The following Fedora 21 Security updates need testing: Age URL 128 https://admin.fedoraproject.org/updates/FEDORA-2015-0264/gcab-0.4-7.fc21 104 https://admin.fedoraproject.org/updates/FEDORA-2015-1467/openstack-glance-2014.1.3-4.fc21 49 https://admin.fedoraproject.org/updates/FEDORA-2015-4689/quassel-0.11.0-2.fc21 35 https://admin.fedoraproject.org/updates/FEDORA-2015-5929/qpid-cpp-0.32-1.fc21.1 34 https://admin.fedoraproject.org/updates/FEDORA-2015-6005/asterisk-11.17.1-1.fc21 16 https://admin.fedoraproject.org/updates/FEDORA-2015-7089/dovecot-2.2.16-2.fc21 15 https://admin.fedoraproject.org/updates/FEDORA-2015-7216/libarchive-3.1.2-11.fc21 15 https://admin.fedoraproject.org/updates/FEDORA-2015-7242/389-ds-base-1.3.3.10-1.fc21 13 https://admin.fedoraproject.org/updates/FEDORA-2015-7326/drupal7-views-3.11-1.fc21 13 https://admin.fedoraproject.org/updates/FEDORA-2015-7288/libtasn1-4.5-1.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2015-7878/krb5-1.12.2-17.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2015-7886/suricata-2.0.8-1.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2015-7687/php-ZendFramework2-2.3.8-1.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2015-6808/wordpress-4.2.2-1.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-8040/LibRaw-0.16.1-6.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-8087/mingw-LibRaw-0.16.1-1.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-7623/NetworkManager-0.9.10.2-5.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-8170/rawstudio-2.1-0.1.20150511git983bda1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-8168/cabal-install-1.16.1.0-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8270/xen-4.4.2-4.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8267/phpMyAdmin-4.4.6.1-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8264/java-1.8.0-openjdk-1.8.0.45-38.b14.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8249/qemu-2.1.3-7.fc21 The following Fedora 21 Critical Path updates have yet to be approved: Age URL 13 https://admin.fedoraproject.org/updates/FEDORA-2015-7062/ibus-1.5.10-4.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2015-7878/krb5-1.12.2-17.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2015-7864/pyparted-3.10.4-1.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-8045/libnl3-3.2.25-6.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-8055/lua-socket-3.0-0.10.rc1.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-7623/NetworkManager-0.9.10.2-5.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8276/gtk2-2.24.28-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8246/dbus-1.8.18-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8269/pcre-8.35-11.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8242/coreutils-8.22-22.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8262/createrepo_c-0.8.2-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8277/man-db-2.6.7.1-14.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8272/libcap-ng-0.7.5-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8256/libseccomp-2.2.1-0.fc21 The following builds have been pushed to Fedora 21 updates-testing burp-1.4.36-5.fc21 coreutils-8.22-22.fc21 createrepo_c-0.8.2-1.fc21 dbus-1.8.18-1.fc21 fillets-ng-1.0.1-7.fc21 fillets-ng-data-1.0.1-2.fc21 gtk2-2.24.28-1.fc21 java-1.8.0-openjdk-1.8.0.45-38.b14.fc21 libcap-ng-0.7.5-2.fc21 libseccomp-2.2.1-0.fc21 man-db-2.6.7.1-14.fc21 mbedtls-1.3.10-1.fc21 mock-1.2.9-1.fc21 pcre-8.35-11.fc21 perl-Parse-Debian-Packages-0.03-2.fc21 perl-Tangerine-0.16-1.fc21 perl-Test-Strict-0.27-1.fc21 php-seld-cli-prompt-1.0.0-1.fc21 php-seld-phar-utils-1.0.0-1.fc21 phpMyAdmin-4.4.6.1-1.fc21 python-geoip-geolite2-2015.0303-3.fc21 python-sphinx_rtd_theme-0.1.8-1.fc21 qemu-2.1.3-7.fc21 rubygem-webkit-gtk-2.2.5-1.fc21 simple-scan-3.14.3.1-1.fc21 taskd-1.1.0-1.fc21 xen-4.4.2-4.fc21 Details about builds: ================================================================================ burp-1.4.36-5.fc21 (FEDORA-2015-8250) A network-based backup and restore program -------------------------------------------------------------------------------- Update Information: Burp - A network backup and restore program -------------------------------------------------------------------------------- References: [ 1 ] Bug #1186819 - Review Request: burp - Network backup / restore program https://bugzilla.redhat.com/show_bug.cgi?id=1186819 -------------------------------------------------------------------------------- ================================================================================ coreutils-8.22-22.fc21 (FEDORA-2015-8242) A set of basic GNU tools commonly used in shell scripts -------------------------------------------------------------------------------- Update Information: - sort - fix buffer overflow in some case conversions - patch by Pádraig Brady - Adjust LS_COLORS in 256 color mode; brighten some, remove hardlink colors (#1196642) - Drop large ancient docs - have the LC_TIME subdirs with lang macro (#1169027) -------------------------------------------------------------------------------- ChangeLog: * Thu