The following Fedora 21 Security updates need testing: Age URL 97 https://admin.fedoraproject.org/updates/FEDORA-2014-16833/asterisk-11.14.2-1.fc21 89 https://admin.fedoraproject.org/updates/FEDORA-2014-17139/aeskulap-0.2.2-0.20beta1.fc21,orthanc-0.8.5-2.fc21,dcmtk-3.6.1-1.fc21 73 https://admin.fedoraproject.org/updates/FEDORA-2015-0264/gcab-0.4-7.fc21 65 https://admin.fedoraproject.org/updates/FEDORA-2015-0620/chicken-4.9.0.1-3.fc21 49 https://admin.fedoraproject.org/updates/FEDORA-2015-1467/openstack-glance-2014.1.3-4.fc21 42 https://admin.fedoraproject.org/updates/FEDORA-2015-1803/fcgi-2.4.0-26.fc21 34 https://admin.fedoraproject.org/updates/FEDORA-2015-2055/openldap-2.4.40-3.fc21 33 https://admin.fedoraproject.org/updates/FEDORA-2015-2101/drupal7-views-3.10-1.fc21 22 https://admin.fedoraproject.org/updates/FEDORA-2015-2584/echoping-6.1-0.beta.r434svn.1.fc21 21 https://admin.fedoraproject.org/updates/FEDORA-2015-2729/qpid-cpp-0.30-12.fc21 20 https://admin.fedoraproject.org/updates/FEDORA-2015-2849/drupal7-entity-1.6-1.fc21 15 https://admin.fedoraproject.org/updates/FEDORA-2015-3218/xterm-308-3.fc21 15 https://admin.fedoraproject.org/updates/FEDORA-2015-3186/dokuwiki-0-0.24.20140929c.fc21 11 https://admin.fedoraproject.org/updates/FEDORA-2015-3556/patch-2.7.5-1.fc21 11 https://admin.fedoraproject.org/updates/FEDORA-2015-3505/389-ds-base-1.3.3.9-1.fc21 8 https://admin.fedoraproject.org/updates/FEDORA-2015-3569/icu-52.1-5.fc21 7 https://admin.fedoraproject.org/updates/FEDORA-2015-3612/ImageMagick-6.8.8.10-6.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-3902/php-ZendFramework2-2.3.7-1.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-3944/xen-4.4.1-16.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-3948/nx-libs-3.5.0.29-1.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2015-3984/ettercap-0.8.2-1.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-4079/varnish-4.0.3-3.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-4084/python-requests-2.5.3-2.fc21,python-urllib3-1.10.2-1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-4143/powerpc-utils-python-1.2.1-7.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-4171/webkitgtk4-2.6.5-3.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-4197/mongodb-2.4.13-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-4284/drupal7-ctools-1.7-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-4236/php-5.6.7-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-4321/mingw-xerces-c-3.1.1-11.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-4230/libXfont-1.5.1-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-4251/xerces-c-3.1.1-8.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-4340/drupal7-7.35-1.fc21 The following Fedora 21 Critical Path updates have yet to be approved: Age URL 11 https://admin.fedoraproject.org/updates/FEDORA-2015-3379/gstreamer1-plugins-good-1.4.5-2.fc21 11 https://admin.fedoraproject.org/updates/FEDORA-2015-3363/glib-networking-2.42.0-2.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-3835/system-config-keyboard-1.4.0-6.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-3922/gnome-shell-3.14.3-2.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-4096/krb5-1.12.2-15.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-4044/gvfs-1.22.4-1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-4191/upower-0.99.2-4.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-4288/perl-Carp-1.36-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-4223/control-center-3.14.4-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-4253/pulseaudio-6.0-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-4230/libXfont-1.5.1-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-4238/libgsf-1.14.29-6.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-4273/vte291-0.38.3-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-4263/libgweather-3.14.3-1.fc21 The following builds have been pushed to Fedora 21 updates-testing abduco-0.4-1.fc21 antimicro-2.12-1.fc21 control-center-3.14.4-1.fc21 cups-x2go-3.0.1.1-1.fc21 drupal7-7.35-1.fc21 drupal7-ctools-1.7-1.fc21 empathy-3.12.8-1.fc21 folks-0.10.1-1.fc21 ghc-tf-random-0.5-2.fc21 gmusicbrowser-1.1.14-1.fc21 gnome-user-share-3.14.2-1.fc21 golang-1.4.2-2.fc21 gssntlmssp-0.6.0-1.fc21 hitori-3.14.3-1.fc21 java-1.8.0-openjdk-1.8.0.40-21.b25.fc21 libXfont-1.5.1-1.fc21 libcss-0.5.0-1.fc21 libgsf-1.14.29-6.fc21 libgweather-3.14.3-1.fc21 liblangtag-0.5.5-1.fc21 libreoffice-4.3.6.2-4.fc21 mapserver-6.2.2-3.fc21 mate-power-manager-1.8.2-0.1.git20150319.dc4d2c3.fc21 mingw-xerces-c-3.1.1-11.fc21 mksh-50e-1.fc21 netsurf-buildsystem-1.3-1.fc21 openssl-1.0.1k-6.fc21 pcsc-lite-asekey-3.7-1.fc21 perl-Carp-1.36-1.fc21 perl-Compress-Raw-Zlib-2.066-2.fc21 perl-Excel-Writer-XLSX-0.83-1.fc21 perl-GStreamer1-0.003-2.fc21 php-5.6.7-1.fc21 php-symfony-2.5.10-1.fc21 pulseaudio-6.0-2.fc21 python-rdflib-4.1.2-3.fc21 ratools-0.6.1-1.fc21 rubygem-sequel-4.20.0-1.fc21 tonto-1.44-2.20150312gitbe1657a.fc21 vim-jedi-0.7.0-7.fc21 vte291-0.38.3-1.fc21 xerces-c-3.1.1-8.fc21 xfdashboard-0.3.90-1.fc21 youtube-dl-2015.03.18-1.fc21 Details about builds: ================================================================================ abduco-0.4-1.fc21 (FEDORA-2015-4252) Session management in a clean and simple way -------------------------------------------------------------------------------- Update Information: Update to 0.4 release -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 Denis Fateyev <denis@xxxxxxxxxxx> - 0.4-1 - Update to 0.4 release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1203475 - abduco-0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1203475 -------------------------------------------------------------------------------- ================================================================================ antimicro-2.12-1.fc21 (FEDORA-2015-4346) Graphical program used to map keyboard buttons and mouse controls to a gamepad -------------------------------------------------------------------------------- Update Information: new upstream release v2.12 (#1202803) -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1202803 - antimicro-2.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=1202803 -------------------------------------------------------------------------------- ================================================================================ control-center-3.14.4-1.fc21 (FEDORA-2015-4223) Utilities to configure the GNOME desktop -------------------------------------------------------------------------------- Update Information: New upstream release 3.14.4 This update fixes a number of crashes and bugs. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 Rui Matos <rmatos@xxxxxxxxxx> - 1:3.14.4-1 - Update to 3.14.4 * Thu Mar 12 2015 Debarshi Ray <rishi@xxxxxxxxxxxxxxxxx> - 1:3.14.3-1 - Update to 3.14.3 -------------------------------------------------------------------------------- ================================================================================ cups-x2go-3.0.1.1-1.fc21 (FEDORA-2015-4342) CUPS backend for printing from X2Go -------------------------------------------------------------------------------- Update Information: Update to 3.0.1.1: - Add a short README that provides some getting started information. -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 11 2015 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.0.1.1-1 - Update to 3.0.1.1 - Require openssh-clients -------------------------------------------------------------------------------- ================================================================================ drupal7-7.35-1.fc21 (FEDORA-2015-4340) An open-source content-management platform -------------------------------------------------------------------------------- Update Information: - Upstream release notes: https://www.drupal.org/drupal-7.35-release-notes - Official security advisory: https://www.drupal.org/SA-CORE-2015-001 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 Peter Borsa <peter.borsa@xxxxxxxxx> - 7.35-1 - 7.35, DRUPAL-SA-CORE-2015-001. -------------------------------------------------------------------------------- ================================================================================ drupal7-ctools-1.7-1.fc21 (FEDORA-2015-4284) Primarily a set of APIs and tools to improve the developer experience -------------------------------------------------------------------------------- Update Information: Update to upstream 1.7 release for security fixes -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 Jared Smith <jsmith@xxxxxxxxxxxxxxxxx> - 1.7-1 - Update to upstream 1.7 release for security fixes - SA-CONTRIB-2015-079 details at https://www.drupal.org/node/2454909 - Full upstream changelog at https://www.drupal.org/node/2454883 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1203480 - drupal7-ctools-1.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1203480 -------------------------------------------------------------------------------- ================================================================================ empathy-3.12.8-1.fc21 (FEDORA-2015-4267) Instant Messaging Client for GNOME -------------------------------------------------------------------------------- Update Information: Empathy 3.12.8 release. For details, please see https://mail.gnome.org/archives/ftp-release-list/2015-March/msg00113.html -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 16 2015 Kalev Lember <kalevlember@xxxxxxxxx> - 3.12.8-1 - Update to 3.12.8 * Thu Nov 13 2014 Richard Hughes <richard@xxxxxxxxxxx> - 3.12.7-2 - Fix non-Fedora build -------------------------------------------------------------------------------- ================================================================================ folks-0.10.1-1.fc21 (FEDORA-2015-4271) GObject contact aggregation library -------------------------------------------------------------------------------- Update Information: folks 0.10.1 release with translation updates. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 18 2015 Kalev Lember <kalevlember@xxxxxxxxx> - 1:0.10.1-1 - Update to 0.10.1 * Mon Nov 3 2014 Richard Hughes <richard@xxxxxxxxxxx> - 1:0.10.0-2 - Fix non-Fedora build -------------------------------------------------------------------------------- ================================================================================ ghc-tf-random-0.5-2.fc21 (FEDORA-2015-4333) High-quality splittable pseudorandom number generator -------------------------------------------------------------------------------- Update Information: High-quality splittable pseudorandom number generator -------------------------------------------------------------------------------- References: [ 1 ] Bug #1196960 - Review Request: ghc-tf-random - High-quality splittable pseudorandom number generator https://bugzilla.redhat.com/show_bug.cgi?id=1196960 -------------------------------------------------------------------------------- ================================================================================ gmusicbrowser-1.1.14-1.fc21 (FEDORA-2015-4327) Jukebox for large collections of music files -------------------------------------------------------------------------------- Update Information: >From upstream NEWS: * add way to edit "persistent" labels, and dialog to rename labels * add "new label" entry to the "edit labels" submenu * make scroll wheel increase/decrease numbers in the search bar * add options to override default web browser and file browser * add thousand separators in most displayed numbers * various number-related improvements/fixes * fix auto-selected embedded pictures always showing the first picture (only fix newly autoselected pictures) * translations updates: Finnish, French, German, Polish, Korean, Serbian * new translations: Lithuanian, Malay (Malaysia) Notice: Gstreamer 1.x support is available when new package perl-GStreamer1 is installed. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.1.14.1 - update to 1.1.14 -------------------------------------------------------------------------------- ================================================================================ gnome-user-share-3.14.2-1.fc21 (FEDORA-2015-4347) Gnome user file sharing -------------------------------------------------------------------------------- Update Information: gnome-user-share 3.14.2 release. - Fix crasher in gsettings-data-convert - Updated translations -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 19 2014 Richard Hughes <rhughes@xxxxxxxxxx> - 3.14.2-1 - Update to 3.14.2 -------------------------------------------------------------------------------- ================================================================================ golang-1.4.2-2.fc21 (FEDORA-2015-4301) The Go Programming Language -------------------------------------------------------------------------------- Update Information: update to go1.4.2 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 18 2015 Vincent Batts <vbatts@xxxxxxxxxxxxxxxxx> - 1.4.2-2 - obsoleting deprecated packages * Wed Feb 18 2015 Vincent Batts <vbatts@xxxxxxxxxxxxxxxxx> - 1.4.2-1 - updating to go1.4.2 * Fri Jan 16 2015 Vincent Batts <vbatts@xxxxxxxxxxxxxxxxx> - 1.4.1-1 - updating to go1.4.1 * Fri Jan 2 2015 Vincent Batts <vbatts@xxxxxxxxxxxxxxxxx> - 1.4-2 - doc organizing * Thu Dec 11 2014 Vincent Batts <vbatts@xxxxxxxxxxxxxxxxx> - 1.4-1 - update to go1.4 release * Wed Dec 3 2014 Vincent Batts <vbatts@xxxxxxxxxxxxxxxxx> - 1.3.99-3.1.4rc2 - update to go1.4rc2 * Mon Nov 17 2014 Vincent Batts <vbatts@xxxxxxxxxxxxxxxxx> - 1.3.99-2.1.4rc1 - update to go1.4rc1 * Thu Oct 30 2014 Vincent Batts <vbatts@xxxxxxxxxxxxxxxxx> - 1.3.99-1.1.4beta1 - update to go1.4beta1 * Thu Oct 30 2014 Vincent Batts <vbatts@xxxxxxxxxxxxxxxxx> - 1.3.3-3 - macros will need to be in their own rpm * Fri Oct 24 2014 Vincent Batts <vbatts@xxxxxxxxxxxxxxxxx> - 1.3.3-2 - split out rpm macros (bz1156129) - progress on gccgo accomodation -------------------------------------------------------------------------------- References: [ 1 ] Bug #1203811 - update to go1.4 :: for etcd requirement https://bugzilla.redhat.com/show_bug.cgi?id=1203811 -------------------------------------------------------------------------------- ================================================================================ gssntlmssp-0.6.0-1.fc21 (FEDORA-2015-4235) GSSAPI NTLMSSP Mechanism -------------------------------------------------------------------------------- Update Information: Fixes for 32bit arches -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 Simo Sorce <simo@xxxxxxxxx> - 0.6.0-1 - New verion with fixes for 32 bit arches - drop patches, they are included in he new upstream release -------------------------------------------------------------------------------- ================================================================================ hitori-3.14.3-1.fc21 (FEDORA-2015-4277) Logic puzzle game for GNOME -------------------------------------------------------------------------------- Update Information: Hitori 3.14.3 release with translation updates. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 4 2015 Kalev Lember <kalevlember@xxxxxxxxx> - 3.14.3-1 - Update to 3.14.3 * Thu Dec 18 2014 Richard Hughes <rhughes@xxxxxxxxxx> - 3.14.2.1-1 - Update to 3.14.2.1 -------------------------------------------------------------------------------- ================================================================================ java-1.8.0-openjdk-1.8.0.40-21.b25.fc21 (FEDORA-2015-4248) OpenJDK Runtime Environment -------------------------------------------------------------------------------- Update Information: updated to u40b25 newest release + few minor rpm specific fixes -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 3 2015 Severin Gehwolf <sgehwolf@xxxxxxxxxx> - 1:1.8.0.40-21.b25 - Added compiler no-warn- * Fri Feb 20 2015 Omair Majid <omajid@xxxxxxxxxx> - 1:1.8.0.40-21.b25 - Fix zero interpreter build. -------------------------------------------------------------------------------- ================================================================================ libXfont-1.5.1-1.fc21 (FEDORA-2015-4230) X.Org X11 libXfont runtime library -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-1802, CVE-2015-1803, CVE-2015-1804 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 18 2015 Peter Hutterer <peter.hutterer@xxxxxxxxxx> 1.5.1-1 - libXfont 1.5.1 (CVE-2015-1802, CVE-2015-1803, CVE-2015-1804) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1203715 - CVE-2015-1802 libXfont: missing range check in bdfReadProperties https://bugzilla.redhat.com/show_bug.cgi?id=1203715 [ 2 ] Bug #1203718 - CVE-2015-1803 libXfont: crash on invalid read in bdfReadCharacters https://bugzilla.redhat.com/show_bug.cgi?id=1203718 [ 3 ] Bug #1203719 - CVE-2015-1804 libXfont: out-of-bounds memory access in bdfReadCharacters https://bugzilla.redhat.com/show_bug.cgi?id=1203719 -------------------------------------------------------------------------------- ================================================================================ libcss-0.5.0-1.fc21 (FEDORA-2015-4310) A CSS parser and selection engine -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 16 2015 David Tardon <dtardon@xxxxxxxxxx> - 0.5.0-1 - new upstream release * Mon Sep 1 2014 David Tardon <dtardon@xxxxxxxxxx> - 0.4.0-1 - new upstream release -------------------------------------------------------------------------------- ================================================================================ libgsf-1.14.29-6.fc21 (FEDORA-2015-4238) GNOME Structured File library -------------------------------------------------------------------------------- Update Information: Missing gdk-pixbuf support so not working without ImageMagick out of the box like it should -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 Caolán McNamara <caolanm@xxxxxxxxxx> 1.14.29-6 - Resolves: rhbz#1202683 thumbnails not created in absence of ImageMagick because gdk-pixbuf2-devel not present at build time * Sat Feb 21 2015 Till Maas <opensource@xxxxxxxxx> - 1.14.29-5 - Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code -------------------------------------------------------------------------------- References: [ 1 ] Bug #1202683 - No LibreOiffce Thumbnails in Nautilus, gsf-office-thumbnailer fails to run https://bugzilla.redhat.com/show_bug.cgi?id=1202683 -------------------------------------------------------------------------------- ================================================================================ libgweather-3.14.3-1.fc21 (FEDORA-2015-4263) A library for weather information -------------------------------------------------------------------------------- Update Information: libgweather 3.14.3 release. * Fixed a crash in the location entry * Location database fixes * Updated translations -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 18 2015 Kalev Lember <kalevlember@xxxxxxxxx> - 3.14.3-1 - Update to 3.14.3 -------------------------------------------------------------------------------- ================================================================================ liblangtag-0.5.5-1.fc21 (FEDORA-2015-4219) An interface library to access tags for identifying languages -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 20 2015 David Tardon <dtardon@xxxxxxxxxx> - 0.5.5-1 - new upstream release -------------------------------------------------------------------------------- ================================================================================ libreoffice-4.3.6.2-4.fc21 (FEDORA-2015-4240) Free Software Productivity Suite -------------------------------------------------------------------------------- Update Information: Fix a crash on exit under certain circumstances -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.3.6.2-4 - Resolves: rhbz#1202138 fix crash on exit -------------------------------------------------------------------------------- References: [ 1 ] Bug #1202138 - [abrt] libreoffice-core: __pthread_mutex_lock(): soffice.bin killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1202138 -------------------------------------------------------------------------------- ================================================================================ mapserver-6.2.2-3.fc21 (FEDORA-2015-4341) Environment for building spatially-enabled internet applications -------------------------------------------------------------------------------- Update Information: removed dejavu-sans-fonts dependency -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 18 2015 Pavel Lisý <pali@xxxxxxxxxxxxxxxxx> - 6.2.2-3 - removed dejavu-sans-fonts dependency - BZ 1197070 - mapserver: FTBFS with SWIG 3.0.5 - added: --with-kml=yes * Wed Mar 11 2015 Devrim GÜNDÜZ <devrim@xxxxxxxxxx> - 6.2.2-2 - Rebuilt for Proj 4.9.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1197070 - mapserver: FTBFS with SWIG 3.0.5 https://bugzilla.redhat.com/show_bug.cgi?id=1197070 -------------------------------------------------------------------------------- ================================================================================ mate-power-manager-1.8.2-0.1.git20150319.dc4d2c3.fc21 (FEDORA-2015-4350) MATE power management service -------------------------------------------------------------------------------- Update Information: - update to latest git snapshot from 2015-03-19 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.8.2-0.1.git20150319.dc4d2c3 - update to latest git snapshot from 2015-03-19 - remove upstreamed patch -------------------------------------------------------------------------------- References: [ 1 ] Bug #1195898 - [abrt] mate-power-manager: up_device_get_object_path(): mate-power-statistics killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1195898 -------------------------------------------------------------------------------- ================================================================================ mingw-xerces-c-3.1.1-11.fc21 (FEDORA-2015-4321) MingGW Windows validating XML parser -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-0252. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 20 2015 Kalev Lember <kalevlember@xxxxxxxxx> - 3.1.1-11 - Fix CVE-2015-0252 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1199103 - CVE-2015-0252 xerces-c: crashes on malformed input https://bugzilla.redhat.com/show_bug.cgi?id=1199103 -------------------------------------------------------------------------------- ================================================================================ mksh-50e-1.fc21 (FEDORA-2015-4337) MirBSD enhanced version of the Korn Shell -------------------------------------------------------------------------------- Update Information: R50e is a required bugfix release: * Add more tests detailing behaviour difference from GNU bash * Introduce a memory leak for x=<< fixing use of freed memory instead, bug tracked as LP#1380389 still live * Add x+=<< parallel to x=<< * POSIX “command” loses builtin special-ness * Fix LP#1381965 and LP#1381993 (more field splitting) * Update location of FreeBSD testsuite for test(1) * Remove dead NULL elements from Emacs keybindings * Change several testcases for $*/$@ expansion with/without quotes to expected-fail, with even more to come ☹ * Fix miscalculating required memory for encoding the double-quoted parts of a here document or here string delimiter, leading to a buffer overflow; discovered by zacts from IRC * Rename a function conflicting with a MacRelix system header * Use size_t (and ssize_t) consistently, stop using ptrdiff_t; fixes some arithmetics and S/390 bugs * Remove old workarounds for Clang 3.2 scan-build * Remove all Clang/Coverity assertions, making room for new checks * Fix NSIG generation on Debian sid gcc-snapshot * Make a testcase not fail in a corner case * Fix issues detected by GCC’s new sanitisers: data type of a value to be shifted constantly must be unsigned (what not, in C…); shebang check array accesses are always unsigned char * Be even more explicit wrt. POSIX in the manpage * Fix shebang / file magic decoding * More int → bool conversion * Let Build.sh be run by GNU bash 1.12.1 (Slackware 1.01) * Fix here string parsing issue * Point out more future changes in the manpage * Call setgid(2), setegid(2), setuid(2) before seteuid(2) * Fix spurious empty line after ENOENT “whence -v”, found by Ypnose * Optimise dot.mkshrc and modernise it a bit * Use MAXPATHLEN from <sys/param.h> for PATH_MAX fallback * Some code cleanup and warnings fixes * Add options -a argv0 and -c to exec * Prevent use-after-free when hitting multiple errors unwinding * Fix use of $* and $@ in scalar context: within [[ … ]] and after case (spotted by Stéphane Chazelas) and in here documents (spotted by tg@); fix here document expansion * Unbreak when $@ shares double quotes with others * Fix set -x in PS4 expansion infinite loop -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 50e-1 - Upgrade to 50e - Apply https://fedoraproject.org/wiki/Features/UsrMove -------------------------------------------------------------------------------- ================================================================================ netsurf-buildsystem-1.3-1.fc21 (FEDORA-2015-4306) Makefiles shared by NetSurf projects -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 16 2015 David Tardon <dtardon@xxxxxxxxxx> - 1.3-1 - new upstream release * Mon Sep 1 2014 David Tardon <dtardon@xxxxxxxxxx> - 1.2-1 - new upstream release -------------------------------------------------------------------------------- ================================================================================ openssl-1.0.1k-6.fc21 (FEDORA-2015-4303) Utilities from the general purpose cryptography library with TLS implementation -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-0209, CVE-2015-0289, CVE-2015-0292, CVE-2015-0287, CVE-2015-0286, CVE-2015-0288 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 Tomáš Mráz <tmraz@xxxxxxxxxx> 1.0.1k-6 - fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey() - fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison - fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption - fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data - fix CVE-2015-0293 - triggerable assert in SSLv2 server * Mon Mar 16 2015 Tomáš Mráz <tmraz@xxxxxxxxxx> 1.0.1k-5 - fix bug in the CRYPTO_128_unwrap() * Fri Feb 27 2015 Tomáš Mráz <tmraz@xxxxxxxxxx> 1.0.1k-4 - fix bug in the RFC 5649 support (#1185878) * Sat Feb 21 2015 Till Maas <opensource@xxxxxxxxx> - 1:1.0.1k-3 - Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code * Thu Jan 15 2015 Tomáš Mráz <tmraz@xxxxxxxxxx> 1.0.1k-2 - test in the non-FIPS RSA keygen for minimal distance of p and q similarly to the FIPS RSA keygen -------------------------------------------------------------------------------- References: [ 1 ] Bug #1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import https://bugzilla.redhat.com/show_bug.cgi?id=1196737 [ 2 ] Bug #1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp() https://bugzilla.redhat.com/show_bug.cgi?id=1202366 [ 3 ] Bug #1202380 - CVE-2015-0287 openssl: ASN.1 structure reuse memory corruption https://bugzilla.redhat.com/show_bug.cgi?id=1202380 [ 4 ] Bug #1202384 - CVE-2015-0289 openssl: PKCS7 NULL pointer dereference https://bugzilla.redhat.com/show_bug.cgi?id=1202384 [ 5 ] Bug #1202418 - CVE-2015-0288 openssl: X509_to_X509_REQ NULL pointer dereference https://bugzilla.redhat.com/show_bug.cgi?id=1202418 [ 6 ] Bug #1202395 - CVE-2015-0292 openssl: integer underflow leading to buffer overflow in base64 decoding https://bugzilla.redhat.com/show_bug.cgi?id=1202395 [ 7 ] Bug #1202404 - CVE-2015-0293 openssl: assertion failure in SSLv2 servers https://bugzilla.redhat.com/show_bug.cgi?id=1202404 -------------------------------------------------------------------------------- ================================================================================ pcsc-lite-asekey-3.7-1.fc21 (FEDORA-2015-4296) ASEKey USB token driver -------------------------------------------------------------------------------- Update Information: This package brings PCSC driver for ASEKey USB cryptographic token. -------------------------------------------------------------------------------- References: [ 1 ] Bug #893399 - Review Request: pcsc-lite-asekey - ASEKey USB token driver https://bugzilla.redhat.com/show_bug.cgi?id=893399 -------------------------------------------------------------------------------- ================================================================================ perl-Carp-1.36-1.fc21 (FEDORA-2015-4288) Alternative warn and die for modules -------------------------------------------------------------------------------- Update Information: This release corrects internal tests. This release fixes working on non-ASCII platforms, it fixes handling DEL character on perl older than 5.14 and relaxes check for Carp::Heavy version. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 20 2015 Petr Pisar <ppisar@xxxxxxxxxx> - 1.36-1 - 1.36 bump * Mon Mar 16 2015 Petr Pisar <ppisar@xxxxxxxxxx> - 1.35-1 - 1.35 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1204113 - perl-Carp-1.36 is available https://bugzilla.redhat.com/show_bug.cgi?id=1204113 [ 2 ] Bug #1202095 - perl-Carp-1.35 is available https://bugzilla.redhat.com/show_bug.cgi?id=1202095 -------------------------------------------------------------------------------- ================================================================================ perl-Compress-Raw-Zlib-2.066-2.fc21 (FEDORA-2015-4349) Low-level interface to the zlib compression library -------------------------------------------------------------------------------- Update Information: Correct license from (GPL+ or Artistic) to ((GPL+ or Artistic) and zlib) -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 2.066-2 - Correct license from (GPL+ or Artistic) to ((GPL+ or Artistic) and zlib) -------------------------------------------------------------------------------- ================================================================================ perl-Excel-Writer-XLSX-0.83-1.fc21 (FEDORA-2015-4268) Create a new file in the Excel 2007+ XLSX format -------------------------------------------------------------------------------- Update Information: Update to 0.83 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 David Dick <ddick@xxxxxxxx> - 0.83-1 - Update to 0.83 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1202069 - perl-Excel-Writer-XLSX-0.83 is available https://bugzilla.redhat.com/show_bug.cgi?id=1202069 -------------------------------------------------------------------------------- ================================================================================ perl-GStreamer1-0.003-2.fc21 (FEDORA-2015-4328) Bindings for GStreamer 1.x -------------------------------------------------------------------------------- Update Information: GStreamer1 implements a framework that allows for processing and encoding of multimedia sources in a manner similar to a shell pipeline. This package provides the perl language bindings. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1203610 - Review Request: perl-GStreamer1 - Bindings for GStreamer 1.0 https://bugzilla.redhat.com/show_bug.cgi?id=1203610 -------------------------------------------------------------------------------- ================================================================================ php-5.6.7-1.fc21 (FEDORA-2015-4236) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: **19 Mar 2015, PHP 5.6.7** Core: * Fixed bug #69174 (leaks when unused inner class use traits precedence). (Laruence) * Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize). (Laruence) * Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build). (dan at syneto dot net) * Fixed bug #65593 (Segfault when calling ob_start from output buffering callback). (Mike) * Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file not validated in memory.c). (nayana at ddproperty dot com) * Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus) * Fixed bug #69141 (Missing arguments in reflection info for some builtin functions). (kostyantyn dot lysyy at oracle dot com) * Fixed bug #68976 (Use After Free Vulnerability in unserialize()) (CVE-2015-0231). (Stas) * Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). (Anatol Belski) * Fixed bug #69207 (move_uploaded_file allows nulls in path). (Stas) CGI: * Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence) CLI: * Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia) cURL: * Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on Win32). (Grant Pannell) * Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl. (Linus Unneback) Ereg: * Fixed bug #69248 (heap overflow vulnerability in regcomp.c) (CVE-2015-2305). (Stas) FPM: * Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com) ODBC: * Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol) Opcache: * Fixed bug #69159 (Opcache causes problem when passing a variable variable to a function). (Dmitry, Laruence) * Fixed bug #69125 (Array numeric string as key). (Laruence) * Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence) OpenSSL: * Fixed bug #68912 (Segmentation fault at openssl_spki_new). (Laruence) * Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe socket timeouts). (Brad Broerman) * Fixed bug #68920 (use strict peer_fingerprint input checks) (Daniel Lowrey) * Fixed bug #68879 (IP Address fields in subjectAltNames not used) (Daniel Lowrey) * Fixed bug #68265 (SAN match fails with trailing DNS dot) (Daniel Lowrey) * Fixed bug #67403 (Add signatureType to openssl_x509_parse) (Daniel Lowrey) * Fixed bug (#69195 Inconsistent stream crypto values across versions) (Daniel Lowrey) pgsql: * Fixed bug #68638 (pg_update() fails to store infinite values). (william dot welter at 4linux dot com dot br, Laruence) Readline: * Fixed bug #69054 (Null dereference in readline_(read|write)_history() without parameters). (Laruence) SOAP: * Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()). (andrea dot palazzo at truel dot it, Laruence) SPL: * Fixed bug #69108 ("Segmentation fault" when (de)serializing SplObjectStorage). (Laruence) * Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after calling getChildren()). (Julien) ZIP: * Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap boundary) (CVE-2015-2331). (Stas) -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 20 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.6.7-1 - Update to 5.6.7 http://www.php.net/releases/5_6_7.php -------------------------------------------------------------------------------- ================================================================================ php-symfony-2.5.10-1.fc21 (FEDORA-2015-4246) PHP framework for web projects -------------------------------------------------------------------------------- Update Information: Release notes: * http://symfony.com/blog/symfony-2-5-9-released * http://symfony.com/blog/symfony-2-5-10-released -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 18 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.5.10-1 - Update to 2.5.10 -------------------------------------------------------------------------------- ================================================================================ pulseaudio-6.0-2.fc21 (FEDORA-2015-4253) Improved Linux Sound Server -------------------------------------------------------------------------------- Update Information: Update to pulseaudio 6.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 Richard Hughes <rhughes@xxxxxxxxxx> 6.0-2 - pulseaudio-6.0 (#1192384) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1192384 - pulseaudio-6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1192384 -------------------------------------------------------------------------------- ================================================================================ python-rdflib-4.1.2-3.fc21 (FEDORA-2015-4311) Python library for working with RDF -------------------------------------------------------------------------------- Update Information: add python3 subpackage (rhbz#1086844) -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 5 2015 Matthias Runge <mrunge@xxxxxxxxxx> - 4.1.2-3 - add python3 subpackage (rhbz#1086844) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1086844 - Python 3 version of RDFLib https://bugzilla.redhat.com/show_bug.cgi?id=1086844 [ 2 ] Bug #1203123 - Broken dependencies for python3-selenium-2.45.0-1.fc21.noarch https://bugzilla.redhat.com/show_bug.cgi?id=1203123 -------------------------------------------------------------------------------- ================================================================================ ratools-0.6.1-1.fc21 (FEDORA-2015-4295) Framework for IPv6 Router Advertisements -------------------------------------------------------------------------------- Update Information: Update to Version 0.6.1 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 18 2015 Florian Lehner <dev@xxxxxxxxxxx> - 0.6.1-1 - Update to Version 0.6.1 - Use license-Macro -------------------------------------------------------------------------------- ================================================================================ rubygem-sequel-4.20.0-1.fc21 (FEDORA-2015-4318) The Database Toolkit for Ruby -------------------------------------------------------------------------------- Update Information: Ugrade to sequel 4.20.0 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 18 2015 Alejandro Perez <alejandro.perez.torres@xxxxxxxxx> - 4.20.0-1 - Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1093689 - rubygem-sequel-4.20.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1093689 -------------------------------------------------------------------------------- ================================================================================ tonto-1.44-2.20150312gitbe1657a.fc21 (FEDORA-2015-4269) Tools for Pronto programmable remote controls -------------------------------------------------------------------------------- Update Information: Initial release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1197471 - Review Request: tonto - Tools for Pronto programmable remote controls https://bugzilla.redhat.com/show_bug.cgi?id=1197471 -------------------------------------------------------------------------------- ================================================================================ vim-jedi-0.7.0-7.fc21 (FEDORA-2015-4274) The Jedi vim plugin -------------------------------------------------------------------------------- Update Information: Standard installation of vim-jedi is broken (#1190187) -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 Petr Hracek <phracek@xxxxxxxxxx> - 0.7.0-7 - Standard installation of vim-jedi is broken (#1190187) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1190187 - Standard installation of vim-jedi is broken https://bugzilla.redhat.com/show_bug.cgi?id=1190187 -------------------------------------------------------------------------------- ================================================================================ vte291-0.38.3-1.fc21 (FEDORA-2015-4273) Terminal emulator library -------------------------------------------------------------------------------- Update Information: vte 0.38.3 release. For details, see https://mail.gnome.org/archives/ftp-release-list/2014-December/msg00064.html -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 18 2015 Kalev Lember <kalevlember@xxxxxxxxx> - 0.38.3-1 - Update to 0.38.3 -------------------------------------------------------------------------------- ================================================================================ xerces-c-3.1.1-8.fc21 (FEDORA-2015-4251) Validating XML Parser -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-0252. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 20 2015 Kalev Lember <kalevlember@xxxxxxxxx> - 3.1.1-8 - Fix CVE-2015-0252 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1199103 - CVE-2015-0252 xerces-c: crashes on malformed input https://bugzilla.redhat.com/show_bug.cgi?id=1199103 -------------------------------------------------------------------------------- ================================================================================ xfdashboard-0.3.90-1.fc21 (FEDORA-2015-4221) GNOME shell like dashboard for Xfce -------------------------------------------------------------------------------- Update Information: Update to 0.3.90; multiple monitors supported -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 18 2015 Mukundan Ragavan <nonamedotc@xxxxxxxxxxxxxxxxx> - 0.3.90-1 - Update to 0.3.90 - Removed patch for forcing X11 backend in clutter * Mon Mar 9 2015 Mukundan Ragavan <nonamedotc@xxxxxxxxxxxxxxxxx> - 0.3.9-4 - Force X11 backend for clutter * Sun Mar 1 2015 Mukundan Ragavan <nonamedotc@xxxxxxxxx> - 0.3.9-3 - Rebuild from Xfce 4.12 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1197361 - [abrt] xfdashboard: _xfdashboard_image_content_load_from_icon_name(): xfdashboard killed by SIGTRAP https://bugzilla.redhat.com/show_bug.cgi?id=1197361 [ 2 ] Bug #1136184 - [abrt] xfdashboard: glx_event_filter_cb(): xfdashboard killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1136184 -------------------------------------------------------------------------------- ================================================================================ youtube-dl-2015.03.18-1.fc21 (FEDORA-2015-4283) A small command-line program to download online videos -------------------------------------------------------------------------------- Update Information: Update to latest release (# 1201585) -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 Matej Cepl <mcepl@xxxxxxxxxx> - 2015.03.18-1 - Update to latest release (# 1201585) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1201585 - youtube-dl-2015.03.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1201585 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
