The following Fedora 20 Security updates need testing: Age URL 138 https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20 90 https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionpack-4.0.0-5.fc20 66 https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.fc20 66 https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.2-1.fc20 61 https://admin.fedoraproject.org/updates/FEDORA-2014-17153/httpd-2.4.10-2.fc20 58 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20 55 https://admin.fedoraproject.org/updates/FEDORA-2014-17559/mapserver-6.2.2-1.fc20 52 https://admin.fedoraproject.org/updates/FEDORA-2014-17641/dokuwiki-0-0.23.20140929b.fc20 36 https://admin.fedoraproject.org/updates/FEDORA-2015-0577/strongswan-5.2.2-1.fc20 34 https://admin.fedoraproject.org/updates/FEDORA-2015-0633/chicken-4.9.0.1-3.fc20 32 https://admin.fedoraproject.org/updates/FEDORA-2015-0773/arc-5.21p-5.fc20 28 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.35.rc3.fc20 27 https://admin.fedoraproject.org/updates/FEDORA-2015-1007/dump-0.4-0.24.b44.fc20 15 https://admin.fedoraproject.org/updates/FEDORA-2015-1165/patch-2.7.4-1.fc20 13 https://admin.fedoraproject.org/updates/FEDORA-2015-1648/lcms-1.19-13.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2015-1790/fcgi-2.4.0-26.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2015-1871/qpid-cpp-0.30-8.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-1993/unzip-6.0-17.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2060/dbus-1.6.30-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-1936/drupal6-views-2.18-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2015-2104/drupal7-views-3.10-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2015-2090/apache-poi-3.10.1-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2216/freetype-2.5.0-9.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2134/librsvg2-2.40.7-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2152/cups-1.7.5-12.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2223/libhtp-0.5.6-3.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 28 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.35.rc3.fc20 13 https://admin.fedoraproject.org/updates/FEDORA-2015-1635/highlight-3.21-1.fc20 13 https://admin.fedoraproject.org/updates/FEDORA-2015-1648/lcms-1.19-13.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2015-1822/libbluray-0.7.0-1.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2015-1846/libdvdread-5.0.2-1.fc20,libdvdnav-5.0.3-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1901/ibus-1.5.9-10.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2034/perl-5.18.4-292.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2046/linux-firmware-20150213-43.git17657c35.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-1998/perl-Socket-2.018-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-1993/unzip-6.0-17.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2060/dbus-1.6.30-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2216/freetype-2.5.0-9.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2134/librsvg2-2.40.7-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2152/cups-1.7.5-12.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2191/abrt-2.2.2-2.fc20,libreport-2.2.3-3.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2121/perl-Pod-Usage-1.65-1.fc20 The following builds have been pushed to Fedora 20 updates-testing bugwarrior-1.1.1-1.fc20 freetype-2.5.0-9.fc20 globus-ftp-client-8.19-1.fc20 globus-xio-5.7-1.fc20 haproxy-1.5.11-3.fc20 ldns-1.6.17-9.fc20 libhtp-0.5.6-3.fc20 profile-sync-daemon-5.68-1.fc20 python-taskw-1.0.3-1.fc20 reposurgeon-3.19-1.fc20 task-2.4.1-1.fc20 tellico-2.3.10-1.fc20 Details about builds: ================================================================================ bugwarrior-1.1.1-1.fc20 (FEDORA-2015-2215) Sync github, bitbucket, and trac issues with taskwarrior -------------------------------------------------------------------------------- Update Information: Typofixes. Compatibility with task-2.4.1. -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 17 2015 Ralph Bean <rbean@xxxxxxxxxx> - 1.1.1-1 - new version * Tue Feb 17 2015 Ralph Bean <rbean@xxxxxxxxxx> - 1.1.0-1 - new version - new bugwarrior-uda command -------------------------------------------------------------------------------- ================================================================================ freetype-2.5.0-9.fc20 (FEDORA-2015-2216) A free and portable font rendering engine -------------------------------------------------------------------------------- Update Information: This update fixes several security issues. -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 17 2015 Marek Kasik <mkasik@xxxxxxxxxx> - 2.5.0-9 - Fixes CVE-2014-9656 - Check `p' before `num_glyphs'. - Fixes CVE-2014-9657 - Check minimum size of `record_size'. - Fixes CVE-2014-9658 - Use correct value for minimum table length test. - Fixes CVE-2014-9675 - New macro that checks one character more than `strncmp'. - Fixes CVE-2014-9660 - Check `_BDF_GLYPH_BITS'. - Fixes CVE-2014-9661 - Initialize `face->ttf_size'. - Always set `face->ttf_size' directly. - Exclusively use the `truetype' font driver for loading the font contained in the `sfnts' array. - Fixes CVE-2014-9662 - Handle return values of point allocation routines. - Fixes CVE-2014-9663 - Fix order of validity tests. - Fixes CVE-2014-9664 - Add another boundary testing. - Fix boundary testing. - Fixes CVE-2014-9666 - Protect against addition and multiplication overflow. - Fixes CVE-2014-9667 - Protect against addition overflow. - Fixes CVE-2014-9669 - Protect against overflow in additions and multiplications. - Fixes CVE-2014-9670 - Add sanity checks for row and column values. - Fixes CVE-2014-9671 - Check `size' and `offset' values. - Fixes CVE-2014-9672 - Prevent a buffer overrun caused by a font including too many (> 63) strings to store names[] table. - Fixes CVE-2014-9673 - Fix integer overflow by a broken POST table in resource-fork. - Fixes CVE-2014-9674 - Fix integer overflow by a broken POST table in resource-fork. - Additional overflow check in the summation of POST fragment lengths. - Resolves: #1191099, #1191191, #1191193 * Wed Dec 17 2014 Marek Kasik <mkasik@xxxxxxxxxx> - 2.5.0-8 - Fix of URL of the bug #1172634 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1191192 - CVE-2014-9675 freetype: bypass the ASLR protection mechanism via a crafted BDF font https://bugzilla.redhat.com/show_bug.cgi?id=1191192 [ 2 ] Bug #1191078 - CVE-2014-9656 freetype: integer overflow in the tt_sbit_decoder_load_image function in sfnt/ttsbit.c https://bugzilla.redhat.com/show_bug.cgi?id=1191078 [ 3 ] Bug #1191079 - CVE-2014-9657 freetype: DoS in the tt_face_load_hdmx function in truetype/ttpload.c https://bugzilla.redhat.com/show_bug.cgi?id=1191079 [ 4 ] Bug #1191080 - CVE-2014-9658 freetype: DoS in the tt_face_load_kern function in sfnt/ttkern.c https://bugzilla.redhat.com/show_bug.cgi?id=1191080 [ 5 ] Bug #1191081 - CVE-2014-9659 freetype: stack-based buffer overflow in cff/cf2intrp.c in the CFF CharString interpreter https://bugzilla.redhat.com/show_bug.cgi?id=1191081 [ 6 ] Bug #1191082 - CVE-2014-9660 freetype: NULL pointer dereference in the _bdf_parse_glyphs function in bdf/bdflib.c https://bugzilla.redhat.com/show_bug.cgi?id=1191082 [ 7 ] Bug #1191083 - CVE-2014-9661 freetype: use-after-free in type42/t42parse.c https://bugzilla.redhat.com/show_bug.cgi?id=1191083 [ 8 ] Bug #1191084 - CVE-2014-9662 freetype: heap-based buffer overflow in cff/cf2ft.c https://bugzilla.redhat.com/show_bug.cgi?id=1191084 [ 9 ] Bug #1191085 - CVE-2014-9663 freetype: out-of-bounds read in the tt_cmap4_validate function in sfnt/ttcmap.c https://bugzilla.redhat.com/show_bug.cgi?id=1191085 [ 10 ] Bug #1191086 - CVE-2014-9664 freetype: out-of-bounds read via a crafted Type42 font https://bugzilla.redhat.com/show_bug.cgi?id=1191086 [ 11 ] Bug #1191087 - CVE-2014-9665 freetype: integer overflow and heap-based buffer overflow in the Load_SBit_Png function in sfnt/pngshim.c https://bugzilla.redhat.com/show_bug.cgi?id=1191087 [ 12 ] Bug #1191089 - CVE-2014-9666 freetype: integer overflow and out-of-bounds read in the tt_sbit_decoder_init function in sfnt/ttsbit.c https://bugzilla.redhat.com/show_bug.cgi?id=1191089 [ 13 ] Bug #1191090 - CVE-2014-9667 freetype: integer overflow and out-of-bounds read in sfnt/ttload.c https://bugzilla.redhat.com/show_bug.cgi?id=1191090 [ 14 ] Bug #1191091 - CVE-2014-9668 freetype: integer overflow and heap-based buffer overflow in the woff_open_font function in sfnt/sfobjs.c https://bugzilla.redhat.com/show_bug.cgi?id=1191091 [ 15 ] Bug #1191092 - CVE-2014-9669 freetype: Multiple integer overflows in sfnt/ttcmap.c https://bugzilla.redhat.com/show_bug.cgi?id=1191092 [ 16 ] Bug #1191093 - CVE-2014-9670 freetype: Multiple integer signedness errors in the pcf_get_encodings function inpcf/pcfread.c https://bugzilla.redhat.com/show_bug.cgi?id=1191093 [ 17 ] Bug #1191190 - CVE-2014-9674 freetype: integer overflow and heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c https://bugzilla.redhat.com/show_bug.cgi?id=1191190 -------------------------------------------------------------------------------- ================================================================================ globus-ftp-client-8.19-1.fc20 (FEDORA-2015-2218) Globus Toolkit - GridFTP Client Library -------------------------------------------------------------------------------- Update Information: Fix for GGUS 105158 and 109576. -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 17 2015 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 8.19-1 - GT6 update (GGUS 105158 and 109576) -------------------------------------------------------------------------------- ================================================================================ globus-xio-5.7-1.fc20 (FEDORA-2015-2218) Globus Toolkit - Globus XIO Framework -------------------------------------------------------------------------------- Update Information: Fix for GGUS 105158 and 109576. -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 17 2015 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 5.7-1 - GT6 update (Prefer IPv6 address) -------------------------------------------------------------------------------- ================================================================================ haproxy-1.5.11-3.fc20 (FEDORA-2015-2236) HAProxy reverse proxy for high availability environments -------------------------------------------------------------------------------- Update Information: - Add sysconfig file to allow for setting extra options/ - Add tcp-ut bind option to set TCP_USER_TIMEOUT -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 11 2015 Ryan O'Hara <rohara@xxxxxxxxxx> - 1.5.11-3 - Add sysconfig file * Tue Feb 10 2015 Ryan O'Hara <rohara@xxxxxxxxxx> - 1.5.11-2 - Add tcp-ut bind option to set TCP_USER_TIMEOUT (#1190783) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1188029 - haproxy-1.5.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1188029 -------------------------------------------------------------------------------- ================================================================================ ldns-1.6.17-9.fc20 (FEDORA-2015-2227) Low-level DNS(SEC) library with API -------------------------------------------------------------------------------- Update Information: Fix ldns-config -------------------------------------------------------------------------------- ChangeLog: * Mon Feb 16 2015 Paul Wouters <pwouters@xxxxxxxxxx> - 1.6.17-9 - bump evr * Tue Sep 30 2014 Paul Wouters <pwouters@xxxxxxxxxx> - 1.6.17-8 - Fix ldns-config (rhbz#1147972) [Florian Lehner] -------------------------------------------------------------------------------- References: [ 1 ] Bug #1147972 - ldns-config is broken because of syntax errors https://bugzilla.redhat.com/show_bug.cgi?id=1147972 -------------------------------------------------------------------------------- ================================================================================ libhtp-0.5.6-3.fc20 (FEDORA-2015-2223) Security-aware parser for the HTTP protocol and the related bits and pieces -------------------------------------------------------------------------------- Update Information: Backport an upstream patch to fix a security issue. -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 17 2015 Mathieu Bridon <bochecha@xxxxxxxxxxx> - 0.5.6-3 - Backport an upstream patch to fix a security issue https://bugzilla.redhat.com/show_bug.cgi?id=1190866 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1190864 - libhtp: denial of service under memory stress https://bugzilla.redhat.com/show_bug.cgi?id=1190864 -------------------------------------------------------------------------------- ================================================================================ profile-sync-daemon-5.68-1.fc20 (FEDORA-2015-2226) Offload browser profiles to RAM for speed a wear reduction -------------------------------------------------------------------------------- Update Information: Update to 5.68 -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 17 2015 Christopher Meng <rpm@xxxxxxxx> - 5.68-1 - Update to 5.68 -------------------------------------------------------------------------------- ================================================================================ python-taskw-1.0.3-1.fc20 (FEDORA-2015-2212) Python bindings for your taskwarrior database -------------------------------------------------------------------------------- Update Information: Convert .is: filters to == so url matching works. Better support for multiple taskwarrior versions. -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 17 2015 Ralph Bean <rbean@xxxxxxxxxx> - 1.0.3-1 - new version * Wed Feb 11 2015 Ralph Bean <rbean@xxxxxxxxxx> - 1.0.2-1 - new version * Wed Feb 11 2015 Ralph Bean <rbean@xxxxxxxxxx> - 1.0.0-1 - new version -------------------------------------------------------------------------------- ================================================================================ reposurgeon-3.19-1.fc20 (FEDORA-2015-2235) SCM Repository Manipulation Tool -------------------------------------------------------------------------------- Update Information: == 3.19 == * Minor bugfix for handling of indexed action stamps. == 3.18 == * The graft command now has a --prune option like unite. == 3.17 == * Export support for SRC and RCS. * Bug fix for automated preservation under hg. * Bug fix for reparenting and checkout of commits with inline data. == 3.16 == * Import support for SRC. == 3.15 == * New 'add' command to insert new fileops in commits. == 3.14 == * Assignments are preserved across squashes (including deletions). * Name lookups are, after the first one, significantly faster. == 3.13 == * Read/write support for the Fossil system. * Fixes for timezone handling. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 22 2015 Christopher Meng <rpm@xxxxxxxx> - 3.19-1 - Update to 3.19 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166407 - reposurgeon-3.19 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166407 -------------------------------------------------------------------------------- ================================================================================ task-2.4.1-1.fc20 (FEDORA-2015-2232) A command-line to do list manager -------------------------------------------------------------------------------- Update Information: Latest upstream. Move shell completion pieces to the right places. -------------------------------------------------------------------------------- ChangeLog: * Sun Feb 15 2015 Ralph Bean <rbean@xxxxxxxxxx> - 2.4.1-1 - Latest upstream. - Removed obsoleted task-faq and task-tutorial man pages. - Use CMAKE_BUILD_TYPE=release for a faster binary (at upstream's request). * Mon Feb 9 2015 Ralph Bean <rbean@xxxxxxxxxx> - 2.3.0-3 - Move shell completion pieces to the right place. * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.3.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1190545 - zsh completion not installed properly https://bugzilla.redhat.com/show_bug.cgi?id=1190545 -------------------------------------------------------------------------------- ================================================================================ tellico-2.3.10-1.fc20 (FEDORA-2015-2229) A collection manager -------------------------------------------------------------------------------- Update Information: Update to latest stable release: * Updated Discogs fetcher to new API (Bug kde#342827). * Updated Moviemeter fetcher to new API. * Added filter rules for Greater than and Less than numbers. * Updated BoardGameGeek fetcher to new API. * Added capability to import a BoardGameGeek collection. * Added a data source for Mathematical Reviews. * Fixed crashing bug with some ISBNdb results (Bug kde#339063). * Updated Producer results for IMDb and TheMovieDB fetchers (Bug kde#336765). * Fixed bug with Allocine API search using punctuation (Bug kde#337432). * Fixed bug with importing Goodreads collection. -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 17 2015 José Matos <jamatos@xxxxxxxxxxxxxxxxx> - 2.3.10-1 - update to 2.3.10 - x-tellico.desktop is gone -------------------------------------------------------------------------------- References: [ 1 ] Bug #1193435 - tellico-2.3.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1193435 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
