The following Fedora 20 Security updates need testing: Age URL 100 https://admin.fedoraproject.org/updates/FEDORA-2014-15988/fail2ban-0.9.1-1.fc20 89 https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.fc20 89 https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.2-1.fc20 80 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20 77 https://admin.fedoraproject.org/updates/FEDORA-2014-17559/mapserver-6.2.2-1.fc20 58 https://admin.fedoraproject.org/updates/FEDORA-2015-0577/strongswan-5.2.2-1.fc20 57 https://admin.fedoraproject.org/updates/FEDORA-2015-0633/chicken-4.9.0.1-3.fc20 36 https://admin.fedoraproject.org/updates/FEDORA-2015-1648/lcms-1.19-13.fc20 35 https://admin.fedoraproject.org/updates/FEDORA-2015-1718/389-admin-1.1.38-1.fc20 33 https://admin.fedoraproject.org/updates/FEDORA-2015-1790/fcgi-2.4.0-26.fc20 25 https://admin.fedoraproject.org/updates/FEDORA-2015-2104/drupal7-views-3.10-1.fc20 18 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 14 https://admin.fedoraproject.org/updates/FEDORA-2015-2600/echoping-6.1-0.beta.r434svn.1.fc20 12 https://admin.fedoraproject.org/updates/FEDORA-2015-2826/drupal7-entity-1.6-1.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-3211/dokuwiki-0-0.24.20140929c.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-3201/xterm-297-2.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-3205/libmspack-0.5-0.1.alpha.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-3204/putty-0.64-1.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-3253/gnupg-1.4.19-2.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2015-3329/phpMyAdmin-4.3.11.1-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-3372/freexl-1.0.0i-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-3366/librsync-1.0.0-1.fc20,csync2-1.34-15.fc20,duplicity-0.6.25-3.fc20,rdiff-backup-1.2.8-14.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-3417/389-ds-base-1.3.2.27-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2015-1165/patch-2.7.5-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-3573/qt-creator-3.2.2-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-3590/icu-50.1.2-11.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-3594/kernel-3.18.9-100.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 18 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2015-1165/patch-2.7.5-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-3577/elfutils-0.161-6.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-3590/icu-50.1.2-11.fc20 The following builds have been pushed to Fedora 20 updates-testing converseen-0.9.1-1.fc20 elfutils-0.161-6.fc20 gnofract4d-3.14.1-9.fc20 icu-50.1.2-11.fc20 kernel-3.18.9-100.fc20 libmatekbd-1.8.1-1.fc20 marco-1.8.3-1.fc20 mate-screensaver-1.8.1-3.fc20 nodejs-window-size-0.1.0-2.fc20 perl-Params-Validate-1.18-1.fc20 python-rhsm-1.14.2-1.fc20 qt-creator-3.2.2-2.fc20 subscription-manager-1.14.2-1.fc20 texstudio-2.9.0-1.fc20 Details about builds: ================================================================================ converseen-0.9.1-1.fc20 (FEDORA-2015-3586) A batch image conversion tool written in C++ with Qt4 and Magick++ -------------------------------------------------------------------------------- Update Information: Rebuilt for new upstream version 0.9.1, fixes rhbz #1199061, #1197790 Rebuilt for new upstream version 0.9.0, fixes rhbz #1170952 Rebuilt for new upstream version 0.8.4, fixes rhbz #1148306 -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 9 2015 Filipe Rosset <rosset.filipe@xxxxxxxxx> - 0.9.1-1 - Rebuilt for new upstream version 0.9.1, fixes rhbz #1199061, #1197790 * Wed Feb 18 2015 Filipe Rosset <rosset.filipe@xxxxxxxxx> - 0.9.0-1 - Rebuilt for new upstream version 0.9.0, fixes rhbz #1170952 * Thu Oct 2 2014 Filipe Rosset <rosset.filipe@xxxxxxxxx> - 0.8.4-1 - Rebuilt for new upstream version 0.8.4, fixes rhbz #1148306 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1199061 - converseen-0.9.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1199061 [ 2 ] Bug #1197790 - [abrt] converseen: ref(): converseen killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1197790 [ 3 ] Bug #1170952 - converseen-0.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1170952 [ 4 ] Bug #1148306 - converseen-0.8.