The following Fedora 20 Security updates need testing: Age URL 98 https://admin.fedoraproject.org/updates/FEDORA-2014-15988/fail2ban-0.9.1-1.fc20 86 https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.fc20 86 https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.2-1.fc20 77 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20 74 https://admin.fedoraproject.org/updates/FEDORA-2014-17559/mapserver-6.2.2-1.fc20 56 https://admin.fedoraproject.org/updates/FEDORA-2015-0577/strongswan-5.2.2-1.fc20 54 https://admin.fedoraproject.org/updates/FEDORA-2015-0633/chicken-4.9.0.1-3.fc20 33 https://admin.fedoraproject.org/updates/FEDORA-2015-1648/lcms-1.19-13.fc20 32 https://admin.fedoraproject.org/updates/FEDORA-2015-1718/389-admin-1.1.38-1.fc20 30 https://admin.fedoraproject.org/updates/FEDORA-2015-1790/fcgi-2.4.0-26.fc20 22 https://admin.fedoraproject.org/updates/FEDORA-2015-2104/drupal7-views-3.10-1.fc20 15 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 12 https://admin.fedoraproject.org/updates/FEDORA-2015-2310/nodejs-0.10.36-3.fc20,libuv-0.10.34-1.fc20,v8-3.14.5.10-17.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2015-2600/echoping-6.1-0.beta.r434svn.1.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2015-2826/drupal7-entity-1.6-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-3003/cups-filters-1.0.53-6.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-2994/jBCrypt-0.4-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-3211/dokuwiki-0-0.24.20140929c.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-3201/xterm-297-2.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-3205/libmspack-0.5-0.1.alpha.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-3204/putty-0.64-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-3253/gnupg-1.4.19-2.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-3329/phpMyAdmin-4.3.11.1-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-3372/freexl-1.0.0i-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1165/patch-2.7.5-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-3382/xen-4.3.3-10.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-3366/librsync-1.0.0-1.fc20,csync2-1.34-15.fc20,duplicity-0.6.25-3.fc20,rdiff-backup-1.2.8-14.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-3417/389-ds-base-1.3.2.27-1.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 15 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-3174/perl-Encode-2.54-4.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-3240/cups-1.7.5-13.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-3251/exo-0.10.2-9.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-3325/poppler-0.24.3-6.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1165/patch-2.7.5-1.fc20 The following builds have been pushed to Fedora 20 updates-testing dar-2.4.17-1.fc20 fusioninventory-agent-2.3.16-1.fc20 golang-googlecode-goauth2-0-0.6.hg267028f.fc20 ktp-auth-handler-0.8.1-2.fc20 mach-1.0.4-1.fc20 mingw-wine-gecko-2.36-1.fc20 mosquitto-1.4-1.fc20 patch-2.7.5-1.fc20 perl-Data-ICal-0.22-1.fc20 perl-Text-Quoted-2.09-1.fc20 python-six-1.9.0-1.fc20 wine-1.7.38-2.fc20 wine-mono-4.5.6-1.fc20 xscreensaver-5.32-10.fc20 Details about builds: ================================================================================ dar-2.4.17-1.fc20 (FEDORA-2015-3547) Software for making/restoring incremental CD/DVD backups -------------------------------------------------------------------------------- Update Information: dar-2.4.17 is available -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 8 2015 Luis Bazan <lbazan@xxxxxxxxxxxxxxxxx> - 2.4.17-1 - New upstream version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1183506 - dar-2.4.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1183506 -------------------------------------------------------------------------------- ================================================================================ fusioninventory-agent-2.3.16-1.fc20 (FEDORA-2015-3557) FusionInventory agent -------------------------------------------------------------------------------- Update Information: update to 2.3.16 -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 1 2015 Marianne Lombard <jehane@xxxxxxxxxxxxxxxxx> - 2.3.16 - update to 2.3.16 - adding BuildRequires needed by test * Sun Mar 1 2015 Marianne Lombard <jehane@xxxxxxxxxxxxxxxxx> - 2.3.15-4 - arch build (due to dmidecode dependancy in x86_64) * Fri Feb 20 2015 Marianne Lombard <jehane@xxxxxxxxxxxxxxxxx> - 2.3.15-3 - building as noarch * Wed Feb 11 2015 Marianne Lombard <marianne@xxxxxxxxxx> - 2.3.15-2 - fix description of subpackage - using upstream systemd unit file * Mon Feb 9 2015 Marianne Lombard <marianne@xxxxxxxxxx> - 2.3.15 - new version and back in Fedora * Mon Jan 19 2015 Marianne