The following Fedora 20 Security updates need testing: Age URL 142 https://admin.fedoraproject.org/updates/FEDORA-2014-15988/fail2ban-0.9.1-1.fc20 122 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20 77 https://admin.fedoraproject.org/updates/FEDORA-2015-1718/389-admin-1.1.38-1.fc20 75 https://admin.fedoraproject.org/updates/FEDORA-2015-1790/fcgi-2.4.0-26.fc20 60 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 45 https://admin.fedoraproject.org/updates/FEDORA-2015-3417/389-ds-base-1.3.2.27-1.fc20 40 https://admin.fedoraproject.org/updates/FEDORA-2015-3738/ImageMagick-6.8.6.3-6.fc20 27 https://admin.fedoraproject.org/updates/FEDORA-2015-4672/quassel-0.11.0-2.fc20 21 https://admin.fedoraproject.org/updates/FEDORA-2015-5398/thunderbird-31.6.0-1.fc20 14 https://admin.fedoraproject.org/updates/FEDORA-2015-5864/zarafa-7.1.12-1.fc20 13 https://admin.fedoraproject.org/updates/FEDORA-2015-5910/netcf-0.2.8-1.fc20 12 https://admin.fedoraproject.org/updates/FEDORA-2015-5972/yourls-1.7-3.20150410gitabc7d6c.fc20 12 https://admin.fedoraproject.org/updates/FEDORA-2015-5970/asterisk-11.17.1-1.fc20 12 https://admin.fedoraproject.org/updates/FEDORA-2015-5978/krb5-1.11.5-20.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2015-6084/icu-50.1.2-12.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6279/cherokee-1.2.103-6.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6280/wesnoth-1.12.2-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6315/qt5-qtbase-5.4.1-9.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6349/spatialite-tools-4.1.1-12.fc20,sqlite-3.8.9-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6357/java-1.8.0-openjdk-1.8.0.45-31.b13.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6399/php-5.5.24-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-6428/prosody-0.9.8-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-6417/dpkg-1.16.16-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-6505/mksh-50f-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-6517/ax25-tools-0.0.10-0.12.rc2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6621/xulrunner-37.0.2-1.fc20,firefox-37.0.2-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6583/xen-4.3.4-3.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6573/qt3-3.3.8b-63.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6712/curl-7.32.0-20.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 60 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 12 https://admin.fedoraproject.org/updates/FEDORA-2015-5978/krb5-1.11.5-20.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6317/python-slip-0.6.1-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6333/linux-firmware-20150410-47.gitec89525b.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-6418/lua-socket-3.0-0.7rc1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6712/curl-7.32.0-20.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6586/crda-1.1.3_2015.04.06-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6627/mobile-broadband-provider-info-1.20150421git-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6621/xulrunner-37.0.2-1.fc20,firefox-37.0.2-1.fc20 The following builds have been pushed to Fedora 20 updates-testing community-mysql-5.5.43-1.fc20 curl-7.32.0-20.fc20 gambas3-3.7.1-1.fc20 ibus-anthy-1.5.6-6.fc20 perl-DBD-ODBC-1.52-1.fc20 qt5-qtdeclarative-5.4.1-3.fc20 Details about builds: ================================================================================ community-mysql-5.5.43-1.fc20 (FEDORA-2015-6705) MySQL client programs and shared libraries -------------------------------------------------------------------------------- Update Information: Update to 5.5.43. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 9 2015 Honza Horak <hhorak@xxxxxxxxxx> - 5.5.43-1 - Update to 5.5.43 -------------------------------------------------------------------------------- ================================================================================ curl-7.32.0-20.fc20 (FEDORA-2015-6712) A utility for getting files from remote servers (FTP, HTTP, and others) -------------------------------------------------------------------------------- Update Information: - require credentials to match for NTLM re-use (CVE-2015-3143) - fix invalid write in cookie path sanitization code (CVE-2015-3145) - close Negotiate connections when done (CVE-2015-3148) -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2015 Kamil Dudka <kdudka@xxxxxxxxxx> 7.32.0-20 - require credentials to match for NTLM re-use (CVE-2015-3143) - fix invalid write in cookie path sanitization code (CVE-2015-3145) - close Negotiate connections when done (CVE-2015-3148) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1213351 - CVE-2015-3148 curl: "Negotiate" not treated as connection-oriented https://bugzilla.redhat.com/show_bug.cgi?id=1213351 [ 2 ] Bug #1213306 - CVE-2015-3143 curl: re-using authenticated connection when unauthenticated https://bugzilla.redhat.com/show_bug.cgi?id=1213306 [ 3 ] Bug #1213347 - CVE-2015-3145 curl: cookie parser out of boundary memory access https://bugzilla.redhat.com/show_bug.cgi?id=1213347 -------------------------------------------------------------------------------- ================================================================================ gambas3-3.7.1-1.fc20 (FEDORA-2015-6707) IDE based on a basic interpreter with object extensions -------------------------------------------------------------------------------- Update Information: Update to 3.7.1. This release is notable because all of the "examples" moved out of the source and into an upstream Gambas repository (think CPAN). -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 13 2015 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 3.7.1-1 - update to 3.7.1 * Fri Jan 23 2015 Marek Kasik <mkasik@xxxxxxxxxx> 3.6.1-3 - Rebuild (poppler-0.30.0) * Thu Nov 27 2014 Marek Kasik <mkasik@xxxxxxxxxx> 3.6.1-2 - Rebuild (poppler-0.28.1) -------------------------------------------------------------------------------- ================================================================================ ibus-anthy-1.5.6-6.fc20 (FEDORA-2015-6734) The Anthy engine for IBus input platform -------------------------------------------------------------------------------- Update Information: Fixed segv when ibus-anthy cannot communicate with ibus-dconf. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2015 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.6-6 - Resolved #1214092 Updated ibus-anthy-HEAD.patch - Added with_appdata macro and removed with_python_pkg macro * Wed Mar 25 2015 Richard Hughes <rhughes@xxxxxxxxxx> - 1.5.6-5 - Add the AppData file to the right built RPM, in this case we have to install ibus-anthy-python rather than the main package in gnome-software. - It turns out adding the AppData file to spec files is a great way to fix these kinds of bugs. :) * Wed Mar 25 2015 Richard Hughes <rhughes@xxxxxxxxxx> - 1.5.6-4 - Use an AppStream file compatible with F22 also. * Wed Mar 25 2015 Richard Hughes <rhughes@xxxxxxxxxx> - 1.5.6-3 - Register as an AppStream component. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1214092 - [abrt] ibus-anthy-python: factory.py:55:__init__:NameError: global name 'sys' is not defined https://bugzilla.redhat.com/show_bug.cgi?id=1214092 -------------------------------------------------------------------------------- ================================================================================ perl-DBD-ODBC-1.52-1.fc20 (FEDORA-2015-6702) ODBC Driver for DBI -------------------------------------------------------------------------------- Update Information: Updated to upstream version 1.52. -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 20 2015 Jan Holcapek <holcapek@xxxxxxxxx> - 1.52-1 - Updated to upstream version 1.52. * Thu Aug 28 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.50-5 - Perl 5.20 rebuild * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.50-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1212025 - perl-DBD-ODBC-1.52 is available https://bugzilla.redhat.com/show_bug.cgi?id=1212025 -------------------------------------------------------------------------------- ================================================================================ qt5-qtdeclarative-5.4.1-3.fc20 (FEDORA-2015-6723) Qt5 - QtDeclarative component -------------------------------------------------------------------------------- Update Information: This update fixes qt5-qtdeclarative to work on x86 machines without SSE2, and may improve performance on SSE2-enabled 32-bit x86 machines. The update builds a non-SSE2 version of libQt5Qml with the SSE2-only JIT disabled. It also builds an SSE2 version of libQt5Qml that has the JIT enabled as before, and in addition enables the -msse2 and -mfpmath=sse flags that were previously missing. The runtime linker ld.so automatically picks the correct libQt5Qml build for your hardware. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2015 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> - 5.4.1-3 - fix non-sse2 support (kde#346244) and optimize sse2 binaries * Fri Feb 27 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 5.4.1-2 - rebuild (gcc5) -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
