Fedora 20 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 20 Security updates need testing:
 Age  URL
 138  https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20
  90  https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionpack-4.0.0-5.fc20
  66  https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.fc20
  66  https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.2-1.fc20
  61  https://admin.fedoraproject.org/updates/FEDORA-2014-17153/httpd-2.4.10-2.fc20
  58  https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20
  55  https://admin.fedoraproject.org/updates/FEDORA-2014-17559/mapserver-6.2.2-1.fc20
  52  https://admin.fedoraproject.org/updates/FEDORA-2014-17641/dokuwiki-0-0.23.20140929b.fc20
  36  https://admin.fedoraproject.org/updates/FEDORA-2015-0577/strongswan-5.2.2-1.fc20
  34  https://admin.fedoraproject.org/updates/FEDORA-2015-0633/chicken-4.9.0.1-3.fc20
  32  https://admin.fedoraproject.org/updates/FEDORA-2015-0773/arc-5.21p-5.fc20
  28  https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.35.rc3.fc20
  27  https://admin.fedoraproject.org/updates/FEDORA-2015-1007/dump-0.4-0.24.b44.fc20
  15  https://admin.fedoraproject.org/updates/FEDORA-2015-1165/patch-2.7.4-1.fc20
  13  https://admin.fedoraproject.org/updates/FEDORA-2015-1648/lcms-1.19-13.fc20
  11  https://admin.fedoraproject.org/updates/FEDORA-2015-1790/fcgi-2.4.0-26.fc20
   9  https://admin.fedoraproject.org/updates/FEDORA-2015-1871/qpid-cpp-0.30-8.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-1993/unzip-6.0-17.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-2060/dbus-1.6.30-1.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-1936/drupal6-views-2.18-1.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2015-2104/drupal7-views-3.10-1.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2015-2090/apache-poi-3.10.1-2.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-2216/freetype-2.5.0-9.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-2134/librsvg2-2.40.7-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-2152/cups-1.7.5-12.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-2223/libhtp-0.5.6-3.fc20


The following Fedora 20 Critical Path updates have yet to be approved:
 Age URL
  28  https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.35.rc3.fc20
  13  https://admin.fedoraproject.org/updates/FEDORA-2015-1635/highlight-3.21-1.fc20
  13  https://admin.fedoraproject.org/updates/FEDORA-2015-1648/lcms-1.19-13.fc20
  11  https://admin.fedoraproject.org/updates/FEDORA-2015-1822/libbluray-0.7.0-1.fc20
   9  https://admin.fedoraproject.org/updates/FEDORA-2015-1846/libdvdread-5.0.2-1.fc20,libdvdnav-5.0.3-1.fc20
   5  https://admin.fedoraproject.org/updates/FEDORA-2015-1901/ibus-1.5.9-10.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-2034/perl-5.18.4-292.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-2046/linux-firmware-20150213-43.git17657c35.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-1998/perl-Socket-2.018-1.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-1993/unzip-6.0-17.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-2060/dbus-1.6.30-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-2216/freetype-2.5.0-9.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-2134/librsvg2-2.40.7-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-2152/cups-1.7.5-12.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-2191/abrt-2.2.2-2.fc20,libreport-2.2.3-3.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-2121/perl-Pod-Usage-1.65-1.fc20


The following builds have been pushed to Fedora 20 updates-testing

    bugwarrior-1.1.1-1.fc20
    freetype-2.5.0-9.fc20
    globus-ftp-client-8.19-1.fc20
    globus-xio-5.7-1.fc20
    haproxy-1.5.11-3.fc20
    ldns-1.6.17-9.fc20
    libhtp-0.5.6-3.fc20
    profile-sync-daemon-5.68-1.fc20
    python-taskw-1.0.3-1.fc20
    reposurgeon-3.19-1.fc20
    task-2.4.1-1.fc20
    tellico-2.3.10-1.fc20

Details about builds:


================================================================================
 bugwarrior-1.1.1-1.fc20 (FEDORA-2015-2215)
 Sync github, bitbucket, and trac issues with taskwarrior
--------------------------------------------------------------------------------
Update Information:

Typofixes.
Compatibility with task-2.4.1.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 17 2015 Ralph Bean <rbean@xxxxxxxxxx> - 1.1.1-1
- new version
* Tue Feb 17 2015 Ralph Bean <rbean@xxxxxxxxxx> - 1.1.0-1
- new version
- new bugwarrior-uda command
--------------------------------------------------------------------------------


================================================================================
 freetype-2.5.0-9.fc20 (FEDORA-2015-2216)
 A free and portable font rendering engine
--------------------------------------------------------------------------------
Update Information:

This update fixes several security issues.

--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 17 2015 Marek Kasik <mkasik@xxxxxxxxxx> - 2.5.0-9
- Fixes CVE-2014-9656
   - Check `p' before `num_glyphs'.
- Fixes CVE-2014-9657
   - Check minimum size of `record_size'.
- Fixes CVE-2014-9658
   - Use correct value for minimum table length test.
- Fixes CVE-2014-9675
   - New macro that checks one character more than `strncmp'.
- Fixes CVE-2014-9660
   - Check `_BDF_GLYPH_BITS'.
- Fixes CVE-2014-9661
   - Initialize `face->ttf_size'.
   - Always set `face->ttf_size' directly.
   - Exclusively use the `truetype' font driver for loading
     the font contained in the `sfnts' array.
- Fixes CVE-2014-9662
   - Handle return values of point allocation routines.
- Fixes CVE-2014-9663
   - Fix order of validity tests.
- Fixes CVE-2014-9664
   - Add another boundary testing.
   - Fix boundary testing.
- Fixes CVE-2014-9666
   - Protect against addition and multiplication overflow.
- Fixes CVE-2014-9667
   - Protect against addition overflow.
- Fixes CVE-2014-9669
   - Protect against overflow in additions and multiplications.
- Fixes CVE-2014-9670
   - Add sanity checks for row and column values.
- Fixes CVE-2014-9671
   - Check `size' and `offset' values.
- Fixes CVE-2014-9672
   - Prevent a buffer overrun caused by a font including too many (> 63)
     strings to store names[] table.
- Fixes CVE-2014-9673
   - Fix integer overflow by a broken POST table in resource-fork.
- Fixes CVE-2014-9674
   - Fix integer overflow by a broken POST table in resource-fork.
   - Additional overflow check in the summation of POST fragment lengths.
- Resolves: #1191099, #1191191, #1191193
* Wed Dec 17 2014 Marek Kasik <mkasik@xxxxxxxxxx> - 2.5.0-8
- Fix of URL of the bug #1172634
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1191192 - CVE-2014-9675 freetype: bypass the ASLR protection mechanism via a crafted BDF font
        https://bugzilla.redhat.com/show_bug.cgi?id=1191192
  [ 2 ] Bug #1191078 - CVE-2014-9656 freetype: integer overflow in the tt_sbit_decoder_load_image function in sfnt/ttsbit.c
        https://bugzilla.redhat.com/show_bug.cgi?id=1191078
  [ 3 ] Bug #1191079 - CVE-2014-9657 freetype: DoS in the tt_face_load_hdmx function in truetype/ttpload.c
        https://bugzilla.redhat.com/show_bug.cgi?id=1191079
  [ 4 ] Bug #1191080 - CVE-2014-9658 freetype: DoS in the tt_face_load_kern function in sfnt/ttkern.c
        https://bugzilla.redhat.com/show_bug.cgi?id=1191080
  [ 5 ] Bug #1191081 - CVE-2014-9659 freetype: stack-based buffer overflow in cff/cf2intrp.c in the CFF CharString interpreter
        https://bugzilla.redhat.com/show_bug.cgi?id=1191081
  [ 6 ] Bug #1191082 - CVE-2014-9660 freetype: NULL pointer dereference in the _bdf_parse_glyphs function in bdf/bdflib.c
        https://bugzilla.redhat.com/show_bug.cgi?id=1191082
  [ 7 ] Bug #1191083 - CVE-2014-9661 freetype: use-after-free in type42/t42parse.c
        https://bugzilla.redhat.com/show_bug.cgi?id=1191083
  [ 8 ] Bug #1191084 - CVE-2014-9662 freetype: heap-based buffer overflow in cff/cf2ft.c
        https://bugzilla.redhat.com/show_bug.cgi?id=1191084
  [ 9 ] Bug #1191085 - CVE-2014-9663 freetype: out-of-bounds read in the tt_cmap4_validate function in sfnt/ttcmap.c
        https://bugzilla.redhat.com/show_bug.cgi?id=1191085
  [ 10 ] Bug #1191086 - CVE-2014-9664 freetype: out-of-bounds read via a crafted Type42 font
        https://bugzilla.redhat.com/show_bug.cgi?id=1191086
  [ 11 ] Bug #1191087 - CVE-2014-9665 freetype: integer overflow and heap-based buffer overflow in the Load_SBit_Png function in sfnt/pngshim.c
        https://bugzilla.redhat.com/show_bug.cgi?id=1191087
  [ 12 ] Bug #1191089 - CVE-2014-9666 freetype: integer overflow and out-of-bounds read in the tt_sbit_decoder_init function in sfnt/ttsbit.c
        https://bugzilla.redhat.com/show_bug.cgi?id=1191089
  [ 13 ] Bug #1191090 - CVE-2014-9667 freetype: integer overflow and out-of-bounds read in sfnt/ttload.c
        https://bugzilla.redhat.com/show_bug.cgi?id=1191090
  [ 14 ] Bug #1191091 - CVE-2014-9668 freetype: integer overflow and heap-based buffer overflow in the woff_open_font function in sfnt/sfobjs.c
        https://bugzilla.redhat.com/show_bug.cgi?id=1191091
  [ 15 ] Bug #1191092 - CVE-2014-9669 freetype: Multiple integer overflows in sfnt/ttcmap.c
        https://bugzilla.redhat.com/show_bug.cgi?id=1191092
  [ 16 ] Bug #1191093 - CVE-2014-9670 freetype: Multiple integer signedness errors in the pcf_get_encodings function inpcf/pcfread.c
        https://bugzilla.redhat.com/show_bug.cgi?id=1191093
  [ 17 ] Bug #1191190 - CVE-2014-9674 freetype: integer overflow and heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c
        https://bugzilla.redhat.com/show_bug.cgi?id=1191190
--------------------------------------------------------------------------------


================================================================================
 globus-ftp-client-8.19-1.fc20 (FEDORA-2015-2218)
 Globus Toolkit - GridFTP Client Library
--------------------------------------------------------------------------------
Update Information:

Fix for GGUS 105158 and 109576.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 17 2015 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 8.19-1
- GT6 update (GGUS 105158 and 109576)
--------------------------------------------------------------------------------


================================================================================
 globus-xio-5.7-1.fc20 (FEDORA-2015-2218)
 Globus Toolkit - Globus XIO Framework
--------------------------------------------------------------------------------
Update Information:

Fix for GGUS 105158 and 109576.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 17 2015 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 5.7-1
- GT6 update (Prefer IPv6 address)
--------------------------------------------------------------------------------


================================================================================
 haproxy-1.5.11-3.fc20 (FEDORA-2015-2236)
 HAProxy reverse proxy for high availability environments
--------------------------------------------------------------------------------
Update Information:

- Add sysconfig file to allow for setting extra options/
- Add tcp-ut bind option to set TCP_USER_TIMEOUT
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb 11 2015 Ryan O'Hara <rohara@xxxxxxxxxx> - 1.5.11-3
- Add sysconfig file
* Tue Feb 10 2015 Ryan O'Hara <rohara@xxxxxxxxxx> - 1.5.11-2
- Add tcp-ut bind option to set TCP_USER_TIMEOUT (#1190783)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1188029 - haproxy-1.5.11 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1188029
--------------------------------------------------------------------------------


================================================================================
 ldns-1.6.17-9.fc20 (FEDORA-2015-2227)
 Low-level DNS(SEC) library with API
--------------------------------------------------------------------------------
Update Information:

Fix ldns-config
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 16 2015 Paul Wouters <pwouters@xxxxxxxxxx> - 1.6.17-9
- bump evr
* Tue Sep 30 2014 Paul Wouters <pwouters@xxxxxxxxxx> - 1.6.17-8
- Fix ldns-config (rhbz#1147972) [Florian Lehner]
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1147972 - ldns-config is broken because of syntax errors
        https://bugzilla.redhat.com/show_bug.cgi?id=1147972
--------------------------------------------------------------------------------


================================================================================
 libhtp-0.5.6-3.fc20 (FEDORA-2015-2223)
 Security-aware parser for the HTTP protocol and the related bits and pieces
--------------------------------------------------------------------------------
Update Information:

