The following Fedora 21 Security updates need testing: Age URL 77 https://admin.fedoraproject.org/updates/FEDORA-2014-16833/asterisk-11.14.2-1.fc21 73 https://admin.fedoraproject.org/updates/FEDORA-2014-17195/httpd-2.4.10-15.fc21 69 https://admin.fedoraproject.org/updates/FEDORA-2014-17139/aeskulap-0.2.2-0.20beta1.fc21,orthanc-0.8.5-2.fc21,dcmtk-3.6.1-1.fc21 66 https://admin.fedoraproject.org/updates/FEDORA-2014-17567/mapserver-6.2.2-1.fc21 63 https://admin.fedoraproject.org/updates/FEDORA-2014-17635/dokuwiki-0-0.23.20140929b.fc21 53 https://admin.fedoraproject.org/updates/FEDORA-2015-0264/gcab-0.4-7.fc21 47 https://admin.fedoraproject.org/updates/FEDORA-2015-0594/strongswan-5.2.2-1.fc21 45 https://admin.fedoraproject.org/updates/FEDORA-2015-0620/chicken-4.9.0.1-3.fc21 43 https://admin.fedoraproject.org/updates/FEDORA-2015-0754/arc-5.21p-5.fc21 29 https://admin.fedoraproject.org/updates/FEDORA-2015-1467/openstack-glance-2014.1.3-4.fc21 22 https://admin.fedoraproject.org/updates/FEDORA-2015-1803/fcgi-2.4.0-26.fc21 14 https://admin.fedoraproject.org/updates/FEDORA-2015-2055/openldap-2.4.40-3.fc21 13 https://admin.fedoraproject.org/updates/FEDORA-2015-2101/drupal7-views-3.10-1.fc21 8 https://admin.fedoraproject.org/updates/FEDORA-2015-2347/krb5-1.12.2-14.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2543/bind-9.9.6-8.P1.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2511/e2fsprogs-1.42.12-3.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2584/echoping-6.1-0.beta.r434svn.1.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2615/libjpeg-turbo-1.3.1-5.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-2729/qpid-cpp-0.30-12.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-2710/lftp-4.5.4-4.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-2746/cabextract-1.5-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2863/libpng10-1.0.63-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2828/suricata-2.0.7-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2895/qt-4.8.6-25.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2837/glibc-2.20-8.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2849/drupal7-entity-1.6-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2886/qt3-3.3.8b-62.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2893/gnupg-1.4.19-1.fc21 The following Fedora 21 Critical Path updates have yet to be approved: Age URL 11 https://admin.fedoraproject.org/updates/FEDORA-2015-2238/libquvi-scripts-0.9.20131130-4.fc21 11 https://admin.fedoraproject.org/updates/FEDORA-2015-2145/tigervnc-1.4.2-1.fc21 10 https://admin.fedoraproject.org/updates/FEDORA-2015-2266/vino-3.14.2-1.fc21 9 https://admin.fedoraproject.org/updates/FEDORA-2015-2306/device-mapper-multipath-0.4.9-68.fc21.3 8 https://admin.fedoraproject.org/updates/FEDORA-2015-2359/kde-settings-21-3.fc21 8 https://admin.fedoraproject.org/updates/FEDORA-2015-2351/gtkspell3-3.0.7-1.fc21 8 https://admin.fedoraproject.org/updates/FEDORA-2015-2347/krb5-1.12.2-14.fc21 7 https://admin.fedoraproject.org/updates/FEDORA-2015-2419/colord-1.2.9-1.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-2460/perl-Pod-Usage-1.66-1.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-2463/xorg-x11-drv-evdev-2.9.1-2.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2602/abrt-2.3.0-4.fc21,libreport-2.3.0-6.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2609/ibus-1.5.10-1.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2615/libjpeg-turbo-1.3.1-5.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2505/xdg-utils-1.1.0-0.39.rc3.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2511/e2fsprogs-1.42.12-3.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2475/satyr-0.16-1.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2489/initscripts-9.56.1-7.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2545/perl-Getopt-Long-2.45-1.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2543/bind-9.9.6-8.P1.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2502/setup-2.9.0-4.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-2743/spatialite-tools-4.2.0-8.fc21,sqlite-3.8.8.3-1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-2694/glib2-2.42.2-1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-2733/selinux-policy-3.13.1-105.5.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2890/librsvg2-2.40.8-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2895/qt-4.8.6-25.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2837/glibc-2.20-8.fc21 The following builds have been pushed to Fedora 21 updates-testing BibTool-2.58-1.fc21 antimicro-2.11.1-1.fc21 calligra-2.9.0-1.fc21 calligra-l10n-2.9.0-1.fc21 czmq-2.2.0-3.fc21 darkhttpd-1.11-1.fc21 dbmail-3.2.3-1.fc21 epiphany-3.14.2-4.fc21 gnupg-1.4.19-1.fc21 golang-github-evanphx-json-patch-0-0.1.gita1ba76c.fc21 librsvg2-2.40.8-1.fc21 libticonv-1.1.4-4.fc21 mate-themes-extras-3.14.6-2.fc21 okteta-4.14.3-3.fc21 parquet-format-2.1.0-1.fc21 puppet-3.7.1-2.fc21 qt-4.8.6-25.fc21 qt3-3.3.8b-62.fc21 seahorse-3.14.1-1.fc21 wine-1.7.37-1.fc21 Details about builds: ================================================================================ BibTool-2.58-1.fc21 (FEDORA-2015-2888) A Tool for manipulating BibTeX data bases -------------------------------------------------------------------------------- Update Information: rebase to BibTool 2.58 -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 28 2015 Michael J Gruber <mjg@xxxxxxxxxxxxxxxxx> - 2.58-1 - rebase to BibTool 2.58 - drop obsolete patch -------------------------------------------------------------------------------- References: [ 1 ] Bug #1133194 - BibTool-2.58 is available https://bugzilla.redhat.com/show_bug.cgi?id=1133194 -------------------------------------------------------------------------------- ================================================================================ antimicro-2.11.1-1.fc21 (FEDORA-2015-2902) Graphical program used to map keyboard buttons and mouse controls to a gamepad -------------------------------------------------------------------------------- Update Information: new upstream release v2.11.1 -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 27 2015 Jeff Backus <jeff.backus@xxxxxxxxx> - 2.11.1-1 - new upstream release v2.11.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1196447 - antimicro-2.11.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1196447 -------------------------------------------------------------------------------- ================================================================================ calligra-2.9.0-1.fc21 (FEDORA-2015-2889) An integrated office suite -------------------------------------------------------------------------------- Update Information: Calligra 2.9.0 release, see: https://www.calligra.org/news/calligra-2-9-released/ -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 26 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.9.0-1 - 2.9.0 * Thu Feb 26 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.8.7-10 - rebuild (gcc5) * Wed Feb 4 2015 Petr Machata <pmachata@xxxxxxxxxx> - 2.8.7-9 - Bump for rebuild. -------------------------------------------------------------------------------- ================================================================================ calligra-l10n-2.9.0-1.fc21 (FEDORA-2015-2889) Language files for calligra -------------------------------------------------------------------------------- Update Information: Calligra 2.9.0 release, see: https://www.calligra.org/news/calligra-2-9-released/ -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 28 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.9.0-1 - 2.9.0 (-eu,-nds) -------------------------------------------------------------------------------- ================================================================================ czmq-2.2.0-3.fc21 (FEDORA-2015-2892) High-level C binding for 0MQ (ZeroMQ) -------------------------------------------------------------------------------- Update Information: Renamed /usr/bin/makecert to avoid a file conflict (#1196483) Update to 2.2.0. -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 27 2015 Jose Pedro Oliveira <jose.p.oliveira.oss at gmail.com> - 2.2.0-3 - Renamed /usr/bin/makecert to avoid a file conflict (#1196483) * Fri Feb 20 2015 Jose Pedro Oliveira <jose.p.oliveira.oss at gmail.com> - 2.2.0-2 - Add upstream patch eebf66a (0001-Use-_DEFAULT_SOURCE-instead-of-_BSD_SOURCE.patch) * Tue Feb 17 2015 Jose Pedro Oliveira <jose.p.oliveira.oss at gmail.com> - 2.2.0-1 - Update to 2.2.0. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1196483 - /usr/bin/makecert conflicts with mono https://bugzilla.redhat.com/show_bug.cgi?id=1196483 -------------------------------------------------------------------------------- ================================================================================ darkhttpd-1.11-1.fc21 (FEDORA-2015-2910) A secure, lightweight, fast, single-threaded HTTP/1.1 server -------------------------------------------------------------------------------- Update Information: * Call setgroups() before setgid(). == Fedora package == * Fix erroneous %post section * Add mimetype option for users in darkhttpd.sysconfig * /bin/darkhttpd -> /sbin/darkhttpd -------------------------------------------------------------------------------- ChangeLog: * Sat Jan 17 2015 Christopher Meng <rpm@xxxxxxxx> - 1.11-1 - Update to 1.11 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1178330 - darkhttpd-1.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1178330 -------------------------------------------------------------------------------- ================================================================================ dbmail-3.2.3-1.fc21 (FEDORA-2015-2900) A database backed mail storage system -------------------------------------------------------------------------------- Update Information: v 3.2.3 -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 27 2015 Bernard Johnson <bjohnson@xxxxxxxxxxxx> - 3.2.3-1 - v 3.2.3 - Introduce new systemd-rpm macros in dbmail spec file (bz #850081) * Wed Sep 17 2014 Bernard Johnson <bjohnson@xxxxxxxxxxxx> - 3.2.0-1 - v 3.2.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #850081 - Introduce new systemd-rpm macros in dbmail spec file https://bugzilla.redhat.com/show_bug.cgi?id=850081 -------------------------------------------------------------------------------- ================================================================================ epiphany-3.14.2-4.fc21 (FEDORA-2015-2891) Web browser for GNOME -------------------------------------------------------------------------------- Update Information: Add patches to fix a few crashes -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 28 2015 Michael Catanzaro <mcatanzaro@xxxxxxxxx> - 1:3.14.2-4 - Add patches to fix a few crashes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1196847 - [abrt] webkitgtk4: __strcmp_sse2_unaligned(): WebKitWebProcess killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1196847 -------------------------------------------------------------------------------- ================================================================================ gnupg-1.4.19-1.fc21 (FEDORA-2015-2893) A GNU utility for secure communication and data storage -------------------------------------------------------------------------------- Update Information: New upstream v1.4.19 - Use ciphertext blinding for Elgamal decryption [CVE-2014-3591] - Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837] -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 27 2015 Brian C. Lane <bcl@xxxxxxxxxx> 1.4.19-1 - New upstream v1.4.19 - Use ciphertext blinding for Elgamal decryption [CVE-2014-3591] - Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837] - Drop patches now included upstream -------------------------------------------------------------------------------- ================================================================================ golang-github-evanphx-json-patch-0-0.1.gita1ba76c.fc21 (FEDORA-2015-2898) A Go library to apply RFC6902 patches to JSON documents -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1196992 - Review Request: golang-github-evanphx-json-patch - A Go library to apply RFC6902 patches to JSON documents https://bugzilla.redhat.com/show_bug.cgi?id=1196992 -------------------------------------------------------------------------------- ================================================================================ librsvg2-2.40.8-1.fc21 (FEDORA-2015-2890) An SVG library based on cairo -------------------------------------------------------------------------------- Update Information: Update to 2.40.8 -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 27 2015 David King <amigadave@xxxxxxxxxxxxx> - 2.40.8-1 - Update to 2.40.8 - Use license macro for COPYING and COPYING.LIB - Use pkgconfig for BuildRequires - Add URL -------------------------------------------------------------------------------- ================================================================================ libticonv-1.1.4-4.fc21 (FEDORA-2015-2912) Texas Instruments calculators charsets library -------------------------------------------------------------------------------- Update Information: Texas Instruments calculators charsets library -------------------------------------------------------------------------------- References: [ 1 ] Bug #1186494 - Review Request: libticonv - Texas Instruments calculators charsets library https://bugzilla.redhat.com/show_bug.cgi?id=1186494 -------------------------------------------------------------------------------- ================================================================================ mate-themes-extras-3.14.6-2.fc21 (FEDORA-2015-2908) Extra gtk-2/3 themes for gtk based desktops -------------------------------------------------------------------------------- Update Information: - re-work of submarine themes GTK3 - disable spinner animation to avoid high cpu load , all themes - some improvements for GnomishBeige -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 28 2015 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 3.14.6.2 - build with a fixed tarball * Sat Feb 28 2015 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 3.14.6.1 - update to 3.14.6 release - re-work of submarine themes GTK3 - disable spinner animation to avoid high cpu load , all themes - some improvements for GnomishBeige -------------------------------------------------------------------------------- ================================================================================ okteta-4.14.3-3.fc21 (FEDORA-2015-2905) Binary/hex editor -------------------------------------------------------------------------------- Update Information: Fix availability of algorithms in checksum tool. -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 28 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.14.3-3 - lack of algorithms in checksum tool (#1197339) * Sat Jan 17 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.14.3-2 - kde-applications fixes, cleanup -------------------------------------------------------------------------------- References: [ 1 ] Bug #1197339 - lack of algorithms in checksum tool https://bugzilla.redhat.com/show_bug.cgi?id=1197339 -------------------------------------------------------------------------------- ================================================================================ parquet-format-2.1.0-1.fc21 (FEDORA-2015-2885) Columnar file format for Hadoop -------------------------------------------------------------------------------- Update Information: Initial import (#1073014). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1073014 - Review Request: parquet-format - Columnar file format for Hadoop https://bugzilla.redhat.com/show_bug.cgi?id=1073014 -------------------------------------------------------------------------------- ================================================================================ puppet-3.7.1-2.fc21 (FEDORA-2015-2899) A network tool for managing many disparate systems -------------------------------------------------------------------------------- Update Information: Use systemd macros (RHBZ #1197239) -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 28 2015 Haïkel Guémar <hguemar@xxxxxxxxxxxxxxxxx> - 3.7.1-2 - Use systemd macros (RHBZ #1197239) * Tue Sep 30 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.7.1-1 - Drop server deps and configuration changes (bug #1144298) * Wed Sep 17 2014 Jeroen van Meeuwen <vanmeeuwen@xxxxxxxxxxxx> - 3.7.1-1 - Update to 3.7.1 * Tue Aug 19 2014 Lukas Zapletal <lzap+rpm@xxxxxxxxxx> 3.6.2-3 - 1131398 - added start-puppet-ca SELinux wrapper binary -------------------------------------------------------------------------------- References: [ 1 ] Bug #1197239 - Unknown operation '/bin/systemctl' on puppet %preun https://bugzilla.redhat.com/show_bug.cgi?id=1197239 -------------------------------------------------------------------------------- ================================================================================ qt-4.8.6-25.fc21 (FEDORA-2015-2895) Qt toolkit -------------------------------------------------------------------------------- Update Information: DoS vulnerability in the BMP image handler (CVE-2015-0295) -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 27 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:4.8.6-25 - DoS vulnerability in the BMP image handler (CVE-2015-0295) * Mon Feb 16 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:4.8.6-24 - more gcc5 detection fixes, in particular, ensure same QT_BUILD_KEY as gcc4 for now * Fri Feb 13 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 1:4.8.6-23 - Qt: FTBFS with gcc5 (#1192464) - Make Adwaita the default theme for applications running in the GNOME DE (#1192453) * Wed Feb 11 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:4.8.6-22 - rebuild (gcc5) * Thu Jan 29 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:4.8.6-21 - refresh boost/moc patch (QTBUG-22829) * Sun Jan 18 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:4.8.6-20 - fix %pre scriptlet (#1183299) * Sat Jan 17 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:4.8.6-19 - ship /etc/xdg/qtchooser/4.conf alternative instead (of qt4.conf) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1197273 - CVE-2015-0295 QT: BMP image handler crash https://bugzilla.redhat.com/show_bug.cgi?id=1197273 -------------------------------------------------------------------------------- ================================================================================ qt3-3.3.8b-62.fc21 (FEDORA-2015-2886) The shared library for the Qt 3 GUI toolkit -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2015-0295, a division by zero when loading some specific invalid BMP/DIB image files, which could be exploited for denial of service (application crash) attacks. The security patch is backported from Qt 4. -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 28 2015 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> - 3.3.8b-62 - backport CVE-2015-0295 (BMP image handler DoS, #1197275) fix from Qt 4 * Fri Feb 27 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 3.3.8b-61 - rebuild (gcc5) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1197273 - CVE-2015-0295 QT: BMP image handler crash https://bugzilla.redhat.com/show_bug.cgi?id=1197273 -------------------------------------------------------------------------------- ================================================================================ seahorse-3.14.1-1.fc21 (FEDORA-2015-2903) A GNOME application for managing encryption keys -------------------------------------------------------------------------------- Update Information: Update to 3.14.1 -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 28 2015 David King <amigadave@xxxxxxxxxxxxx> - 3.14.1-1 - Update to 3.14.1 - Update URL - Use license macro for COPYING and COPYING.LIB - Use pkgconfig for BuildRequires - Update man page glob in files section - Validate AppData in check -------------------------------------------------------------------------------- ================================================================================ wine-1.7.37-1.fc21 (FEDORA-2015-2911) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information: What's new in this release: * Interface change notifications. * Support for the UTF-7 encoding. * A number of graphical fixes for themed controls. * Wininet now implemented on top of Win32 sockets. * Various bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Sun Feb 22 2015 Andreas Bierfert <andreas.bierfert@xxxxxxxxxxxxx> - 1.7.37-1 - version upgrade -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
