The following Fedora 21 Security updates need testing: Age URL 64 https://admin.fedoraproject.org/updates/FEDORA-2014-16833/asterisk-11.14.2-1.fc21 59 https://admin.fedoraproject.org/updates/FEDORA-2014-17195/httpd-2.4.10-15.fc21 55 https://admin.fedoraproject.org/updates/FEDORA-2014-17139/aeskulap-0.2.2-0.20beta1.fc21,orthanc-0.8.5-2.fc21,dcmtk-3.6.1-1.fc21 52 https://admin.fedoraproject.org/updates/FEDORA-2014-17567/mapserver-6.2.2-1.fc21 50 https://admin.fedoraproject.org/updates/FEDORA-2014-17635/dokuwiki-0-0.23.20140929b.fc21 39 https://admin.fedoraproject.org/updates/FEDORA-2015-0264/gcab-0.4-7.fc21 33 https://admin.fedoraproject.org/updates/FEDORA-2015-0594/strongswan-5.2.2-1.fc21 32 https://admin.fedoraproject.org/updates/FEDORA-2015-0620/chicken-4.9.0.1-3.fc21 29 https://admin.fedoraproject.org/updates/FEDORA-2015-0754/arc-5.21p-5.fc21 24 https://admin.fedoraproject.org/updates/FEDORA-2015-1023/dump-0.4-0.24.b44.fc21 15 https://admin.fedoraproject.org/updates/FEDORA-2015-1467/openstack-glance-2014.1.3-4.fc21 12 https://admin.fedoraproject.org/updates/FEDORA-2015-1570/qpid-cpp-0.30-9.fc21 8 https://admin.fedoraproject.org/updates/FEDORA-2015-1803/fcgi-2.4.0-26.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-1882/drupal7-path_breadcrumbs-3.2-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2109/tomcat-7.0.59-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2101/drupal7-views-3.10-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2035/unzip-6.0-20.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2087/apache-poi-3.10.1-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2020/file-5.22-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2055/openldap-2.4.40-3.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1943/sox-14.4.1-7.fc21 The following Fedora 21 Critical Path updates have yet to be approved: Age URL 12 https://admin.fedoraproject.org/updates/FEDORA-2015-1597/bind-9.9.6-7.P1.fc21 11 https://admin.fedoraproject.org/updates/FEDORA-2015-1641/perl-version-0.99.12-1.fc21 9 https://admin.fedoraproject.org/updates/FEDORA-2015-1725/perl-Encode-2.70-1.fc21 8 https://admin.fedoraproject.org/updates/FEDORA-2015-1775/libbluray-0.7.0-1.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-1893/evolution-ews-3.12.11-1.fc21,evolution-3.12.11-1.fc21,evolution-data-server-3.12.11-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1947/linux-firmware-20150213-43.git17657c35.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1941/perl-Socket-2.018-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2044/xorg-x11-drv-synaptics-1.8.1-4.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1995/gtk3-3.14.8-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2035/unzip-6.0-20.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2055/openldap-2.4.40-3.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2069/perl-generators-1.03-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2013/firefox-35.0.1-5.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2020/file-5.22-1.fc21 The following builds have been pushed to Fedora 21 updates-testing antimicro-2.11-1.fc21 apache-poi-3.10.1-2.fc21 archlinux-keyring-20150212-1.fc21 autodocksuite-4.2.6-1.fc21 clamtk-5.14-1.fc21 dcraw-9.23.0-1.fc21 drupal7-views-3.10-1.fc21 geomorph-0.60.1-5.fc21 iwyu-0.3-1.fc21 mozilla-requestpolicy-1.0-0.3.20150125git2566d2.fc21 nodejs-dependency-lister-1.0.3-1.fc21 nodejs-split-0.3.3-1.fc21 perl-Bytes-Random-Secure-0.28-1.fc21 perl-Net-Whois-Raw-2.82-1.fc21 python-cclib-1.3.1-1.fc21 python-requests-toolbelt-0.3.1-2.fc21 rpy-2.5.6-1.fc21 synergy-1.6.2-1.fc21 tomcat-7.0.59-1.fc21 vdr-live-0.3.0-18.20150213git6ea279a.fc21 Details about builds: ================================================================================ antimicro-2.11-1.fc21 (FEDORA-2015-2081) Graphical program used to map keyboard buttons and mouse controls to a gamepad -------------------------------------------------------------------------------- Update Information: new upstream release v2.11 -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 13 2015 Jeff Backus <jeff.backus@xxxxxxxxx> - 2.11-1 - new upstream release v2.11 - removed appdata patch, since it has been incorporated by upstream - modified source URL to reference tarball by commit - updated for Qt5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1190722 - antimicro-2.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1190722 -------------------------------------------------------------------------------- ================================================================================ apache-poi-3.10.1-2.fc21 (FEDORA-2015-2087) The Java API for Microsoft Documents -------------------------------------------------------------------------------- Update Information: fix for RHBZ#1138135 (CVE-2014-3574) -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 11 2015 gil cattaneo <puntogil@xxxxxxxxx> 3.10.1-2 - fix for RHBZ#1138135 (CVE-2014-3574) - introduce license macro -------------------------------------------------------------------------------- References: [ 1 ] Bug #1138135 - CVE-2014-3529 apache-poi: XML eXternal Entity (XXE) flaw https://bugzilla.redhat.com/show_bug.cgi?id=1138135 -------------------------------------------------------------------------------- ================================================================================ archlinux-keyring-20150212-1.fc21 (FEDORA-2015-2096) GPG keys used by Arch distribution to sign packages -------------------------------------------------------------------------------- Update Information: Update to latest upstream version. -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 14 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> - 20150212-1 - New upstream release (#1192336). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1192336 - archlinux-keyring-20150212 is available https://bugzilla.redhat.com/show_bug.cgi?id=1192336 -------------------------------------------------------------------------------- ================================================================================ autodocksuite-4.2.6-1.fc21 (FEDORA-2015-2084) AutoDock is a suite of docking tools to study protein-ligand interaction -------------------------------------------------------------------------------- Update Information: Update to 4.2.6 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 12 2015 Mukundan Ragavan <nonamedotc@xxxxxxxxxxxxxxxxx> - 4.2.6-1 - Update to version 4.2.6 - Removed -doc subpackage (user guide removed from src tarball) -------------------------------------------------------------------------------- ================================================================================ clamtk-5.14-1.fc21 (FEDORA-2015-2082) Easy to use graphical user interface for Clam anti virus -------------------------------------------------------------------------------- Update Information: Update to 5.14. -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 14 2015 Dave M. <dave.nerd@xxxxxxxxx> - 5.14-1 - Updated to release 5.14. -------------------------------------------------------------------------------- ================================================================================ dcraw-9.23.0-1.fc21 (FEDORA-2015-2105) Tool for decoding raw image data from digital cameras -------------------------------------------------------------------------------- Update Information: Upstream bugfix and enhancement release with these changes: * Correctly handle Fuji X-Trans images in DNG format. * Copied color matrices from DNG Converter 8.7.1. * Support pre-release Sonys and Canons that lack a proper model name. * Support the Samsung NX1 (yet another compression algorithm). * Read camera white balance in all professional Kodak cameras. * Reduced zippering in Fuji X-Trans interpolation. * Support YCbCr files from the Kodak C330. * Support Hasselblad multi-shot files. * Support the Lenovo A820. * Fixed data errors with Olympus E-M5MarkII HR images. -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 14 2015 Nils Philippsen <nils@xxxxxxxxxx> - 9.23.0-1 - version 9.23.0 -------------------------------------------------------------------------------- ================================================================================ drupal7-views-3.10-1.fc21 (FEDORA-2015-2101) Provides a method for site designers to control content presentation -------------------------------------------------------------------------------- Update Information: - SA-CONTRIB-2015-039 - Views - Multiple vulnerabilities: https://www.drupal.org/node/2424403 - Release notes: https://www.drupal.org/node/2424103 -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 14 2015 Peter Borsa <peter.borsa@xxxxxxxxx> - 3.10-1 - Release 3.10 is a security fix release - Upstream changelog is at https://drupal.org/node/2424103 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1192339 - drupal7-views-3.