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1148306 -------------------------------------------------------------------------------- ================================================================================ elfutils-0.161-6.fc20 (FEDORA-2015-3577) A collection of utilities and DSOs to handle compiled objects -------------------------------------------------------------------------------- Update Information: Consider sh_addralign 0 as 1 for golang binaries. Copy relocations are allowed in PIE executables. Fix .debug_type offset for sig8 lookup in dwarf_formref_die. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 9 2015 Mark Wielaard <mjw@xxxxxxxxxx> - 0.161-6 - Add elfutils-0.161-copyreloc.patch. * Sat Feb 21 2015 Till Maas <opensource@xxxxxxxxx> - 0.161-5 - Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code * Sat Feb 7 2015 Mark Wielaard <mjw@xxxxxxxxxx> - 0.161-4 - Add elfutils-0.161-addralign.patch (#1189928) * Thu Feb 5 2015 Mark Wielaard <mjw@xxxxxxxxxx> - 0.161-3 - Add elfutils-0.161-formref-type.patch -------------------------------------------------------------------------------- References: [ 1 ] Bug #1196571 - Consider sh_addralign 0 as 1 https://bugzilla.redhat.com/show_bug.cgi?id=1196571 -------------------------------------------------------------------------------- ================================================================================ gnofract4d-3.14.1-9.fc20 (FEDORA-2015-3572) Gnofract 4D is a Gnome-based program to draw fractals -------------------------------------------------------------------------------- Update Information: This update prevents more crashes due to reference counting and NULL pointer dereference bugs in gnofract4d. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 9 2015 Jerry James <loganjerry@xxxxxxxxx> - 3.14.1-9 - Update -refcount patch to fix bz 1199824 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1199824 - [abrt] gnofract4d: image_buffer(): python2.7 killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1199824 -------------------------------------------------------------------------------- ================================================================================ icu-50.1.2-11.fc20 (FEDORA-2015-3590) International Components for Unicode -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2014-6585, CVE-2014-6591 -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 9 2015 Eike Rathke <erack@xxxxxxxxxx> - 50.1.2-11 - TestTwoDigitYear build fix - Resolves: rhbz#1184811 CVE-2014-6585 CVE-2014-6591 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1183645 - CVE-2014-6585 ICU: font parsing OOB read (OpenJDK 2D, 8055489) https://bugzilla.redhat.com/show_bug.cgi?id=1183645 [ 2 ] Bug #1183646 - CVE-2014-6591 ICU: font parsing OOB read (OpenJDK 2D, 8056276) https://bugzilla.redhat.com/show_bug.cgi?id=1183646 -------------------------------------------------------------------------------- ================================================================================ kernel-3.18.9-100.fc20 (FEDORA-2015-3594) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 3.18.9 stable update contains a number of important fixes across the tree. Update to the latest stable upstream release, Linux v3.18.8. Numerous fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 9 2015 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - 3.18.9-100 - Linux v3.18.9 * Mon Mar 2 2015 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Add patch to fix nfsd soft lockup (rhbz 1185519) - Enable ET131X driver (rhbz 1197842) * Sat Feb 28 2015 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - Fix Panda on ARMv7 crash on boot * Fri Feb 27 2015 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx - 3.18.8-100 - Linux v3.18.8 * Thu Feb 26 2015 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - CVE-2015-1421 sctp: slab corruption from use after free on INIT collisions (rhbz 1196581 1196595) * Wed Feb 25 2015 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Add support for AR5B195 devices from Alexander Ploumistos (rhbz 1190947) * Tue Feb 24 2015 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Fix ext4 remount with journal_checksum option (rhbz 1190933) * Mon Feb 23 2015 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Add patch for HID i2c from Seth Forshee (rhbz 1188439) - CVE-2015-0275 ext4: fallocate zero range page size > block size BUG (rhbz 1193907 1195178) * Mon Feb 16 2015 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - CVE-XXXX-XXXX potential memory corruption in vhost/scsi driver (rhbz 1189864 1192079) - CVE-2015-1593 stack ASLR integer overflow (rhbz 1192519 1192520) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1196581 - CVE-2015-1421 kernel: net: slab corruption from use after free on INIT collisions https://bugzilla.redhat.com/show_bug.cgi?id=1196581 [ 2 ] Bug #1193907 - CVE-2015-0275 kernel: fs: ext4: fallocate zero range page size > block size BUG() https://bugzilla.redhat.com/show_bug.cgi?id=1193907 [ 3 ] Bug #1189864 - kernel: potential memory corruption (denial of service) in vhost/scsi driver https://bugzilla.redhat.com/show_bug.cgi?id=1189864 [ 4 ] Bug #1192519 - CVE-2015-1593 kernel: Linux stack ASLR implementation Integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1192519 -------------------------------------------------------------------------------- ================================================================================ libmatekbd-1.8.1-1.fc20 (FEDORA-2015-3591) Libraries for mate kbd -------------------------------------------------------------------------------- Update Information: update to latest release -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 9 2015 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.8.1-1 - update to 1.8.1 release -------------------------------------------------------------------------------- ================================================================================ marco-1.8.3-1.fc20 (FEDORA-2015-3591) MATE Desktop window manager -------------------------------------------------------------------------------- Update Information: update to latest release -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 9 2015 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.8.3-1 - update to 1.8.3 release - remove upstreamed patches - add BR zenity, drop mate-dialogs -------------------------------------------------------------------------------- ================================================================================ mate-screensaver-1.8.1-3.fc20 (FEDORA-2015-3587) MATE Screensaver -------------------------------------------------------------------------------- Update Information: - fix polish translation rhbz (#1199754) -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 10 2015 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.8.1-3 - fix polish translation rhbz (#1199754) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1199754 - Please apply the upstream patch (Polish translation, time format) https://bugzilla.redhat.com/show_bug.cgi?id=1199754 -------------------------------------------------------------------------------- ================================================================================ nodejs-window-size-0.1.0-2.fc20 (FEDORA-2015-3579) Get the height and width of the terminal in a node.js environment -------------------------------------------------------------------------------- Update Information: Initial packaging. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1194950 - Review Request: nodejs-window-size - Get the height and width of the terminal in a node.js environment https://bugzilla.redhat.com/show_bug.cgi?id=1194950 -------------------------------------------------------------------------------- ================================================================================ perl-Params-Validate-1.18-1.fc20 (FEDORA-2015-3567) Params-Validate Perl module -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 24 2015 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 1.18-1 - Upstream update. - BR: perl(Test::Version). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1196050 - perl-Params-Validate-1.18 testsuite failure on f20 https://bugzilla.redhat.com/show_bug.cgi?id=1196050 -------------------------------------------------------------------------------- ================================================================================ python-rhsm-1.14.2-1.fc20 (FEDORA-2015-3570) A Python library to communicate with a Red Hat Unified Entitlement Platform -------------------------------------------------------------------------------- Update Information: * Logging configuration for subscription-manager can now be modified through a configuration file * Suppressed some irrelevant warnings * Allow use of activation keys during migration * Bugfixes for firstboot -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 26 2015 Alex Wood <awood@xxxxxxxxxx> 1.14.2-1 - 1195446: Only set global socket timeout on RHEL 5. (alikins@xxxxxxxxxx) - Cleanup up connection logging. (alikins@xxxxxxxxxx) * Fri Feb 6 2015 Devan Goodwin <dgoodwin@xxxxxxxx> 1.14.1-1 - 976855: build_py now populates version.py with ver (alikins@xxxxxxxxxx) - 1187587: Correct project URL in spec file. (awood@xxxxxxxxxx) -------------------------------------------------------------------------------- ================================================================================ qt-creator-3.2.2-2.fc20 (FEDORA-2015-3573) Cross-platform IDE for Qt -------------------------------------------------------------------------------- Update Information: Add SSH host key verification to built-in SSH client. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 9 2015 Sandro Mani <manisandro@xxxxxxxxx> - 3.2.2-2 - Add SSH host key verification to built-in SSH client (#1161655) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1161654 - qt-creator: no SSH host key verification in built-in SSH client https://bugzilla.redhat.com/show_bug.cgi?id=1161654 -------------------------------------------------------------------------------- ================================================================================ subscription-manager-1.14.2-1.fc20 (FEDORA-2015-3570) Tools and libraries for subscription and repository management -------------------------------------------------------------------------------- Update Information: * Logging configuration for subscription-manager can now be modified through a configuration file * Suppressed some irrelevant warnings * Allow use of activation keys during migration * Bugfixes for firstboot -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 9 2015 Alex Wood <awood@xxxxxxxxxx> 1.14.2-1 - Move to fileConfig based logging. (alikins@xxxxxxxxxx) - Ignore glib warnings about class properties. (alikins@xxxxxxxxxx) - log level updates, mostly info->debug. (alikins@xxxxxxxxxx) - Condense virt fact logging to one info level entry. (alikins@xxxxxxxxxx) - Log to info when we update facts. (alikins@xxxxxxxxxx) - Change branding 'nothing-happened' logs to debug. (alikins@xxxxxxxxxx) - Condense cert_sorter logged info. (alikins@xxxxxxxxxx) - Change most cache related log msgs to debug level. (alikins@xxxxxxxxxx) - Make D-Bus related log entries debug level. (alikins@xxxxxxxxxx) - Change heal logging to be more concise. (alikins@xxxxxxxxxx) - Add log friendy str version of Identity (alikins@xxxxxxxxxx) - 1133647: Fix messageWindow deprecation warning. (alikins@xxxxxxxxxx) - 1183382: Fix test case to work with dateutil 2. (alikins@xxxxxxxxxx) - Revert "Added check for /etc/oracle-release in hwprobe" (alikins@xxxxxxxxxx) - 1196416: Migration should not need credentials with activation keys (awood@xxxxxxxxxx) - 1196385: Add --activation-key option to migration man page. (awood@xxxxxxxxxx) - 1196418: Add bash completion for --activation-key in migration. (awood@xxxxxxxxxx) - Update spec to point to github / new project website. (dgoodwin@xxxxxxxxxx) - Quiet "Whoever translated calendar*" warnings. (alikins@xxxxxxxxxx) - Stop 'recently-used.xbel' warnings, disable mru (alikins@xxxxxxxxxx) - 1154375: Allow use of activation keys during migration. (awood@xxxxxxxxxx) - 1191237: Fix proxy "test connection" in firstboot. (alikins@xxxxxxxxxx) - 1191237: Make proxy config "save" work in firstboot. (alikins@xxxxxxxxxx) - 1191241: Handle network starting after subman does. (alikins@xxxxxxxxxx) - 1145077, disabled column wrapping during redirects (jmolet@xxxxxxxxxx) - Add syslog logging handler. (alikins@xxxxxxxxxx) - 1191237: Fix problems exitting firstboot on errors (alikins@xxxxxxxxxx) - 1163398, fixing rhsm-icon --help descriptions (jmolet@xxxxxxxxxx) * Fri Feb 6 2015 Devan Goodwin <dgoodwin@xxxxxxxx> 1.14.1-1 - 976855: populate a "version.py" at build time (alikins@xxxxxxxxxx) - Fixed typo in subscription-manager-gui (crog@xxxxxxxxxx) - 1186386: Provide one and only one Red Hat CA to Docker. (awood@xxxxxxxxxx) - 1114117: Stop collecting subs info by default. (alikins@xxxxxxxxxx) - 1184940: Update container plugin config. (dgoodwin@xxxxxxxxxx) - 1183122: Fix KeyErrors building dbus ent status (alikins@xxxxxxxxxx) - 884285: Needs to maintain loop for dbus calls (wpoteat@xxxxxxxxxx) -------------------------------------------------------------------------------- ================================================================================ texstudio-2.9.0-1.fc20 (FEDORA-2015-3585) A feature-rich editor for LaTeX documents -------------------------------------------------------------------------------- Update Information: - update to version 2.9.0 - http://texstudio.sourceforge.net/manual/current/usermanual_en.html#SECTIONNEW290 -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 9 2015 Johannes Lips <hannes@xxxxxxxxxxxxxxxxx> 2.9.0-1 - Update to latest upstream version 2.9.0 - changelog cleaned up -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
