The following Fedora 21 Security updates need testing: Age URL 112 https://admin.fedoraproject.org/updates/FEDORA-2015-0264/gcab-0.4-7.fc21 88 https://admin.fedoraproject.org/updates/FEDORA-2015-1467/openstack-glance-2014.1.3-4.fc21 33 https://admin.fedoraproject.org/updates/FEDORA-2015-4689/quassel-0.11.0-2.fc21 20 https://admin.fedoraproject.org/updates/FEDORA-2015-5872/netcf-0.2.8-1.fc21 19 https://admin.fedoraproject.org/updates/FEDORA-2015-5929/qpid-cpp-0.32-1.fc21.1 18 https://admin.fedoraproject.org/updates/FEDORA-2015-6005/asterisk-11.17.1-1.fc21 18 https://admin.fedoraproject.org/updates/FEDORA-2015-5979/krb5-1.12.2-16.fc21 11 https://admin.fedoraproject.org/updates/FEDORA-2015-6387/realmd-0.15.2-2.fc21 7 https://admin.fedoraproject.org/updates/FEDORA-2015-6510/dpkg-1.16.16-1.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-6670/xen-4.4.2-3.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-6661/qt3-3.3.8b-63.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6728/curl-7.37.0-14.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2015-6806/ikiwiki-3.20150329-1.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-6845/v8-3.14.5.10-18.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-6903/mingw-libtiff-4.0.3-6.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-6881/mingw-libgcrypt-1.6.3-1.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-6853/mingw-curl-7.42.0-1.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-6855/mingw-openssl-1.0.2a-1.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-6925/mingw-qt5-qtbase-5.4.1-2.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-7031/pdns-recursor-3.7.2-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-7086/proftpd-1.3.5-5.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-7089/dovecot-2.2.16-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-7115/perl-XML-LibXML-2.0119-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-7047/pdns-3.4.4-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6808/wordpress-4.2.1-1.fc21 The following Fedora 21 Critical Path updates have yet to be approved: Age URL 11 https://admin.fedoraproject.org/updates/FEDORA-2015-6322/geoclue2-2.1.10-2.fc21 11 https://admin.fedoraproject.org/updates/FEDORA-2015-6325/libgweather-3.14.4-1.fc21 11 https://admin.fedoraproject.org/updates/FEDORA-2015-6382/python-slip-0.6.1-1.fc21 11 https://admin.fedoraproject.org/updates/FEDORA-2015-6387/realmd-0.15.2-2.fc21 7 https://admin.fedoraproject.org/updates/FEDORA-2015-6544/perl-Encode-2.73-1.fc21 7 https://admin.fedoraproject.org/updates/FEDORA-2015-6538/gnome-bluetooth-3.14.1-1.fc21 7 https://admin.fedoraproject.org/updates/FEDORA-2015-6499/pkgconfig-0.28-8.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-6565/telepathy-glib-0.24.1-1.fc21,telepathy-logger-0.8.0-8.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-6575/mobile-broadband-provider-info-1.20150421git-1.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6728/curl-7.37.0-14.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2015-6771/libselinux-2.3-9.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-6930/koji-1.9.0-11.fc21.20150423git52a0188 3 https://admin.fedoraproject.org/updates/FEDORA-2015-6926/clutter-1.20.2-1.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-6939/pcre-8.35-10.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-7104/cairo-1.14.2-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-7144/gtk3-3.14.13-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-7062/ibus-1.5.10-3.fc21 The following builds have been pushed to Fedora 21 updates-testing NetworkManager-pptp-1.1.0-1.20150428git695d4f2.fc21 cairo-1.14.2-1.fc21 criu-1.5.2-1.fc21 devscripts-2.15.4-1.fc21 docker-io-1.6.0-3.git3eac457.fc21 dovecot-2.2.16-2.fc21 flxmlrpc-0.1.3-1.fc21 gtk3-3.14.13-1.fc21 help2man-1.46.6-1.fc21 hylafax+-5.5.6-1.fc21 ldns-1.6.17-12.fc21 libbluedevil-2.1-3.fc21 libvirt-1.2.9.3-1.fc21 lnst-8-1.fc21 minimal-json-0.9.1-3.fc21 nut-2.7.3-2.fc21 perl-Dancer2-0.160000-1.fc21 perl-Excel-Writer-XLSX-0.84-1.fc21 perl-Sys-Info-Base-0.7804-1.fc21 perl-Tangerine-0.15-1.fc21 perl-XML-LibXML-2.0119-1.fc21 php-horde-Horde-Imap-Client-2.28.0-1.fc21 php-phpspec-prophecy-1.4.1-1.fc21 proftpd-1.3.5-5.fc21 python-email_reply_parser-0.3.0-20140523git76e9481.fc21 python-fedmsg-meta-fedora-infrastructure-0.5.2-1.fc21 tangerine-0.16-1.fc21 tzdata-2015d-1.fc21 wordpress-4.2.1-1.fc21 xpra-0.14.22-4.fc21 Details about builds: ================================================================================ NetworkManager-pptp-1.1.0-1.20150428git695d4f2.fc21 (FEDORA-2015-7155) NetworkManager VPN plugin for PPTP -------------------------------------------------------------------------------- Update Information: Updated to latest git snapshot: - all: add "unit" option for pppd to define ppp<n> name (bgo #736485) - service: try to load nf_conntrack_pptp kernel module (rh #1214643) - updated translations -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 Jiří Klimeš <jklimes@xxxxxxxxxx> - 1:1.1.0-1.20150428git695d4f2 - Update to a git snapshot (git sha 695d4f2) - all: add "unit" option for pppd to define ppp<n> name (bgo #736485) - service: try to load nf_conntrack_pptp kernel module (rh #1214643) - updated translations * Mon Dec 22 2014 Dan Williams <dcbw@xxxxxxxxxx> - 1:1.0.0-1 - Update to 1.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1214643 - pptp VPN Connection stops working after update https://bugzilla.redhat.com/show_bug.cgi?id=1214643 -------------------------------------------------------------------------------- ================================================================================ cairo-1.14.2-1.fc21 (FEDORA-2015-7104) A 2D graphics library -------------------------------------------------------------------------------- Update Information: Update to 1.14.2 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 Benjamin Otte <otte@xxxxxxxxx> - 1.14.2-1 - Update to 1.14.2 -------------------------------------------------------------------------------- ================================================================================ criu-1.5.2-1.fc21 (FEDORA-2015-7116) Tool for Checkpoint/Restore in User-space -------------------------------------------------------------------------------- Update Information: Update to 1.5.2 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 Andrew Vagin <avagin@xxxxxxxxxx> - 1.5.2 - Update to 1.5.2 -------------------------------------------------------------------------------- ================================================================================ devscripts-2.15.4-1.fc21 (FEDORA-2015-7138) Scripts for Debian Package maintainers -------------------------------------------------------------------------------- Update Information: Update to version 2.15.4, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.4_changelog for details. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 Sandro Mani <manisandro@xxxxxxxxx> - 2.15.4-1 - Update to 2.15.4 -------------------------------------------------------------------------------- ================================================================================ docker-io-1.6.0-3.git3eac457.fc21 (FEDORA-2015-7162) Automates deployment of containerized applications -------------------------------------------------------------------------------- Update Information: Obsolete docker-io-pkg-devel < 1.6.0-2 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 jchaloup <jchaloup@xxxxxxxxxx> - 1.6.0-3.git3eac457 - Obsolete docker-io-pkg-devel < 1.6.0-2 - Update a list of provides of devel subpackage resolves: #1215912 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1215912 - docker-io-pkg-devel conflicts with docker-io-devel https://bugzilla.redhat.com/show_bug.cgi?id=1215912 -------------------------------------------------------------------------------- ================================================================================ dovecot-2.2.16-2.fc21 (FEDORA-2015-7089) Secure imap and pop3 server -------------------------------------------------------------------------------- Update Information: fixes CVE-2015-3420: SSL/TLS handshake failures leading to a crash of the login process - dovecot updated to 2.2.16 - auth: Don't crash if master user login is attempted without any configured master=yes passdbs - Parsing UTF-8 text for mails could have caused broken results sometimes if buffering was split in the middle of a UTF-8 character. This affected at least searching messages. - String sanitization for some logged output wasn't done properly: UTF-8 text could have been truncated wrongly or the truncation may not have happened at all. - fts-lucene: Lookups from virtual mailbox consisting of over 32 physical mailboxes could have caused crashes. - dovecot updated to 2.2.16 - auth: Don't crash if master user login is attempted without any configured master=yes passdbs - Parsing UTF-8 text for mails could have caused broken results sometimes if buffering was split in the middle of a UTF-8 character. This affected at least searching messages. - String sanitization for some logged output wasn't done properly: UTF-8 text could have been truncated wrongly or the truncation may not have happened at all. - fts-lucene: Lookups from virtual mailbox consisting of over 32 physical mailboxes could have caused crashes. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 1:2.2.16-2 - fix CVE-2015-3420: SSL/TLS handshake failures leading to a crash of the login process * Mon Mar 16 2015 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 1:2.2.16-1 - dovecot updated to 2.2.16 - auth: Don't crash if master user login is attempted without any configured master=yes passdbs - Parsing UTF-8 text for mails could have caused broken results sometimes if buffering was split in the middle of a UTF-8 character. This affected at least searching messages. - String sanitization for some logged output wasn't done properly: UTF-8 text could have been truncated wrongly or the truncation may not have happened at all. - fts-lucene: Lookups from virtual mailbox consisting of over 32 physical mailboxes could have caused crashes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1216057 - CVE-2015-3420 dovecot: SSL/TLS handshake failures leading to a crash of the login process. https://bugzilla.redhat.com/show_bug.cgi?id=1216057 -------------------------------------------------------------------------------- ================================================================================ flxmlrpc-0.1.3-1.fc21 (FEDORA-2015-7129) An xmlrpc library for the NBEMS suite of programs -------------------------------------------------------------------------------- Update Information: Initial import (#1214467). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1214467 - Review Request: flxmlrpc - An xmlrpc library for the NBEMS suite of programs https://bugzilla.redhat.com/show_bug.cgi?id=1214467 -------------------------------------------------------------------------------- ================================================================================ gtk3-3.14.13-1.fc21 (FEDORA-2015-7144) The GIMP ToolKit (GTK+), a library for creating GUIs for X -------------------------------------------------------------------------------- Update Information: This update fixes a few bugs: * 737175 most horizontal sliders are inverted when scrolled with wheel * 747469 CSD: can't open window menu using right click after moving window * 747553 Popovers inside local plugs don't get size_allocate() called * 747805 Split Headerbar unmaximize * 748061 GtkMessageDialog: Minor documentation update * 748341 GdkOffscreenWindow should not segfault on gdk_window_beep() * GtkApplication: Prevent more crashes on shutdown -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 27 2015 Matthias Clasen <mclasen@xxxxxxxxxx> - 3.14.13-1 - Update to 3.14.13 -------------------------------------------------------------------------------- ================================================================================ help2man-1.46.6-1.fc21 (FEDORA-2015-7112) Create simple man pages from --help output -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 27 2015 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 1.46.6-1 - Upstream update. -------------------------------------------------------------------------------- ================================================================================ hylafax+-5.5.6-1.fc21 (FEDORA-2015-7135) An enterprise-strength fax server -------------------------------------------------------------------------------- Update Information: Update to 5.5.6 -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 27 2015 Lee Howard <faxguy@xxxxxxxxxxxxxxxx> 5.5.6-1 - update to 5.5.6 * Sun Feb 22 2015 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 5.5.5-5 - allow the package building for RHEL >= 7 with systemd support - build using lcms2 on all Fedora branches and also RHEL >= 7 - add build requirements to sendmail(1), ghostscript and mgetty - correct wrong day of the week in %changelog to silence rpm - correct permissions of %{_sysconfdir}/sysconfig/hylafax+ file -------------------------------------------------------------------------------- ================================================================================ ldns-1.6.17-12.fc21 (FEDORA-2015-7163) Low-level DNS(SEC) library with API -------------------------------------------------------------------------------- Update Information: Split with_ecc macro in with_ecdsa and with_gost - and disable gost -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 27 2015 Paul Wouters <pwouters@xxxxxxxxxx> - 1.6.17-12 - Split with_ecc macro in with_ecdsa and with_gost - and disable gost * Mon Nov 24 2014 Paul Wouters <pwouters@xxxxxxxxxx> - 1.6.17-11 - Only cond_without sets "with ", so use underscores - multilib.patch was setting LIBDIR_SEC once without leading / * Thu Oct 2 2014 Paul Wouters <pwouters@xxxxxxxxxx> - 1.6.17-10 - Fix and install the .pc (pkg-config) file * Wed Oct 1 2014 Paul Wouters <pwouters@xxxxxxxxxx> - 1.6.17-9 - Remove hardening options from ldns-config (rhbz#1147972) -------------------------------------------------------------------------------- ================================================================================ libbluedevil-2.1-3.fc21 (FEDORA-2015-7152) A Qt wrapper for bluez -------------------------------------------------------------------------------- Update Information: Pull in upstream crash fix when resuming from suspend, see http://bugs.kde.org/346329 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.1-3 - kded4 crash when resume from suspend (kde#346329) * Tue Feb 3 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.1-2 - pull in upstream fix for abi break (introduced in 2.1) -------------------------------------------------------------------------------- ================================================================================ libvirt-1.2.9.3-1.fc21 (FEDORA-2015-7150) Library providing a simple virtualization API -------------------------------------------------------------------------------- Update Information: * Rebased to version 1.2.9.3 * Fix getVersion() after installing qemu (bz #1000116) * Fix autosocket setup with qemu:///session (bz #1044561, bz #1105274) * Ignore storage volumes with non-ascii in names (bz #1066564) * Don't generate invalid system nodedev XML (bz #1184131) * Fix vhost-user XML (bz #1190842) * Fix crash via race when unrefing rpc identity object (bz #1203030) * Fix domcapabilities failure with ppc64le (bz #1209948) * Fix snapshot-revert with cpu host-passthrough (bz #1030793) * Fix starting VM with emulator pinning (bz #1214434) * Fix virDomainBlockCopyRebase selinux failure (bz #1214846) * Add {Haswell,Broadwell}-noTSX CPU models (bz #1182650) * Report original error when QMP probing fails (bz #1178054) * Don't lose VMs on libvirtd restart if qemu is uninstalled (bz #1099847) * Ignore storage volumes that libvirt can't open (bz #1103308) -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 Cole Robinson <crobinso@xxxxxxxxxx> - 1.2.9.3-1 - Rebased to version 1.2.9.3 - Fix getVersion() after installing qemu (bz #1000116) - Fix autosocket setup with qemu:///session (bz #1044561, bz #1105274) - Ignore storage volumes with non-ascii in names (bz #1066564) - Don't generate invalid system nodedev XML (bz #1184131) - Fix vhost-user XML (bz #1190842) - Fix crash via race when unrefing rpc identity object (bz #1203030) - Fix domcapabilities failure with ppc64le (bz #1209948) - Fix snapshot-revert with cpu host-passthrough (bz #1030793) - Fix starting VM with emulator pinning (bz #1214434) - Fix virDomainBlockCopyRebase selinux failure (bz #1214846) - Add {Haswell,Broadwell}-noTSX CPU models (bz #1182650) - Report original error when QMP probing fails (bz #1178054) - Don't lose VMs on libvirtd restart if qemu is uninstalled (bz #1099847) - Ignore storage volumes that libvirt can't open (bz #1103308) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1000116 - getVersion() causes 'libvirt.libvirtError: internal error Cannot find suitable emulator for x86_64' https://bugzilla.redhat.com/show_bug.cgi?id=1000116 [ 2 ] Bug #1044561 - guest fails to start with 'permission denied' accessing auto qemu-ga socket in /var/lib https://bugzilla.redhat.com/show_bug.cgi?id=1044561 [ 3 ] Bug #1066564 - file volumes with control codes in their names generate invalid XML https://bugzilla.redhat.com/show_bug.cgi?id=1066564 [ 4 ] Bug #1184131 - nodedev 'system' info can contain non-ascii text and control codes https://bugzilla.redhat.com/show_bug.cgi?id=1184131 [ 5 ] Bug #1190842 - Backport fix for vhost-user XML https://bugzilla.redhat.com/show_bug.cgi?id=1190842 [ 6 ] Bug #1203030 - [abrt] libvirt-daemon: virObjectUnref(): libvirtd killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1203030 [ 7 ] Bug #1030793 - snapshot-revert fails if cpu mode=passthrough -- XML error: Non-empty feature list specified without CPU model https://bugzilla.redhat.com/show_bug.cgi?id=1030793 [ 8 ] Bug #1214434 - Unable to start guest with emulator pinning https://bugzilla.redhat.com/show_bug.cgi?id=1214434 [ 9 ] Bug #1214846 - virDomainBlockCopy or virDomainBlockRebase fails with Permission denied when copying from file to block device https://bugzilla.redhat.com/show_bug.cgi?id=1214846 [ 10 ] Bug #1182650 - Can't launch any VM : rtm and hle CPU features flags needed by libvirt but not in /proc/cpuinfo https://bugzilla.redhat.com/show_bug.cgi?id=1182650 [ 11 ] Bug #1178054 - gnome-boxes (libvirt) won't start my Windows XP virtual machine on Fedora 21: "QEMU 2.1.2 is too new for help parsing" https://bugzilla.redhat.com/show_bug.cgi?id=1178054 [ 12 ] Bug #1103308 - ignore storage volumes in directory pools that libvirtd lacks permissions to open https://bugzilla.redhat.com/show_bug.cgi?id=1103308 -------------------------------------------------------------------------------- ================================================================================ lnst-8-1.fc21 (FEDORA-2015-7153) Common code for lnst-ctl and lnst-slave -------------------------------------------------------------------------------- Update Information: - Updating to stable release 8 - Fixed subpackages dependencies -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 27 2015 Jiri Pirko <jpirko@xxxxxxxxxx> - 8-1 - Updating to stable release 8 - Fixed subpackages dependencies -------------------------------------------------------------------------------- ================================================================================ minimal-json-0.9.1-3.fc21 (FEDORA-2015-7127) A Minimal JSON Parser and Writer -------------------------------------------------------------------------------- Update Information: This is a new package for F21. It has existed for several months in f22+, but was requested for f21 as a dependency of another package, in bug #1212420 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1212420 - Please push minimal-json to f21/f22 https://bugzilla.redhat.com/show_bug.cgi?id=1212420 -------------------------------------------------------------------------------- ================================================================================ nut-2.7.3-2.fc21 (FEDORA-2015-7151) Network UPS Tools -------------------------------------------------------------------------------- Update Information: - support for new devices - usbhid-ups: add support for OpenUPS2 (PID: D005), Liebert GXT3 (PID: 0008) APC AP9584 Serial->USB kit (PID: 0000), and some Powercom models (PID: 0001). Fixed scaling for Cyberpower 0764:0501. - USB core: do not call usb_set_altinterface(0) by default - nutdrv_qx: added fabula, fuji USB and Voltronic-QS-HEX subdrivers; add bestups subdriver to supersede the old standalone bestups driver - NUT Monitor: added FreeDesktop AppData file (including screenshots) - renamed udev rules file to 62-nut-usbups.rules (permissions fix) - all drivers: a new 'synchronous' driver flag is available for very verbose units, such as some ePDUs -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 2.7.3-2 - start nut driver before the daemon * Thu Apr 23 2015 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 2.7.3-1 - nut updated to 2.7.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1215801 - problem in nut-server.service in version 2.7.3 https://bugzilla.redhat.com/show_bug.cgi?id=1215801 -------------------------------------------------------------------------------- ================================================================================ perl-Dancer2-0.160000-1.fc21 (FEDORA-2015-7095) Lightweight yet powerful web application framework -------------------------------------------------------------------------------- Update Information: Upgrade to 0.160000. Numerous bugfixes and enhancements -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 David Dick <ddick@xxxxxxxx> - 0.160000-1 - Upgrade to 0.160000. Numerous bugfixes and enhancements -------------------------------------------------------------------------------- References: [ 1 ] Bug #1215485 - perl-Dancer2-0.160000 is available https://bugzilla.redhat.com/show_bug.cgi?id=1215485 -------------------------------------------------------------------------------- ================================================================================ perl-Excel-Writer-XLSX-0.84-1.fc21 (FEDORA-2015-7107) Create a new file in the Excel 2007+ XLSX format -------------------------------------------------------------------------------- Update Information: Update to 0.84 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 David Dick <ddick@xxxxxxxx> - 0.84-1 - Update to 0.84 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1214711 - perl-Excel-Writer-XLSX-0.84 is available https://bugzilla.redhat.com/show_bug.cgi?id=1214711 -------------------------------------------------------------------------------- ================================================================================ perl-Sys-Info-Base-0.7804-1.fc21 (FEDORA-2015-7108) Provides various system information -------------------------------------------------------------------------------- Update Information: Provides various system information. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1211346 - Review Request: perl-Sys-Info-Base - Provides various system information https://bugzilla.redhat.com/show_bug.cgi?id=1211346 -------------------------------------------------------------------------------- ================================================================================ perl-Tangerine-0.15-1.fc21 (FEDORA-2015-7121) Analyse perl files and report module-related information -------------------------------------------------------------------------------- Update Information: This update introduces, together with other improvements and bugfixes, support for parallel processing (the `-j' option) and diffs (the `-d' option). Note this update also splits the `tangerine' utility into its own package. -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 27 2015 Petr Šabata <contyk@xxxxxxxxxx> - 0.15-1 - 0.15 bump - The utility is now provided by a separate distribution/package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1215575 - Review Request: tangerine - Perl dependency metadata tool https://bugzilla.redhat.com/show_bug.cgi?id=1215575 [ 2 ] Bug #1215296 - perl-Tangerine-0.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=1215296 -------------------------------------------------------------------------------- ================================================================================ perl-XML-LibXML-2.0119-1.fc21 (FEDORA-2015-7115) Perl interface to the libxml2 library -------------------------------------------------------------------------------- Update Information: Security fix for -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1:2.0119-1 - 2.0119 bump - Fixed security bz#1216114 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1216112 - perl-XML-LibXML: "expand_entities" option was not preserved under some circumstances https://bugzilla.redhat.com/show_bug.cgi?id=1216112 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Imap-Client-2.28.0-1.fc21 (FEDORA-2015-7096) Horde IMAP abstraction interface -------------------------------------------------------------------------------- Update Information: **Horde_Imap_Client 2.28.0** * [mms] Fix parsing mailbox name from STATUS response on servers that have the UTF8 extension enabled. * [jan] Fix searching with non-ASCII strings in AND/OR-combined searches. * [jan] Fix issues with certain locales like Turkish. * [mms] Pipeline ID command with other commands, if possible. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.28.0-1 - Update to 2.28.0 -------------------------------------------------------------------------------- ================================================================================ php-phpspec-prophecy-1.4.1-1.fc21 (FEDORA-2015-7132) Highly opinionated mocking framework for PHP -------------------------------------------------------------------------------- Update Information: **Version 1.4.1** * Fixed bug in closure-based argument tokens (#181) -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.4.1-1 - update to 1.4.1 -------------------------------------------------------------------------------- ================================================================================ proftpd-1.3.5-5.fc21 (FEDORA-2015-7086) Flexible, stable and highly-configurable FTP server -------------------------------------------------------------------------------- Update Information: Vadim Melihow reported a critical issue with proftpd installations that use the mod_copy module's SITE CPFR/SITE CPTO commands; mod_copy allows these commands to be used by unauthenticated clients Upstream report: http://bugs.proftpd.org/show_bug.cgi?id=4169 Note that mod_copy is not loaded/enabled by default in the Fedora package. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 Paul Howarth <paul@xxxxxxxxxxxx> - 1.3.5-5 - Unauthenticated copying of files via SITE CPFR/CPTO was allowed by mod_copy (CVE-2015-3306, http://bugs.proftpd.org/show_bug.cgi?id=4169) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1212386 - CVE-2015-3306 proftpd: unauthenticated copying of files via SITE CPFR/CPTO allowed by mod_copy https://bugzilla.redhat.com/show_bug.cgi?id=1212386 -------------------------------------------------------------------------------- ================================================================================ python-email_reply_parser-0.3.0-20140523git76e9481.fc21 (FEDORA-2015-7161) Email reply parser library for Python 2 -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1204445 - Review Request: python-email_reply_parser - Email reply parser library for Python https://bugzilla.redhat.com/show_bug.cgi?id=1204445 -------------------------------------------------------------------------------- ================================================================================ python-fedmsg-meta-fedora-infrastructure-0.5.2-1.fc21 (FEDORA-2015-7126) Metadata providers for Fedora Infrastructure's fedmsg deployment -------------------------------------------------------------------------------- Update Information: New FAF processor \(thanks @mbrysa!\) and a bugfix to the planet processor. New zanata processor. Fixes to anitya processor. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 Ralph Bean <rbean@xxxxxxxxxx> - 0.5.2-1 - new version * Thu Apr 23 2015 Ralph Bean <rbean@xxxxxxxxxx> - 0.5.1-1 - new version * Thu Apr 23 2015 Ralph Bean <rbean@xxxxxxxxxx> - 0.5.0-1 - new version -------------------------------------------------------------------------------- ================================================================================ tangerine-0.16-1.fc21 (FEDORA-2015-7121) Perl dependency metadata tool -------------------------------------------------------------------------------- Update Information: This update introduces, together with other improvements and bugfixes, support for parallel processing (the `-j' option) and diffs (the `-d' option). Note this update also splits the `tangerine' utility into its own package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1215575 - Review Request: tangerine - Perl dependency metadata tool https://bugzilla.redhat.com/show_bug.cgi?id=1215575 [ 2 ] Bug #1215296 - perl-Tangerine-0.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=1215296 -------------------------------------------------------------------------------- ================================================================================ tzdata-2015d-1.fc21 (FEDORA-2015-7119) Timezone data -------------------------------------------------------------------------------- Update Information: Rebase to 2015d - Egypt will not observe DST in 2015 and will consider canceling it permanently. For now, assume no DST indefinitely. - The abbreviations for Hawaii-Aleutian standard and daylight times have been changed from HAST/HADT to HST/HDT, as per US Government Printing Office style. This affects only America/Adak since 1983, as America/Honolulu was already using the new style. -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 27 2015 Patsy Franklin <pfrankli@xxxxxxxxxx> - 2015d-1 - Rebase to 2015d - Egypt will not observe DST in 2015 and will consider canceling it permanently. For now, assume no DST indefinitely. - The abbreviations for Hawaii-Aleutian standard and daylight times have been changed from HAST/HADT to HST/HDT, as per US Government Printing Office style. This affects only America/Adak since 1983, as America/Honolulu was already using the new style. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1215298 - tzdata-2015d is available https://bugzilla.redhat.com/show_bug.cgi?id=1215298 -------------------------------------------------------------------------------- ================================================================================ wordpress-4.2.1-1.fc21 (FEDORA-2015-6808) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: **WordPress 4.2 “Powell” ** * Upstream announcement https://wordpress.org/news/2015/04/powell/ **WordPress 4.2.1 Security Release** * Upstream announcement https://wordpress.org/news/2015/04/wordpress-4-2-1/ -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 4.2.1-1 - WordPress 4.2.1 Security Release - WordPress 4.2 “Powell” * Fri Apr 24 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 4.1.3-1 - WordPress 4.1.3 Maintenance Release * Thu Apr 23 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 4.1.2-1 - WordPress 4.1.2 Security Release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1214650 - wordpress: several vulnerabilities fixed in Wordpress 4.1.2 https://bugzilla.redhat.com/show_bug.cgi?id=1214650 [ 2 ] Bug #1216069 - wordpress: stored XSS via long comments https://bugzilla.redhat.com/show_bug.cgi?id=1216069 -------------------------------------------------------------------------------- ================================================================================ xpra-0.14.22-4.fc21 (FEDORA-2015-7125) Remote display server for applications and desktops -------------------------------------------------------------------------------- Update Information: Update to 0.14.22 (minor bugfixes). Add patch to remove reference to the xorg void driver in xorg.conf (BZ #1215527). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1210752 - xpra-0.14.22 is available https://bugzilla.redhat.com/show_bug.cgi?id=1210752 [ 2 ] Bug #1215527 - Drop usage of xorg-x11-drv-void in xpra's xorg.conf https://bugzilla.redhat.com/show_bug.cgi?id=1215527 [ 3 ] Bug #1206914 - Package should contain an AppData file https://bugzilla.redhat.com/show_bug.cgi?id=1206914 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