May 14 2015 Kamil Dudka <kdudka@xxxxxxxxxx> - 8.22-22 - sort - fix buffer overflow in some case conversions - patch by Pádraig Brady - Adjust LS_COLORS in 256 color mode; brighten some, remove hardlink colors (#1196642) - Drop large ancient docs - have the LC_TIME subdirs with lang macro (#1169027) * Thu Oct 23 2014 Adam Williamson <awilliam@xxxxxxxxxx> - 8.22-21 - revert -20 change: turns out there's a better fix elsewhere * Thu Oct 23 2014 Adam Williamson <awilliam@xxxxxxxxxx> - 8.22-20 - disable openssl support for now due to dep issues (#1156198) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1196642 - DIR_COLORS.256color ls colors hard to read with white and dark gray background https://bugzilla.redhat.com/show_bug.cgi?id=1196642 [ 2 ] Bug #1169027 - missing %lang info for LC_TIME locale subdirs https://bugzilla.redhat.com/show_bug.cgi?id=1169027 -------------------------------------------------------------------------------- ================================================================================ createrepo_c-0.8.2-1.fc21 (FEDORA-2015-8262) Creates a common metadata repository -------------------------------------------------------------------------------- Update Information: Update to 0.8.2 Replace g_error() with g_critical() (RhBug: 1162102) Update to 0.7.1 Update to 0.7.0 -------------------------------------------------------------------------------- ChangeLog: * Thu May 14 2015 Tomas Mlcoch <tmlcoch at redhat.com> - 0.8.2-1 - doc: Add man pages for sqliterepo and update manpages for other tools - mergerepo: Work only with noarch packages if --koji is used and no archlist is specified - mergerepo: Use file:// protocol in local baseurl - mergerepo: Do not include baseurl for first repo if --koji is specified (RhBug: 1220082) - mergerepo_c: Support multilib arch for --koji repos - mergerepo_c: Refactoring - Print debug message with version in each tool when --verbose is used - modifyrepo: Don't override file with itself (RhBug: 1215229) * Wed May 6 2015 Tomas Mlcoch <tmlcoch at redhat.com> - 0.8.1-1 - Fix bash completion for RHEL 6 * Tue May 5 2015 Tomas Mlcoch <tmlcoch at redhat.com> - 0.8.0-1 - New tool Sqliterepo_c - It generates sqlite databases into repos where the sqlite is missing. - Internal refactoring and code cleanup * Fri Feb 20 2015 Tomas Mlcoch <tmlcoch at redhat.com> - 0.7.7-1 - Proper directory for temporary files when --local-sqlite is used (Issue #12) - Bring bash completion install dir and filenames up to date with current bash-completion * Thu Jan 8 2015 Tomas Mlcoch <tmlcoch at redhat.com> - 0.7.6-1 - Python: Add __contains__ method to Repomd() class * Sun Dec 28 2014 Tomas Mlcoch <tmlcoch at redhat.com> - 0.7.5-1 - Python repomd: Support for iteration and indexing by type - e.g. record = repomd['primary'] - Show warning if an XML parser probably parsed a bad type of medata (New XML parser warning type CR_XML_WARNING_BADMDTYPE) - drpm library: Explicitly try to locate libdrpm.so.0 - deltarpms: Don't show options for delta rpms if support is not available -------------------------------------------------------------------------------- References: [ 1 ] Bug #1162102 - [abrt] createrepo_c: cr_parse_repomd(): mergerepo_c killed by SIGTRAP https://bugzilla.redhat.com/show_bug.cgi?id=1162102 -------------------------------------------------------------------------------- ================================================================================ dbus-1.8.18-1.fc21 (FEDORA-2015-8246) D-BUS message bus -------------------------------------------------------------------------------- Update Information: Update to 1.8.18 -------------------------------------------------------------------------------- ChangeLog: * Thu May 14 2015 David King <amigadave@xxxxxxxxxxxxx> - 1:1.8.18-1 - Update to 1.8.18 -------------------------------------------------------------------------------- ================================================================================ fillets-ng-1.0.1-7.fc21 (FEDORA-2015-7739) Fish Fillets Next Generation, a puzzle game with 70 levels -------------------------------------------------------------------------------- Update Information: Fix start up failure Remove bundled fonts Bring data packade up to date -------------------------------------------------------------------------------- ChangeLog: * Fri May 8 2015 Bruno Wolff III <bruno@xxxxxxxx> = 1.0.1-7 - The lua 5.2 patch wasn't working, switch to using compat version for 5.1 * Sat May 2 2015 Kalev Lember <kalevlember@xxxxxxxxx> - 1.0.1-6 - Rebuilt for GCC 5 C++11 ABI change * Thu Mar 26 2015 Richard Hughes <rhughes@xxxxxxxxxx> - 1.0.1-5 - Add an AppData file for the software center -------------------------------------------------------------------------------- References: [ 1 ] Bug #1084250 - fillets-ng fails to start https://bugzilla.redhat.com/show_bug.cgi?id=1084250 [ 2 ] Bug #1220008 - Fonts are incorrectly included in the package https://bugzilla.redhat.com/show_bug.cgi?id=1220008 -------------------------------------------------------------------------------- ================================================================================ fillets-ng-data-1.0.1-2.fc21 (FEDORA-2015-7739) Game data files for Fish Fillets Next Generation -------------------------------------------------------------------------------- Update Information: Fix start up failure Remove bundled fonts Bring data packade up to date -------------------------------------------------------------------------------- ChangeLog: * Sat May 9 2015 Bruno Wolff III <bruno@xxxxxxxx> - 1.0.1-2 - Fix files being listed twice by the spec file - Use proper fonts * Fri May 8 2015 Bruno Wolff III <bruno@xxxxxxxx> - 1.0.1-1 - Update to latest release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1084250 - fillets-ng fails to start https://bugzilla.redhat.com/show_bug.cgi?id=1084250 [ 2 ] Bug #1220008 - Fonts are incorrectly included in the package https://bugzilla.redhat.com/show_bug.cgi?id=1220008 -------------------------------------------------------------------------------- ================================================================================ gtk2-2.24.28-1.fc21 (FEDORA-2015-8276) The GIMP ToolKit (GTK+), a library for creating GUIs for X -------------------------------------------------------------------------------- Update Information: A gtk2 update which contains a small number of bug fixes: * 693738 gtk print dialog shows "Getting printer information failed"... * 746064 "sticky" window state reported wrongly on X11 * 746269 Segfault in gtk_tree_view_move_cursor_page_up_down * 748014 W32: Tilting mousewheel left/right does not scroll horizontally -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2015 Matthias Clasen <mclasen@xxxxxxxxxx> - 2.24.28-1 - Update to 2.24.28 -------------------------------------------------------------------------------- ================================================================================ java-1.8.0-openjdk-1.8.0.45-38.b14.fc21 (FEDORA-2015-8264) OpenJDK Runtime Environment -------------------------------------------------------------------------------- Update Information: updated to 8u45-b14. fixes rhbz#1123870 -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2015 Jiri Vanek <jvanek@xxxxxxxxxx> - 1:1.8.0.45-35.b14 - updated to 8u45-b14 with hope to fix rhbz#1123870 - sync with f22 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1123870 - CVE-2015-0383 OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807) https://bugzilla.redhat.com/show_bug.cgi?id=1123870 -------------------------------------------------------------------------------- ================================================================================ libcap-ng-0.7.5-2.fc21 (FEDORA-2015-8272) An alternate posix capabilities library -------------------------------------------------------------------------------- Update Information: Updated to support newer kernels. Updated to support newer kernels. -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2015 Steve Grubb <sgrubb@xxxxxxxxxx> 0.7.5-2 - Don't leak file descriptor * Thu May 7 2015 Steve Grubb <sgrubb@xxxxxxxxxx> 0.7.5-1 - New upstream release -------------------------------------------------------------------------------- ================================================================================ libseccomp-2.2.1-0.fc21 (FEDORA-2015-8256) Enhanced seccomp library -------------------------------------------------------------------------------- Update Information: New upstream version -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2015 Paul Moore <pmoore@xxxxxxxxxx> - 2.2.1-0 - New upstream version - Added aarch64 support - Added a static build - Fully builds on i686, x86_64, and armv7hl (RHBZ #1106071) -------------------------------------------------------------------------------- ================================================================================ man-db-2.6.7.1-14.fc21 (FEDORA-2015-8277) Tools for searching and reading man pages -------------------------------------------------------------------------------- Update Information: Fix buildroot construction for packages that pull this in via BuildRequires -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2015 Cole Robinson <crobinso@xxxxxxxxxx> 2.6.7.1-14 - Test for /run/systemd to detect systemd state rather than invoking rpm in % pre - it is not really supported by rpm. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1220938 - calling rpm in %pre breaks buildroot construction https://bugzilla.redhat.com/show_bug.cgi?id=1220938 -------------------------------------------------------------------------------- ================================================================================ mbedtls-1.3.10-1.fc21 (FEDORA-2015-8245) Light-weight cryptographic and SSL/TLS library -------------------------------------------------------------------------------- Update Information: As of Nov 2014, polarssl has been acquired by ARM Inc.[1][2], then the name was changed to mbedtls. This is the initial mbedtls package for Fedora. [1] https://polarssl.org/tech-updates/blog/polarssl-part-of-arm [2] http://community.arm.com/groups/internet-of-things/blog/2015/02/09/polarssl-is-dead-long-live-mbed-tls -------------------------------------------------------------------------------- ================================================================================ mock-1.2.9-1.fc21 (FEDORA-2015-8253) Builds packages inside chroots -------------------------------------------------------------------------------- Update Information: Fix regression in mockchain. New plugin pm_request. -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2015 Miroslav Suchý <msuchy@xxxxxxxxxx> - 1.2.9-1 - scm: do not keep copy of environ, this is now handled by uidmanager [RHBZ#1204395] - Add pm_request plugin - Drop lvm2-python-libs requires and enable lvm subpackage on el6 - Use lvs instead of lvm python bindings - Unshare IPC ns only for chroot processes - Add missing flush in logOutput - Avoid infinite recursion in selinux plugin -------------------------------------------------------------------------------- References: [ 1 ] Bug #1204395 - mock-scm not using SSH_AUTH_SOCK environment variable https://bugzilla.redhat.com/show_bug.cgi?id=1204395 -------------------------------------------------------------------------------- ================================================================================ pcre-8.35-11.fc21 (FEDORA-2015-8269) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release updates patch for bug #1210383 to allow building pcre without UTF support. -------------------------------------------------------------------------------- ChangeLog: * Thu May 14 2015 Petr Pisar <ppisar@xxxxxxxxxx> - 8.35-11 - Amend Fix-memory-bug-for-S-V-H-compile patch to allow building with disabled UTF support (bug #1210383) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1210383 - Crash when compiling /[\\S\\V\\H]/8 https://bugzilla.redhat.com/show_bug.cgi?id=1210383 -------------------------------------------------------------------------------- ================================================================================ perl-Parse-Debian-Packages-0.03-2.fc21 (FEDORA-2015-8260) Parse the data from a Debian Packages.gz -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1168260 - Review Request: perl-Parse-Debian-Packages - Parse the data from a debian Packages.gz https://bugzilla.redhat.com/show_bug.cgi?id=1168260 -------------------------------------------------------------------------------- ================================================================================ perl-Tangerine-0.16-1.fc21 (FEDORA-2015-8273) Analyse perl files and report module-related information -------------------------------------------------------------------------------- Update Information: Module names consisting solely of digits are also valid. Don't ignore them. -------------------------------------------------------------------------------- ChangeLog: * Thu May 14 2015 Petr Šabata <contyk@xxxxxxxxxx> - 0.16-1 - 0.16 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1221422 - perl-Tangerine-0.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1221422 -------------------------------------------------------------------------------- ================================================================================ perl-Test-Strict-0.27-1.fc21 (FEDORA-2015-8254) Check syntax, presence of use strict/warnings, and test coverage -------------------------------------------------------------------------------- Update Information: Introduce support for -t and -w switches. -------------------------------------------------------------------------------- ChangeLog: * Thu May 14 2015 Petr Šabata <contyk@xxxxxxxxxx> - 0.27-1 - 0.27 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1211045 - perl-Test-Strict-0.27 is available https://bugzilla.redhat.com/show_bug.cgi?id=1211045 -------------------------------------------------------------------------------- ================================================================================ php-seld-cli-prompt-1.0.0-1.fc21 (FEDORA-2015-8244) Allows you to prompt for user input on the command line -------------------------------------------------------------------------------- Update Information: While prompting for user input using fgets() is quite easy, sometimes you need to prompt for sensitive information. In these cases, the characters typed in by the user should not be directly visible, and this is quite a pain to do in a cross-platform way. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1218089 - Review Request: php-seld-cli-prompt - Allows you to prompt for user input on the command line https://bugzilla.redhat.com/show_bug.cgi?id=1218089 -------------------------------------------------------------------------------- ================================================================================ php-seld-phar-utils-1.0.0-1.fc21 (FEDORA-2015-8271) PHAR file format utilities -------------------------------------------------------------------------------- Update Information: PHAR file format utilities, for when PHP phars you up. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1218090 - Review Request: php-seld-phar-utils - PHAR file format utilities https://bugzilla.redhat.com/show_bug.cgi?id=1218090 -------------------------------------------------------------------------------- ================================================================================ phpMyAdmin-4.4.6.1-1.fc21 (FEDORA-2015-8267) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information: phpMyAdmin 4.4.6.1 (2015-05-13) =============================== - [security] CSRF vulnerability in setup - [security] Vulnerability allowing man-in-the-middle attack -------------------------------------------------------------------------------- ChangeLog: * Thu May 14 2015 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 4.4.6.1-1 - Upgrade to 4.4.6.1 (#1221418, #1221580, #1221581) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1221580 - CVE-2015-3902 phpMyAdmin: XSRF/CSRF vulnerability in phpMyAdmin setup https://bugzilla.redhat.com/show_bug.cgi?id=1221580 [ 2 ] Bug #1221581 - CVE-2015-3903 phpMyAdmin: Vulnerability allowing man-in-the-middle attack on API call to GitHub https://bugzilla.redhat.com/show_bug.cgi?id=1221581 -------------------------------------------------------------------------------- ================================================================================ python-geoip-geolite2-2015.0303-3.fc21 (FEDORA-2015-8275) GeoIP database access for Python under a BSD license -------------------------------------------------------------------------------- Update Information: 2015.0303-3 -------------------------------------------------------------------------------- ================================================================================ python-sphinx_rtd_theme-0.1.8-1.fc21 (FEDORA-2015-8259) Sphinx theme for readthedocs.org -------------------------------------------------------------------------------- Update Information: Upstream notes on this release: - Add support for Sphinx 1.3 - Add sidebar headers for :caption: in Sphinx toctree - Clean up sidebar scrolling behavior so it never scrolls out of view -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2015 Jerry James <loganjerry@xxxxxxxxx> - 0.1.8-1 - New upstream version - Unbundle the Lato fonts -------------------------------------------------------------------------------- ================================================================================ qemu-2.1.3-7.fc21 (FEDORA-2015-8249) QEMU is a FAST! processor emulator -------------------------------------------------------------------------------- Update Information: * CVE-2015-3456: (VENOM) fdc: out-of-bounds fifo buffer memory access (bz #1221152) -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2015 Cole Robinson <crobinso@xxxxxxxxxx> - 2:2.1.3-7 - CVE-2015-3456: (VENOM) fdc: out-of-bounds fifo buffer memory access (bz -------------------------------------------------------------------------------- References: [ 1 ] Bug #1218611 - CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access https://bugzilla.redhat.com/show_bug.cgi?id=1218611 -------------------------------------------------------------------------------- ================================================================================ rubygem-webkit-gtk-2.2.5-1.fc21 (FEDORA-2015-8241) Ruby binding of WebKitGTK+ using GTK3 -------------------------------------------------------------------------------- Update Information: This is a new package. -------------------------------------------------------------------------------- ================================================================================ simple-scan-3.14.3.1-1.fc21 (FEDORA-2015-8263) Simple scanning utility -------------------------------------------------------------------------------- Update Information: Update to 3.14.3.1 (#1221448) -------------------------------------------------------------------------------- ChangeLog: * Thu May 14 2015 David King <amigadave@xxxxxxxxxxxxx> - 3.14.3.1-1 - Update to 3.14.3.1 (#1221448) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1221448 - simple-scan LC_MESSAGES in wrong location https://bugzilla.redhat.com/show_bug.cgi?id=1221448 -------------------------------------------------------------------------------- ================================================================================ taskd-1.1.0-1.fc21 (FEDORA-2015-8240) Secure server providing multi-user, multi-client access to task data -------------------------------------------------------------------------------- Update Information: Latest upstream -------------------------------------------------------------------------------- ChangeLog: * Thu May 14 2015 Ralph Bean <rbean@xxxxxxxxxx> - 1.1.0-1 - Latest upstream. * Sat May 2 2015 Kalev Lember <kalevlember@xxxxxxxxx> - 1.0.0-11 - Rebuilt for GCC 5 C++11 ABI change -------------------------------------------------------------------------------- ================================================================================ xen-4.4.2-4.fc21 (FEDORA-2015-8270) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2015 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.4.2-4 - Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1218611 - CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access https://bugzilla.redhat.com/show_bug.cgi?id=1218611 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
