The following Fedora 20 Security updates need testing: Age URL 145 https://admin.fedoraproject.org/updates/FEDORA-2014-15988/fail2ban-0.9.1-1.fc20 125 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20 80 https://admin.fedoraproject.org/updates/FEDORA-2015-1718/389-admin-1.1.38-1.fc20 78 https://admin.fedoraproject.org/updates/FEDORA-2015-1790/fcgi-2.4.0-26.fc20 63 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 48 https://admin.fedoraproject.org/updates/FEDORA-2015-3417/389-ds-base-1.3.2.27-1.fc20 43 https://admin.fedoraproject.org/updates/FEDORA-2015-3738/ImageMagick-6.8.6.3-6.fc20 30 https://admin.fedoraproject.org/updates/FEDORA-2015-4672/quassel-0.11.0-2.fc20 23 https://admin.fedoraproject.org/updates/FEDORA-2015-5398/thunderbird-31.6.0-1.fc20 16 https://admin.fedoraproject.org/updates/FEDORA-2015-5910/netcf-0.2.8-1.fc20 15 https://admin.fedoraproject.org/updates/FEDORA-2015-5972/yourls-1.7-3.20150410gitabc7d6c.fc20 15 https://admin.fedoraproject.org/updates/FEDORA-2015-5970/asterisk-11.17.1-1.fc20 15 https://admin.fedoraproject.org/updates/FEDORA-2015-5978/krb5-1.11.5-20.fc20 13 https://admin.fedoraproject.org/updates/FEDORA-2015-6084/icu-50.1.2-12.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2015-6357/java-1.8.0-openjdk-1.8.0.45-31.b13.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2015-6399/php-5.5.24-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-6428/prosody-0.9.8-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-6417/dpkg-1.16.16-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-6505/mksh-50f-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-6517/ax25-tools-0.0.10-0.12.rc2.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-6621/xulrunner-37.0.2-1.fc20,firefox-37.0.2-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-6583/xen-4.3.4-3.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-6573/qt3-3.3.8b-63.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2015-6712/curl-7.32.0-20.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-6401/proftpd-1.3.4e-3.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-6815/ikiwiki-3.20150329-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6908/v8-3.14.5.10-18.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6933/testdisk-7.0-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6862/springframework-3.1.4-3.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6891/async-http-client-1.7.22-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6790/wordpress-4.1.3-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6952/wpa_supplicant-2.0-13.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 63 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2015-6317/python-slip-0.6.1-1.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2015-6333/linux-firmware-20150410-47.gitec89525b.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-6418/lua-socket-3.0-0.7rc1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-6586/crda-1.1.3_2015.04.06-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-6627/mobile-broadband-provider-info-1.20150421git-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-6621/xulrunner-37.0.2-1.fc20,firefox-37.0.2-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6912/grantlee-0.5.1-1.fc20,kate-4.14.3-5.fc20,kde-baseapps-15.04.0-1.fc20,kde-runtime-15.04.0-1.fc20,kde-workspace-4.11.18-1.fc20,kdelibs-4.14.7-4.fc20,kdepim-4.14.7-2.fc20,kdepim-runtime-4.14.7-1.fc20,kdepimlibs-4.14.7-1.fc20,oxygen-icon-theme-15.04.0-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6928/pcre-8.33-10.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6952/wpa_supplicant-2.0-13.fc20 The following builds have been pushed to Fedora 20 updates-testing async-http-client-1.7.22-2.fc20 audacity-2.1.0-1.fc20 elk-3.0.18-10.fc20 etcd-2.0.9-1.fc20 fedfind-1.1.4-1.fc20 golang-github-matttproud-golang_protobuf_extensions-0-0.3.gitfc2b8d3.fc20 golang-github-prometheus-client_golang-0.4.0-1.fc20 grantlee-0.5.1-1.fc20 gretl-1.10.1-2.fc20 kate-4.14.3-5.fc20 kde-baseapps-15.04.0-1.fc20 kde-runtime-15.04.0-1.fc20 kde-workspace-4.11.18-1.fc20 kdelibs-4.14.7-4.fc20 kdepim-4.14.7-2.fc20 kdepim-runtime-4.14.7-1.fc20 kdepimlibs-4.14.7-1.fc20 libmediainfo-0.7.73-2.fc20 libxc-2.1.2-3.fc20 libzen-0.4.31-2.fc20 lua-dbi-0.5-10.fc20 mediainfo-0.7.73-2.fc20 mimedefang-2.78-1.fc20 oxygen-icon-theme-15.04.0-1.fc20 pcre-8.33-10.fc20 qiv-2.3.1-1.fc20 root-5.34.30-1.fc20 springframework-3.1.4-3.fc20 supertux-0.3.5-1.fc20 testdisk-7.0-2.fc20 tomcatjss-7.1.2-1.fc20 v8-3.14.5.10-18.fc20 wordpress-4.1.3-1.fc20 wpa_supplicant-2.0-13.fc20 Details about builds: ================================================================================ async-http-client-1.7.22-2.fc20 (FEDORA-2015-6891) Asynchronous Http Client for Java -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2013-7398, CVE-2013-7397 -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 24 