Backport an upstream patch to fix a security issue.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 17 2015 Mathieu Bridon <bochecha@xxxxxxxxxxx> - 0.5.6-3
- Backport an upstream patch to fix a security issue
  https://bugzilla.redhat.com/show_bug.cgi?id=1190866
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1190864 - libhtp: denial of service under memory stress
        https://bugzilla.redhat.com/show_bug.cgi?id=1190864
--------------------------------------------------------------------------------


================================================================================
 profile-sync-daemon-5.68-1.fc20 (FEDORA-2015-2226)
 Offload browser profiles to RAM for speed a wear reduction
--------------------------------------------------------------------------------
Update Information:

Update to 5.68
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 17 2015 Christopher Meng <rpm@xxxxxxxx> - 5.68-1
- Update to 5.68
--------------------------------------------------------------------------------


================================================================================
 python-taskw-1.0.3-1.fc20 (FEDORA-2015-2212)
 Python bindings for your taskwarrior database
--------------------------------------------------------------------------------
Update Information:

Convert .is: filters to == so url matching works.
Better support for multiple taskwarrior versions.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 17 2015 Ralph Bean <rbean@xxxxxxxxxx> - 1.0.3-1
- new version
* Wed Feb 11 2015 Ralph Bean <rbean@xxxxxxxxxx> - 1.0.2-1
- new version
* Wed Feb 11 2015 Ralph Bean <rbean@xxxxxxxxxx> - 1.0.0-1
- new version
--------------------------------------------------------------------------------


================================================================================
 reposurgeon-3.19-1.fc20 (FEDORA-2015-2235)
 SCM Repository Manipulation Tool
--------------------------------------------------------------------------------
Update Information:

== 3.19 ==
* Minor bugfix for handling of indexed action stamps.

== 3.18 ==
* The graft command now has a --prune option like unite.

== 3.17 ==
* Export support for SRC and RCS.
* Bug fix for automated preservation under hg.
* Bug fix for reparenting and checkout of commits with inline data.

== 3.16 ==
* Import support for SRC.

== 3.15 ==
* New 'add' command to insert new fileops in commits.

== 3.14 ==
* Assignments are preserved across squashes (including deletions).
* Name lookups are, after the first one, significantly faster.

== 3.13 ==
* Read/write support for the Fossil system.
* Fixes for timezone handling.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 22 2015 Christopher Meng <rpm@xxxxxxxx> - 3.19-1
- Update to 3.19
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1166407 - reposurgeon-3.19 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1166407
--------------------------------------------------------------------------------


================================================================================
 task-2.4.1-1.fc20 (FEDORA-2015-2232)
 A command-line to do list manager
--------------------------------------------------------------------------------
Update Information:

Latest upstream.
Move shell completion pieces to the right places.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Feb 15 2015 Ralph Bean <rbean@xxxxxxxxxx> - 2.4.1-1
- Latest upstream.
- Removed obsoleted task-faq and task-tutorial man pages.
- Use CMAKE_BUILD_TYPE=release for a faster binary (at upstream's request).
* Mon Feb  9 2015 Ralph Bean <rbean@xxxxxxxxxx> - 2.3.0-3
- Move shell completion pieces to the right place.
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.3.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1190545 - zsh completion not installed properly
        https://bugzilla.redhat.com/show_bug.cgi?id=1190545
--------------------------------------------------------------------------------


================================================================================
 tellico-2.3.10-1.fc20 (FEDORA-2015-2229)
 A collection manager
--------------------------------------------------------------------------------
Update Information:

Update to latest stable release:
  * Updated Discogs fetcher to new API (Bug kde#342827).
  * Updated Moviemeter fetcher to new API.
  * Added filter rules for Greater than and Less than numbers.
  * Updated BoardGameGeek fetcher to new API.
  * Added capability to import a BoardGameGeek collection.
  * Added a data source for Mathematical Reviews.
  * Fixed crashing bug with some ISBNdb results (Bug kde#339063).
  * Updated Producer results for IMDb and TheMovieDB fetchers (Bug kde#336765).
  * Fixed bug with Allocine API search using punctuation (Bug kde#337432).
  * Fixed bug with importing Goodreads collection.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 17 2015 José Matos <jamatos@xxxxxxxxxxxxxxxxx> - 2.3.10-1
- update to 2.3.10
- x-tellico.desktop is gone
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1193435 - tellico-2.3.10 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1193435
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test





[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux