The following Fedora 20 Security updates need testing: Age URL 126 https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20 78 https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionpack-4.0.0-5.fc20 77 https://admin.fedoraproject.org/updates/FEDORA-2014-15489/rubygem-sprockets-2.8.2-5.fc20 56 https://admin.fedoraproject.org/updates/FEDORA-2014-16494/mutt-1.5.23-4.fc20 54 https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.fc20 54 https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.2-1.fc20 49 https://admin.fedoraproject.org/updates/FEDORA-2014-17153/httpd-2.4.10-2.fc20 46 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20 42 https://admin.fedoraproject.org/updates/FEDORA-2014-17559/mapserver-6.2.2-1.fc20 40 https://admin.fedoraproject.org/updates/FEDORA-2014-17641/dokuwiki-0-0.23.20140929b.fc20 24 https://admin.fedoraproject.org/updates/FEDORA-2015-0577/strongswan-5.2.2-1.fc20 22 https://admin.fedoraproject.org/updates/FEDORA-2015-0633/chicken-4.9.0.1-3.fc20 19 https://admin.fedoraproject.org/updates/FEDORA-2015-0773/arc-5.21p-5.fc20 16 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.35.rc3.fc20 15 https://admin.fedoraproject.org/updates/FEDORA-2015-1007/dump-0.4-0.24.b44.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2015-1162/community-mysql-5.5.41-1.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2015-1159/jasper-1.900.1-28.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2015-1294/qpid-cpp-0.30-7.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2015-1439/websvn-2.3.3-8.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2015-1354/firefox-35.0.1-3.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2015-1364/mantis-1.2.19-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1263/maradns-2.0.11-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1510/pigz-2.3.3-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-1165/patch-2.7.4-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1648/lcms-1.19-13.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1672/kernel-3.18.5-101.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1728/postgresql-9.3.6-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1699/bugzilla-4.2.13-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1700/puppetlabs-stdlib-4.5.1-2.20150121git7a91f20.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1759/ntp-4.2.6p5-20.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1761/roundcubemail-1.0.5-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1762/perl-Gtk2-1.2495-1.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 16 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.35.rc3.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2015-1095/perl-Filter-1.54-1.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2015-1159/jasper-1.900.1-28.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2015-1214/hwdata-0.274-2.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2015-1285/polkit-0.112-7.fc20.1 6 https://admin.fedoraproject.org/updates/FEDORA-2015-1425/perl-Getopt-Long-2.43-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2015-1434/perl-Pod-Simple-3.29-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2015-1448/koji-1.9.0-10.fc20.gitcd45e886 6 https://admin.fedoraproject.org/updates/FEDORA-2015-1384/cairo-1.14.0-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2015-1423/amor-14.12.1-1.fc20,ark-14.12.1-1.fc20,audiocd-kio-14.12.1-1.fc20,blinken-14.12.1-1.fc20,cantor-14.12.1-1.fc20,dragon-14.12.1-1.fc20,filelight-14.12.1-1.fc20,jovie-14.12.1-2.fc20,juk-14.12.1-1.fc20,kaccessible-14.12.1-1.fc20,kalzium-14.12.1-1.fc20,kamera-14.12.1-1.fc20,kanagram-4.14.3-3.fc20,kbruch-14.12.1-1.fc20,kcalc-14.12.1-1.fc20,kcharselect-14.12.1-1.fc20,kcolorchooser-14.12.1-1.fc20,kcron-14.12.1-2.fc20,kdeartwork-14.12.1-1.fc20,kde-baseapps-14.12.1-1.fc20,kde-base-artwork-14.12.1-1.fc20,kdegraphics-mobipocket-14.12.1-1.fc20,kdegraphics-strigi-analyzer-14.12.1-1.fc20,kdegraphics-thumbnailers-14.12.1-1.fc20,kdelibs-4.14.4-2.fc20,kdenetwork-filesharing-14.12.1-1.fc20,kdenetwork-strigi-analyzers-14.12.1-1.fc20,kdepim-4.14.4-2.fc20,kdepimlibs-4.14.4-1.fc20,kdepim-runtime-4.14.4-1.fc20,kdeplasma-addons-4.14.3-3.fc20,kde-runtime-14.12.1-2.fc20,kde-wallpapers-14.12.1-1.fc20,kdf-14.12.1-1.fc20,kdnssd-14.12.1-1.fc20,kfloppy-14.12.1-1.fc20,kgamma-14.12.1-1.fc20,kgeography-14.12.1-1.fc20,kget-14.12.1-1.fc20,kgpg-14.12.1-1.fc20,khangman-4.14.3-3.fc20,kiten-14.12.1-1.fc20,klettres-14.12.1-1.fc20,kmag-14.12.1-1.fc20,kmousetool-14.12.1-1.fc20,kmouth-14.12.1-1.fc20,kmplot-14.12.1-1.fc20,kolourpaint-14.12.1-1.fc20,kopete-14.12.1-1.fc20,kppp-14.12.1-1.fc20,kqtquickcharts-14.12.1-1.fc20,krdc-14.12.1-1.fc20,kremotecontrol-14.12.1-1.fc20,krfb-14.12.1-1.fc20,kruler-14.12.1-1.fc20,ksaneplugin-14.12.1-1.fc20,kscd-14.12.1-1.fc20,ksnapshot-14.12.1-1.fc20,kstars-14.12.1-1.fc20,ksystemlog-14.12.1-2.fc20,kteatime-14.12.1-1.fc20,ktimer-14.12.1-1.fc20,ktouch-14.12.1-1.fc20,kturtle-14.12.1-1.fc20,ktux-14.12.1-1.fc20,kuser-14.12.1-2.fc20,kwalletmanager-14.12.1-1.fc20,kwordquiz-14.12.1-1.fc20,libkcddb-14.12.1-1.fc20,libkcompactdisc-14.12.1-1.fc20,libkdcraw-14.12.1-1.fc20,libkdeedu-14.12.1-3.fc20,libkexiv2-14.12.1-1.fc20,libkipi-14.12.1-1.fc20,libksane-14.12.1-1.fc20,marble-14.12.1-1.fc20,oxygen-icon-theme-14.12.1-1.fc20,pairs-14.12.1-1.fc20,rocs-14.12.1-2.fc20,step-14.12.1-1.fc2 0,superkaramba-14.12.1-1.fc20,svgpart-14.12.1-1.fc20,sweeper-14.12.1-1.fc20,calligra-2.8.7-4.fc20,digikam-4.6.0-1.fc20.1,kdeedu-data-14.12.1-3.fc20,kde-workspace-4.11.15-3.fc20,kphotoalbum-4.5-4.fc20,subsurface-4.3-1.fc20.1 6 https://admin.fedoraproject.org/updates/FEDORA-2015-1420/zip-3.0-10.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2015-1398/selinux-policy-3.12.1-197.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-1525/nss-util-3.17.4-1.fc20,nss-softokn-3.17.4-1.fc20,nss-3.17.4-1.fc20,nspr-4.10.8-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-1528/xorg-x11-server-1.14.4-14.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-1165/patch-2.7.4-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2015-1604/crda-1.1.3_2015.01.30-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2015-1606/ibus-1.5.9-9.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1635/highlight-3.21-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1615/sqlite-3.8.8-2.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1648/lcms-1.19-13.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1753/systemd-208-30.fc20 The following builds have been pushed to Fedora 20 updates-testing 389-ds-base-1.3.2.26-1.fc20 389-ds-console-1.2.9-1.fc20 RackTables-0.20.10-1.fc20 claws-mail-3.11.1-6.fc20 dovecot-2.2.15-3.fc20 fdm-1.8-1.fc20 gammaray-2.2.1-3.fc20 idm-console-framework-1.1.9-2.fc20 kf5-kguiaddons-5.6.0-2.fc20 minised-1.15-1.fc20 ntp-4.2.6p5-20.fc20 open-vm-tools-9.4.6-6.fc20 perl-Gtk2-1.2495-1.fc20 pgp-tools-1.1.12-2.fc20 postgresql-9.3.6-1.fc20 python-paho-mqtt-1.1-1.fc20 python-sphinx-1.1.3-12.fc20 roundcubemail-1.0.5-1.fc20 rubygem-isolate-3.3.1-1.fc20 s3cmd-1.5.1.2-4.fc20 systemd-208-30.fc20 Details about builds: ================================================================================ 389-ds-base-1.3.2.26-1.fc20 (FEDORA-2015-1771) 389 Directory Server (base) -------------------------------------------------------------------------------- Update Information: release 1.3.2.26 -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 4 2015 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.3.2.26-1 - bump version to 1.3.2.26 - Ticket 48001 - ns-activate.pl fails to activate account if it was disabled on AD - Ticket 47963 - memberof skip nested groups breaks the plugin * Wed Jan 28 2015 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.3.2.25-1 - Bump version to 1.3.2.25 - Ticket 47996 - ldclt needs to support SSL Version range - Ticket 47991 - upgrade script fails if /etc and /var are on different file systems - Ticket 47989 - Windows Sync accidentally cleared raw_entry - Ticket 47964 - v2 - Incorrect search result after replacing