The following Fedora 20 Security updates need testing: Age URL 150 https://admin.fedoraproject.org/updates/FEDORA-2014-15988/fail2ban-0.9.1-1.fc20 130 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20 85 https://admin.fedoraproject.org/updates/FEDORA-2015-1718/389-admin-1.1.38-1.fc20 68 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 53 https://admin.fedoraproject.org/updates/FEDORA-2015-3417/389-ds-base-1.3.2.27-1.fc20 48 https://admin.fedoraproject.org/updates/FEDORA-2015-3738/ImageMagick-6.8.6.3-6.fc20 35 https://admin.fedoraproject.org/updates/FEDORA-2015-4672/quassel-0.11.0-2.fc20 29 https://admin.fedoraproject.org/updates/FEDORA-2015-5398/thunderbird-31.6.0-1.fc20 21 https://admin.fedoraproject.org/updates/FEDORA-2015-5910/netcf-0.2.8-1.fc20 20 https://admin.fedoraproject.org/updates/FEDORA-2015-5970/asterisk-11.17.1-1.fc20 20 https://admin.fedoraproject.org/updates/FEDORA-2015-5978/krb5-1.11.5-20.fc20 13 https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2015-6428/prosody-0.9.8-1.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2015-6621/xulrunner-37.0.2-1.fc20,firefox-37.0.2-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2015-6401/proftpd-1.3.4e-3.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2015-6815/ikiwiki-3.20150329-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6908/v8-3.14.5.10-18.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6933/testdisk-7.0-2.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6862/springframework-3.1.4-3.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6891/async-http-client-1.7.22-2.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6952/wpa_supplicant-2.0-13.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2015-6790/wordpress-4.2.1-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2015-7159/dovecot-2.2.16-2.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-7258/perl-XML-LibXML-2.0119-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-7231/libarchive-3.1.2-8.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-7213/libreoffice-4.2.8.2-8.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-7342/dpkg-1.16.16-5.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-7302/drupal7-views-3.11-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-7378/clamav-0.98.7-1.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 68 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 13 https://admin.fedoraproject.org/updates/FEDORA-2015-6317/python-slip-0.6.1-1.fc20 13 https://admin.fedoraproject.org/updates/FEDORA-2015-6333/linux-firmware-20150410-47.gitec89525b.fc20 13 https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2015-6418/lua-socket-3.0-0.7rc1.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2015-6586/crda-1.1.3_2015.04.06-1.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2015-6627/mobile-broadband-provider-info-1.20150421git-1.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2015-6621/xulrunner-37.0.2-1.fc20,firefox-37.0.2-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6928/pcre-8.33-10.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6952/wpa_supplicant-2.0-13.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-7231/libarchive-3.1.2-8.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-7272/openjpeg-1.5.1-14.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-6912/grantlee-0.5.1-1.fc20,kate-4.14.3-5.fc20,kde-baseapps-15.04.0-1.fc20,kde-runtime-15.04.0-1.fc20,kde-workspace-4.11.18-3.fc20,kdelibs-4.14.7-4.fc20,kdepim-4.14.7-2.fc20,kdepim-runtime-4.14.7-1.fc20,kdepimlibs-4.14.7-1.fc20,oxygen-icon-theme-15.04.0-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-7281/btrfs-progs-4.0-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-7294/perl-Socket-2.019-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-7065/ibus-1.5.10-4.fc20 The following builds have been pushed to Fedora 20 updates-testing btrfs-progs-4.0-1.fc20 clamav-0.98.7-1.fc20 dpkg-1.16.16-5.fc20 drumkv1-0.6.1-1.fc20 drupal7-views-3.11-1.fc20 ibus-1.5.10-4.fc20 json-0-4.20150410gitd7d0509.fc20 kde-connect-0.8-1.fc20 opendmarc-1.3.1-13.fc20 perl-Socket-2.019-1.fc20 python-cmd2-0.6.8-2.fc20 qcustomplot-1.3.1-3.fc20 qtractor-0.6.6-1.fc20 samplv1-0.6.1-1.fc20 spdlog-0-4.20150410git211ce99.fc20 synthv1-0.6.1-1.fc20 tuned-2.4.1-5.fc20 Details about builds: ================================================================================ btrfs-progs-4.0-1.fc20 (FEDORA-2015-7281) Userspace programs for btrfs -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2015 Eric Sandeen <sandeen@xxxxxxxxxx> 4.0-1 - New upstream release -------------------------------------------------------------------------------- ================================================================================ clamav-0.98.7-1.fc20 (FEDORA-2015-7378) End-user tools for the Clam Antivirus scanner -------------------------------------------------------------------------------- Update Information: ClamAV 0.98.7 ============= This release contains new scanning features and bug fixes. - Improvements to PDF processing: decryption, escape sequence handling, and file property collection. - Scanning/analysis of additional Microsoft Office 2003 XML format. - Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221. - Fix crash on crafted petite packed file. Reported and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2222. - Fix false negatives on files within iso9660 containers. This issue was reported by Minzhuan Gong. - Fix a couple crashes on crafted upack packed file. Identified and patches supplied by Sebastian Andrzej Siewior. - Fix a crash during algorithmic detection on crafted PE file. Identified and patch supplied by Sebastian Andrzej Siewior. - Fix an infinite loop condition on a crafted "xz" archive file. This was reported by Dimitri Kirchner and Goulven Guiheux. CVE-2015-2668. - Fix compilation error after ./configure --disable-pthreads. Reported and fix suggested by John E. Krokes. - Apply upstream patch for possible heap overflow in Henry Spencer's regex library. CVE-2015-2305. - Fix crash in upx decoder with crafted file. Discovered and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2170. - Fix segfault scanning certain HTML files. Reported with sample by Kai Risku. - Improve detections within xar/pkg files. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2015 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> - 0.98.7-1 - Upgrade to 0.98.7 and updated daily.cvd (#1217014) * Tue Mar 10 2015 Adam Jackson <ajax@xxxxxxxxxx> 0.98.6-2 - Drop sysvinit subpackages in F23+ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1217206 - CVE-2015-2221: clamav Infinite loop condition on crafted y0da cryptor file https://bugzilla.redhat.com/show_bug.cgi?id=1217206 [ 2 ] Bug #1217207 - CVE-2015-2222 clamav: crash on crafted petite packed file https://bugzilla.redhat.com/show_bug.cgi?id=1217207 [ 3 ] Bug #1217208 - CVE-2015-2668 clamav: Infinite loop condition on a crafted "xz" archive file https://bugzilla.redhat.com/show_bug.cgi?id=1217208 [ 4 ] Bug #1217209 - CVE-2015-2170: clamav: Crash in upx decoder with crafted file https://bugzilla.redhat.com/show_bug.cgi?id=1217209 -------------------------------------------------------------------------------- ================================================================================ dpkg-1.16.16-5.fc20 (FEDORA-2015-7342) Package maintenance system for Debian Linux -------------------------------------------------------------------------------- Update Information: Fix build for all versions, previous try wasn't correct and back with dpkg-perl-libexecdir.patch . Security fix for CVE-2014-8625 and Security fix for CVE-2015-0840 -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 26 2015 Sérgio Basto <sergio@xxxxxxxxxx> - 1.16.16-5 - Fix build for all versions, previous try wasn't correct and back with dpkg-perl-libexecdir.patch . - Added dpkg-perl-libexecdir.epel6.patch just for fix epel <= 6 . - Cleaned some trailing whitespaces. - Use _localstatedir instead /var . * Sat Apr 25 2015 Sérgio Basto <sergio@xxxxxxxxxx> - 1.16.16-4 - Revert location of dpkg/parsechangelog . - Fix build for all versions, including epel-6 . * Tue Apr 21 2015 Sérgio Basto <sergio@xxxxxxxxxx> - 1.16.16-3 - Better upstream URL . * Tue Apr 21 2015 Sérgio Basto <sergio@xxxxxxxxxx> - 1.16.16-2 - Some fixes and added support for epel-6 . - Removed Patch0: dpkg-perl-libexecdir.patch . - move /usr/lib/dpkg/parsechangelog to archable package . * Sun Apr 19 2015 Sérgio Basto <sergio@xxxxxxxxxx> - 1.16.16-1 - Security update to 1.16.16 * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.16.15-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1210748 - CVE-2015-0840 dpkg: source package integrity verification bypass https://bugzilla.redhat.com/show_bug.cgi?id=1210748 [ 2 ] Bug #1162166 - CVE-2014-8625 dpkg: format string vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1162166 -------------------------------------------------------------------------------- ================================================================================ drumkv1-0.6.1-1.fc20 (FEDORA-2015-7379) An old-school drum-kit sampler -------------------------------------------------------------------------------- Update Information: Update of the V1 suite to 0.6.1 -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 22 2015 Brendan Jones <brendan.jones.it@xxxxxxxxx> 0.6.1-1 - Update to 0.6.1 * Tue Feb 3 2015 Brendan Jones <brendan.jones.it@xxxxxxxxx> 0.6.0-1 - Update to 0.6.0 * Thu Oct 2 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.5.1-2 - update mime scriptlet -------------------------------------------------------------------------------- ================================================================================ drupal7-views-3.11-1.fc20 (FEDORA-2015-7302) Provides a method for site designers to control content presentation -------------------------------------------------------------------------------- Update Information: - Release 3.11 is a security fix release - Upstream changelog is at https://www.drupal.org/node/2480259 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 30 2015 Peter Borsa <peter.borsa@xxxxxxxxx> - 3.11-1 - Release 3.11 is a security fix release - Upstream changelog is at https://www.drupal.org/node/2480259 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1217279 - drupal7-views-3.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1217279 -------------------------------------------------------------------------------- ================================================================================ ibus-1.5.10-4.fc20 (FEDORA-2015-7065) Intelligent Input Bus for Linux OS -------------------------------------------------------------------------------- Update Information: Fixed to show keyboard shortcuts on ibus-setup Fixed to enable input method engines on gtk3 applications in gnome wayland. Added Swedish svdvorak. I18N engine longnames and descriptions on ibus-setup. Moved PropertyPanel at bottom right in F22 KDE5. Drew gray color on Handle PropertyPanel. Enabled ibus engine full path icon in F22 KDE5. Updated translations. -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 24 2015 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.10-4 - Bug 1217410 Updated ibus-xinput for KDE5. * Fri Apr 24 2015 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.10-3 - Updated ibus-HEAD.patch from upstream Fixed to show shortcuts on ibus-setup. Bug 1214271 Fixed to enable IME with GTK3 applications in wayland. * Thu Apr 2 2015 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.10-2 - Updated ibus-HEAD.patch from upstream Added Swedish svdvorak I18N engine longnames and descriptions on ibus-setup Moved PropertyPanel at bottom right in KDE5 Drew gray color on Handle PropertyPanel Enabled ibus engine full path icon in KDE5 Updated translations -------------------------------------------------------------------------------- References: [ 1 ] Bug #1214271 - ibus-wayland works quite wrong https://bugzilla.redhat.com/show_bug.cgi?id=1214271 [ 2 ] Bug #1213284 - ibus-setup does not show keyboard shortcuts on the selection dialog https://bugzilla.redhat.com/show_bug.cgi?id=1213284 [ 3 ] Bug #1217410 - QT_IM_MODULE variable should not require ibus-qt in KDE5 https://bugzilla.redhat.com/show_bug.cgi?id=1217410 -------------------------------------------------------------------------------- ================================================================================ json-0-4.20150410gitd7d0509.fc20 (FEDORA-2015-7353) JSON for Modern C++ -------------------------------------------------------------------------------- Update Information: - don't build the base package - remove a dot from the release tag - corrected -devel subpackage description Imported new package -------------------------------------------------------------------------------- ================================================================================ kde-connect-0.8-1.fc20 (FEDORA-2015-7316) KDE Connect client for communication with smartphones -------------------------------------------------------------------------------- Update Information: New stable KDE Connect 0.8 release -------------------------------------------------------------------------------- ChangeLog: * Sun Feb 22 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.8-1 - KDE Connect 0.8 available (#1195011) - use %{?_kde_runtime_requires} (instead of %_kde4_version macro) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1195011 - KDE Connect 0.8 available https://bugzilla.redhat.com/show_bug.cgi?id=1195011 -------------------------------------------------------------------------------- ================================================================================ opendmarc-1.3.1-13.fc20 (FEDORA-2015-7380) A Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and library -------------------------------------------------------------------------------- Update Information: - Replaced various commands with rpm macros - Included support for systemd macros (#1216881) - Added libspf2-devel to BuildRequires - libspf2 support now provided for all branches -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2015 Steve Jenkins <steve@xxxxxxxxxxxxxxxx> - 1.3.1-13 - Replaced various commands with rpm macros - Included support for systemd macros (#1216881) -------------------------------------------------------------------------------- References: [ 1 ] Bug #905304 - Review Request: OpenDMARC - Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and library https://bugzilla.redhat.com/show_bug.cgi?id=905304 -------------------------------------------------------------------------------- ================================================================================ perl-Socket-2.019-1.fc20 (FEDORA-2015-7294) Networking constants and support functions -------------------------------------------------------------------------------- Update Information: This release does not contain any code change for Linux. It is delivered only to provide latest version number. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 30 2015 Petr Pisar <ppisar@xxxxxxxxxx> - 1:2.019-1 - 2.019 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1217286 - perl-Socket-2.019 is available https://bugzilla.redhat.com/show_bug.cgi?id=1217286 -------------------------------------------------------------------------------- ================================================================================ python-cmd2-0.6.8-2.fc20 (FEDORA-2015-7369) Extra features for standard library's cmd module -------------------------------------------------------------------------------- Update Information: Fix python3 package by removing double-use of 2to3. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2015 Ralph Bean <rbean@xxxxxxxxxx> - 0.6.8-2 - Fix python3 subpackage by removing double-run of 2to3 (it's not idempotent!). * Wed Apr 29 2015 Ralph Bean <rbean@xxxxxxxxxx> - 0.6.8-1 - new version * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.6.7-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Wed May 14 2014 Bohuslav Kabrda <bkabrda@xxxxxxxxxx> - 0.6.7-4 - Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 -------------------------------------------------------------------------------- ================================================================================ qcustomplot-1.3.1-3.fc20 (FEDORA-2015-7303) Qt widget for plotting and data visualization -------------------------------------------------------------------------------- Update Information: This update fixes a typo in the qcustomplot-qt5.pc pkg-config file. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 30 2015 Sandro Mani <manisandro@xxxxxxxxx> - 1.3.1-3 - Fix qcustomplot-qt5.pc * Wed Apr 29 2015 Sandro Mani <manisandro@xxxxxxxxx> - 1.3.1-2 - Also build a qt5 version * Sat Apr 25 2015 Sandro Mani <manisandro@xxxxxxxxx> - 1.3.1-1 - Update to 1.3.1 -------------------------------------------------------------------------------- ================================================================================ qtractor-0.6.6-1.fc20 (FEDORA-2015-7339) Audio/MIDI multi-track sequencer -------------------------------------------------------------------------------- Update Information: Update to 0.6.6 See http://qtractor.sourceforge.net/qtractor-downloads.html for details -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 1 2015 Brendan Jones <brendan.jones.it@xxxxxxxxx> 0.6.6-1 - Update to 0.6.6 -------------------------------------------------------------------------------- ================================================================================ samplv1-0.6.1-1.fc20 (FEDORA-2015-7379) A polyphonic sampler synthesizer with stereo fx -------------------------------------------------------------------------------- Update Information: Update of the V1 suite to 0.6.1 -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 22 2015 Brendan Jones <brendan.jones.it@xxxxxxxxx> 0.6.0-1 - Update to 0.6.1 * Tue Feb 3 2015 Brendan Jones <brendan.jones.it@xxxxxxxxx> 0.6.0-1 - Update to 0.6.0 -------------------------------------------------------------------------------- ================================================================================ spdlog-0-4.20150410git211ce99.fc20 (FEDORA-2015-7312) Super fast C++ logging library -------------------------------------------------------------------------------- Update Information: - don't build the base package - remove a dot from the release tag - corrected -devel subpackage description Import package -------------------------------------------------------------------------------- ================================================================================ synthv1-0.6.1-1.fc20 (FEDORA-2015-7379) A 4-oscillator subtractive polyphonic synthesizer -------------------------------------------------------------------------------- Update Information: Update of the V1 suite to 0.6.1 -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 22 2015 Brendan Jones <brendan.jones.it@xxxxxxxxx> 0.6.1-1 - Update to 0.6.1 * Tue Feb 3 2015 Brendan Jones <brendan.jones.it@xxxxxxxxx> 0.6.0-1 - Update to 0.6.0 * Thu Oct 2 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.5.1-2 - update mime scriptlets -------------------------------------------------------------------------------- ================================================================================ tuned-2.4.1-5.fc20 (FEDORA-2015-7348) A dynamic adaptive system tuning daemon -------------------------------------------------------------------------------- Update Information: This is an update fixing configobj class imports. It may fix some crashes. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 30 2015 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 2.4.1-5 - fixed configobj class imports resolves: rhbz#1217327 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1217327 - Service fails to start https://bugzilla.redhat.com/show_bug.cgi?id=1217327 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
