The following Fedora 20 Security updates need testing: Age URL 101 https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionpack-4.0.0-5.fc20 77 https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.fc20 77 https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.2-1.fc20 69 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20 66 https://admin.fedoraproject.org/updates/FEDORA-2014-17559/mapserver-6.2.2-1.fc20 63 https://admin.fedoraproject.org/updates/FEDORA-2014-17641/dokuwiki-0-0.23.20140929b.fc20 47 https://admin.fedoraproject.org/updates/FEDORA-2015-0577/strongswan-5.2.2-1.fc20 45 https://admin.fedoraproject.org/updates/FEDORA-2015-0633/chicken-4.9.0.1-3.fc20 43 https://admin.fedoraproject.org/updates/FEDORA-2015-0773/arc-5.21p-5.fc20 26 https://admin.fedoraproject.org/updates/FEDORA-2015-1165/patch-2.7.4-1.fc20 24 https://admin.fedoraproject.org/updates/FEDORA-2015-1648/lcms-1.19-13.fc20 22 https://admin.fedoraproject.org/updates/FEDORA-2015-1790/fcgi-2.4.0-26.fc20 13 https://admin.fedoraproject.org/updates/FEDORA-2015-2104/drupal7-views-3.10-1.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2015-2382/krb5-1.11.5-18.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2015-2328/php-5.5.22-1.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2548/bind-9.9.4-18.P2.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2516/e2fsprogs-1.42.12-3.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2580/libjpeg-turbo-1.3.1-3.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2310/nodejs-0.10.36-3.fc20,libuv-0.10.34-1.fc20,v8-3.14.5.10-17.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2600/echoping-6.1-0.beta.r434svn.1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-2736/lftp-4.5.4-3.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-2730/cabextract-1.5-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2830/libpng10-1.0.63-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2826/drupal7-entity-1.6-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2901/qt3-3.3.8b-62.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2897/qt-4.8.6-25.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 11 https://admin.fedoraproject.org/updates/FEDORA-2015-2191/abrt-2.2.2-2.fc20,libreport-2.2.3-3.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2015-2357/kde-settings-20-18.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-2725/ibus-1.5.10-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2897/qt-4.8.6-25.fc20 The following builds have been pushed to Fedora 20 updates-testing antimicro-2.11.1-1.fc20 darkhttpd-1.11-1.fc20 golang-github-evanphx-json-patch-0-0.1.gita1ba76c.fc20 inkscape-0.91-2.fc20 libticonv-1.1.4-4.fc20 mate-themes-extras-3.10.5-1.fc20 qt-4.8.6-25.fc20 qt3-3.3.8b-62.fc20 synergy-1.6.2-1.fc20 Details about builds: ================================================================================ antimicro-2.11.1-1.fc20 (FEDORA-2015-2907) Graphical program used to map keyboard buttons and mouse controls to a gamepad -------------------------------------------------------------------------------- Update Information: new upstream release v2.11.1 -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 27 2015 Jeff Backus <jeff.backus@xxxxxxxxx> - 2.11.1-1 - new upstream release v2.11.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1196447 - antimicro-2.11.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1196447 -------------------------------------------------------------------------------- ================================================================================ darkhttpd-1.11-1.fc20 (FEDORA-2015-2896) A secure, lightweight, fast, single-threaded HTTP/1.1 server -------------------------------------------------------------------------------- Update Information: * Call setgroups() before setgid(). == Fedora package == * Fix erroneous %post section * Add mimetype option for users in darkhttpd.sysconfig * /bin/darkhttpd -> /sbin/darkhttpd -------------------------------------------------------------------------------- ChangeLog: * Sat Jan 17 2015 Christopher Meng <rpm@xxxxxxxx> - 1.11-1 - Update to 1.11 * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.10-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.10-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1178330 - darkhttpd-1.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1178330 -------------------------------------------------------------------------------- ================================================================================ golang-github-evanphx-json-patch-0-0.1.gita1ba76c.fc20 (FEDORA-2015-2904) A Go library to apply RFC6902 patches to JSON documents -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1196992 - Review Request: golang-github-evanphx-json-patch - A Go library to apply RFC6902 patches to JSON documents https://bugzilla.redhat.com/show_bug.cgi?id=1196992 -------------------------------------------------------------------------------- ================================================================================ inkscape-0.91-2.fc20 (FEDORA-2015-2906) Vector-based drawing program using SVG -------------------------------------------------------------------------------- Update Information: Latest upstream release, many enhancements and bugfixes. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 30 2015 Jon Ciesla <limburgher@xxxxxxxxx> - 0.91-2 - Move tutorials into main package, BZ 1187686. * Thu Jan 29 2015 Jon Ciesla <limburgher@xxxxxxxxx> - 0.91-1 - Latest upstream. * Tue Jan 27 2015 Petr Machata <pmachata@xxxxxxxxxx> - 0.48.5-7 - Rebuild for boost 1.57.0 * Fri Jan 23 2015 Marek Kasik <mkasik@xxxxxxxxxx> - 0.48.5-6 - Rebuild (poppler-0.30.0) - Backport commit "Fix build with poppler 0.29.0 (Bug #1399811)" -------------------------------------------------------------------------------- References: [ 1 ] Bug #1197336 - Update Fedora 20's Inkscape https://bugzilla.redhat.com/show_bug.cgi?id=1197336 -------------------------------------------------------------------------------- ================================================================================ libticonv-1.1.4-4.fc20 (FEDORA-2015-2894) Texas Instruments calculators charsets library -------------------------------------------------------------------------------- Update Information: Texas Instruments calculators charsets library -------------------------------------------------------------------------------- References: [ 1 ] Bug #1186494 - Review Request: libticonv - Texas Instruments calculators charsets library https://bugzilla.redhat.com/show_bug.cgi?id=1186494 -------------------------------------------------------------------------------- ================================================================================ mate-themes-extras-3.10.5-1.fc20 (FEDORA-2015-2887) Extra gtk-2/3 themes for gtk based desktops -------------------------------------------------------------------------------- Update Information: update -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 28 2015 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 3.10.5.1 - update to 3.14.5 release -------------------------------------------------------------------------------- ================================================================================ qt-4.8.6-25.fc20 (FEDORA-2015-2897) Qt toolkit -------------------------------------------------------------------------------- Update Information: DoS vulnerability in the BMP image handler (CVE-2015-0295) -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 27 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:4.8.6-25 - DoS vulnerability in the BMP image handler (CVE-2015-0295) * Mon Feb 16 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:4.8.6-24 - more gcc5 detection fixes, in particular, ensure same QT_BUILD_KEY as gcc4 for now * Fri Feb 13 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 1:4.8.6-23 - Qt: FTBFS with gcc5 (#1192464) - Make Adwaita the default theme for applications running in the GNOME DE (#1192453) * Wed Feb 11 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:4.8.6-22 - rebuild (gcc5) * Thu Jan 29 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:4.8.6-21 - refresh boost/moc patch (QTBUG-22829) * Sun Jan 18 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:4.8.6-20 - fix %pre scriptlet (#1183299) * Sat Jan 17 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:4.8.6-19 - ship /etc/xdg/qtchooser/4.conf alternative instead (of qt4.conf) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1197273 - CVE-2015-0295 QT: BMP image handler crash https://bugzilla.redhat.com/show_bug.cgi?id=1197273 -------------------------------------------------------------------------------- ================================================================================ qt3-3.3.8b-62.fc20 (FEDORA-2015-2901) The shared library for the Qt 3 GUI toolkit -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2015-0295, a division by zero when loading some specific invalid BMP/DIB image files, which could be exploited for denial of service (application crash) attacks. The security patch is backported from Qt 4. -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 28 2015 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> - 3.3.8b-62 - backport CVE-2015-0295 (BMP image handler DoS, #1197275) fix from Qt 4 * Fri Feb 27 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 3.3.8b-61 - rebuild (gcc5) * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.3.8b-60 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.3.8b-59 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1197273 - CVE-2015-0295 QT: BMP image handler crash https://bugzilla.redhat.com/show_bug.cgi?id=1197273 -------------------------------------------------------------------------------- ================================================================================ synergy-1.6.2-1.fc20 (FEDORA-2015-2909) Share mouse and keyboard between multiple computers over the network -------------------------------------------------------------------------------- Update Information: Update to 1.6.2 -------------------------------------------------------------------------------- ChangeLog: * Sat Dec 20 2014 Johan Swensson <kupo@xxxxxxx> - 1.6.2-1 - Update to 1.6.2 * Fri Nov 28 2014 Johan Swensson <kupo@xxxxxxx> - 1.6.1-1 - Update to 1.6.1 - BuildRequire avahi-compat-libdns_sd-devel * Sat Aug 23 2014 Johan Swensson <kupo@xxxxxxx> - 1.5.1-1 - Update to 1.5.1 * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.5.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Fri Jul 25 2014 Johan Swensson <kupo@xxxxxxx> - 1.5.0-1 - Update to 1.5.0 - Update source url - libcurl-devel, qt-devel, cryptopp-devel and desktop-file-utils buildrequired - unbundle cryptopp - unbundle gmock and gtest - include synergy gui - fix icon path * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.10-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Wed May 7 2014 Michael Schwendt <mschwendt@xxxxxxxxxxxxxxxxx> - 1.4.10-4 - increase synergy-plus obs_ver once more to obsolete the F20 rebuild * Mon Sep 16 2013 Michael Schwendt <mschwendt@xxxxxxxxxxxxxxxxx> - 1.4.10-3 - correct synergy-plus obs_ver -------------------------------------------------------------------------------- References: [ 1 ] Bug #1044629 - [RFE] Upgrade synergy to 1.5 https://bugzilla.redhat.com/show_bug.cgi?id=1044629 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