an empty attribute - Ticket 47934 - nsslapd-db-locks modify not taking into account. - Ticket 47617 - replication changelog trimming setting validation - Ticket 47905 - Bad manipulation of passwordhistory - Ticket 47973 - During schema reload sometimes the search returns no results - Ticket 47659 - ldbm_usn_init: Valgrind reports Invalid read / SIGSEGV - Ticket 47880 - provide enabled ciphers as search result - Ticket 47945 - Add SSL/TLS version info to the access log - Ticket 47928 - Disable SSL v3, by default [389-ds-base-1.2.11 only] - Ticket 47949 - logconv.pl -- support parsing/showing/reporting different protocol versions - Ticket 47981 - COS cache doesn't properly mark vattr cache as invalid when there are multiple suffixes - Ticket 47980 - Nested COS definitions can be incorrectly processed - Ticket 47750 - During delete operation do not refresh cache entry if it is a tombstone - Ticket 47965 - Fix coverity issues (2014/12/16) - Ticket 47935 - Error: failed to open an LDAP connection to host 'example.org' port '389' as user 'cn=Directory Manager'. Error: unknown. - Ticket 47750 - Need to refresh cache entry after called betxn postop plugins - Ticket 47942: DS hangs during online total update - Ticket 47722 - Using the filter file does not work - Ticket 47965 - Fix coverity issues (2014/11/24) - Ticket 47969 - Fix coverity issue - Ticket 47970 - add lib389 testcase - Ticket 47970 - Account lockout attributes incorrectly updated after failed SASL Bind - Ticket 47969 - COS memory leak when rebuilding the cache - Ticket 47967 - cos_cache_build_definition_list does not stop during server shutdown - Ticket 47963 - skip nested groups breaks memberof fixup task - Ticket 47963 - RFE - memberOf - add option to skip nested group lookups during delete operations - Ticket 47950 - Bind DN tracking unable to write to internalModifiersName without special permissions - Ticket 47958 - Memory leak in password admin if the admin entry does not exist - Ticket 47952 - PasswordAdminDN attribute is not properly returned to client - Ticket 47953 - Should not check aci syntax when deleting an aci - Ticket 47948 - ldap_sasl_bind fails assertion (ld != NULL) if it is called from chainingdb_bind over SSL/startTLS - Ticket 47937 - Crash in entry_add_present_values_wsi_multi_valued * Fri Oct 10 2014 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.3.2.24-1 - Release 1.3.2.24 - Ticket 47922 - dynamically added macro aci is not evaluated on the fly - Ticket 47897 - Need to move slapi_pblock_set(pb, SLAPI_MODRDN_EXISTING_ENTRY, original_entry->ep_entry) prior to original_entry overwritten - Ticket 47920 - Encoding of SearchResultEntry is missing tag - Ticket 47919 - ldbm_back_modify SLAPI_PLUGIN_BE_PRE_MODIFY_FN does not return even if one of the preop plugins fails. - Ticket 47918 - result of dna_dn_is_shared_config is incorrectly used - Ticket 47900 - Server fails to start if password admin is set - Ticket 47750 - Creating a glue fails if one above level is a conflict or missing - Ticket 47900 - Adding an entry with an invalid password as rootDN is incorrectly rejected - Ticket 47907 - ldclt: assertion failure with -e "add,counteach" -e "object=<ldif file>,rdn=uid:test[A=INCRNNOLOOP(0;24 - Ticket 47889 - DS crashed during ipa-server-install on test_ava_filter - Ticket 47885 - did not always return a response control - Ticket 47834 - Tombstone_to_glue: if parents are also converted to glue, the target entry's DN must be adjusted. - Ticket 47748 - Simultaneous adding a user and binding as the user could fail in the password policy check - Ticket 47875 - dirsrv not running with old openldap - Ticket 47875 - dirsrv not running with old openldap - Ticket 47885 - deref plugin should not return references with noc access rights - Ticket 47457 - default nsslapd-sasl-max-buffer-size should be 2MB -------------------------------------------------------------------------------- ================================================================================ 389-ds-console-1.2.9-1.fc20 (FEDORA-2015-1744) 389 Directory Server Management Console -------------------------------------------------------------------------------- Update Information: release 1.2.9 -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 4 2015 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.2.9-1 - Bumped version to 1.2.9 - Bug 1184175 - DS Console always sets nsSSL3 to "on" when a securty setting is adjusted (DS 47994) - Bug 916045 - RFE: Winsync loses connection with AD objects when they move from the console. (#47380) - Bug 1173281 - DS console - right clicking an object does not select that object (#135) - Bug 1134688 - DS Console does not correctly disable SSL (#47887) - Bug 963254 - DS instance cannot be restored from remote console (#47485) - Ticket 47886 - DS Console - mouse wheel speed very slow - Bug 758983 - DS Console should timeout when mismatched port and protocol combination is chosen (#176) - Bug 1173283 - DS Console - java exception when refreshing schema (#47883) - Bug 1173284 - Window too large for Manage password policy (#96) * Fri Jun 6 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2.7-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ RackTables-0.20.10-1.fc20 (FEDORA-2015-1770) A data-center asset management system -------------------------------------------------------------------------------- Update Information: Rebase to v0.20.10 Rebase to 0.20.9 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Colin Coe <colin.coe@xxxxxxxxx> - 0.20.10-1 - Rebase to v0.20.10 * Fri Jan 16 2015 Colin Coe <colin.coe@xxxxxxxxx> - 0.20.9-1 - Rebase to v0.20.9 * Fri Jun 6 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.20.4-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1186291 - RackTables-0.20.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1186291 [ 2 ] Bug #977277 - RackTables-0.20.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=977277 -------------------------------------------------------------------------------- ================================================================================ claws-mail-3.11.1-6.fc20 (FEDORA-2015-1721) Email client and news reader based on GTK+ -------------------------------------------------------------------------------- Update Information: Fix crash in clamav plugin dialog Add workaround for crashes in gtk_cmctree Add workaround for crashes in gtk_cmctree -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 4 2015 Andreas Bierfert <andreas.bierfert@xxxxxxxxxxxxx> - 3.11.1-6 - fix clamav preferences crash (rhbz#118891, rhbz#118774) * Tue Feb 3 2015 Andreas Bierfert <andreas.bierfert@xxxxxxxxxxxxx> - 3.11.1-5 - enable gdata plugin on epel * Tue Feb 3 2015 Andreas Bierfert <andreas.bierfert@xxxxxxxxxxxxx> - 3.11.1-4 - workaround for crashes in gtk_cmctree (rhbz#1172963, rhbz#1165158) - enable tnef plugin on epel - disable bsfilter plugin on epel -------------------------------------------------------------------------------- References: [ 1 ] Bug #1187744 - [abrt] claws-mail: g_type_check_instance_cast(): claws-mail killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1187744 [ 2 ] Bug #1172963 - [abrt] claws-mail: gtk_cmctree_node_get_row_data(): claws-mail killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1172963 [ 3 ] Bug #1188919 - [abrt] claws-mail: g_type_check_instance_cast(): claws-mail killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1188919 [ 4 ] Bug #1165158 - [abrt] claws-mail: gtk_cmctree_is_viewable(): claws-mail killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1165158 -------------------------------------------------------------------------------- ================================================================================ dovecot-2.2.15-3.fc20 (FEDORA-2015-1730) Secure imap and pop3 server -------------------------------------------------------------------------------- Update Information: fixes mbox istream crashes - fix crash related to logging BYE notifications (#1176282) - update pigeonhole to 0.4.6 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 1:2.2.15-3 - fix mbox istream crashes (#1189198, #1186504) * Mon Jan 5 2015 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 1:2.2.15-2 - fix crash related to logging BYE notifications (#1176282) - update pigeonhole to 0.4.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1176282 - [abrt] dovecot: strlen(): log killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1176282 [ 2 ] Bug #1189198 - dovecot IMAP crashes on mbox files https://bugzilla.redhat.com/show_bug.cgi?id=1189198 [ 3 ] Bug #1186504 - [abrt] dovecot: default_fatal_finish(): imap killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1186504 -------------------------------------------------------------------------------- ================================================================================ fdm-1.8-1.fc20 (FEDORA-2015-1729) A simple lightweight tool of fetching, filtering and delivering emails -------------------------------------------------------------------------------- Update Information: Update to 1.8 -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 28 2015 Christopher Meng <rpm@xxxxxxxx> - 1.8-1 - Update to 1.8 -------------------------------------------------------------------------------- ================================================================================ gammaray-2.2.1-3.fc20 (FEDORA-2015-1742) A tool for examining internals of Qt applications -------------------------------------------------------------------------------- Update Information: Update to 2.2.1 - default to Qt 5 build - split probes to -qt5 and -qt4 subpackages -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 3 2015 Daniel Vrátil <dvratil@xxxxxxxxxx> - 2.2.1-3 - fix typo * Tue Feb 3 2015 Daniel Vrátil <dvratil@xxxxxxxxxx> - 2.2.1-2 - drop ambiguous BuildArch * Tue Feb 3 2015 Daniel Vrátil <dvratil@xxxxxxxxxx> - 2.2.1-1 - Update to 2.2.1 - Default to Qt 5 build now - Provide probes for Qt 5 and Qt 4 in -qt5 and -qt4 subpackages * Wed Jan 7 2015 Orion Poplawski <orion@xxxxxxxxxxxxx> - 2.1.1-2 - Rebuild for hdf5 1.8.4 -------------------------------------------------------------------------------- ================================================================================ idm-console-framework-1.1.9-2.fc20 (FEDORA-2015-1737) Identity Management Console Framework -------------------------------------------------------------------------------- Update Information: release 1.1.9 -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 4 2015 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.1.9-2 - Fixed broken "create symlinks" in 'install'. * Wed Feb 4 2015 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.1.9-1 - Bump version to 1.1.9 - Ticket 47929 - idm-console-framework - set default min to tls1.0 - Ticket 47946 - ACI's are replaced by "ACI_ALL" after editing group of ACI's including invalid one - Ticket 47929 - Console - add tls1.1 support - Ticket 47472 - Entries cannot be highlighted in the "Edit Aci" Rights panel - Ticket 47364 - Console does not support passwords containing 8-bit characters - Ticket 47604 - idm-console-framework: remove versioned jars from /usr/share/java - Ticket 47480 - Admin Console "server restart dialog" disppears after clicking OK - Ticket 47467 - Improve CRL import dialog text - Ticket 362 - Directory Console generates insufficient key strength - Bug 1022104 - Remove versioned jarfiles from _javadir -------------------------------------------------------------------------------- ================================================================================ kf5-kguiaddons-5.6.0-2.fc20 (FEDORA-2015-1732) KDE Frameworks 5 Tier 1 addon with various classes on top of QtGui -------------------------------------------------------------------------------- Update Information: BR qt5-qtx11extras-devel -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Daniel Vrátil <dvratil@xxxxxxxxxx> - 5.6.0-2 - BR qt5-qtx11extras-devel -------------------------------------------------------------------------------- ================================================================================ minised-1.15-1.fc20 (FEDORA-2015-1773) A smaller, cheaper, faster SED implementation -------------------------------------------------------------------------------- Update Information: The 1.15 version fixes some Kleene star operator relates bugs and includes some code cleanups. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 20 2015 Christopher Meng <rpm@xxxxxxxx> - 1.15-1 - Update to 1.15 * Wed Apr 2 2014 Christopher Meng <rpm@xxxxxxxx> - 1.14-4 - Fix for building with -Werror=format-security. - SPEC cleanup. - Harden the build. - Insert LDFLAGS during building. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1150999 - minised-1.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=1150999 -------------------------------------------------------------------------------- ================================================================================ ntp-4.2.6p5-20.fc20 (FEDORA-2015-1759) The NTP daemon and utilities -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2014-9297, CVE-2014-9298 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Miroslav Lichvar <mlichvar@xxxxxxxxxx> 4.2.6p5-20 - validate lengths of values in extension fields (CVE-2014-9297) - drop packets with spoofed source address ::1 (CVE-2014-9298) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1184572 - CVE-2014-9298 ntp: drop packets with source address ::1 https://bugzilla.redhat.com/show_bug.cgi?id=1184572 [ 2 ] Bug #1184573 - CVE-2014-9297 ntp: vallen in extension fields are not validated https://bugzilla.redhat.com/show_bug.cgi?id=1184573 -------------------------------------------------------------------------------- ================================================================================ open-vm-tools-9.4.6-6.fc20 (FEDORA-2015-1747) Open Virtual Machine Tools for virtual machines hosted on VMware -------------------------------------------------------------------------------- Update Information: This update fixes the missing NetIpRouteConfigInfo (BZ#1189295). -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 4 2015 Ravindra Kumar <ravindrakumar@xxxxxxxxxx> - 9.4.6-6 - Added a patch for missing NetIpRouteConfigInfo (BZ#1189295) * Mon Jan 26 2015 David Tardon <dtardon@xxxxxxxxxx> - 9.4.6-5 - rebuild for ICU 54.1 * Wed Sep 24 2014 Simone Caronni <negativo17@xxxxxxxxx> - 9.4.6-4 - Rebuild for new procps-ng version. * Tue Aug 26 2014 David Tardon <dtardon@xxxxxxxxxx> - 9.4.6-3 - rebuild for ICU 53.1 * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 9.4.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1189295 - open-vm-tools does not report NetIpRouteConfigInfo to vSphere APIs https://bugzilla.redhat.com/show_bug.cgi?id=1189295 -------------------------------------------------------------------------------- ================================================================================ perl-Gtk2-1.2495-1.fc20 (FEDORA-2015-1762) Perl interface to the 2.x series of the Gimp Toolkit library -------------------------------------------------------------------------------- Update Information: Update to 1.2495 to resolve an incorrect memory management issue in Gtk2::Gdk::Display::list_devices, which can potentially lead to arbitrary code execution. -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 4 2015 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.2495-1 - update to 1.2495 * Mon Jan 5 2015 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.2494-1 - update to 1.2494 * Wed Dec 10 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.2493-1 - update to 1.2493 * Mon Sep 1 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.2492-3 - Perl 5.20 rebuild * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2492-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Tue Jul 8 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.2492-1 - update to 1.2492 * Tue Jun 24 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.2491-1 - update to 1.2491 * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.249-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu Dec 12 2013 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.249-1 - update to 1.249 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1188219 - perl-Gtk2: incorrect memory management in Gtk2::Gdk::Display::list_devices https://bugzilla.redhat.com/show_bug.cgi?id=1188219 -------------------------------------------------------------------------------- ================================================================================ pgp-tools-1.1.12-2.fc20 (FEDORA-2015-1727) Collection of several utilities related to OpenPGP -------------------------------------------------------------------------------- Update Information: New upstream release with bugfixes Minor bugfixing release from upstream. -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 4 2015 Jochen Schmitt <Jochen herr-schmitt de> - 1.1.12-2 - New upstream release * Wed Jan 21 2015 Jochen Schmitt <Jochen herr-schmitt de> - 1.1.10-2 - Fix dependency issue agains perl(for) (#1184547) * Sat Jan 10 2015 Jochen Schmitt <Jochen herr-schmitt de> - 1.1.10-1 - New upstream release * Sun Dec 7 2014 Jochen Schmitt <Jochen herr-schmitt de> - 1.1.5-7 - Add reference to 'signing-party' in the package description (#1171393) -------------------------------------------------------------------------------- ================================================================================ postgresql-9.3.6-1.fc20 (FEDORA-2015-1728) PostgreSQL client programs -------------------------------------------------------------------------------- Update Information: update to 9.3.6 per release notes http://www.postgresql.org/docs/9.3/static/release-9-3-6.html, CVE-2015-0241, CVE-2015-0242, CVE-2015-0243, CVE-2015-0244 -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 4 2015 Pavel Raiskup <praiskup@xxxxxxxxxx> - 9.3.6-1 - update to 9.3.6 per release notes http://www.postgresql.org/docs/9.3/static/release-9-3-6.html -------------------------------------------------------------------------------- ================================================================================ python-paho-mqtt-1.1-1.fc20 (FEDORA-2015-1731) A Python MQTT version 3.1/3.1.1 client class -------------------------------------------------------------------------------- Update Information: Update to new upstream version 1.1 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 1.1-1 - Update to new upstream version 1.1 -------------------------------------------------------------------------------- ================================================================================ python-sphinx-1.1.3-12.fc20 (FEDORA-2015-1752) Python documentation generator -------------------------------------------------------------------------------- Update Information: - Complete LaTeX builder deps - Make test output verbose - Add BRs needed to enable all tests -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Michel Alexandre Salim <salimma@xxxxxxxxxxxxxxxxx> - 1.1.3-12 - Complete LaTeX builder deps (fixes bz#882166) - Make test output verbose - Add BRs needed to enable all tests * Tue Feb 3 2015 Michel Alexandre Salim <salimma@xxxxxxxxxxxxxxxxx> - 1.1.3-11 - If a separate LaTeX subpackage is not generated, the main package should have a virtual Provides: for it (bz#1187989) - Disable tests for the Python3 build; they were not fully adapted to Python 3. The tests previously passed because they were accidentally run using Python 2. * Tue Jan 27 2015 Michel Alexandre Salim <salimma@xxxxxxxxxxxxxxxxx> - 1.1.3-10 - Clean up python3-sphinx's locale files, they ended up in the python2 package. Share the locale files in /usr/share instead -------------------------------------------------------------------------------- References: [ 1 ] Bug #882166 - make latex does not work out of the box https://bugzilla.redhat.com/show_bug.cgi?id=882166 [ 2 ] Bug #1148845 - "make latexpdf" fails with a pristine sphinx project (texlive issues?) https://bugzilla.redhat.com/show_bug.cgi?id=1148845 [ 3 ] Bug #1148037 - python-sphinx contains python3 files https://bugzilla.redhat.com/show_bug.cgi?id=1148037 -------------------------------------------------------------------------------- ================================================================================ roundcubemail-1.0.5-1.fc20 (FEDORA-2015-1761) Round Cube Webmail is a browser-based multilingual IMAP client -------------------------------------------------------------------------------- Update Information: Cross-site scripting vulnerability has been fixed in Roundcube 1.0.5 version. http://roundcube.net/news/2015/01/24/security-update-1.0.5/ http://trac.roundcube.net/wiki/Changelog#RELEASE1.0.5 http://trac.roundcube.net/ticket/1490227 CVE request: http://www.openwall.com/lists/oss-security/2015/01/31/3 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Jon Ciesla <limburgher@xxxxxxxxx> - 1.0.5-1 - Fix for security issues. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1188203 - CVE-2015-1433 roundcubemail: crooss-site scripting in style attribute handling [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1188203 [ 2 ] Bug #1188202 - CVE-2015-1433 roundcubemail: crooss-site scripting in style attribute handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1188202 -------------------------------------------------------------------------------- ================================================================================ rubygem-isolate-3.3.1-1.fc20 (FEDORA-2015-1724) Very simple RubyGems sandbox -------------------------------------------------------------------------------- Update Information: New version 3.3.1 is released. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 3.3.1-1 - 3.3.1 * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.2.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ s3cmd-1.5.1.2-4.fc20 (FEDORA-2015-1746) Tool for accessing Amazon Simple Storage Service -------------------------------------------------------------------------------- Update Information: upstream 1.5.1.2, mostly bug fixes upstream 1.5.0 final upstream 1.5.0-rc1 upstream 1.5.0-beta1 plus even newer upstream fixes upstream 1.5.0-beta1 plus newer upstream fixes -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 4 2015 Matt Domsch <mdomsch@xxxxxxxxxxxxxxxxx> - 1.5.1.2-4 - upstream 1.5.1.2, mostly bug fixes - remove ez_setup, add dependency on python-setuptools * Mon Jan 12 2015 Matt Domsch <mdomsch@xxxxxxxxxxxxxxxxx> - 1.5.0-1 - upstream 1.5.0 final * Tue Jul 1 2014 Matt Domsch <mdomsch@xxxxxxxxxxxxxxxxx> - 1.5.0-0.7.rc1 - put back dropped dist tag * Tue Jul 1 2014 Matt Domsch <mdomsch@xxxxxxxxxxxxxxxxx> - 1.5.0-0.6.rc1 - upstream 1.5.0-rc1 * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.5.0-0.5.gitb196faa5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sun Mar 23 2014 Matt Domsch <mdomsch@xxxxxxxxxxxxxxxxx> - 1.5.0-0.4.git - upstream 1.5.0-beta1 plus even newer upstream fixes * Sun Feb 2 2014 Matt Domsch <mdomsch@xxxxxxxxxxxxxxxxx> - 1.5.0-0.3.git - upstream 1.5.0-beta1 plus newer upstream fixes -------------------------------------------------------------------------------- ================================================================================ systemd-208-30.fc20 (FEDORA-2015-1753) A System and Service Manager -------------------------------------------------------------------------------- Update Information: RFE: journal: automatically rotate the file if it is unlinked (#1171719); Add a touchpad hwdb (#1189319) -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 5 2015 Jan Synáček <jsynacek@xxxxxxxxxx> - 208-30 - RFE: journal: automatically rotate the file if it is unlinked (#1171719) - Add a touchpad hwdb (#1189319) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1171719 - RFE: journal: automatically rotate the file if it is unlinked https://bugzilla.redhat.com/show_bug.cgi?id=1171719 [ 2 ] Bug #1189319 - add the touchpad hwdb https://bugzilla.redhat.com/show_bug.cgi?id=1189319 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