Lombard <marianne@xxxxxxxxxx> - 2.3.14-2 - enhancing spec according to review * Wed Dec 24 2014 Marianne Lombard <marianne@xxxxxxxxxx> - 2.3.14 - new version * Mon Dec 15 2014 Marianne Lombard <marianne@xxxxxxxxxx> - 2.3.13 - new version - updating spec according to fedora-review * Tue Aug 5 2014 Marianne Lombard <marianne@xxxxxxxxxx> - 2.3.12 - new version * Tue Aug 5 2014 Marianne Lombard <marianne@xxxxxxxxxx> - 2.3.10.1-2 - adding missing requires - updating config file * Mon Aug 4 2014 Marianne Lombard <marianne@xxxxxxxxxx> - 2.3.10.1 - new version (bug fixes) * Fri Aug 1 2014 Marianne Lombard <marianne@xxxxxxxxxx> - 2.3.10 - new version * Wed Jul 23 2014 Marianne Lombard <marianne@xxxxxxxxxx> - 2.3.9.1 - new version * Tue May 20 2014 Marianne Lombard <marianne@xxxxxxxxxx> - 2.3.8-1 - enhancing spec according to Michael Schwendt review - adding missing requires * Fri May 16 2014 Marianne Lombard <marianne@xxxxxxxxxx> - 2.3.8 - new version * Wed May 14 2014 Marianne Lombard <marianne@xxxxxxxxxx> - 2.3.7.1 - new version * Sat Feb 1 2014 Marianne Lombard <marianne@xxxxxxxxxx> - 2.3.6 - new version, reintroduction in fedora and epel - cleanup of the spec (removing sysVinit stuff, old BuildRequires, old releases stuff) - adding sub-packages for task-* (using Guillaume Rousse OBS spec as model https://build.opensuse.org/package/view_file/home:guillomovitch/fusioninventory-agent/fusioninventory-agent.spec) - task-wakeonlan is excluded (dependancy issue) -------------------------------------------------------------------------------- ================================================================================ golang-googlecode-goauth2-0-0.6.hg267028f.fc20 (FEDORA-2015-3549) OAuth 2.0 for Go clients -------------------------------------------------------------------------------- Update Information: Add the latest commit of depricated code.google.com/o/goauth2 afe77d958c701557ec5dc56f6936fcc194d15520 Bump to upstream 267028f9bc2a1177dc5769be38c68c1b4fbe91c4 -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 8 2015 jchaloup <jchaloup@xxxxxxxxxx> - 0-0.6.hg267028f - Add the latest commit of depricated code.google.com/o/goauth2 afe77d958c701557ec5dc56f6936fcc194d15520 related: #1141822 * Thu Jan 22 2015 jchaloup <jchaloup@xxxxxxxxxx> - 0-0.5.hgafe77d958c70 - Bump to upstream 267028f9bc2a1177dc5769be38c68c1b4fbe91c4 related: #1141822 * Tue Nov 18 2014 jchaloup <jchaloup@xxxxxxxxxx> - 0-0.4.hgafe77d958c70 - Choose the correct architecture related: #1141822 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1141822 - Review Request: golang-googlecode-goauth2 - OAuth 2.0 for Go clients https://bugzilla.redhat.com/show_bug.cgi?id=1141822 -------------------------------------------------------------------------------- ================================================================================ ktp-auth-handler-0.8.1-2.fc20 (FEDORA-2015-3545) Provide UI/KWallet Integration -------------------------------------------------------------------------------- Update Information: Add runtime dependency on qca-ossl -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 9 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.8.1-2 - Requires: qca-ossl - BuildRequires: kdelibs4-webkit-devel -------------------------------------------------------------------------------- ================================================================================ mach-1.0.4-1.fc20 (FEDORA-2015-3560) Make a chroot -------------------------------------------------------------------------------- Update Information: 1.0.4-1 -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 8 2015 Thomas Vander Stichele <thomas at apestaart dot org> - 1.0.4-1 - new upstream release * Sun Jun 29 2014 Thomas Vander Stichele <thomas at apestaart dot org> - 1.0.3-1 - new upstream release -------------------------------------------------------------------------------- ================================================================================ mingw-wine-gecko-2.36-1.fc20 (FEDORA-2015-1896) Gecko library required for Wine -------------------------------------------------------------------------------- Update Information: Version 1.7.38 * New version of the Gecko engine based on Firefox 36. * Support for themed scrollbars. * Updated version of the Mono engine. * More compatible RPC interface for service control. * Support for X Drag & Drop version 5. * Threading fixes in IME support. * Various bug fixes. Version 1.7.37 * Interface change notifications. * Support for the UTF-7 encoding. * A number of graphical fixes for themed controls. * Wininet now implemented on top of Win32 sockets. * Various bug fixes. Version 1.7.36 * Some preliminary 64-bit support for Mac OS X. * Support for configuring speakers in Winecfg. * Improved support for Mac OS X Trash folder. * Support for typographic features in DirectWrite. * Various bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 6 2015 Michael Cronenworth <mike@xxxxxxxxxx> - 2.36-1 - version upgrade -------------------------------------------------------------------------------- References: [ 1 ] Bug #1190445 - wine-1.7.36 is available https://bugzilla.redhat.com/show_bug.cgi?id=1190445 [ 2 ] Bug #1110419 - wine crashes due to misuse of stack smashing detection https://bugzilla.redhat.com/show_bug.cgi?id=1110419 [ 3 ] Bug #1199688 - wine-1.7.38 is available https://bugzilla.redhat.com/show_bug.cgi?id=1199688 -------------------------------------------------------------------------------- ================================================================================ mosquitto-1.4-1.fc20 (FEDORA-2015-3542) An Open Source MQTT v3.1/v3.1.1 Broker -------------------------------------------------------------------------------- Update Information: Update BRs -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 25 2015 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 1.4-1 - Update BRs - Python subpackage is replaced by python-paho-mqtt - Update to new upstream version 1.4 -------------------------------------------------------------------------------- ================================================================================ patch-2.7.5-1.fc20 (FEDORA-2015-1165) Utility for modifying/upgrading files -------------------------------------------------------------------------------- Update Information: Security fixes for CVE-2014-9637, CVE-2015-1196, and an infinite loop with a crafted diff. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 9 2015 Tim Waugh <twaugh@xxxxxxxxxx> - 2.7.5-1 - Fixed memory leak in selinux patch. - 2.7.5, including an even better fix for CVE-2015-1196 that still allows relative symlinks to be created/used. * Sun Feb 1 2015 Tim Waugh <twaugh@xxxxxxxxxx> - 2.7.4-1 - 2.7.4, including a better fix for CVE-2015-1196 that still allows symlinks referencing ".." to be created. * Fri Jan 23 2015 Tim Waugh <twaugh@xxxxxxxxxx> - 2.7.3-1 - 2.7.3 (bug #1182157, CVE-2015-1196, bug #1184491, CVE-2014-9637). * Tue Jan 20 2015 Tim Waugh <twaugh@xxxxxxxxxx> - 2.7.1-12 - Apply upstream patch to fix line numbering integer overflow. * Tue Jan 20 2015 Tim Waugh <twaugh@xxxxxxxxxx> - 2.7.1-11 - Apply upstream patch to fix directory traversal via symlinks (bug #1182157, CVE-2015-1196). * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.7.1-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Fri Jun 6 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.7.1-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1188578 - patch: infinite loop with a crafted diff https://bugzilla.redhat.com/show_bug.cgi?id=1188578 [ 2 ] Bug #1185262 - CVE-2014-9637 patch: local denial of service with a crafted patch https://bugzilla.redhat.com/show_bug.cgi?id=1185262 [ 3 ] Bug #1184490 - CVE-2015-1395 patch: directory traversal via file rename https://bugzilla.redhat.com/show_bug.cgi?id=1184490 -------------------------------------------------------------------------------- ================================================================================ perl-Data-ICal-0.22-1.fc20 (FEDORA-2015-3559) Generates iCalendar (RFC 2445) calendar files -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 9 2015 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 0.22-1 - Upstream update. -------------------------------------------------------------------------------- ================================================================================ perl-Text-Quoted-2.09-1.fc20 (FEDORA-2015-3548) Extract the structure of a quoted mail message -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 9 2015 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 2.09-1 - Upstream update. - Reflect Source0: having changed. -------------------------------------------------------------------------------- ================================================================================ python-six-1.9.0-1.fc20 (FEDORA-2015-3563) Python 2 and 3 compatibility utilities -------------------------------------------------------------------------------- Update Information: Rebase of python-six to 1.9.0. This is a backwards compatible rebase containing only bugfixes and additions. -------------------------------------------------------------------------------- ChangeLog: * Mon Feb 23 2015 Haïkel Guémar <hguemar@xxxxxxxxxxxxxxxxx> - 1.9.0-1 - Upstream 1.9.0 - Packaging cleanups * Fri Nov 14 2014 Slavek Kabrda <bkabrda@xxxxxxxxxx> - 1.8.0-1 - upgrade to 1.8.0 (rhbz#1105861) * Sun Aug 3 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.7.3-2 - fix license handling -------------------------------------------------------------------------------- References: [ 1 ] Bug #1178422 - python-six-1.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1178422 -------------------------------------------------------------------------------- ================================================================================ wine-1.7.38-2.fc20 (FEDORA-2015-1896) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information: Version 1.7.38 * New version of the Gecko engine based on Firefox 36. * Support for themed scrollbars. * Updated version of the Mono engine. * More compatible RPC interface for service control. * Support for X Drag & Drop version 5. * Threading fixes in IME support. * Various bug fixes. Version 1.7.37 * Interface change notifications. * Support for the UTF-7 encoding. * A number of graphical fixes for themed controls. * Wininet now implemented on top of Win32 sockets. * Various bug fixes. Version 1.7.36 * Some preliminary 64-bit support for Mac OS X. * Support for configuring speakers in Winecfg. * Improved support for Mac OS X Trash folder. * Support for typographic features in DirectWrite. * Various bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 7 2015 Michael Cronenworth <mike@xxxxxxxxxx> - 1.7.38-2 - Fix wine-gecko and wine-mono versions * Sat Mar 7 2015 Michael Cronenworth <mike@xxxxxxxxxx> - 1.7.38-1 - version upgrade * Sun Feb 22 2015 Andreas Bierfert <andreas.bierfert@xxxxxxxxxxxxx> - 1.7.37-1 - version upgrade * Mon Feb 16 2015 Michael Cronenworth <mike@xxxxxxxxxx> - 1.7.36-2 - Patch for RtlUnwindEx fix (staging bz #68) - Use new systemd macros for binfmt handling * Sun Feb 8 2015 Michael Cronenworth <mike@xxxxxxxxxx> - 1.7.36-1 - version upgrade * Wed Feb 4 2015 Orion Poplawski <orion@xxxxxxxxxxxxx> - 1.7.35-3 - Add patch to fix stack smashing (bug #1110419) * Mon Jan 26 2015 Michael Cronenworth <mike@xxxxxxxxxx> - 1.7.35-2 - Rebuild (libgphoto2) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1190445 - wine-1.7.36 is available https://bugzilla.redhat.com/show_bug.cgi?id=1190445 [ 2 ] Bug #1110419 - wine crashes due to misuse of stack smashing detection https://bugzilla.redhat.com/show_bug.cgi?id=1110419 [ 3 ] Bug #1199688 - wine-1.7.38 is available https://bugzilla.redhat.com/show_bug.cgi?id=1199688 -------------------------------------------------------------------------------- ================================================================================ wine-mono-4.5.6-1.fc20 (FEDORA-2015-1896) Mono library required for Wine -------------------------------------------------------------------------------- Update Information: Version 1.7.38 * New version of the Gecko engine based on Firefox 36. * Support for themed scrollbars. * Updated version of the Mono engine. * More compatible RPC interface for service control. * Support for X Drag & Drop version 5. * Threading fixes in IME support. * Various bug fixes. Version 1.7.37 * Interface change notifications. * Support for the UTF-7 encoding. * A number of graphical fixes for themed controls. * Wininet now implemented on top of Win32 sockets. * Various bug fixes. Version 1.7.36 * Some preliminary 64-bit support for Mac OS X. * Support for configuring speakers in Winecfg. * Improved support for Mac OS X Trash folder. * Support for typographic features in DirectWrite. * Various bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 6 2015 Michael Cronenworth <mike@xxxxxxxxxx> - 4.5.6-1 - version upgrade * Thu Feb 5 2015 Michael Cronenworth <mike@xxxxxxxxxx> - 4.5.4-2 - Update bundled valgrind headers (#1141584) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1190445 - wine-1.7.36 is available https://bugzilla.redhat.com/show_bug.cgi?id=1190445 [ 2 ] Bug #1110419 - wine crashes due to misuse of stack smashing detection https://bugzilla.redhat.com/show_bug.cgi?id=1110419 [ 3 ] Bug #1199688 - wine-1.7.38 is available https://bugzilla.redhat.com/show_bug.cgi?id=1199688 -------------------------------------------------------------------------------- ================================================================================ xscreensaver-5.32-10.fc20 (FEDORA-2015-3539) X screen saver and locker -------------------------------------------------------------------------------- Update Information: A bug was reported that pong hack may crash with segv when score gets reset and new game starts. This new rpm should fix this issue. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 9 2015 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1:5.32-10 - pong: adjust paddle position again on new game (bug 1199713) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1199713 - [abrt] xscreensaver-extras: analogtv_draw_solid(): pong killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1199713 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
