Fedora 20 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 20 Security updates need testing:
 Age  URL
 148  https://admin.fedoraproject.org/updates/FEDORA-2014-15988/fail2ban-0.9.1-1.fc20
 128  https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20
  83  https://admin.fedoraproject.org/updates/FEDORA-2015-1718/389-admin-1.1.38-1.fc20
  66  https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20
  51  https://admin.fedoraproject.org/updates/FEDORA-2015-3417/389-ds-base-1.3.2.27-1.fc20
  46  https://admin.fedoraproject.org/updates/FEDORA-2015-3738/ImageMagick-6.8.6.3-6.fc20
  33  https://admin.fedoraproject.org/updates/FEDORA-2015-4672/quassel-0.11.0-2.fc20
  26  https://admin.fedoraproject.org/updates/FEDORA-2015-5398/thunderbird-31.6.0-1.fc20
  19  https://admin.fedoraproject.org/updates/FEDORA-2015-5910/netcf-0.2.8-1.fc20
  18  https://admin.fedoraproject.org/updates/FEDORA-2015-5970/asterisk-11.17.1-1.fc20
  18  https://admin.fedoraproject.org/updates/FEDORA-2015-5978/krb5-1.11.5-20.fc20
  11  https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2015-6428/prosody-0.9.8-1.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2015-6417/dpkg-1.16.16-1.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2015-6621/xulrunner-37.0.2-1.fc20,firefox-37.0.2-1.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2015-6583/xen-4.3.4-3.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2015-6573/qt3-3.3.8b-63.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2015-6401/proftpd-1.3.4e-3.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2015-6815/ikiwiki-3.20150329-1.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-6908/v8-3.14.5.10-18.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-6933/testdisk-7.0-2.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-6862/springframework-3.1.4-3.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-6891/async-http-client-1.7.22-2.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-6952/wpa_supplicant-2.0-13.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-7057/pdns-3.3.1-3.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-7079/pdns-recursor-3.7.2-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-6790/wordpress-4.2.1-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-7159/dovecot-2.2.16-2.fc20


The following Fedora 20 Critical Path updates have yet to be approved:
 Age URL
  66  https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20
  11  https://admin.fedoraproject.org/updates/FEDORA-2015-6317/python-slip-0.6.1-1.fc20
  11  https://admin.fedoraproject.org/updates/FEDORA-2015-6333/linux-firmware-20150410-47.gitec89525b.fc20
  11  https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2015-6418/lua-socket-3.0-0.7rc1.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2015-6586/crda-1.1.3_2015.04.06-1.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2015-6627/mobile-broadband-provider-info-1.20150421git-1.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2015-6621/xulrunner-37.0.2-1.fc20,firefox-37.0.2-1.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-6928/pcre-8.33-10.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-6952/wpa_supplicant-2.0-13.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-7065/ibus-1.5.10-3.fc20


The following builds have been pushed to Fedora 20 updates-testing

    devscripts-2.15.4-1.fc20
    docker-io-1.6.0-0.2.rc6.fc20
    dovecot-2.2.16-2.fc20
    flxmlrpc-0.1.3-1.fc20
    libbluedevil-2.1-3.fc20
    lnst-8-1.fc20
    nut-2.7.3-2.fc20
    perl-Tangerine-0.15-1.fc20
    php-horde-Horde-Imap-Client-2.28.0-1.fc20
    python-fedmsg-meta-fedora-infrastructure-0.5.2-1.fc20
    tangerine-0.16-1.fc20
    tzdata-2015d-1.fc20
    wordpress-4.2.1-1.fc20
    xpra-0.14.22-4.fc20

Details about builds:


================================================================================
 devscripts-2.15.4-1.fc20 (FEDORA-2015-7110)
 Scripts for Debian Package maintainers
--------------------------------------------------------------------------------
Update Information:

Update to version 2.15.4, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.4_changelog for details.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 28 2015 Sandro Mani <manisandro@xxxxxxxxx> - 2.15.4-1
- Update to 2.15.4
--------------------------------------------------------------------------------


================================================================================
 docker-io-1.6.0-0.2.rc6.fc20 (FEDORA-2015-7160)
 Automates deployment of containerized applications
--------------------------------------------------------------------------------
Update Information:

Obsolete docker-io-pkg-devel < 1.6.0-1
build @rhatdan/fedora-1.6 commit#b27feb4
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 28 2015 jchaloup <jchaloup@xxxxxxxxxx> - 1.6.0-0.2.rc6
- Obsolete docker-io-pkg-devel < 1.6.0-1
- Update a list of provides of devel subpackage
  resolves: #1215912
* Wed Apr 15 2015 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 1.6.0-0.1.rc6
- build @rhatdan/fedora-1.6 commit#b27feb4
- moved GOTRACEBACK=crash to unitfile
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1215912 - docker-io-pkg-devel conflicts with docker-io-devel
        https://bugzilla.redhat.com/show_bug.cgi?id=1215912
--------------------------------------------------------------------------------


================================================================================
 dovecot-2.2.16-2.fc20 (FEDORA-2015-7159)
 Secure imap and pop3 server
--------------------------------------------------------------------------------
Update Information:

fixes CVE-2015-3420: SSL/TLS handshake failures leading to a crash of the login process
- dovecot updated to 2.2.16
- auth: Don't crash if master user login is attempted without
  any configured master=yes passdbs
- Parsing UTF-8 text for mails could have caused broken results
  sometimes if buffering was split in the middle of a UTF-8 character.
  This affected at least searching messages.
- String sanitization for some logged output wasn't done properly:
  UTF-8 text could have been truncated wrongly or the truncation may
  not have happened at all.
- fts-lucene: Lookups from virtual mailbox consisting of over 32
  physical mailboxes could have caused crashes.
- dovecot updated to 2.2.16
- auth: Don't crash if master user login is attempted without
  any configured master=yes passdbs
- Parsing UTF-8 text for mails could have caused broken results
  sometimes if buffering was split in the middle of a UTF-8 character.
  This affected at least searching messages.
- String sanitization for some logged output wasn't done properly:
  UTF-8 text could have been truncated wrongly or the truncation may
  not have happened at all.
- fts-lucene: Lookups from virtual mailbox consisting of over 32
  physical mailboxes could have caused crashes.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 28 2015 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 1:2.2.16-2
- fix CVE-2015-3420: SSL/TLS handshake failures leading to a crash of the login process
* Mon Mar 16 2015 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 1:2.2.16-1
- dovecot updated to 2.2.16
- auth: Don't crash if master user login is attempted without
  any configured master=yes passdbs
- Parsing UTF-8 text for mails could have caused broken results
  sometimes if buffering was split in the middle of a UTF-8 character.
  This affected at least searching messages.
- String sanitization for some logged output wasn't done properly:
  UTF-8 text could have been truncated wrongly or the truncation may
  not have happened at all.
- fts-lucene: Lookups from virtual mailbox consisting of over 32
  physical mailboxes could have caused crashes.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1216057 - CVE-2015-3420 dovecot: SSL/TLS handshake failures leading to a crash of the login process.
        https://bugzilla.redhat.com/show_bug.cgi?id=1216057
--------------------------------------------------------------------------------


================================================================================
 flxmlrpc-0.1.3-1.fc20 (FEDORA-2015-7109)
 An xmlrpc library for the NBEMS suite of programs
--------------------------------------------------------------------------------
Update Information:

Initial import (#1214467).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1214467 - Review Request: flxmlrpc - An xmlrpc library for the NBEMS suite of programs
        https://bugzilla.redhat.com/show_bug.cgi?id=1214467
--------------------------------------------------------------------------------


================================================================================
 libbluedevil-2.1-3.fc20 (FEDORA-2015-7114)
 A Qt wrapper for bluez
--------------------------------------------------------------------------------
Update Information:

Pull in upstream crash fix when resuming from suspend, see http://bugs.kde.org/346329
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 28 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.1-3
- kded4 crash when resume from suspend (kde#346329)
* Tue Feb  3 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.1-2
- pull in upstream fix for abi break (introduced in 2.1)
--------------------------------------------------------------------------------


================================================================================
 lnst-8-1.fc20 (FEDORA-2015-7124)
 Common code for lnst-ctl and lnst-slave
--------------------------------------------------------------------------------
Update Information:

- Updating to stable release 8
- Fixed subpackages dependencies
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 27 2015 Jiri Pirko <jpirko@xxxxxxxxxx> - 8-1
- Updating to stable release 8
- Fixed subpackages dependencies
--------------------------------------------------------------------------------


================================================================================
 nut-2.7.3-2.fc20 (FEDORA-2015-7117)
 Network UPS Tools
--------------------------------------------------------------------------------
Update Information:

 - support for new devices
 - usbhid-ups: add support for OpenUPS2 (PID: D005), Liebert GXT3 (PID: 0008)
   APC AP9584 Serial->USB kit (PID: 0000), and some Powercom models
   (PID: 0001). Fixed scaling for Cyberpower 0764:0501.

 - USB core: do not call usb_set_altinterface(0) by default
 - nutdrv_qx: added fabula, fuji USB and Voltronic-QS-HEX subdrivers; add bestups subdriver to supersede the old standalone bestups driver
 - NUT Monitor: added FreeDesktop AppData file (including screenshots)
 - renamed udev rules file to 62-nut-usbups.rules (permissions fix)
 - all drivers: a new 'synchronous' driver flag is available for very verbose units, such as some ePDUs
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 28 2015 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 2.7.3-2
- start nut driver before the daemon
* Thu Apr 23 2015 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 2.7.3-1
- nut updated to 2.7.3
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.7.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.7.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1215801 - problem in nut-server.service in version 2.7.3
        https://bugzilla.redhat.com/show_bug.cgi?id=1215801
--------------------------------------------------------------------------------


================================================================================
 perl-Tangerine-0.15-1.fc20 (FEDORA-2015-7146)
 Analyse perl files and report module-related information
--------------------------------------------------------------------------------
Update Information:

This update introduces, together with other improvements and bugfixes, support for parallel processing (the `-j' option) and diffs (the `-d' option).

Note this update also splits the `tangerine' utility into its own package.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 27 2015 Petr Šabata <contyk@xxxxxxxxxx> - 0.15-1
- 0.15 bump
- The utility is now provided by a separate distribution/package
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1215296 - perl-Tangerine-0.15 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1215296
  [ 2 ] Bug #1215575 - Review Request: tangerine - Perl dependency metadata tool
        https://bugzilla.redhat.com/show_bug.cgi?id=1215575
--------------------------------------------------------------------------------


================================================================================
 php-horde-Horde-Imap-Client-2.28.0-1.fc20 (FEDORA-2015-7158)
 Horde IMAP abstraction interface
--------------------------------------------------------------------------------
Update Information:

**Horde_Imap_Client 2.28.0**
* [mms] Fix parsing mailbox name from STATUS response on servers that have the UTF8 extension enabled.
* [jan] Fix searching with non-ASCII strings in AND/OR-combined searches.
* [jan] Fix issues with certain locales like Turkish.
* [mms] Pipeline ID command with other commands, if possible.

--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 28 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.28.0-1
- Update to 2.28.0
--------------------------------------------------------------------------------


================================================================================
 python-fedmsg-meta-fedora-infrastructure-0.5.2-1.fc20 (FEDORA-2015-7111)
 Metadata providers for Fedora Infrastructure's fedmsg deployment
--------------------------------------------------------------------------------
Update Information:

New FAF processor \(thanks @mbrysa!\) and a bugfix to the planet processor.
New zanata processor.  Fixes to anitya processor.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 28 2015 Ralph Bean <rbean@xxxxxxxxxx> - 0.5.2-1
- new version
* Thu Apr 23 2015 Ralph Bean <rbean@xxxxxxxxxx> - 0.5.1-1
- new version
* Thu Apr 23 2015 Ralph Bean <rbean@xxxxxxxxxx> - 0.5.0-1
- new version
--------------------------------------------------------------------------------


================================================================================
 tangerine-0.16-1.fc20 (FEDORA-2015-7146)
 Perl dependency metadata tool
--------------------------------------------------------------------------------
Update Information:

This update introduces, together with other improvements and bugfixes, support for parallel processing (the `-j' option) and diffs (the `-d' option).

Note this update also splits the `tangerine' utility into its own package.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1215296 - perl-Tangerine-0.15 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1215296
  [ 2 ] Bug #1215575 - Review Request: tangerine - Perl dependency metadata tool
        https://bugzilla.redhat.com/show_bug.cgi?id=1215575
--------------------------------------------------------------------------------


================================================================================
 tzdata-2015d-1.fc20 (FEDORA-2015-7103)
 Timezone data
--------------------------------------------------------------------------------
Update Information:

Rebase to 2015
- Egypt will not observe DST in 2015 and will consider canceling it permanently.  For now, assume no DST indefinitely.
- The abbreviations for Hawaii-Aleutian standard and daylight times have been changed from HAST/HADT to HST/HDT, as per US Government Printing Office style.  This affects only America/Adak since 1983, as America/Honolulu was already using the new style.

--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 27 2015 Patsy Franklin <pfrankli@xxxxxxxxxx> - 2015d-1
- Rebase to 2015d
  - Egypt will not observe DST in 2015 and will consider canceling it
    permanently.  For now, assume no DST indefinitely.
  - The abbreviations for Hawaii-Aleutian standard and daylight times
    have been changed from HAST/HADT to HST/HDT, as per US Government
    Printing Office style.  This affects only America/Adak since 1983,
    as America/Honolulu was already using the new style.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1215298 - tzdata-2015d is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1215298
--------------------------------------------------------------------------------


================================================================================
 wordpress-4.2.1-1.fc20 (FEDORA-2015-6790)
 Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:

**WordPress 4.2 “Powell” **
* Upstream announcement https://wordpress.org/news/2015/04/powell/

**WordPress 4.2.1 Security Release**
* Upstream announcement https://wordpress.org/news/2015/04/wordpress-4-2-1/


--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 28 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 4.2.1-1
- WordPress 4.2.1 Security Release
- WordPress 4.2 “Powell”
* Fri Apr 24 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 4.1.3-1
- WordPress 4.1.3 Maintenance Release
* Thu Apr 23 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 4.1.2-1
- WordPress 4.1.2 Security Release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1214650 - wordpress: several vulnerabilities fixed in Wordpress 4.1.2
        https://bugzilla.redhat.com/show_bug.cgi?id=1214650
  [ 2 ] Bug #1216069 - wordpress: stored XSS via long comments
        https://bugzilla.redhat.com/show_bug.cgi?id=1216069
--------------------------------------------------------------------------------


================================================================================
 xpra-0.14.22-4.fc20 (FEDORA-2015-7136)
 Remote display server for applications and desktops
--------------------------------------------------------------------------------
Update Information:

Update to 0.14.22 (various bug fixes). Add patch to remove reference to the xorg void driver in xorg.conf (BZ #1215527).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1215527 - Drop usage of xorg-x11-drv-void in xpra's xorg.conf
        https://bugzilla.redhat.com/show_bug.cgi?id=1215527
  [ 2 ] Bug #1210752 - xpra-0.14.22 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1210752
  [ 3 ] Bug #1206914 - Package should contain an AppData file
        https://bugzilla.redhat.com/show_bug.cgi?id=1206914
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test





[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux