The following Fedora 21 Security updates need testing: Age URL 106 https://admin.fedoraproject.org/updates/FEDORA-2015-0264/gcab-0.4-7.fc21 82 https://admin.fedoraproject.org/updates/FEDORA-2015-1467/openstack-glance-2014.1.3-4.fc21 75 https://admin.fedoraproject.org/updates/FEDORA-2015-1803/fcgi-2.4.0-26.fc21 45 https://admin.fedoraproject.org/updates/FEDORA-2015-3505/389-ds-base-1.3.3.9-1.fc21 27 https://admin.fedoraproject.org/updates/FEDORA-2015-4689/quassel-0.11.0-2.fc21 21 https://admin.fedoraproject.org/updates/FEDORA-2015-5216/mailman-2.1.20-1.fc21 14 https://admin.fedoraproject.org/updates/FEDORA-2015-5823/zarafa-7.1.12-1.fc21 14 https://admin.fedoraproject.org/updates/FEDORA-2015-5872/netcf-0.2.8-1.fc21 13 https://admin.fedoraproject.org/updates/FEDORA-2015-5929/qpid-cpp-0.32-1.fc21.1 12 https://admin.fedoraproject.org/updates/FEDORA-2015-6002/yourls-1.7-3.20150410gitabc7d6c.fc21 12 https://admin.fedoraproject.org/updates/FEDORA-2015-6005/asterisk-11.17.1-1.fc21 12 https://admin.fedoraproject.org/updates/FEDORA-2015-5979/krb5-1.12.2-16.fc21 10 https://admin.fedoraproject.org/updates/FEDORA-2015-6087/icu-52.1-6.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6364/qt5-qtbase-5.4.1-9.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6377/ruby-2.1.6-27.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6252/qt-4.8.6-28.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6387/realmd-0.15.2-2.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-5830/ntp-4.2.6p5-30.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6295/wesnoth-1.12.2-1.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6392/cherokee-1.2.103-6.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-6510/dpkg-1.16.16-1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-6424/ax25-tools-0.0.10-0.12.rc2.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-6441/FlightGear-data-3.2.0-2.fc21,FlightGear-3.2.0-2.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-6550/mksh-50f-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6670/xen-4.4.2-3.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6661/qt3-3.3.8b-63.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6728/curl-7.37.0-14.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6615/xulrunner-37.0.2-1.fc21,firefox-37.0.2-1.fc21 The following Fedora 21 Critical Path updates have yet to be approved: Age URL 12 https://admin.fedoraproject.org/updates/FEDORA-2015-5979/krb5-1.12.2-16.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6322/geoclue2-2.1.10-2.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6325/libgweather-3.14.4-1.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6382/python-slip-0.6.1-1.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6332/dnf-plugins-core-0.1.5-2.fc21,dnf-0.6.4-5.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6387/realmd-0.15.2-2.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-6544/perl-Encode-2.73-1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-6538/gnome-bluetooth-3.14.1-1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-6499/pkgconfig-0.28-8.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6728/curl-7.37.0-14.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6576/crda-3.18_2015.04.06-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6565/telepathy-glib-0.24.1-1.fc21,telepathy-logger-0.8.0-8.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6575/mobile-broadband-provider-info-1.20150421git-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6615/xulrunner-37.0.2-1.fc21,firefox-37.0.2-1.fc21 The following builds have been pushed to Fedora 21 updates-testing community-mysql-5.6.24-1.fc21 curl-7.37.0-14.fc21 dock-1.2.0-1.fc21 gambas3-3.7.1-1.fc21 ibus-anthy-1.5.6-6.fc21 perl-DBD-ODBC-1.52-1.fc21 python-requests-2.6.0-1.fc21 python-urllib3-1.10.3-1.fc21 qt5-qtdeclarative-5.4.1-3.fc21 vagrant-libvirt-0.0.24-4.fc21 Details about builds: ================================================================================ community-mysql-5.6.24-1.fc21 (FEDORA-2015-6698) MySQL client programs and shared libraries -------------------------------------------------------------------------------- Update Information: Update to 5.6.24 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 9 2015 Honza Horak <hhorak@xxxxxxxxxx> - 5.6.24-1 - Update to 5.6.24 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1209282 - community-mysql-5.6.24 is available https://bugzilla.redhat.com/show_bug.cgi?id=1209282 -------------------------------------------------------------------------------- ================================================================================ curl-7.37.0-14.fc21 (FEDORA-2015-6728) A utility for getting files from remote servers (FTP, HTTP, and others) -------------------------------------------------------------------------------- Update Information: - require credentials to match for NTLM re-use (CVE-2015-3143) - fix invalid write with a zero-length host name in URL (CVE-2015-3144) - fix invalid write in cookie path sanitization code (CVE-2015-3145) - close Negotiate connections when done (CVE-2015-3148) -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2015 Kamil Dudka <kdudka@xxxxxxxxxx> 7.37.0-14 - require credentials to match for NTLM re-use (CVE-2015-3143) - fix invalid write with a zero-length host name in URL (CVE-2015-3144) - fix invalid write in cookie path sanitization code (CVE-2015-3145) - close Negotiate connections when done (CVE-2015-3148) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1213351 - CVE-2015-3148 curl: "Negotiate" not treated as connection-oriented https://bugzilla.redhat.com/show_bug.cgi?id=1213351 [ 2 ] Bug #1213306 - CVE-2015-3143 curl: re-using authenticated connection when unauthenticated https://bugzilla.redhat.com/show_bug.cgi?id=1213306 [ 3 ] Bug #1213335 - CVE-2015-3144 curl: host name out of boundary memory access https://bugzilla.redhat.com/show_bug.cgi?id=1213335 [ 4 ] Bug #1213347 - CVE-2015-3145 curl: cookie parser out of boundary memory access https://bugzilla.redhat.com/show_bug.cgi?id=1213347 -------------------------------------------------------------------------------- ================================================================================ dock-1.2.0-1.fc21 (FEDORA-2015-6697) Improved builder for Docker images -------------------------------------------------------------------------------- Update Information: new upstream release 1.2.0 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 21 2015 Tomas Tomecek <ttomecek@xxxxxxxxxx> - 1.2.0-1 - new upstream release 1.2.0 -------------------------------------------------------------------------------- ================================================================================ gambas3-3.7.1-1.fc21 (FEDORA-2015-6730) IDE based on a basic interpreter with object extensions -------------------------------------------------------------------------------- Update Information: Update to 3.7.1. This release is notable because all of the "examples" moved out of the source and into an upstream Gambas repository (think CPAN). -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 13 2015 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 3.7.1-1 - update to 3.7.1 * Fri Jan 23 2015 Marek Kasik <mkasik@xxxxxxxxxx> 3.6.1-3 - Rebuild (poppler-0.30.0) -------------------------------------------------------------------------------- ================================================================================ ibus-anthy-1.5.6-6.fc21 (FEDORA-2015-6704) The Anthy engine for IBus input platform -------------------------------------------------------------------------------- Update Information: Fixed segv when ibus-anthy cannot communicate with ibus-dconf. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2015 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.6-6 - Resolved #1214092 Updated ibus-anthy-HEAD.patch - Added with_appdata macro and removed with_python_pkg macro * Wed Mar 25 2015 Richard Hughes <rhughes@xxxxxxxxxx> - 1.5.6-5 - Add the AppData file to the right built RPM, in this case we have to install ibus-anthy-python rather than the main package in gnome-software. - It turns out adding the AppData file to spec files is a great way to fix these kinds of bugs. :) * Wed Mar 25 2015 Richard Hughes <rhughes@xxxxxxxxxx> - 1.5.6-4 - Use an AppStream file compatible with F22 also. * Wed Mar 25 2015 Richard Hughes <rhughes@xxxxxxxxxx> - 1.5.6-3 - Register as an AppStream component. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1214092 - [abrt] ibus-anthy-python: factory.py:55:__init__:NameError: global name 'sys' is not defined https://bugzilla.redhat.com/show_bug.cgi?id=1214092 -------------------------------------------------------------------------------- ================================================================================ perl-DBD-ODBC-1.52-1.fc21 (FEDORA-2015-6706) ODBC Driver for DBI -------------------------------------------------------------------------------- Update Information: Updated to upstream version 1.52. -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 20 2015 Jan Holcapek <holcapek@xxxxxxxxx> - 1.52-1 - Updated to upstream version 1.52. * Thu Aug 28 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.50-5 - Perl 5.20 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1212025 - perl-DBD-ODBC-1.52 is available https://bugzilla.redhat.com/show_bug.cgi?id=1212025 -------------------------------------------------------------------------------- ================================================================================ python-requests-2.6.0-1.fc21 (FEDORA-2015-6721) HTTP library, written in Python, for human beings -------------------------------------------------------------------------------- Update Information: Latest upstream. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2015 Ralph Bean <rbean@xxxxxxxxxx> - 2.6.0-1 - new version - Remove patch for CVE-2015-2296, now included in the upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1202077 - python-requests-2.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1202077 -------------------------------------------------------------------------------- ================================================================================ python-urllib3-1.10.3-1.fc21 (FEDORA-2015-6721) Python HTTP library with thread-safe connection pooling and file post -------------------------------------------------------------------------------- Update Information: Latest upstream. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2015 Ralph Bean <rbean@xxxxxxxxxx> - 1.10.3-1 - new version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1202077 - python-requests-2.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1202077 -------------------------------------------------------------------------------- ================================================================================ qt5-qtdeclarative-5.4.1-3.fc21 (FEDORA-2015-6715) Qt5 - QtDeclarative component -------------------------------------------------------------------------------- Update Information: This update fixes qt5-qtdeclarative to work on x86 machines without SSE2, and may improve performance on SSE2-enabled 32-bit x86 machines. The update builds a non-SSE2 version of libQt5Qml with the SSE2-only JIT disabled. It also builds an SSE2 version of libQt5Qml that has the JIT enabled as before, and in addition enables the -msse2 and -mfpmath=sse flags that were previously missing. The runtime linker ld.so automatically picks the correct libQt5Qml build for your hardware. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2015 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> - 5.4.1-3 - fix non-sse2 support (kde#346244) and optimize sse2 binaries * Fri Feb 27 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 5.4.1-2 - rebuild (gcc5) -------------------------------------------------------------------------------- ================================================================================ vagrant-libvirt-0.0.24-4.fc21 (FEDORA-2015-6731) libvirt provider for Vagrant -------------------------------------------------------------------------------- Update Information: Fix upstream bug #347: Wait for libvirt to shutdown the domain This fix will prevent Vagrant to discard your project's configuration on vagrant halt. Latest release of vagrant-libvirt plugin. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 21 2015 Josef Stribny <jstribny@xxxxxxxxxx> - 0.0.24-4 - Fix: Wait for libvirt to shutdown the domain -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test