0.7.0-2.fc21
    dovecot-2.2.15-3.fc21
    fdm-1.8-1.fc21
    gammaray-2.2.1-3.fc21
    gedit-3.14.3-1.fc21
    idm-console-framework-1.1.9-1.fc21
    kf5-kguiaddons-5.6.0-2.fc21
    minised-1.15-1.fc21
    moodle-2.7.5-1.fc21
    ntp-4.2.6p5-27.fc21
    open-vm-tools-9.4.6-6.fc21
    openbabel-2.3.2-11.fc21
    perl-Encode-2.70-1.fc21
    perl-Gtk2-1.2495-1.fc21
    pgp-tools-1.1.12-2.fc21
    php-pecl-mongo-1.6.1-1.fc21
    postgresql-9.3.6-1.fc21
    publicsuffix-list-20150204-1.fc21
    python-paho-mqtt-1.1-1.fc21
    python-sphinx-1.2.3-1.fc21
    roundcubemail-1.0.5-1.fc21
    rpcbind-0.2.2-2.1.fc21
    rubygem-hoe-3.13.1-1.fc21
    rubygem-isolate-3.3.1-1.fc21
    rubygem-marc-1.0.0-1.fc21
    s3cmd-1.5.1.2-4.fc21
    selinux-policy-3.13.1-105.3.fc21
    systemd-216-18.fc21
    xorg-x11-drv-synaptics-1.8.1-3.fc21

Details about builds:


================================================================================
 389-ds-base-1.3.3.8-1.fc21 (FEDORA-2015-1741)
 389 Directory Server (base)
--------------------------------------------------------------------------------
Update Information:

release 1.3.3.8
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb  4 2015 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.3.3.8-1
- bump version to 1.3.3.8
- Ticket 48001 - ns-activate.pl fails to activate account if it was disabled on AD
- Ticket 47963 - memberof skip nested groups breaks the plugin
* Wed Jan 28 2015 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.3.3.7-2
- removed USE_64=1 which is not used any more.
* Wed Jan 28 2015 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.3.3.7-1
- bump version to 1.3.3.7
- Coverity 12970 - Explicit null dereference
- Ticket 47988: Schema learning mechanism, in replication, unable to extend an existing definition
- Ticket 47996 - ldclt needs to support SSL Version range
- Ticket 47738 - use PL_strcasestr instead of strcasestr
- Ticket 47462 - Stop using DES in the reversible password  encryption plug-in
- Ticket 47807 - SLAPI_REQUESTOR_ISROOT not set for extended operation plugins
- Ticket 47991 - upgrade script fails if /etc and /var are on different file systems
- Ticket 47989 - Windows Sync accidentally cleared raw_entry
- Ticket 47964 - v2 - Incorrect search result after replacing an empty attribute
- Ticket 47934 - nsslapd-db-locks modify not taking into account.
- Ticket 47617 - replication changelog trimming setting validation
- Ticket 47905 - Bad manipulation of passwordhistory
- Ticket 47973 - During schema reload sometimes the search returns no results
- Ticket 47981 - COS cache doesn't properly mark vattr cache as  invalid when there are multiple suffixes
- Ticket 47980 - Nested COS definitions can be incorrectly  processed
- Ticket 47451 - Dynamic plugins - fixed thread synchronization
- Ticket 47750 - During delete operation do not refresh cache entry if it is a tombstone
- Ticket 47947 - start dirsrv after chrony on RHEL7 and Fedora
- fix jenkins warning
- Ticket 47526 - Additional fix for ticket 47526 v3
- Ticket 47451 - Add Dynamic Plugin CI Suite
- Ticket 47965 - Fix coverity issues (2014/12/16)
- Ticket 47451 - Fix jenkins errors
- Ticket 47451 - Dynamic Plugin - various fixes
- Ticket 47935 - Error: failed to open an LDAP connection to host 'example.org' port '389' as user 'cn=Directory Manager'. Error: unknown.
- Ticket 47750 - Need to refresh cache entry after called betxn postop plugins
- Ticket 47942 -  DS hangs during online total update
- Ticket 47960 - cookie_change_info returns random negative number if there was no change in a tree
- Ticket 47960 - cookie_change_info returns random negative number if there was no change in a tree
- Ticket 47722 - Using the filter file does not work
- Ticket 47636 - Error log levels not displayed correctly
- Ticket 47965 - Fix coverity issues (2014/11/24)
- Ticket 47969 - Fix coverity issue
- Ticket 47949 - logconv.pl -- support parsing/showing/reporting different protocol versions
- Ticket 47525 - Crash if setting invalid plugin config area for MemberOf Plugin
- Ticket 47970 - add lib389 testcase
- Ticket 47970 - Account lockout attributes incorrectly updated after failed SASL Bind
- Ticket 47969 - COS memory leak when rebuilding the cache
- Ticket 47967 - cos_cache_build_definition_list does not stop during server shutdown
- Ticket 47451 - Running a plugin task can crash the server
- Ticket 47963 - skip nested groups breaks memberof fixup task
- Ticket 47963 - RFE - memberOf - add option to skip nested  group lookups during delete operations
- Ticket 47810 - RI plugin does not return result code if update fails
- Ticket 47950 - Bind DN tracking unable to write to internalModifiersName without special permissions
- Ticket 47958 - Memory leak in password admin if the admin entry does not exist
- Ticket 47952 - PasswordAdminDN attribute is not properly returned to client
- Ticket 47451 - Need to unregister tasks created by plugins
- Ticket 47928 - Disable SSL v3, by default.
- Ticket 47953 - Should not check aci syntax when deleting an aci
- Ticket 47948 - ldap_sasl_bind fails assertion (ld != NULL) if it is called from chainingdb_bind over SSL/startTLS
- Ticket 47945 - Add SSL/TLS version info to the access log
- Ticket 47939 - Malformed cookie for LDAP Sync makes DS crash
- Ticket 47937 - Crash in entry_add_present_values_wsi_multi_valued
- Ticket 47928 - CI test: added test cases for ticket 47928
- Ticket 47553 - Enhance ACIs to have more control over MODRDN operations
--------------------------------------------------------------------------------


================================================================================
 389-ds-console-1.2.9-1.fc21 (FEDORA-2015-1755)
 389 Directory Server Management Console
--------------------------------------------------------------------------------
Update Information:

release 1.2.9
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb  4 2015 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.2.9-1
- Bumped version to 1.2.9
- Bug 1184175 - DS Console always sets nsSSL3 to "on" when a securty setting is adjusted (DS 47994)
- Bug 916045  - RFE: Winsync loses connection with AD objects when they move from the console. (#47380)
- Bug 1173281 - DS console - right clicking an object does not select that object (#135)
- Bug 1134688 - DS Console does not correctly disable SSL (#47887)
- Bug 963254  - DS instance cannot be restored from remote console (#47485)
- Ticket 47886 - DS Console - mouse wheel speed very slow
- Bug 758983  - DS Console should timeout when mismatched port and protocol combination is chosen (#176)
- Bug 1173283 - DS Console - java exception when refreshing  schema (#47883)
- Bug 1173284 - Window too large for Manage password policy (#96)
--------------------------------------------------------------------------------


================================================================================
 RackTables-0.20.10-1.fc21 (FEDORA-2015-1758)
 A data-center asset management system
--------------------------------------------------------------------------------
Update Information:

Rebase to v0.20.10
Rebase to v0.20.9
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb  5 2015 Colin Coe <colin.coe@xxxxxxxxx> - 0.20.10-1
- Rebase to v0.20.10
* Fri Jan 16 2015 Colin Coe <colin.coe@xxxxxxxxx> - 0.20.9-1
- Rebase to v0.20.9
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1186291 - RackTables-0.20.10 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1186291
  [ 2 ] Bug #977277 - RackTables-0.20.9 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=977277
--------------------------------------------------------------------------------


================================================================================
 claws-mail-3.11.1-6.fc21 (FEDORA-2015-1739)
 Email client and news reader based on GTK+
--------------------------------------------------------------------------------
Update Information:

Fix crash in clamav plugin dialog
Add workaround for crashes in gtk_cmctree
Add workaround for crashes in gtk_cmctree
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb  4 2015 Andreas Bierfert <andreas.bierfert@xxxxxxxxxxxxx>
- 3.11.1-6
- fix clamav preferences crash (rhbz#118891, rhbz#118774)
* Tue Feb  3 2015 Andreas Bierfert <andreas.bierfert@xxxxxxxxxxxxx>
- 3.11.1-5
- enable gdata plugin on epel
* Tue Feb  3 2015 Andreas Bierfert <andreas.bierfert@xxxxxxxxxxxxx>
- 3.11.1-4
- workaround for crashes in gtk_cmctree (rhbz#1172963, rhbz#1165158)
- enable tnef plugin on epel
- disable bsfilter plugin on epel
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1187744 - [abrt] claws-mail: g_type_check_instance_cast(): claws-mail killed by SIGSEGV
        https://bugzilla.redhat.com/show_bug.cgi?id=1187744
  [ 2 ] Bug #1188919 - [abrt] claws-mail: g_type_check_instance_cast(): claws-mail killed by SIGSEGV
        https://bugzilla.redhat.com/show_bug.cgi?id=1188919
  [ 3 ] Bug #1165158 - [abrt] claws-mail: gtk_cmctree_is_viewable(): claws-mail killed by SIGSEGV
        https://bugzilla.redhat.com/show_bug.cgi?id=1165158
  [ 4 ] Bug #1172963 - [abrt] claws-mail: gtk_cmctree_node_get_row_data(): claws-mail killed by SIGSEGV
        https://bugzilla.redhat.com/show_bug.cgi?id=1172963
--------------------------------------------------------------------------------


================================================================================
 cln-1.3.4-1.fc21 (FEDORA-2015-1764)
 Class Library for Numbers
--------------------------------------------------------------------------------
Update Information:

Update to the latest version(should be updated long ago)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 15 2014 Christopher Meng <rpm@xxxxxxxx> - 1.3.4-1
- Update to 1.3.4
--------------------------------------------------------------------------------


================================================================================
 csvcat-0.1-20141205git858edfe.fc21 (FEDORA-2015-1749)
 Efficiently concatenate CSVs or other tabular text files
--------------------------------------------------------------------------------
Update Information:

New package, please test with:

csvcat.sh file1 file2 [...] > concatenated.csv
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1177406 - Review Request: csvcat - Efficiently concatenate CSVs or other tabular text files
        https://bugzilla.redhat.com/show_bug.cgi?id=1177406
--------------------------------------------------------------------------------


================================================================================
 dnf-langpacks-0.7.0-2.fc21 (FEDORA-2015-1756)
 Langpacks plugin for dnf
--------------------------------------------------------------------------------
Update Information:

Added python3-dnf-langpacks sub-package
update to 0.7.0 release
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb  3 2015 Parag Nemade <pnemade AT redhat DOT com> - 0.7.0-2
- Added python3-dnf-langpacks sub-package
* Mon Feb  2 2015 Parag Nemade <pnemade AT redhat DOT com> - 0.7.0-1
- update to 0.7.0 release
--------------------------------------------------------------------------------


================================================================================
 dovecot-2.2.15-3.fc21 (FEDORA-2015-1766)
 Secure imap and pop3 server
--------------------------------------------------------------------------------
Update Information:

fixes mbox istream crashes
- fix crash related to logging BYE notifications (#1176282)
- update pigeonhole to 0.4.6
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb  5 2015 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 1:2.2.15-3
- fix mbox istream crashes (#1189198, #1186504)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1189198 - dovecot IMAP crashes on mbox files
        https://bugzilla.redhat.com/show_bug.cgi?id=1189198
  [ 2 ] Bug #1176282 - [abrt] dovecot: strlen(): log killed by SIGSEGV
        https://bugzilla.redhat.com/show_bug.cgi?id=1176282
  [ 3 ] Bug #1186504 - [abrt] dovecot: default_fatal_finish(): imap killed by SIGABRT
        https://bugzilla.redhat.com/show_bug.cgi?id=1186504
--------------------------------------------------------------------------------


================================================================================
 fdm-1.8-1.fc21 (FEDORA-2015-1764)
 A simple lightweight tool of fetching, filtering and delivering emails
--------------------------------------------------------------------------------
Update Information:

Update to the latest version(should be updated long ago)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 28 2015 Christopher Meng <rpm@xxxxxxxx> - 1.8-1
- Update to 1.8
--------------------------------------------------------------------------------


================================================================================
 gammaray-2.2.1-3.fc21 (FEDORA-2015-1774)
 A tool for examining internals of Qt applications
--------------------------------------------------------------------------------
Update Information:

Update to 2.2.1

 - default to Qt 5 build
 - split probes to -qt5 and -qt4 subpackages
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb  3 2015 Daniel Vrátil <dvratil@xxxxxxxxxx> - 2.2.1-3
- fix typo
* Tue Feb  3 2015 Daniel Vrátil <dvratil@xxxxxxxxxx> - 2.2.1-2
- drop ambiguous BuildArch
* Tue Feb  3 2015 Daniel Vrátil <dvratil@xxxxxxxxxx> - 2.2.1-1
- Update to 2.2.1
- Default to Qt 5 build now
- Provide probes for Qt 5 and Qt 4 in -qt5 and -qt4 subpackages
* Wed Jan  7 2015 Orion Poplawski <orion@xxxxxxxxxxxxx> - 2.1.1-2
- Rebuild for hdf5 1.8.4
--------------------------------------------------------------------------------


================================================================================
 gedit-3.14.3-1.fc21 (FEDORA-2015-1767)
 Text editor for the GNOME desktop
--------------------------------------------------------------------------------
Update Information:

Update to 3.14.3
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb  5 2015 Ignacio Casal Quinteiro <icq@xxxxxxxxx> - 2:3.14.3-1
- Update to 3.14.3
--------------------------------------------------------------------------------


================================================================================
 idm-console-framework-1.1.9-1.fc21 (FEDORA-2015-1765)
 Identity Management Console Framework
--------------------------------------------------------------------------------
Update Information:

release 1.1.9
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb  4 2015 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.1.9-1
- Bump version to 1.1.9
- Ticket 47929 - idm-console-framework - set default min to tls1.0
- Ticket 47946 - ACI's are replaced by "ACI_ALL" after editing group of ACI's including invalid one
- Ticket 47929 - Console - add tls1.1 support
- Ticket 47472 - Entries cannot be highlighted in the "Edit Aci" Rights panel
- Ticket 47364 - Console does not support passwords containing  8-bit characters
- Ticket 47604 - idm-console-framework: remove versioned jars from /usr/share/java
- Ticket 47480 - Admin Console "server restart dialog" disppears after clicking OK
- Ticket 47467 - Improve CRL import dialog text
- Ticket 362   - Directory Console generates insufficient key strength
* Fri Aug 29 2014 Mark Reynolds <mreynolds@xxxxxxxxxx> - 1.1.7-9
- Bug 1022104 - Remove versioned jarfiles from _javadir
--------------------------------------------------------------------------------


================================================================================
 kf5-kguiaddons-5.6.0-2.fc21 (FEDORA-2015-1722)
 KDE Frameworks 5 Tier 1 addon with various classes on top of QtGui
--------------------------------------------------------------------------------
Update Information:

BR qt5-qtx11extras-devel
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb  5 2015 Daniel Vrátil <dvratil@xxxxxxxxxx> - 5.6.0-2
- BR qt5-qtx11extras-devel
--------------------------------------------------------------------------------


================================================================================
 minised-1.15-1.fc21 (FEDORA-2015-1734)
 A smaller, cheaper, faster SED implementation
--------------------------------------------------------------------------------
Update Information:

The 1.15 version fixes some Kleene star operator relates bugs and
includes some code cleanups.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 20 2015 Christopher Meng <rpm@xxxxxxxx> - 1.15-1
- Update to 1.15
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1150999 - minised-1.15 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1150999
--------------------------------------------------------------------------------


================================================================================
 moodle-2.7.5-1.fc21 (FEDORA-2015-1751)
 A Course Management System
--------------------------------------------------------------------------------
Update Information:

The following security notifications have now been made public:

==============================================================================
MSA-15-0001: Insufficient access check in LTI module

Description:       Absence of capability check in AJAX backend script could
                   allow any enrolled user to search the list of registered
                   tools
Issue summary:     mod/lti/ajax.php security problems
Severity/Risk:     Minor
Versions affected: 2.8 to 2.8.1, 2.7 to 2.7.3, 2.6 to 2.6.6 and earlier
                   unsupported versions
Versions fixed:    2.8.2, 2.7.4 and 2.6.7
Reported by:       Petr Skoda
Issue no.:         MDL-47920
CVE identifier:    CVE-2015-0211
Changes (master):
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47920

==============================================================================
MSA-15-0002: XSS vulnerability in course request pending approval page

Description:       Course summary on course request pending approval page was
                   displayed to the manager unescaped and could be used for
                   XSS attack
Issue summary:     XSS in course request pending approval page (Privilege
                   Escalation?)
Severity/Risk:     Serious
Versions affected: 2.8 to 2.8.1, 2.7 to 2.7.3, 2.6 to 2.6.6 and earlier
                   unsupported versions
Versions fixed:    2.8.2, 2.7.4 and 2.6.7
Reported by:       Skylar Kelty
Issue no.:         MDL-48368
Workaround:        Grant permission moodle/course:request only to trusted
                   users
CVE identifier:    CVE-2015-0212
Changes (master):
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48368

==============================================================================
MSA-15-0003: CSRF possible in Glossary module

Description:       Two files in the Glossary module lacked a session key check
                   potentially allowing cross-site request forgery
Issue summary:     Multiple CSRF in mod glossary
Severity/Risk:     Serious
Versions affected: 2.8 to 2.8.1, 2.7 to 2.7.3, 2.6 to 2.6.6 and earlier
                   unsupported versions
Versions fixed:    2.8.2, 2.7.4 and 2.6.7
Reported by:       Ankit Agarwal
Issue no.:         MDL-48106
CVE identifier:    CVE-2015-0213
Changes (master):
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48106

==============================================================================
MSA-15-0004: Information leak through messaging functions in web-services

Description:       Through web-services it was possible to access
                   messaging-related functions such as people search even if
                   messaging is disabled on the site
Issue summary:     Messages external functions doesn't check if messaging is
                   enabled
Severity/Risk:     Minor
Versions affected: 2.8 to 2.8.1, 2.7 to 2.7.3, 2.6 to 2.6.6 and earlier
                   unsupported versions
Versions fixed:    2.8.2, 2.7.4 and 2.6.7
Reported by:       Juan Leyva
Issue no.:         MDL-48329
Workaround:        Disable web services or disable individual message-related
                   functions
CVE identifier:    CVE-2015-0214
Changes (master):
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48329

==============================================================================
MSA-15-0005: Insufficient access check in calendar functions in web-services

Description:       Through web-services it was possible to get information
                   about calendar events which user did not have enough
                   permissions to see
Issue summary:     calendar/externallib.php lacks
                   self::validate_context($context);
Severity/Risk:     Minor
Versions affected: 2.8 to 2.8.1, 2.7 to 2.7.3, 2.6 to 2.6.6 and earlier
                   unsupported versions
Versions fixed:    2.8.2, 2.7.4 and 2.6.7
Reported by:       Petr Skoda
Issue no.:         MDL-48017
CVE identifier:    CVE-2015-0215
Changes (master):
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48017

==============================================================================
MSA-15-0006: Capability to grade Lesson module is missing XSS bitmask

Description:       Users with capability to grade in Lesson module were not
                   reported as users with XSS risk but their feedback was
                   displayed without cleaning
Issue summary:     mod/lesson:grade capability missing RISK_XSS but essay
                   feedback is displayed with noclean=true
Severity/Risk:     Minor
Versions affected: 2.8 to 2.8.1
Versions fixed:    2.8.2
Reported by:       Damyon Wiese
Issue no.:         MDL-48034
CVE identifier:    CVE-2015-0216
Changes (master):
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48034

==============================================================================
MSA-15-0007: ReDoS possible in the multimedia filter

Description:       Not optimal regular expression in the filter could be
                   exploited to create extra server load or make particular
                   page unavailable
Issue summary:     ReDOS in the multimedia filter
Severity/Risk:     Serious
Versions affected: 2.8 to 2.8.1, 2.7 to 2.7.3, 2.6 to 2.6.6 and earlier
                   unsupported versions
Versions fixed:    2.8.2, 2.7.4 and 2.6.7
Reported by:       Nicolas Martignoni
Issue no.:         MDL-48546
Workaround:        Disable multimedia filter
CVE identifier:    CVE-2015-0217
Changes (master):
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48546

==============================================================================
MSA-15-0008: Forced logout through Shibboleth authentication plugin

Description:       It was possible to forge a request to logout users even
                   when not authenticated through Shibboleth
Issue summary:     Forced logout via auth/shibboleth/logout.php
Severity/Risk:     Serious
Versions affected: 2.8 to 2.8.1, 2.7 to 2.7.3, 2.6 to 2.6.6 and earlier
                   unsupported versions
Versions fixed:    2.8.2, 2.7.4 and 2.6.7
Reported by:       Petr Skoda
Issue no.:         MDL-47964
Workaround:        Deny access to file auth/shibboleth/logout.php in webserver
                   configuration
CVE identifier:    CVE-2015-0218
Changes (master):
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47964

==============================================================================
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb  5 2015 Jon Ciesla <limburgher@xxxxxxxxx> - 2.7.5-1
- 2.7.5, fix for security issues.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1183695 - CVE-2015-0218 CVE-2015-0212 CVE-2015-0213 CVE-2015-0211 CVE-2015-0216 CVE-2015-0217 CVE-2015-0214 CVE-2015-0215 moodle: new update fixes several security issues [epel-6]
        https://bugzilla.redhat.com/show_bug.cgi?id=1183695
  [ 2 ] Bug #1183694 - CVE-2015-0218 CVE-2015-0212 CVE-2015-0213 CVE-2015-0211 CVE-2015-0216 CVE-2015-0217 CVE-2015-0214 CVE-2015-0215 moodle: new update fixes several security issues [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1183694
--------------------------------------------------------------------------------


================================================================================
 ntp-4.2.6p5-27.fc21 (FEDORA-2015-1736)
 The NTP daemon and utilities
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2014-9297, CVE-2014-9298
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb  5 2015 Miroslav Lichvar <mlichvar@xxxxxxxxxx> 4.2.6p5-27
- validate lengths of values in extension fields (CVE-2014-9297)
- drop packets with spoofed source address ::1 (CVE-2014-9298)
* Thu Jan 29 2015 Miroslav Lichvar <mlichvar@xxxxxxxxxx> 4.2.6p5-26
- require timedatex (#1136905)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1184572 - CVE-2014-9298 ntp: drop packets with source address ::1
        https://bugzilla.redhat.com/show_bug.cgi?id=1184572
  [ 2 ] Bug #1184573 - CVE-2014-9297 ntp: vallen in extension fields are not validated
        https://bugzilla.redhat.com/show_bug.cgi?id=1184573
--------------------------------------------------------------------------------


================================================================================
 open-vm-tools-9.4.6-6.fc21 (FEDORA-2015-1738)
 Open Virtual Machine Tools for virtual machines hosted on VMware
--------------------------------------------------------------------------------
Update Information:

This update fixes the missing NetIpRouteConfigInfo (BZ#1189295).
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb  4 2015 Ravindra Kumar <ravindrakumar@xxxxxxxxxx> - 9.4.6-6
- Added a patch for missing NetIpRouteConfigInfo (BZ#1189295)
* Mon Jan 26 2015 David Tardon <dtardon@xxxxxxxxxx> - 9.4.6-5
- rebuild for ICU 54.1
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1189295 - open-vm-tools does not report NetIpRouteConfigInfo to vSphere APIs
        https://bugzilla.redhat.com/show_bug.cgi?id=1189295
--------------------------------------------------------------------------------


================================================================================
 openbabel-2.3.2-11.fc21 (FEDORA-2015-1735)
 Chemistry software file format converter
--------------------------------------------------------------------------------
Update Information:

Unify patches which disable tests on ppc64, s390(x), arm and enable
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 27 2015 Marcin Juszkiewicz <mjuszkiewicz@xxxxxxxxxx> - 2.3.2-11
- Unify patches which disable tests on ppc64, s390(x), arm and enable
  result also for aarch64. rhbugs: #1108103 #1094491 #1094513
* Fri Jan 16 2015 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 2.3.2-10
- Rebuild for https://fedoraproject.org/wiki/Changes/Ruby_2.2
- Remove deprecated Config:: usage
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1108103 - FTBFS: several unit tests fail on ppc64
        https://bugzilla.redhat.com/show_bug.cgi?id=1108103
  [ 2 ] Bug #1094491 - openbabel testsuite is failing on ARM
        https://bugzilla.redhat.com/show_bug.cgi?id=1094491
  [ 3 ] Bug #1094513 - openbabel testsuite is failing on ppc64, ppc64le, aarch64
        https://bugzilla.redhat.com/show_bug.cgi?id=1094513
--------------------------------------------------------------------------------


================================================================================
 perl-Encode-2.70-1.fc21 (FEDORA-2015-1725)
 Character encodings in Perl
--------------------------------------------------------------------------------
Update Information:

This release brings a new encguess(1) tool which as a wrapper around Encoding::Guess Perl module.
This release corrects handling taint flag when encoding MIME, it fixes documentation and some compiler warnings.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb  5 2015 Petr Pisar <ppisar@xxxxxxxxxx> - 1:2.70-1
- 2.70 bump
* Fri Jan 23 2015 Petr Pisar <ppisar@xxxxxxxxxx> - 1:2.68-1
- 2.68 bump
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1185328 - perl-Encode-2.68 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1185328
--------------------------------------------------------------------------------


================================================================================
 perl-Gtk2-1.2495-1.fc21 (FEDORA-2015-1733)
 Perl interface to the 2.x series of the Gimp Toolkit library
--------------------------------------------------------------------------------
Update Information:

Update to 1.2495 to resolve an incorrect memory management issue in Gtk2::Gdk::Display::list_devices, which can potentially lead to arbitrary code execution.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb  4 2015 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.2495-1
- update to 1.2495
* Mon Jan  5 2015 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.2494-1
- update to 1.2494
* Wed Dec 10 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.2493-1
- update to 1.2493
* Mon Sep  1 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.2492-3
- Perl 5.20 rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1188219 - perl-Gtk2: incorrect memory management in Gtk2::Gdk::Display::list_devices
        https://bugzilla.redhat.com/show_bug.cgi?id=1188219
--------------------------------------------------------------------------------


================================================================================
 pgp-tools-1.1.12-2.fc21 (FEDORA-2015-1726)
 Collection of several utilities related to OpenPGP
--------------------------------------------------------------------------------
Update Information:

New upstream release with bugfies.
Minore bugfixing release from updatream.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb  4 2015 Jochen Schmitt <Jochen herr-schmitt de> - 1.1.12-2
- New upstream release
* Wed Jan 21 2015 Jochen Schmitt <Jochen herr-schmitt de> - 1.1.10-2
- Fix dependency issue agains perl(for) (#1184547)
* Sat Jan 10 2015 Jochen Schmitt <Jochen herr-schmitt de> - 1.1.10-1
- New upstream release
--------------------------------------------------------------------------------


================================================================================
 php-pecl-mongo-1.6.1-1.fc21 (FEDORA-2015-1750)
 PHP MongoDB database driver
--------------------------------------------------------------------------------
Update Information:

>From upstream announcement:

We are glad to announce the release of version 1.6.0 of the MongoDB PHP driver.

It supports all new features for MongoDB 3.0, including:

* Support for WiredTiger, and other storage engines.
* Support for the new SCRAM-SHA-1 SASL authentication mechanism
* Support for 50 replica set members


For full fixed bug list, see:

* 1.6.0: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10007&version=14800
* 1.6.1: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10007&version=14825

--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb  5 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.6.1-1
- Update to 1.6.1 (stable)
--------------------------------------------------------------------------------


================================================================================
 postgresql-9.3.6-1.fc21 (FEDORA-2015-1745)
 PostgreSQL client programs
--------------------------------------------------------------------------------
Update Information:

update to 9.3.6 per release notes http://www.postgresql.org/docs/9.3/static/release-9-3-6.html, CVE-2015-0241, CVE-2015-0242, CVE-2015-0243, CVE-2015-0244
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb  4 2015 Pavel Raiskup <praiskup@xxxxxxxxxx> - 9.3.6-1
- update to 9.3.6 per release notes
  http://www.postgresql.org/docs/9.3/static/release-9-3-6.html
--------------------------------------------------------------------------------


================================================================================
 publicsuffix-list-20150204-1.fc21 (FEDORA-2015-1723)
 Cross-vendor public domain suffix database
--------------------------------------------------------------------------------
Update Information:

The latest revision - 20150204
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb  5 2015 Yanko Kaneti <yaneti@xxxxxxxxxxx> - 20150204-1
- The latest revision - 20150204

- Initial version for review - 20141124-1
--------------------------------------------------------------------------------


================================================================================
 python-paho-mqtt-1.1-1.fc21 (FEDORA-2015-1760)
 A Python MQTT version 3.1/3.1.1 client class
--------------------------------------------------------------------------------
Update Information:

Update to new upstream version 1.1
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb  5 2015 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 1.1-1
- Update to new upstream version 1.1
--------------------------------------------------------------------------------


================================================================================
 python-sphinx-1.2.3-1.fc21 (FEDORA-2015-1748)
 Python documentation generator
--------------------------------------------------------------------------------
Update Information:

- Update to latest upstream release, see CHANGES file for new features and bugfixes
- License file now tagged as %license instead of %doc
- Complete LaTeX builder deps
- Make test output verbose
- Add BRs needed to enable all tests

--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb  5 2015 Michel Alexandre Salim <salimma@xxxxxxxxxxxxxxxxx> - 1.2.3-1
- Update to 1.2.3
- Mark license file with %license instead of %doc
* Thu Feb  5 2015 Michel Alexandre Salim <salimma@xxxxxxxxxxxxxxxxx> - 1.2.2-10
- Complete LaTeX builder deps (fixes bz#882166)
- Make test output verbose
- Add BRs needed to enable all tests
* Tue Feb  3 2015 Michel Alexandre Salim <salimma@xxxxxxxxxxxxxxxxx> - 1.2.2-9
- python3-sphinx package also Provides: python3-sphinx-latex
* Tue Feb  3 2015 Michel Alexandre Salim <salimma@xxxxxxxxxxxxxxxxx> - 1.2.2-8
- If a separate LaTeX subpackage is not generated, the main package should have
  a virtual Provides: for it (bz#1187989)
* Tue Jan 27 2015 Michel Alexandre Salim <salimma@xxxxxxxxxxxxxxxxx> - 1.2.2-7
- Disable separate LaTeX builder for now (bz#1185574)
* Thu Jan 22 2015 Michel Alexandre Salim <salimma@xxxxxxxxxxxxxxxxx> - 1.2.2-6
- Split off LaTeX builder into its own subpackages, to remove TeXLive
  dependencies from the main package.
  Thanks to Robert Kuska <rkuska@xxxxxxxxxx> for feedback
- Clean up python3-sphinx's locale files, they ended up in the python2 package.
  Share the locale files in /usr/share instead
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1148845 - "make latexpdf" fails with a pristine sphinx project (texlive issues?)
        https://bugzilla.redhat.com/show_bug.cgi?id=1148845
  [ 2 ] Bug #882166 - make latex does not work out of the box
        https://bugzilla.redhat.com/show_bug.cgi?id=882166
  [ 3 ] Bug #1148037 - python-sphinx contains python3 files
        https://bugzilla.redhat.com/show_bug.cgi?id=1148037
--------------------------------------------------------------------------------


================================================================================
 roundcubemail-1.0.5-1.fc21 (FEDORA-2015-1772)
 Round Cube Webmail is a browser-based multilingual IMAP client
--------------------------------------------------------------------------------
Update Information:

Cross-site scripting vulnerability has been fixed in Roundcube 1.0.5 version.

http://roundcube.net/news/2015/01/24/security-update-1.0.5/
http://trac.roundcube.net/wiki/Changelog#RELEASE1.0.5
http://trac.roundcube.net/ticket/1490227

CVE request: http://www.openwall.com/lists/oss-security/2015/01/31/3
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb  5 2015 Jon Ciesla <limburgher@xxxxxxxxx> - 1.0.5-1
- Fix for security issues.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1188203 - CVE-2015-1433 roundcubemail: crooss-site scripting in style attribute handling [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1188203
  [ 2 ] Bug #1188202 - CVE-2015-1433 roundcubemail: crooss-site scripting in style attribute handling [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1188202
--------------------------------------------------------------------------------


================================================================================
 rpcbind-0.2.2-2.1.fc21 (FEDORA-2015-1678)
 Universal Addresses to RPC Program Number Mapper
--------------------------------------------------------------------------------
Update Information:

commit 2a4dad119847f2ffd7511279b3cd3861fe90eaa4
Author: Steve Dickson <steved@xxxxxxxxxx>
Date:   Wed Feb 4 09:17:49 2015 -0500

    Updated to the latest rc release: rpcbind-0_2_3-rc1 (bz 1095021)
    
    Signed-off-by: Steve Dickson <steved@xxxxxxxxxx>

* Thu Feb  5 2015 Steve Dickson <steved@xxxxxxxxxx> - 0.2.2-2.1
- Added xlogging debugging to rpcbind

--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb  5 2015 Steve Dickson <steved@xxxxxxxxxx> - 0.2.2-2.1
- Added xlogging debugging to rpcbind
* Wed Feb  4 2015 Steve Dickson <steved@xxxxxxxxxx> - 0.2.2-2.0
- Updated to the latest rc release: rpcbind-0_2_3-rc1 (bz 1095021)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1095021 - systemd integration patches/assorted fixes
        https://bugzilla.redhat.com/show_bug.cgi?id=1095021
--------------------------------------------------------------------------------


================================================================================
 rubygem-hoe-3.13.1-1.fc21 (FEDORA-2015-1757)
 Hoe is a simple rake/rubygems helper for project Rakefiles
--------------------------------------------------------------------------------
Update Information:

New version 3.13.1 is released.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb  5 2015 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 3.13.1-1
- 3.13.1
--------------------------------------------------------------------------------


================================================================================
 rubygem-isolate-3.3.1-1.fc21 (FEDORA-2015-1740)
 Very simple RubyGems sandbox
--------------------------------------------------------------------------------
Update Information:

New version 3.3.1 is released.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb  5 2015 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 3.3.1-1
- 3.3.1
--------------------------------------------------------------------------------


================================================================================
 rubygem-marc-1.0.0-1.fc21 (FEDORA-2015-1743)
 Ruby library for MARC catalog
--------------------------------------------------------------------------------
Update Information:

New version 1.0.0 is released.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb  5 2015 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.0.0-1
- 1.0.0
--------------------------------------------------------------------------------


================================================================================
 s3cmd-1.5.1.2-4.fc21 (FEDORA-2015-1754)
 Tool for accessing Amazon Simple Storage Service
--------------------------------------------------------------------------------
Update Information:

upstream 1.5.1.2, mostly bug fixes
upstream 1.5.0 final
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb  4 2015 Matt Domsch <mdomsch@xxxxxxxxxxxxxxxxx> - 1.5.1.2-4
- upstream 1.5.1.2, mostly bug fixes
- remove ez_setup, add dependency on python-setuptools
* Mon Jan 12 2015 Matt Domsch <mdomsch@xxxxxxxxxxxxxxxxx> - 1.5.0-1
- upstream 1.5.0 final
--------------------------------------------------------------------------------


================================================================================
 selinux-policy-3.13.1-105.3.fc21 (FEDORA-2015-1768)
 SELinux policy configuration
--------------------------------------------------------------------------------
Update Information:

More info: http://koji.fedoraproject.org/koji/buildinfo?buildID=609261
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb  5 2015 Lukas Vrabec <lvrabec@xxxxxxxxxx> 3.13.1-105.3
- apmd needs sys_resource when shutting down the machine
- Allow upsmon_t to read urandom device.
* Mon Feb  2 2015 Lukas Vrabec <lvrabec@xxxxxxxxxx> 3.13.1-105.2
- Added boolean xdm_bind_vnc_tcp_port. BZ(1187975)
- Allow svirt sandbox domains to read /proc/mtrr
- Allow sshd_t to manage gssd keyring
- Allow docker to attach to the sandbox and user domains tun devices
- Dontaudit network connections related to thumb_t. BZ(1187981)
- Allow dovecot domains to use sys_resouce
- Allow svirt sandbox domains to read /proc/mtrr
- Allow polipo_deamon connect to all ephemeral ports. BZ(1187723)
- Allow sshd_t to manage gssd keyring
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1063827 - selinux avc for httpd accessing KEYRING ccache type
        https://bugzilla.redhat.com/show_bug.cgi?id=1063827
  [ 2 ] Bug #1172908 - SELinux is preventing dovecot from using the sys_resource capability.
        https://bugzilla.redhat.com/show_bug.cgi?id=1172908
  [ 3 ] Bug #1181338 - SELinux is preventing openvpn from 'relabelfrom' accesses on the tun_socket Unknown.
        https://bugzilla.redhat.com/show_bug.cgi?id=1181338
  [ 4 ] Bug #1185621 - SELinux is preventing systemctl from using the 'setrlimit' accesses on a process.
        https://bugzilla.redhat.com/show_bug.cgi?id=1185621
  [ 5 ] Bug #1186072 - SELinux is preventing /usr/sbin/upsmon from 'read' accesses on the chr_file random.
        https://bugzilla.redhat.com/show_bug.cgi?id=1186072
  [ 6 ] Bug #1187723 - SELinux is preventing /usr/bin/polipo from 'name_connect' accesses on the tcp_socket port 35651.
        https://bugzilla.redhat.com/show_bug.cgi?id=1187723
  [ 7 ] Bug #1187975 - SELinux blocks LightDM VNC server
        https://bugzilla.redhat.com/show_bug.cgi?id=1187975
  [ 8 ] Bug #1187981 - SELinux is preventing souphttpsrc0:sr from 'name_connect' accesses on the tcp_socket port 80.
        https://bugzilla.redhat.com/show_bug.cgi?id=1187981
  [ 9 ] Bug #1189382 - SELinux is preventing /usr/bin/systemctl from using the 'sys_resource' capabilities.
        https://bugzilla.redhat.com/show_bug.cgi?id=1189382
--------------------------------------------------------------------------------


================================================================================
 systemd-216-18.fc21 (FEDORA-2015-1763)
 A System and Service Manager
--------------------------------------------------------------------------------
Update Information:

RFE: journal: automatically rotate the file if it is unlinked (#1171719);Add the touchpad hwdb (#1189319)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb  5 2015 Jan Synáček <jsynacek@xxxxxxxxxx> - 216-18
- RFE: journal: automatically rotate the file if it is unlinked (#1171719)
- Add the touchpad hwdb (#1189319)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1171719 - RFE: journal: automatically rotate the file if it is unlinked
        https://bugzilla.redhat.com/show_bug.cgi?id=1171719
  [ 2 ] Bug #1189319 - add the touchpad hwdb
        https://bugzilla.redhat.com/show_bug.cgi?id=1189319
--------------------------------------------------------------------------------


================================================================================
 xorg-x11-drv-synaptics-1.8.1-3.fc21 (FEDORA-2015-1769)
 Xorg X11 Synaptics touchpad input driver
--------------------------------------------------------------------------------
Update Information:

Fix missing bits and bobs for the X1 Carbon quirks (#1189329)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb  5 2015 Peter Hutterer <peter.hutterer@xxxxxxxxxx> 1.8.1-3
- Fix missing bits and bobs for the X1 Carbon quirks (#1189329)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1189329 - xorg-x11-drv-synaptics-1.8.1-2.fc21 patch for new Lenovo touchpads is incorrect
        https://bugzilla.redhat.com/show_bug.cgi?id=1189329
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test





[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux