The following Fedora 20 Security updates need testing: Age URL 148 https://admin.fedoraproject.org/updates/FEDORA-2014-15988/fail2ban-0.9.1-1.fc20 128 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20 83 https://admin.fedoraproject.org/updates/FEDORA-2015-1718/389-admin-1.1.38-1.fc20 66 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 51 https://admin.fedoraproject.org/updates/FEDORA-2015-3417/389-ds-base-1.3.2.27-1.fc20 46 https://admin.fedoraproject.org/updates/FEDORA-2015-3738/ImageMagick-6.8.6.3-6.fc20 33 https://admin.fedoraproject.org/updates/FEDORA-2015-4672/quassel-0.11.0-2.fc20 26 https://admin.fedoraproject.org/updates/FEDORA-2015-5398/thunderbird-31.6.0-1.fc20 19 https://admin.fedoraproject.org/updates/FEDORA-2015-5910/netcf-0.2.8-1.fc20 18 https://admin.fedoraproject.org/updates/FEDORA-2015-5970/asterisk-11.17.1-1.fc20 18 https://admin.fedoraproject.org/updates/FEDORA-2015-5978/krb5-1.11.5-20.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-6428/prosody-0.9.8-1.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-6417/dpkg-1.16.16-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2015-6621/xulrunner-37.0.2-1.fc20,firefox-37.0.2-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2015-6583/xen-4.3.4-3.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2015-6573/qt3-3.3.8b-63.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-6401/proftpd-1.3.4e-3.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-6815/ikiwiki-3.20150329-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-6908/v8-3.14.5.10-18.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-6933/testdisk-7.0-2.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-6862/springframework-3.1.4-3.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-6891/async-http-client-1.7.22-2.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-6952/wpa_supplicant-2.0-13.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-7057/pdns-3.3.1-3.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-7079/pdns-recursor-3.7.2-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6790/wordpress-4.2.1-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-7159/dovecot-2.2.16-2.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 66 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2015-6317/python-slip-0.6.1-1.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2015-6333/linux-firmware-20150410-47.gitec89525b.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-6418/lua-socket-3.0-0.7rc1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2015-6586/crda-1.1.3_2015.04.06-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2015-6627/mobile-broadband-provider-info-1.20150421git-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2015-6621/xulrunner-37.0.2-1.fc20,firefox-37.0.2-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-6928/pcre-8.33-10.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-6952/wpa_supplicant-2.0-13.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-7065/ibus-1.5.10-3.fc20 The following builds have been pushed to Fedora 20 updates-testing devscripts-2.15.4-1.fc20 docker-io-1.6.0-0.2.rc6.fc20 dovecot-2.2.16-2.fc20 flxmlrpc-0.1.3-1.fc20 libbluedevil-2.1-3.fc20 lnst-8-1.fc20 nut-2.7.3-2.fc20 perl-Tangerine-0.15-1.fc20 php-horde-Horde-Imap-Client-2.28.0-1.fc20 python-fedmsg-meta-fedora-infrastructure-0.5.2-1.fc20 tangerine-0.16-1.fc20 tzdata-2015d-1.fc20 wordpress-4.2.1-1.fc20 xpra-0.14.22-4.fc20 Details about builds: ================================================================================ devscripts-2.15.4-1.fc20 (FEDORA-2015-7110) Scripts for Debian Package maintainers -------------------------------------------------------------------------------- Update Information: Update to version 2.15.4, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.4_changelog for details. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 Sandro Mani <manisandro@xxxxxxxxx> - 2.15.4-1 - Update to 2.15.4 -------------------------------------------------------------------------------- ================================================================================ docker-io-1.6.0-0.2.rc6.fc20 (FEDORA-2015-7160) Automates deployment of containerized applications -------------------------------------------------------------------------------- Update Information: Obsolete docker-io-pkg-devel < 1.6.0-1 build @rhatdan/fedora-1.6 commit#b27feb4 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 jchaloup <jchaloup@xxxxxxxxxx> - 1.6.0-0.2.rc6 - Obsolete docker-io-pkg-devel < 1.6.0-1 - Update a list of provides of devel subpackage resolves: #1215912 * Wed Apr 15 2015 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 1.6.0-0.1.rc6 - build @rhatdan/fedora-1.6 commit#b27feb4 - moved GOTRACEBACK=crash to unitfile -------------------------------------------------------------------------------- References: [ 1 ] Bug #1215912 - docker-io-pkg-devel conflicts with docker-io-devel https://bugzilla.redhat.com/show_bug.cgi?id=1215912 -------------------------------------------------------------------------------- ================================================================================ dovecot-2.2.16-2.fc20 (FEDORA-2015-7159) Secure imap and pop3 server -------------------------------------------------------------------------------- Update Information: fixes CVE-2015-3420: SSL/TLS handshake failures leading to a crash of the login process - dovecot updated to 2.2.16 - auth: Don't crash if master user login is attempted without any configured master=yes passdbs - Parsing UTF-8 text for mails could have caused broken results sometimes if buffering was split in the middle of a UTF-8 character. This affected at least searching messages. - String sanitization for some logged output wasn't done properly: UTF-8 text could have been truncated wrongly or the truncation may not have happened at all. - fts-lucene: Lookups from virtual mailbox consisting of over 32 physical mailboxes could have caused crashes. - dovecot updated to 2.2.16 - auth: Don't crash if master user login is attempted without any configured master=yes passdbs - Parsing UTF-8 text for mails could have caused broken results sometimes if buffering was split in the middle of a UTF-8 character. This affected at least searching messages. - String sanitization for some logged output wasn't done properly: UTF-8 text could have been truncated wrongly or the truncation may not have happened at all. - fts-lucene: Lookups from virtual mailbox consisting of over 32 physical mailboxes could have caused crashes. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 1:2.2.16-2 - fix CVE-2015-3420: SSL/TLS handshake failures leading to a crash of the login process * Mon Mar 16 2015 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 1:2.2.16-1 - dovecot updated to 2.2.16 - auth: Don't crash if master user login is attempted without any configured master=yes passdbs - Parsing UTF-8 text for mails could have caused broken results sometimes if buffering was split in the middle of a UTF-8 character. This affected at least searching messages. - String sanitization for some logged output wasn't done properly: UTF-8 text could have been truncated wrongly or the truncation may not have happened at all. - fts-lucene: Lookups from virtual mailbox consisting of over 32 physical mailboxes could have caused crashes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1216057 - CVE-2015-3420 dovecot: SSL/TLS handshake failures leading to a crash of the login process. https://bugzilla.redhat.com/show_bug.cgi?id=1216057 -------------------------------------------------------------------------------- ================================================================================ flxmlrpc-0.1.3-1.fc20 (FEDORA-2015-7109) An xmlrpc library for the NBEMS suite of programs -------------------------------------------------------------------------------- Update Information: Initial import (#1214467). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1214467 - Review Request: flxmlrpc - An xmlrpc library for the NBEMS suite of programs https://bugzilla.redhat.com/show_bug.cgi?id=1214467 -------------------------------------------------------------------------------- ================================================================================ libbluedevil-2.1-3.fc20 (FEDORA-2015-7114) A Qt wrapper for bluez -------------------------------------------------------------------------------- Update Information: Pull in upstream crash fix when resuming from suspend, see http://bugs.kde.org/346329 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.1-3 - kded4 crash when resume from suspend (kde#346329) * Tue Feb 3 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.1-2 - pull in upstream fix for abi break (introduced in 2.1) -------------------------------------------------------------------------------- ================================================================================ lnst-8-1.fc20 (FEDORA-2015-7124) Common code for lnst-ctl and lnst-slave -------------------------------------------------------------------------------- Update Information: - Updating to stable release 8 - Fixed subpackages dependencies -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 27 2015 Jiri Pirko <jpirko@xxxxxxxxxx> - 8-1 - Updating to stable release 8 - Fixed subpackages dependencies -------------------------------------------------------------------------------- ================================================================================ nut-2.7.3-2.fc20 (FEDORA-2015-7117) Network UPS Tools -------------------------------------------------------------------------------- Update Information: - support for new devices - usbhid-ups: add support for OpenUPS2 (PID: D005), Liebert GXT3 (PID: 0008) APC AP9584 Serial->USB kit (PID: 0000), and some Powercom models (PID: 0001). Fixed scaling for Cyberpower 0764:0501. - USB core: do not call usb_set_altinterface(0) by default - nutdrv_qx: added fabula, fuji USB and Voltronic-QS-HEX subdrivers; add bestups subdriver to supersede the old standalone bestups driver - NUT Monitor: added FreeDesktop AppData file (including screenshots) - renamed udev rules file to 62-nut-usbups.rules (permissions fix) - all drivers: a new 'synchronous' driver flag is available for very verbose units, such as some ePDUs -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 2.7.3-2 - start nut driver before the daemon * Thu Apr 23 2015 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 2.7.3-1 - nut updated to 2.7.3 * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.7.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.7.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1215801 - problem in nut-server.service in version 2.7.3 https://bugzilla.redhat.com/show_bug.cgi?id=1215801 -------------------------------------------------------------------------------- ================================================================================ perl-Tangerine-0.15-1.fc20 (FEDORA-2015-7146) Analyse perl files and report module-related information -------------------------------------------------------------------------------- Update Information: This update introduces, together with other improvements and bugfixes, support for parallel processing (the `-j' option) and diffs (the `-d' option). Note this update also splits the `tangerine' utility into its own package. -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 27 2015 Petr Šabata <contyk@xxxxxxxxxx> - 0.15-1 - 0.15 bump - The utility is now provided by a separate distribution/package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1215296 - perl-Tangerine-0.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=1215296 [ 2 ] Bug #1215575 - Review Request: tangerine - Perl dependency metadata tool https://bugzilla.redhat.com/show_bug.cgi?id=1215575 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Imap-Client-2.28.0-1.fc20 (FEDORA-2015-7158) Horde IMAP abstraction interface -------------------------------------------------------------------------------- Update Information: **Horde_Imap_Client 2.28.0** * [mms] Fix parsing mailbox name from STATUS response on servers that have the UTF8 extension enabled. * [jan] Fix searching with non-ASCII strings in AND/OR-combined searches. * [jan] Fix issues with certain locales like Turkish. * [mms] Pipeline ID command with other commands, if possible. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.28.0-1 - Update to 2.28.0 -------------------------------------------------------------------------------- ================================================================================ python-fedmsg-meta-fedora-infrastructure-0.5.2-1.fc20 (FEDORA-2015-7111) Metadata providers for Fedora Infrastructure's fedmsg deployment -------------------------------------------------------------------------------- Update Information: New FAF processor \(thanks @mbrysa!\) and a bugfix to the planet processor. New zanata processor. Fixes to anitya processor. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 Ralph Bean <rbean@xxxxxxxxxx> - 0.5.2-1 - new version * Thu Apr 23 2015 Ralph Bean <rbean@xxxxxxxxxx> - 0.5.1-1 - new version * Thu Apr 23 2015 Ralph Bean <rbean@xxxxxxxxxx> - 0.5.0-1 - new version -------------------------------------------------------------------------------- ================================================================================ tangerine-0.16-1.fc20 (FEDORA-2015-7146) Perl dependency metadata tool -------------------------------------------------------------------------------- Update Information: This update introduces, together with other improvements and bugfixes, support for parallel processing (the `-j' option) and diffs (the `-d' option). Note this update also splits the `tangerine' utility into its own package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1215296 - perl-Tangerine-0.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=1215296 [ 2 ] Bug #1215575 - Review Request: tangerine - Perl dependency metadata tool https://bugzilla.redhat.com/show_bug.cgi?id=1215575 -------------------------------------------------------------------------------- ================================================================================ tzdata-2015d-1.fc20 (FEDORA-2015-7103) Timezone data -------------------------------------------------------------------------------- Update Information: Rebase to 2015 - Egypt will not observe DST in 2015 and will consider canceling it permanently. For now, assume no DST indefinitely. - The abbreviations for Hawaii-Aleutian standard and daylight times have been changed from HAST/HADT to HST/HDT, as per US Government Printing Office style. This affects only America/Adak since 1983, as America/Honolulu was already using the new style. -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 27 2015 Patsy Franklin <pfrankli@xxxxxxxxxx> - 2015d-1 - Rebase to 2015d - Egypt will not observe DST in 2015 and will consider canceling it permanently. For now, assume no DST indefinitely. - The abbreviations for Hawaii-Aleutian standard and daylight times have been changed from HAST/HADT to HST/HDT, as per US Government Printing Office style. This affects only America/Adak since 1983, as America/Honolulu was already using the new style. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1215298 - tzdata-2015d is available https://bugzilla.redhat.com/show_bug.cgi?id=1215298 -------------------------------------------------------------------------------- ================================================================================ wordpress-4.2.1-1.fc20 (FEDORA-2015-6790) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: **WordPress 4.2 “Powell” ** * Upstream announcement https://wordpress.org/news/2015/04/powell/ **WordPress 4.2.1 Security Release** * Upstream announcement https://wordpress.org/news/2015/04/wordpress-4-2-1/ -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 4.2.1-1 - WordPress 4.2.1 Security Release - WordPress 4.2 “Powell” * Fri Apr 24 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 4.1.3-1 - WordPress 4.1.3 Maintenance Release * Thu Apr 23 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 4.1.2-1 - WordPress 4.1.2 Security Release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1214650 - wordpress: several vulnerabilities fixed in Wordpress 4.1.2 https://bugzilla.redhat.com/show_bug.cgi?id=1214650 [ 2 ] Bug #1216069 - wordpress: stored XSS via long comments https://bugzilla.redhat.com/show_bug.cgi?id=1216069 -------------------------------------------------------------------------------- ================================================================================ xpra-0.14.22-4.fc20 (FEDORA-2015-7136) Remote display server for applications and desktops -------------------------------------------------------------------------------- Update Information: Update to 0.14.22 (various bug fixes). Add patch to remove reference to the xorg void driver in xorg.conf (BZ #1215527). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1215527 - Drop usage of xorg-x11-drv-void in xpra's xorg.conf https://bugzilla.redhat.com/show_bug.cgi?id=1215527 [ 2 ] Bug #1210752 - xpra-0.14.22 is available https://bugzilla.redhat.com/show_bug.cgi?id=1210752 [ 3 ] Bug #1206914 - Package should contain an AppData file https://bugzilla.redhat.com/show_bug.cgi?id=1206914 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
