The following Fedora 20 Security updates need testing: Age URL 164 https://admin.fedoraproject.org/updates/FEDORA-2014-15988/fail2ban-0.9.1-1.fc20 144 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20 99 https://admin.fedoraproject.org/updates/FEDORA-2015-1718/389-admin-1.1.38-1.fc20 82 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 67 https://admin.fedoraproject.org/updates/FEDORA-2015-3417/389-ds-base-1.3.2.27-1.fc20 62 https://admin.fedoraproject.org/updates/FEDORA-2015-3738/ImageMagick-6.8.6.3-6.fc20 49 https://admin.fedoraproject.org/updates/FEDORA-2015-4672/quassel-0.11.0-2.fc20 34 https://admin.fedoraproject.org/updates/FEDORA-2015-5970/asterisk-11.17.1-1.fc20 34 https://admin.fedoraproject.org/updates/FEDORA-2015-5978/krb5-1.11.5-20.fc20 27 https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6.fc20 16 https://admin.fedoraproject.org/updates/FEDORA-2015-7159/dovecot-2.2.16-2.fc20 15 https://admin.fedoraproject.org/updates/FEDORA-2015-7231/libarchive-3.1.2-8.fc20 13 https://admin.fedoraproject.org/updates/FEDORA-2015-7302/drupal7-views-3.11-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-7911/kernel-3.19.7-100.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-7714/ca-certificates-2015.2.4-1.0.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-7887/php-ZendFramework2-2.3.8-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-6790/wordpress-4.2.2-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2015-7561/openslp-1.2.1-22.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-8138/firefox-38.0-4.fc20,thunderbird-31.7.0-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-8159/rawstudio-2.1-0.1.20150511git983bda1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-8142/cabal-install-1.16.1.0-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8252/xen-4.3.4-4.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8251/java-1.8.0-openjdk-1.8.0.45-38.b14.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8274/phpMyAdmin-4.4.6.1-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8247/LibRaw-0.15.4-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8248/qemu-1.6.2-14.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8266/mingw-LibRaw-0.15.4-5.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 82 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 13 https://admin.fedoraproject.org/updates/FEDORA-2015-7281/btrfs-progs-4.0-1.fc20 13 https://admin.fedoraproject.org/updates/FEDORA-2015-7294/perl-Socket-2.019-1.fc20 13 https://admin.fedoraproject.org/updates/FEDORA-2015-7065/ibus-1.5.10-4.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-7719/qt-4.8.6-30.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-7714/ca-certificates-2015.2.4-1.0.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2015-8007/lua-socket-3.0-0.10.rc1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8257/coreutils-8.21-22.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8268/fedora-release-20-4 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8261/pcre-8.33-11.fc20 The following builds have been pushed to Fedora 20 updates-testing LibRaw-0.15.4-2.fc20 burp-1.4.36-5.fc20 coreutils-8.21-22.fc20 fedora-release-20-4 fillets-ng-1.0.1-7.fc20 fillets-ng-data-1.0.1-2.fc20 java-1.8.0-openjdk-1.8.0.45-38.b14.fc20 mbedtls-1.3.10-1.fc20 mingw-LibRaw-0.15.4-5.fc20 mock-1.2.9-1.fc20 pcre-8.33-11.fc20 perl-Tangerine-0.16-1.fc20 phpMyAdmin-4.4.6.1-1.fc20 python-geoip-geolite2-2015.0303-3.fc20 qemu-1.6.2-14.fc20 xen-4.3.4-4.fc20 Details about builds: ================================================================================ LibRaw-0.15.4-2.fc20 (FEDORA-2015-8247) Library for reading RAW files obtained from digital photo cameras -------------------------------------------------------------------------------- Update Information: Patch for ljpeg_start() vulnerability. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1221250 - CVE-2015-3885 LibRaw: dcraw: input sanitization flaw leading to buffer overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1221250 -------------------------------------------------------------------------------- ================================================================================ burp-1.4.36-5.fc20 (FEDORA-2015-8258) A network-based backup and restore program -------------------------------------------------------------------------------- Update Information: Burp - A network backup and restore program -------------------------------------------------------------------------------- References: [ 1 ] Bug #1186819 - Review Request: burp - Network backup / restore program https://bugzilla.redhat.com/show_bug.cgi?id=1186819 -------------------------------------------------------------------------------- ================================================================================ coreutils-8.21-22.fc20 (FEDORA-2015-8257) A set of basic GNU tools commonly used in shell scripts -------------------------------------------------------------------------------- Update Information: - sort - fix buffer overflow in some case conversions - patch by Pádraig Brady - Adjust LS_COLORS in 256 color mode; brighten some, remove hardlink colors (#1196642) - Drop large ancient docs - have the LC_TIME subdirs with lang macro (#1169027) - handle situation with ro /tmp in colorls scripts (#1149761) - fix the sorting in multibyte locales (NUL-terminate sort keys) - patch by Andreas Schwab (#1146185) -------------------------------------------------------------------------------- ChangeLog: * Thu May 14 2015 Kamil Dudka <kdudka@xxxxxxxxxx> 8.21-22 - fix occasional assertion failure of gnulib tests that check ctime - sort - fix buffer overflow in some case conversions - patch by Pádraig Brady - Adjust LS_COLORS in 256 color mode; brighten some, remove hardlink colors (#1196642) - Drop large ancient docs - have the LC_TIME subdirs with lang macro (#1169027) - handle situation with ro /tmp in colorls scripts (#1149761) - fix the sorting in multibyte locales (NUL-terminate sort keys) - patch by Andreas Schwab (#1146185) - fix failed tests on ppc(backport from gnulib upstream) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1169027 - missing %lang info for LC_TIME locale subdirs https://bugzilla.redhat.com/show_bug.cgi?id=1169027 [ 2 ] Bug #1149761 - root login in emergency mode shows errors https://bugzilla.redhat.com/show_bug.cgi?id=1149761 [ 3 ] Bug #1196642 - DIR_COLORS.256color ls colors hard to read with white and dark gray background https://bugzilla.redhat.com/show_bug.cgi?id=1196642 [ 4 ] Bug #1146185 - "sort" looks at more than the flags specify in non-C locales https://bugzilla.redhat.com/show_bug.cgi?id=1146185 -------------------------------------------------------------------------------- ================================================================================ fedora-release-20-4 (FEDORA-2015-8268) Fedora release files -------------------------------------------------------------------------------- Update Information: add the Fedora 22 gpg keys rhbz#1220358 -------------------------------------------------------------------------------- ChangeLog: * Thu May 14 2015 Dennis Gilmore <dennis@xxxxxxxx> - 20-4 - add the Fedora 22 gpg keys rhbz#1220358 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1220358 - Fedora 20 doesn't contain F22 gpg keys, prevents fedup https://bugzilla.redhat.com/show_bug.cgi?id=1220358 -------------------------------------------------------------------------------- ================================================================================ fillets-ng-1.0.1-7.fc20 (FEDORA-2015-7825) Fish Fillets Next Generation, a puzzle game with 70 levels -------------------------------------------------------------------------------- Update Information: Fix start up failure Remove bundled fonts Bring data packade up to date -------------------------------------------------------------------------------- ChangeLog: * Fri May 8 2015 Bruno Wolff III <bruno@xxxxxxxx> = 1.0.1-7 - The lua 5.2 patch wasn't working, switch to using compat version for 5.1 * Sat May 2 2015 Kalev Lember <kalevlember@xxxxxxxxx> - 1.0.1-6 - Rebuilt for GCC 5 C++11 ABI change * Thu Mar 26 2015 Richard Hughes <rhughes@xxxxxxxxxx> - 1.0.1-5 - Add an AppData file for the software center * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1084250 - fillets-ng fails to start https://bugzilla.redhat.com/show_bug.cgi?id=1084250 [ 2 ] Bug #1220008 - Fonts are incorrectly included in the package https://bugzilla.redhat.com/show_bug.cgi?id=1220008 -------------------------------------------------------------------------------- ================================================================================ fillets-ng-data-1.0.1-2.fc20 (FEDORA-2015-7825) Game data files for Fish Fillets Next Generation -------------------------------------------------------------------------------- Update Information: Fix start up failure Remove bundled fonts Bring data packade up to date -------------------------------------------------------------------------------- ChangeLog: * Sat May 9 2015 Bruno Wolff III <bruno@xxxxxxxx> - 1.0.1-2 - Fix files being listed twice by the spec file - Use proper fonts * Fri May 8 2015 Bruno Wolff III <bruno@xxxxxxxx> - 1.0.1-1 - Update to latest release * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.9.0-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1084250 - fillets-ng fails to start https://bugzilla.redhat.com/show_bug.cgi?id=1084250 [ 2 ] Bug #1220008 - Fonts are incorrectly included in the package https://bugzilla.redhat.com/show_bug.cgi?id=1220008 -------------------------------------------------------------------------------- ================================================================================ java-1.8.0-openjdk-1.8.0.45-38.b14.fc20 (FEDORA-2015-8251) OpenJDK Runtime Environment -------------------------------------------------------------------------------- Update Information: updated to 8u45-b14 with hope to fix rhbz#1123870 This update adds debugging information to all the Java code included in the JDK, make it easier to debug the code. -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2015 Jiri Vanek <jvanek@xxxxxxxxxx> - 1:1.8.0.45-35.b14 - updated to 8u45-b14 with hope to fix rhbz#1123870 * Thu Apr 16 2015 Omair Majid <omajid@xxxxxxxxxx> - 1:1.8.0.45-32.b13 - Build all java code with -g - Test at build-time to ensure debugging information is included - Resolves: rhbz#1150932 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1123870 - CVE-2015-0383 OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807) https://bugzilla.redhat.com/show_bug.cgi?id=1123870 -------------------------------------------------------------------------------- ================================================================================ mbedtls-1.3.10-1.fc20 (FEDORA-2015-8265) Light-weight cryptographic and SSL/TLS library -------------------------------------------------------------------------------- Update Information: As of Nov 2014, polarssl has been acquired by ARM Inc.[1][2], then the name was changed to mbedtls. This is the initial mbedtls package for Fedora. [1] https://polarssl.org/tech-updates/blog/polarssl-part-of-arm [2] http://community.arm.com/groups/internet-of-things/blog/2015/02/09/polarssl-is-dead-long-live-mbed-tls -------------------------------------------------------------------------------- ================================================================================ mingw-LibRaw-0.15.4-5.fc20 (FEDORA-2015-8266) Library for reading RAW files obtained from digital photo cameras -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-3885 -------------------------------------------------------------------------------- ChangeLog: * Thu May 14 2015 Sandro Mani <manisandro@xxxxxxxxx> - 0.15.4-5 - Add fix for CVE-2015-3885 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1221249 - CVE-2015-3885 dcraw: input sanitization flaw leading to buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1221249 -------------------------------------------------------------------------------- ================================================================================ mock-1.2.9-1.fc20 (FEDORA-2015-8243) Builds packages inside chroots -------------------------------------------------------------------------------- Update Information: Fix regression in mockchain. New plugin pm_request. -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2015 Miroslav Suchý <msuchy@xxxxxxxxxx> - 1.2.9-1 - scm: do not keep copy of environ, this is now handled by uidmanager [RHBZ#1204395] - Add pm_request plugin - Drop lvm2-python-libs requires and enable lvm subpackage on el6 - Use lvs instead of lvm python bindings - Unshare IPC ns only for chroot processes - Add missing flush in logOutput - Avoid infinite recursion in selinux plugin -------------------------------------------------------------------------------- References: [ 1 ] Bug #1204395 - mock-scm not using SSH_AUTH_SOCK environment variable https://bugzilla.redhat.com/show_bug.cgi?id=1204395 -------------------------------------------------------------------------------- ================================================================================ pcre-8.33-11.fc20 (FEDORA-2015-8261) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release updates patch for bug #1210383 to allow building pcre without UTF support. -------------------------------------------------------------------------------- ChangeLog: * Thu May 14 2015 Petr Pisar <ppisar@xxxxxxxxxx> - 8.33-11 - Amend Fix-memory-bug-for-S-V-H-compile patch to allow building with disabled UTF support (bug #1210383) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1210383 - Crash when compiling /[\\S\\V\\H]/8 https://bugzilla.redhat.com/show_bug.cgi?id=1210383 -------------------------------------------------------------------------------- ================================================================================ perl-Tangerine-0.16-1.fc20 (FEDORA-2015-8278) Analyse perl files and report module-related information -------------------------------------------------------------------------------- Update Information: Module names consisting solely of digits are also valid. Don't ignore them. -------------------------------------------------------------------------------- ChangeLog: * Thu May 14 2015 Petr Šabata <contyk@xxxxxxxxxx> - 0.16-1 - 0.16 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1221422 - perl-Tangerine-0.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1221422 -------------------------------------------------------------------------------- ================================================================================ phpMyAdmin-4.4.6.1-1.fc20 (FEDORA-2015-8274) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information: phpMyAdmin 4.4.6.1 (2015-05-13) =============================== - [security] CSRF vulnerability in setup - [security] Vulnerability allowing man-in-the-middle attack -------------------------------------------------------------------------------- ChangeLog: * Thu May 14 2015 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 4.4.6.1-1 - Upgrade to 4.4.6.1 (#1221418, #1221580, #1221581) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1221580 - CVE-2015-3902 phpMyAdmin: XSRF/CSRF vulnerability in phpMyAdmin setup https://bugzilla.redhat.com/show_bug.cgi?id=1221580 [ 2 ] Bug #1221581 - CVE-2015-3903 phpMyAdmin: Vulnerability allowing man-in-the-middle attack on API call to GitHub https://bugzilla.redhat.com/show_bug.cgi?id=1221581 -------------------------------------------------------------------------------- ================================================================================ python-geoip-geolite2-2015.0303-3.fc20 (FEDORA-2015-8255) GeoIP database access for Python under a BSD license -------------------------------------------------------------------------------- Update Information: 2015.0303-3 -------------------------------------------------------------------------------- ================================================================================ qemu-1.6.2-14.fc20 (FEDORA-2015-8248) QEMU is a FAST! processor emulator -------------------------------------------------------------------------------- Update Information: * CVE-2015-3456: (VENOM) fdc: out-of-bounds fifo buffer memory access (bz #1221152) -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2015 Cole Robinson <crobinso@xxxxxxxxxx> - 2:1.6.2-14 - CVE-2015-3456: (VENOM) fdc: out-of-bounds fifo buffer memory access (bz -------------------------------------------------------------------------------- References: [ 1 ] Bug #1218611 - CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access https://bugzilla.redhat.com/show_bug.cgi?id=1218611 -------------------------------------------------------------------------------- ================================================================================ xen-4.3.4-4.fc20 (FEDORA-2015-8252) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2015 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.3.4-4 - Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1218611 - CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access https://bugzilla.redhat.com/show_bug.cgi?id=1218611 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