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1192339 -------------------------------------------------------------------------------- ================================================================================ geomorph-0.60.1-5.fc21 (FEDORA-2015-2079) A height field editor for Linux -------------------------------------------------------------------------------- Update Information: Add appdata and change icon format (xpm to png) -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 14 2015 Didier Fabert <didier.fabert@xxxxxxxxx> 0.60.1-5 - Add appdata and change icon format (xpm to png) -------------------------------------------------------------------------------- ================================================================================ iwyu-0.3-1.fc21 (FEDORA-2015-2102) C/C++ source files #include analyzer based on clang -------------------------------------------------------------------------------- Update Information: Initial release of include-what-you-use -------------------------------------------------------------------------------- References: [ 1 ] Bug #1091659 - Review Request: iwyu - #include analysis tool https://bugzilla.redhat.com/show_bug.cgi?id=1091659 -------------------------------------------------------------------------------- ================================================================================ mozilla-requestpolicy-1.0-0.3.20150125git2566d2.fc21 (FEDORA-2015-2106) Firefox and Seamonkey extension that gives you control over cross-site requests -------------------------------------------------------------------------------- Update Information: - **Update to Beta8.2** -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 27 2015 Antonio Trande <sagitterATfedoraproject.org> - 1.0-0.3.20150125git2566d2 - Update to Beta8.2 - Description modified -------------------------------------------------------------------------------- ================================================================================ nodejs-dependency-lister-1.0.3-1.fc21 (FEDORA-2015-2085) Lists your module's dependencies with URLs and licenses -------------------------------------------------------------------------------- Update Information: update to 1.0.3 upstream release -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 14 2015 Parag Nemade <pnemade AT redhat DOT com> - 1.0.3-1 - update to 1.0.3 upstream release -------------------------------------------------------------------------------- ================================================================================ nodejs-split-0.3.3-1.fc21 (FEDORA-2015-2089) Split a text stream into a line stream -------------------------------------------------------------------------------- Update Information: update to 0.3.3 upstream release -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 12 2015 Parag Nemade <pnemade AT redhat DOT com> - 0.3.3-1 - update to 0.3.3 upstream release -------------------------------------------------------------------------------- ================================================================================ perl-Bytes-Random-Secure-0.28-1.fc21 (FEDORA-2015-2093) Perl extension to generate cryptographically-secure random bytes -------------------------------------------------------------------------------- Update Information: Initial release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1183258 - Review Request: perl-Bytes-Random-Secure - Perl extension to generate cryptographically-secure random bytes https://bugzilla.redhat.com/show_bug.cgi?id=1183258 -------------------------------------------------------------------------------- ================================================================================ perl-Net-Whois-Raw-2.82-1.fc21 (FEDORA-2015-2103) Get Whois information for domains -------------------------------------------------------------------------------- Update Information: New TLDs for .MOSCOW and fix encoding for whois.jprs.jp -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 14 2015 David Dick <ddick@xxxxxxxx> - 2.82-1 - New TLDs for .MOSCOW and fix encoding for whois.jprs.jp -------------------------------------------------------------------------------- References: [ 1 ] Bug #1185331 - perl-Net-Whois-Raw-2.82 is available https://bugzilla.redhat.com/show_bug.cgi?id=1185331 -------------------------------------------------------------------------------- ================================================================================ python-cclib-1.3.1-1.fc21 (FEDORA-2015-2099) A library for processing results of computational chemistry packages -------------------------------------------------------------------------------- Update Information: Update to 1.3.1 -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 14 2015 Mukundan Ragavan <nonamedotc@xxxxxxxxxxxxxxxxx> - 1.3.1-1 - Update to version 1.3.1 * Thu Jan 22 2015 Mukundan Ragavan <nonamedotc@xxxxxxxxxxxxxxxxx> - 1.3-1 - Update to version 1.3 -------------------------------------------------------------------------------- ================================================================================ python-requests-toolbelt-0.3.1-2.fc21 (FEDORA-2015-2092) A utility belt for advanced users of python-requests -------------------------------------------------------------------------------- Update Information: Add missing LICENSE file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1188178 - Review Request: python-requests-toolbelt - A utility belt for advanced users of python-requests https://bugzilla.redhat.com/show_bug.cgi?id=1188178 -------------------------------------------------------------------------------- ================================================================================ rpy-2.5.6-1.fc21 (FEDORA-2015-2098) Python interface to the R language -------------------------------------------------------------------------------- Update Information: Update to latest stable release that fixes several bugs. Some of those bugs are crashes, e.g. possible crash with python 3.4 fixed at version 2.5.4 and when working with (python-)pandas, fixed in this version. -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 13 2015 José Matos <jamatos@xxxxxxxxxxxxxxxxx> - 2.5.6-1 - update to 2.5.6 * Mon Jan 26 2015 David Tardon <dtardon@xxxxxxxxxx> - 2.5.2-2 - rebuild for ICU 54.1 * Fri Nov 28 2014 José Matos <jamatos@xxxxxxxxxxxxxxxxx> - 2.5.2-1 - update to 2.5.2 * Fri Nov 14 2014 José Matos <jamatos@xxxxxxxxxxxxxxxxx> - 2.5.1-1 - update to 2.5.1 - add python3 subpackage -------------------------------------------------------------------------------- ================================================================================ synergy-1.6.2-1.fc21 (FEDORA-2015-2080) Share mouse and keyboard between multiple computers over the network -------------------------------------------------------------------------------- Update Information: Update to 1.6.2 -------------------------------------------------------------------------------- ChangeLog: * Sat Dec 20 2014 Johan Swensson <kupo@xxxxxxx> - 1.6.2-1 - Update to 1.6.2 * Fri Nov 28 2014 Johan Swensson <kupo@xxxxxxx> - 1.6.1-1 - Update to 1.6.1 - BuildRequire avahi-compat-libdns_sd-devel * Sat Aug 23 2014 Johan Swensson <kupo@xxxxxxx> - 1.5.1-1 - Update to 1.5.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1044629 - [RFE] Upgrade synergy to 1.5 https://bugzilla.redhat.com/show_bug.cgi?id=1044629 -------------------------------------------------------------------------------- ================================================================================ tomcat-7.0.59-1.fc21 (FEDORA-2015-2109) Apache Servlet/JSP Engine, RI for Servlet 3.0/JSP 2.2 API -------------------------------------------------------------------------------- Update Information: Updated to 7.0.59 -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 14 2015 Ivan Afonichev <ivan.afonichev@xxxxxxxxx> 0:7.0.59-1 - Updated to 7.0.59 * Sun Nov 16 2014 Ivan Afonichev <ivan.afonichev@xxxxxxxxx> 0:7.0.57-1 - Updated to 7.0.57 - Substitute libnames in catalina-tasks.xml, resolves: rhbz#1126439 - Use CATALINA_OPTS only on start, resolves: rhbz#1051194 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1109196 - CVE-2014-0227 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter https://bugzilla.redhat.com/show_bug.cgi?id=1109196 [ 2 ] Bug #1088342 - CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs https://bugzilla.redhat.com/show_bug.cgi?id=1088342 [ 3 ] Bug #1102030 - CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header https://bugzilla.redhat.com/show_bug.cgi?id=1102030 [ 4 ] Bug #1072776 - CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter https://bugzilla.redhat.com/show_bug.cgi?id=1072776 -------------------------------------------------------------------------------- ================================================================================ vdr-live-0.3.0-18.20150213git6ea279a.fc21 (FEDORA-2015-2083) An interactive web interface for VDR -------------------------------------------------------------------------------- Update Information: rebuild for new git version -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 14 2015 Martin Gansser <martinkg@xxxxxxxxxxxxxxxxx> - 0.3.0-18.20150213git6ea279a - rebuild for new git version * Thu Feb 12 2015 Martin Gansser <martinkg@xxxxxxxxxxxxxxxxx> - 0.3.0-17.20150211git894daa8 - rebuild for new git version - added Fedora %optflags for CFLAGS and CXXFLAGS - cleanup spec file - mark license files as %license where available -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