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.7.22-2 - Resolves: CVE-2013-7397 - Resolves: CVE-2013-7398 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1133773 - CVE-2013-7398 async-http-client: missing hostname verification for SSL certificates https://bugzilla.redhat.com/show_bug.cgi?id=1133773 [ 2 ] Bug #1133769 - CVE-2013-7397 async-http-client: SSL/TLS certificate verification is disabled under certain conditions https://bugzilla.redhat.com/show_bug.cgi?id=1133769 -------------------------------------------------------------------------------- ================================================================================ audacity-2.1.0-1.fc20 (FEDORA-2015-6949) Multitrack audio editor -------------------------------------------------------------------------------- Update Information: Audacity project has released version 2.1.0 adding: - Real-Time Preview for effects. - Much improved Noise Reduction effect - Improvements to effects including: VST: FXB preset banks, hosting multiple plugins All effects can now be used in Chains, and can be sorted on name, publisher, or class. Most Nyquist effects now have Preview button. - Redesigned Meter Toolbars show a lot more information in smaller area. - Spectral Selection in Spectrogram view. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 31 2015 David Timms <iinet.net.au@dtimms> - 2.1.0-1 - Update to 2.1.0 final release. * Mon Mar 30 2015 Richard Hughes <rhughes@xxxxxxxxxx> - 2.1.0-0.2.rc2 - Use better AppData screenshots * Thu Mar 5 2015 David Timms <iinet.net.au@dtimms> - 2.1.0-0.1.rc2 - Update to release candidate 2 for testing. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1207438 - audacity-2.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1207438 -------------------------------------------------------------------------------- ================================================================================ elk-3.0.18-10.fc20 (FEDORA-2015-6867) FP-LAPW Code -------------------------------------------------------------------------------- Update Information: elk-3.0.18 elk-3.0.4 elk-3.0.4 elk-3.0.4 elk-3.0.4 -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 24 2015 Marcin Dulak <Marcin.Dulak@xxxxxxxxx> - 3.0.18-10 - upstream update * Fri Feb 13 2015 Marcin Dulak <Marcin.Dulak@xxxxxxxxx> - 3.0.4-10 - upstream update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1192342 - elk-3.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1192342 [ 2 ] Bug #1214710 - elk-3.0.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1214710 -------------------------------------------------------------------------------- ================================================================================ etcd-2.0.9-1.fc20 (FEDORA-2015-6846) A highly-available key value store for shared configuration -------------------------------------------------------------------------------- Update Information: Update to v2.0.9 -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 8 2015 jchaloup <jchaloup@xxxxxxxxxx> - 2.0.9-1 - Update to v2.0.9 resolves: #1209666 * Fri Apr 3 2015 jchaloup <jchaloup@xxxxxxxxxx> - 2.0.8-0.2 - Update spec file to fit for rhel too (thanks to eparis) related: #1207881 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1209666 - etcd-v2.0.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1209666 -------------------------------------------------------------------------------- ================================================================================ fedfind-1.1.4-1.fc20 (FEDORA-2015-6863) Fedora Finder finds Fedora -------------------------------------------------------------------------------- Update Information: This update introduces fedfind to the official Fedora repositories. fedfind is a tool for finding Fedora images. See https://www.happyassassin.net/fedfind -------------------------------------------------------------------------------- ================================================================================ golang-github-matttproud-golang_protobuf_extensions-0-0.3.gitfc2b8d3.fc20 (FEDORA-2015-6947) Support for streaming Protocol Buffer messages for the Go language (golang) -------------------------------------------------------------------------------- Update Information: Bump to upstream fc2b8d3a73c4867e51861bbdd5ae3c1f0869dd6a -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 23 2015 jchaloup <jchaloup@xxxxxxxxxx> - 0-0.3.gitfc2b8d3 - Bump to upstream fc2b8d3a73c4867e51861bbdd5ae3c1f0869dd6a resolves: #1214797 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1214797 - Tracker for golang-github-matttproud-golang_protobuf_extensions https://bugzilla.redhat.com/show_bug.cgi?id=1214797 -------------------------------------------------------------------------------- ================================================================================ golang-github-prometheus-client_golang-0.4.0-1.fc20 (FEDORA-2015-6888) Prometheus instrumentation library for Go applications -------------------------------------------------------------------------------- Update Information: Bump to upstream 608ec8b69e284600a7ad1b36514a1e6876e22b9f -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 23 2015 jchaloup <jchaloup@xxxxxxxxxx> - 0.4.0-1 - Bump to upstream 608ec8b69e284600a7ad1b36514a1e6876e22b9f resolves: #1214784 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1214784 - Tracker for golang-github-prometheus-client_golang https://bugzilla.redhat.com/show_bug.cgi?id=1214784 -------------------------------------------------------------------------------- ================================================================================ grantlee-0.5.1-1.fc20 (FEDORA-2015-6912) Qt string template engine based on the Django template system -------------------------------------------------------------------------------- Update Information: Core KDE4 LTS components as part of KDE Applications 15.04.0 release, https://www.kde.org/announcements/announce-applications-15.04.0.php -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 12 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.5.1-1 - grantlee-0.5.1 * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.4.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 8 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 0.4.0-6 - make %check fatal (aarch64 has had some love) * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.4.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sun Mar 23 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 0.4.0-4 - pull in some upstream fixes (and use %autosetup) - make %check non-fatal (aarm64 needs some love) * Tue Dec 3 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.4.0-3 - %check: use xvfb-run * Tue Dec 3 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.4.0-2 - %check: make test * Fri Nov 29 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.4.0-1 - 0.4.0 -------------------------------------------------------------------------------- ================================================================================ gretl-1.10.1-2.fc20 (FEDORA-2015-6886) A tool for econometric analysis -------------------------------------------------------------------------------- Update Information: - fixes bug 1213980 - disabling AVX support -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 23 2015 Johannes Lips <hannes@xxxxxxxxxxxxxxxxx> - 1.10.1-2 - disable the AVX switch to fix bug #1213980 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1213980 - gretl 1.10.1 fails immediately with 'illegal instruction (core dumped)' https://bugzilla.redhat.com/show_bug.cgi?id=1213980 -------------------------------------------------------------------------------- ================================================================================ kate-4.14.3-5.fc20 (FEDORA-2015-6912) Advanced Text Editor -------------------------------------------------------------------------------- Update Information: Core KDE4 LTS components as part of KDE Applications 15.04.0 release, https://www.kde.org/announcements/announce-applications-15.04.0.php -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.14.3-5 - -part: Provides: kate4-part%{?_isa}, %doc COPYING.LIB here * Thu Feb 19 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.14.3-4 - kwrite: use %{?kde_runtime_requires} -------------------------------------------------------------------------------- ================================================================================ kde-baseapps-15.04.0-1.fc20 (FEDORA-2015-6912) KDE Core Applications -------------------------------------------------------------------------------- Update Information: Core KDE4 LTS components as part of KDE Applications 15.04.0 release, https://www.kde.org/announcements/announce-applications-15.04.0.php -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 15.04.0-1 - 15.04.0 * Wed Mar 11 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 14.12.3-3 - lower kfmclient_dir.desktop IntialPreference to 9, lower than dolphin 10 (f22+) - omit kde-plasma-folderview (f22+) * Tue Mar 10 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 14.12.3-2 - drop unused strigi/soprano build deps -------------------------------------------------------------------------------- ================================================================================ kde-runtime-15.04.0-1.fc20 (FEDORA-2015-6912) KDE Runtime -------------------------------------------------------------------------------- Update Information: Core KDE4 LTS components as part of KDE Applications 15.04.0 release, https://www.kde.org/announcements/announce-applications-15.04.0.php -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 13 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 15.04.0-1 - 15.04.0 -------------------------------------------------------------------------------- ================================================================================ kde-workspace-4.11.18-1.fc20 (FEDORA-2015-6912) KDE Workspace -------------------------------------------------------------------------------- Update Information: Core KDE4 LTS components as part of KDE Applications 15.04.0 release, https://www.kde.org/announcements/announce-applications-15.04.0.php -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 12 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.11.18-1 - 4.11.18 * Thu Mar 12 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.11.16-4 - consistently use %kdelibs4_requires %kde_runtime_requires macros -------------------------------------------------------------------------------- ================================================================================ kdelibs-4.14.7-4.fc20 (FEDORA-2015-6912) KDE Libraries -------------------------------------------------------------------------------- Update Information: Core KDE4 LTS components as part of KDE Applications 15.04.0 release, https://www.kde.org/announcements/announce-applications-15.04.0.php -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 6:4.14.7-4 - -ktexteditor subpkg (Requires: kate4-part) * Mon Apr 20 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 6:4.14.7-3 - omit apidocs in bootstrap mode * Mon Apr 13 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 6:4.14.7-2 - apps_version to 15.04.0 * Fri Apr 10 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 6:4.14.7-1 - 4.14.7 -------------------------------------------------------------------------------- ================================================================================ kdepim-4.14.7-2.fc20 (FEDORA-2015-6912) KDE PIM (Personal Information Manager) applications -------------------------------------------------------------------------------- Update Information: Core KDE4 LTS components as part of KDE Applications 15.04.0 release, https://www.kde.org/announcements/announce-applications-15.04.0.php -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 12 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 7:4.14.7-2 - bump build deps: grantlee >= 0.5.0, kdepimlibs >= 4.14.7 * Fri Apr 10 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 7:4.14.7-1 - 4.14.7 * Sun Mar 1 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 7:4.14.6-1 - 4.14.6 * Tue Feb 24 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 7:4.14.5-1 - 4.14.5 * Sat Feb 21 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 7:4.14.4-7 - kmail: drop Requires: spambayes (currently orphaned pkg) -------------------------------------------------------------------------------- ================================================================================ kdepim-runtime-4.14.7-1.fc20 (FEDORA-2015-6912) KDE PIM Runtime Environment -------------------------------------------------------------------------------- Update Information: Core KDE4 LTS components as part of KDE Applications 15.04.0 release, https://www.kde.org/announcements/announce-applications-15.04.0.php -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 10 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 1:4.14.7-1 - 4.14.7 -------------------------------------------------------------------------------- ================================================================================ kdepimlibs-4.14.7-1.fc20 (FEDORA-2015-6912) KDE PIM Libraries -------------------------------------------------------------------------------- Update Information: Core KDE4 LTS components as part of KDE Applications 15.04.0 release, https://www.kde.org/announcements/announce-applications-15.04.0.php -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 10 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 4.14.7-1 - 4.14.7 -------------------------------------------------------------------------------- ================================================================================ libmediainfo-0.7.73-2.fc20 (FEDORA-2015-6962) Library for supplies technical and tag information about a video or audio file -------------------------------------------------------------------------------- Update Information: Update libzen and mediainfo -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2015 Vasiliy N. Glazov <vascom2@xxxxxxxxx> - 0.7.73-2 - Correct lib version -------------------------------------------------------------------------------- ================================================================================ libxc-2.1.2-3.fc20 (FEDORA-2015-6905) Library of exchange and correlation functionals to be used in DFT codes -------------------------------------------------------------------------------- Update Information: Update to 2.1.2, with further backported patches to hybrid functionals. -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 24 2015 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 2.1.2-3 - Patch some hybrids. * Fri Apr 24 2015 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 2.1.2-2 - Patch broken makefiles. * Thu Feb 19 2015 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 2.1.2-1 - Update to 2.1.2. * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.1.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.1.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Mon Mar 24 2014 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 2.1.0-2 - Re-enable builds on ppc and ppc64 on EPEL. -------------------------------------------------------------------------------- ================================================================================ libzen-0.4.31-2.fc20 (FEDORA-2015-6962) Shared library for libmediainfo and medianfo* -------------------------------------------------------------------------------- Update Information: Update libzen and mediainfo -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2015 Vasiliy N. Glazov <vascom2@xxxxxxxxx> - 0.4.31-2 - Correct lib version -------------------------------------------------------------------------------- ================================================================================ lua-dbi-0.5-10.fc20 (FEDORA-2015-6958) Database interface library for Lua -------------------------------------------------------------------------------- Update Information: Build -compat subpackage against compat-lua -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu May 22 2014 Jan Kaluza <jkaluza@xxxxxxxxxx> - 0.5-8 - build -compat subpackage against compat-lua -------------------------------------------------------------------------------- ================================================================================ mediainfo-0.7.73-2.fc20 (FEDORA-2015-6962) Supplies technical and tag information about a video or audio file (CLI) -------------------------------------------------------------------------------- Update Information: Update libzen and mediainfo -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2015 Vasiliy N. Glazov <vascom2@xxxxxxxxx> - 0.7.73-2 - Rebuild with updated libmediainfo -------------------------------------------------------------------------------- ================================================================================ mimedefang-2.78-1.fc20 (FEDORA-2015-6884) E-Mail filtering framework using Sendmail's Milter interface -------------------------------------------------------------------------------- Update Information: MIMEDefang 2.78 =============== * Fix bug in logic that coalesces multiparts to single-parts if possible; the bug broke DKIM signing. Fix is courtesy of Peter Nagel. MIMEDefang 2.77 =============== * Change old author's name to "Dianne Skoll" in many places. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 23 2015 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 2.78-1 - Upgrade to 2.78 (#1213639) * Wed Apr 22 2015 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 2.77-1 - Upgrade to 2.77 (#1213639) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1213639 - mimedefang-2.77 is available https://bugzilla.redhat.com/show_bug.cgi?id=1213639 -------------------------------------------------------------------------------- ================================================================================ oxygen-icon-theme-15.04.0-1.fc20 (FEDORA-2015-6912) Oxygen icon theme -------------------------------------------------------------------------------- Update Information: Core KDE4 LTS components as part of KDE Applications 15.04.0 release, https://www.kde.org/announcements/announce-applications-15.04.0.php -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 10 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 15.04.0-1 - 15.04.0 -------------------------------------------------------------------------------- ================================================================================ pcre-8.33-10.fc20 (FEDORA-2015-6928) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release fixes pkg-config module output for static linking. It also provides pcredemo.c example in pcre-devel documentation. This release fixes various bugs when compiling regular expressions or matching them which could lead to a process crash. Also infinite loop in pcretest(1) and pcregrep(1) tools when using \K in a lookbehind assertion was fixed. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 23 2015 Petr Pisar <ppisar@xxxxxxxxxx> - 8.33-10 - Fix static linking (bug #1214494) - Package pcredemo.c as a documentation for pcre-devel * Fri Apr 10 2015 Petr Pisar <ppisar@xxxxxxxxxx> - 8.33-9 - Fix computing size for pattern with a negated special calss in on-UCP mode (bug #1210383) - Fix compilation of a parenthesized comment (bug #1210410) - Fix compliation of mutual recursion inside a lookbehind assertion (bug #1210417) - Fix pcregrep loop when \K is used in a lookbehind assertion (bug #1210423) - Fix pcretest loop when \K is used in a lookbehind assertion (bug #1210423) - Fix backtracking for \C\X* in UTF-8 mode (bug #1210576) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1210383 - Crash when compiling /[\\S\\V\\H]/8 https://bugzilla.redhat.com/show_bug.cgi?id=1210383 [ 2 ] Bug #1210417 - Crash when compiling /(?<=((?2))((?1)))/ https://bugzilla.redhat.com/show_bug.cgi?id=1210417 [ 3 ] Bug #1210576 - Crash when matching /\\C\\X*/ in UTF-8 mode https://bugzilla.redhat.com/show_bug.cgi?id=1210576 [ 4 ] Bug #1214494 - add -pthread to pkg-config https://bugzilla.redhat.com/show_bug.cgi?id=1214494 [ 5 ] Bug #1210410 - Internal error when compiling /(?1)(?#?'){8}(a)/ https://bugzilla.redhat.com/show_bug.cgi?id=1210410 [ 6 ] Bug #1210423 - pcregrep -o '(?<=\\Ka)' does not halt https://bugzilla.redhat.com/show_bug.cgi?id=1210423 -------------------------------------------------------------------------------- ================================================================================ qiv-2.3.1-1.fc20 (FEDORA-2015-6948) Quick Image Viewer -------------------------------------------------------------------------------- Update Information: * browse option now starts with first picture on command line. * fix direction of scrollwheel for next/previous image * center mouse cursor position in magnifying window * update COPYING and optimize libmagic calls * improve display of exif GPS tags * new option --vikeys to allow for vi-style movement * disable screensaver and DPMS during slideshow * improvements to qiv-command.example * fix possible segfaults when dealing with corrupt embedded color profiles. * do not segfault when "browse" option is called without a further argument. * fix magnifying window. Zoom factor of magnifying window can be changed by +/- keys. * get rid of XID collision * Make conditional rotate leave images that fit alone. * Add --followlinks option to all symlinks to dirs. * Fixed inconsistency with rotate option, add conditional rotation * Add runtime option to display Exif information * Add runtime option to toggle grab mode * Add support for embedded color profiles in tiff * Better fullscreen handling with multi monitors. Xinerama is no longer needed. * Notice when a mouse click makes the display-text disappear. * Center display-text on the preferred xinerama screen. * Simplify image-move checking code and allow it to move an image farther. * Add support for embedded color profiles in jpg * add color profile support via lcms2. * when using "--watch" option, make sure pic is not reloaded while still written. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2015 Andreas Bierfert <andreas.bierfert@xxxxxxxxxxxxx> - 2.3.1-1 - version upgrade * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.2.4-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.2.4-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat Nov 30 2013 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 2.3-1 - version upgrade -------------------------------------------------------------------------------- ================================================================================ root-5.34.30-1.fc20 (FEDORA-2015-6871) Numerical data analysis framework -------------------------------------------------------------------------------- Update Information: root 5.34.30 https://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 24 2015 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 5.34.30-1 - Update to 5.34.30 - New sub-package: root-python3 - Disable hadoop/hdfs support for F23+ (not installable) - Drop previously backported gcc 5 patches -------------------------------------------------------------------------------- ================================================================================ springframework-3.1.4-3.fc20 (FEDORA-2015-6862) Spring Java Application Framework -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2014-0225 -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 24 2015 Michal Srb <msrb@xxxxxxxxxx> - 0:3.1.4-3 - Resolves: CVE-2014-0225 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1110110 - CVE-2014-0225 Spring Framework: Information disclosure via SSRF https://bugzilla.redhat.com/show_bug.cgi?id=1110110 -------------------------------------------------------------------------------- ================================================================================ supertux-0.3.5-1.fc20 (FEDORA-2015-6931) Jump'n run like game -------------------------------------------------------------------------------- Update Information: Update to 0.3.5 -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 13 2015 David King <amigadave@xxxxxxxxxxxxx> - 0.3.5-1 - Update to 0.3.5 - Validate AppData during check - Install man page -------------------------------------------------------------------------------- ================================================================================ testdisk-7.0-2.fc20 (FEDORA-2015-6933) Tool to check and undelete partition, PhotoRec recovers lost files -------------------------------------------------------------------------------- Update Information: TestDisk 7.0 fixes several stack overflows. The new photorec is faster. qphotorec is a qt4 version of PhotoRec. Full release notes: http://www.cgsecurity.org/wiki/TestDisk_7.0_Release -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 23 2015 Christophe Grenier <grenier@xxxxxxxxxxxxxx> - 7.0-2 - Move qphotorec to a subpackage - rebuild for ntfs-3g-2015.3.14 * Sat Apr 18 2015 Christophe Grenier <grenier@xxxxxxxxxxxxxx> - 7.0-1 - Update to latest version - This version includes some security fixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1036410 - [abrt] testdisk-6.14-2.fc20: strcmp: Process /usr/bin/testdisk was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=1036410 [ 2 ] Bug #1116512 - Please update to 7.0 https://bugzilla.redhat.com/show_bug.cgi?id=1116512 [ 3 ] Bug #1214681 - testdisk 7.x dependency issue https://bugzilla.redhat.com/show_bug.cgi?id=1214681 [ 4 ] Bug #1213070 - testdisk-7.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1213070 [ 5 ] Bug #1215250 - RFE: Please split the package into GUI and CLI part https://bugzilla.redhat.com/show_bug.cgi?id=1215250 -------------------------------------------------------------------------------- ================================================================================ tomcatjss-7.1.2-1.fc20 (FEDORA-2015-6955) JSSE implementation using JSS for Tomcat -------------------------------------------------------------------------------- Update Information: Resolves rhbz #1198450, #1214858 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 4 2015 Endi Sukma Dewata <edewata@xxxxxxxxxx> 7.1.2-1 - Bugzilla Bug #1198450 - Support for Tomcat 8 - Bugzilla Bug #1214858 - Add nuxwdog support (alee) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1214858 - password interface needs to be updated to support nuxwdog https://bugzilla.redhat.com/show_bug.cgi?id=1214858 [ 2 ] Bug #1198450 - Support for Tomcat 8 https://bugzilla.redhat.com/show_bug.cgi?id=1198450 -------------------------------------------------------------------------------- ================================================================================ v8-3.14.5.10-18.fc20 (FEDORA-2015-6908) JavaScript Engine -------------------------------------------------------------------------------- Update Information: Fix for ARM-only CVE-2014-3152 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 23 2015 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1:3.14.5.10-18 - backport security fix for ARM - CVE-2014-3152 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1101056 - CVE-2014-3152 v8: integer underflow fixed in Google Chrome 35.0.1916.114 https://bugzilla.redhat.com/show_bug.cgi?id=1101056 -------------------------------------------------------------------------------- ================================================================================ wordpress-4.1.3-1.fc20 (FEDORA-2015-6790) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. https://wordpress.org/news/2015/04/wordpress-4-1-2/ -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 24 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 4.1.3-1 - WordPress 4.1.3 Maintenance Release * Thu Apr 23 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 4.1.2-1 - WordPress 4.1.2 Security Release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1214650 - wordpress: several vulnerabilities fixed in Wordpress 4.1.2 https://bugzilla.redhat.com/show_bug.cgi?id=1214650 -------------------------------------------------------------------------------- ================================================================================ wpa_supplicant-2.0-13.fc20 (FEDORA-2015-6952) WPA/WPA2/IEEE 802.1X Supplicant -------------------------------------------------------------------------------- Update Information: This update addresses a security vulnerability identified as CVE-2015-1863 . More information on this vulnerability is provided by upstream at https://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt . An extract: Attacker (or a system controlled by the attacker) needs to be within radio range of the vulnerable system to send a suitably constructed management frame that triggers a P2P peer device information to be created or updated. The vulnerability is easiest to exploit while the device has started an active P2P operation (e.g., has ongoing P2P_FIND or P2P_LISTEN control interface command in progress). However, it may be possible, though significantly more difficult, to trigger this even without any active P2P operation in progress. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 23 2015 Adam Williamson <awilliam@xxxxxxxxxx> - 1:2.0-13 - backport fix for CVE-2015-1863 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
