The following Fedora 20 Security updates need testing: Age URL 166 https://admin.fedoraproject.org/updates/FEDORA-2014-15988/fail2ban-0.9.1-1.fc20 146 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20 101 https://admin.fedoraproject.org/updates/FEDORA-2015-1718/389-admin-1.1.38-1.fc20 84 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 68 https://admin.fedoraproject.org/updates/FEDORA-2015-3417/389-ds-base-1.3.2.27-1.fc20 64 https://admin.fedoraproject.org/updates/FEDORA-2015-3738/ImageMagick-6.8.6.3-6.fc20 51 https://admin.fedoraproject.org/updates/FEDORA-2015-4672/quassel-0.11.0-2.fc20 35 https://admin.fedoraproject.org/updates/FEDORA-2015-5970/asterisk-11.17.1-1.fc20 35 https://admin.fedoraproject.org/updates/FEDORA-2015-5978/krb5-1.11.5-20.fc20 28 https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6.fc20 17 https://admin.fedoraproject.org/updates/FEDORA-2015-7159/dovecot-2.2.16-2.fc20 16 https://admin.fedoraproject.org/updates/FEDORA-2015-7231/libarchive-3.1.2-8.fc20 15 https://admin.fedoraproject.org/updates/FEDORA-2015-7302/drupal7-views-3.11-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2015-7911/kernel-3.19.7-100.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2015-7714/ca-certificates-2015.2.4-1.0.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2015-7887/php-ZendFramework2-2.3.8-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2015-6790/wordpress-4.2.2-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-7561/openslp-1.2.1-22.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2015-8138/firefox-38.0-4.fc20,thunderbird-31.7.0-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2015-8159/rawstudio-2.1-0.1.20150511git983bda1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2015-8142/cabal-install-1.16.1.0-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-8252/xen-4.3.4-4.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-8251/java-1.8.0-openjdk-1.8.0.45-38.b14.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-8247/LibRaw-0.15.4-2.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-8248/qemu-1.6.2-14.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-8266/mingw-LibRaw-0.15.4-5.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8345/libinfinity-0.6.6-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8386/hostapd-2.4-2.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 84 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2015-7719/qt-4.8.6-30.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2015-7714/ca-certificates-2015.2.4-1.0.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-8007/lua-socket-3.0-0.10.rc1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-8257/coreutils-8.21-22.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-8268/fedora-release-20-4 1 https://admin.fedoraproject.org/updates/FEDORA-2015-8261/pcre-8.33-11.fc20 The following builds have been pushed to Fedora 20 updates-testing burp-1.4.36-6.fc20 copr-cli-1.44-1.fc20 fbb-7.0.8-0.3.beta.fc20 hostapd-2.4-2.fc20 hpl-2.1-9.fc20.1 inxi-2.2.21-1.fc20 libinfinity-0.6.6-1.fc20 libmtp-1.1.9-1.fc20 mom-0.4.4-1.fc20 php-5.5.25-1.fc20 phpMyAdmin-4.4.7-1.fc20 python-ipaddress-1.0.7-1.fc20 python-requests-2.6.0-1.fc20 python-urllib3-1.10.3-1.fc20 python-vcrpy-1.5.2-1.fc20 python-wrapt-1.10.4-5.fc20 sflphone-1.4.1-10.fc20 tiled-0.12.0-1.fc20 youtube-dl-2015.05.10-1.fc20 Details about builds: ================================================================================ burp-1.4.36-6.fc20 (FEDORA-2015-8331) A network-based backup and restore program -------------------------------------------------------------------------------- Update Information: Added two configuration files so they would not be overwritten on update Burp - A network backup and restore program -------------------------------------------------------------------------------- References: [ 1 ] Bug #1186819 - Review Request: burp - Network backup / restore program https://bugzilla.redhat.com/show_bug.cgi?id=1186819 -------------------------------------------------------------------------------- ================================================================================ copr-cli-1.44-1.fc20 (FEDORA-2015-8372) Command line interface for COPR -------------------------------------------------------------------------------- Update Information: bugfix -------------------------------------------------------------------------------- ChangeLog: * Fri May 15 2015 Miroslav Suchý <msuchy@xxxxxxxxxx> 1.44-1 - mark license as license in spec - 1188022 - accept dash in project name -------------------------------------------------------------------------------- References: [ 1 ] Bug #1188022 - copr-cli does not respect the project argument https://bugzilla.redhat.com/show_bug.cgi?id=1188022 -------------------------------------------------------------------------------- ================================================================================ fbb-7.0.8-0.3.beta.fc20 (FEDORA-2015-8348) Packet radio mailbox and utilities -------------------------------------------------------------------------------- Update Information: This is new package - FBB packet radio mailbox and utilities. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1214834 - Review Request:fbb - Packet radio mailbox and utilities https://bugzilla.redhat.com/show_bug.cgi?id=1214834 -------------------------------------------------------------------------------- ================================================================================ hostapd-2.4-2.fc20 (FEDORA-2015-8386) IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator -------------------------------------------------------------------------------- Update Information: Security update for integer underflow in AP mode WMM Action frame processing. -------------------------------------------------------------------------------- ChangeLog: * Fri May 15 2015 John W. Linville <linville@xxxxxxxxxx> - 2.4-2 - apply fix for underflow in WMM action frame parser * Tue Apr 21 2015 John W. Linville <linville@xxxxxxxxxx> - 2.4-1 - Update to version 2.4 from upstream - Enable support for IEEE802.11r and IEEE802.11ac * Wed Feb 4 2015 John W. Linville <linville@xxxxxxxxxx> - 2.3-4 - Use BSD instead of %doc for file containing license information * Sun Nov 2 2014 poma <poma@xxxxxxxxx> - 2.3-3 - Further simplify hostapd.conf installation - Rebase "EAP-TLS server" patch to 2.3 * Tue Oct 28 2014 John W. Linville <linville@xxxxxxxxxx> - 2.3-2 - Remove version info from /usr/share/doc/hostapd/hostapd.conf -------------------------------------------------------------------------------- References: [ 1 ] Bug #1221178 - wpa_supplicant and hostapd: integer underflow in AP mode WMM Action frame processing https://bugzilla.redhat.com/show_bug.cgi?id=1221178 -------------------------------------------------------------------------------- ================================================================================ hpl-2.1-9.fc20.1 (FEDORA-2015-8330) A Portable Implementation of the High-Performance Linpack Benchmark -------------------------------------------------------------------------------- Update Information: This is new package - a portable implementation of the High-Performance Linpack. -------------------------------------------------------------------------------- References: [ 1 ] Bug #830869 - Review Request: hpl - A Portable Implementation of the High-Performance Linpack Benchmark https://bugzilla.redhat.com/show_bug.cgi?id=830869 -------------------------------------------------------------------------------- ================================================================================ inxi-2.2.21-1.fc20 (FEDORA-2015-8338) A full featured system information script -------------------------------------------------------------------------------- Update Information: Update to 2.2.21 -------------------------------------------------------------------------------- ChangeLog: * Fri May 15 2015 Vasiliy N. Glazov <vascom2@xxxxxxxxx> 2.2.21-1 - Update to 2.2.21 -------------------------------------------------------------------------------- ================================================================================ libinfinity-0.6.6-1.fc20 (FEDORA-2015-8345) Library implementing the infinote protocol -------------------------------------------------------------------------------- Update Information: Security update to make libinfinity properly check certificates: https://github.com/gobby/gobby/issues/61 -------------------------------------------------------------------------------- ChangeLog: * Fri May 15 2015 Till Maas <opensource@xxxxxxxxx> - 0.6.6-1 - Update to new release, fixes security issue: https://github.com/gobby/gobby/issues/61, #1221266 * Sun Nov 9 2014 Till Maas <opensource@xxxxxxxxx> - 0.6.4-1 - Update to new release * Tue Oct 21 2014 Till Maas <opensource@xxxxxxxxx> - 0.6.3-1 - Update to new release * Sat Sep 20 2014 Till Maas <opensource@xxxxxxxxx> - 0.6.2-1 - Update to new release * Fri Aug 29 2014 Till Maas <opensource@xxxxxxxxx> - 0.6.1-1 - Update to new release * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1221266 - libinfinity: incorrect validation of certificates https://bugzilla.redhat.com/show_bug.cgi?id=1221266 -------------------------------------------------------------------------------- ================================================================================ libmtp-1.1.9-1.fc20 (FEDORA-2015-8353) A software library for MTP media players -------------------------------------------------------------------------------- Update Information: New upstream version with many fixes. -------------------------------------------------------------------------------- ChangeLog: * Mon May 11 2015 Linus Walleij <triad@xxxxxxxxx> - 1.1.9-1 - New upstream version with many fixes. - Require libgrypt-devel to build, build libmtpz. - Install hwdb file. - Move documentation to a good place. -------------------------------------------------------------------------------- ================================================================================ mom-0.4.4-1.fc20 (FEDORA-2015-8394) Dynamically manage system resources on virtualization hosts -------------------------------------------------------------------------------- Update Information: Upgrade to 0.4.4 -------------------------------------------------------------------------------- ChangeLog: * Fri May 15 2015 Adam Litke <alitke@xxxxxxxxxx> - 0.4.4-1 - Upgrade to 0.4.4 -------------------------------------------------------------------------------- ================================================================================ php-5.5.25-1.fc20 (FEDORA-2015-8370) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: 14 May 2015, **PHP 5.5.25** **Core:** * Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas) * Fixed bug #69403 (str_repeat() sign mismatch based memory corruption). (Stas) * Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas) * Fixed bug #69522 (heap buffer overflow in unpack()). (Stas) * Fixed bug #69467 (Wrong checked for the interface by using Trait). (Laruence) * Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence) * Fixed bug #60022 ("use statement [...] has no effect" depends on leading backslash). (Nikita) * Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer). (Dmitry) * Fixed bug #68652 (segmentation fault in destructor). (Dmitry) * Fixed bug #69419 (Returning compatible sub generator produces a warning). (Nikita) * Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA). (Jan Starke) **FTP:** * Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (Stas) **ODBC:** * Fixed bug #69474 (ODBC: Query with same field name from two tables returns incorrect result). (Anatol) * Fixed bug #69381 (out of memory with sage odbc driver). (Frederic Marchall, Anatol Belski) **OpenSSL:** * Fixed bug #69402 (Reading empty SSL stream hangs until timeout). (Daniel Lowrey) **PCNTL:** * Fixed bug #68598 (pcntl_exec() should not allow null char). (Stas) **Phar:** * Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (Stas) -------------------------------------------------------------------------------- ChangeLog: * Sat May 16 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.5.25-1 - Update to 5.5.25 http://www.php.net/releases/5_5_25.php - adapt systzdata patch for upstream changes for new zic -------------------------------------------------------------------------------- ================================================================================ phpMyAdmin-4.4.7-1.fc20 (FEDORA-2015-8363) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information: phpMyAdmin 4.4.7.0 (2015-05-16) =============================== - Settings issues (Favorite tables shown twice in Settings) - Non-styled error page when following results link - Deleting without confirmation - Issues with SQL autocomplete - Column hint in SQL autocomplete is sometimes not shown - JS error after selecting a field and press Enter - Honor proxy settings when getting Git commit information - Missing title on link - ForceSSL Redirect Check - Undefined index collation_connection - Error when the reporting server is down - Escape database and table names for partition maintenance - Invalid value for CURLOPT_SSL_VERIFYPEER - Import status infinite loop - Designer: Loading does not work - Setup: Overview > Display does not work - Designer: pages from all databases -------------------------------------------------------------------------------- ChangeLog: * Sat May 16 2015 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 4.4.7-1 - Upgrade to 4.4.7 (#1222215) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1222215 - phpMyAdmin-4.4.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1222215 -------------------------------------------------------------------------------- ================================================================================ python-ipaddress-1.0.7-1.fc20 (FEDORA-2015-8334) Port of the python 3.3+ ipaddress module to 2.6+ -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1221742 - Review Request: python-ipaddress - Port of the python 3.3+ ipaddress module to 2.6+ https://bugzilla.redhat.com/show_bug.cgi?id=1221742 -------------------------------------------------------------------------------- ================================================================================ python-requests-2.6.0-1.fc20 (FEDORA-2015-8403) HTTP library, written in Python, for human beings -------------------------------------------------------------------------------- Update Information: Update to the version from F21. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2015 Ralph Bean <rbean@xxxxxxxxxx> - 2.6.0-1 - new version - Remove patch for CVE-2015-2296, now included in the upstream release. * Mon Mar 16 2015 Ralph Bean <rbean@xxxxxxxxxx> - 2.5.3-2 - Backport fix for CVE-2015-2296. * Thu Feb 26 2015 Ralph Bean <rbean@xxxxxxxxxx> - 2.5.3-1 - new version * Wed Feb 18 2015 Ralph Bean <rbean@xxxxxxxxxx> - 2.5.1-1 - new version * Tue Dec 16 2014 Ralph Bean <rbean@xxxxxxxxxx> - 2.5.0-3 - Pin python-urllib3 requirement at 1.10. - Fix requirement pinning syntax. * Thu Dec 11 2014 Ralph Bean <rbean@xxxxxxxxxx> - 2.5.0-2 - Do the most basic of tests in the check section. * Thu Dec 11 2014 Ralph Bean <rbean@xxxxxxxxxx> - 2.5.0-1 - Latest upstream, 2.5.0 for #1171068 * Wed Nov 5 2014 Ralph Bean <rbean@xxxxxxxxxx> - 2.4.3-1 - Latest upstream, 2.4.3 for #1136283 * Wed Nov 5 2014 Ralph Bean <rbean@xxxxxxxxxx> - 2.3.0-4 - Re-do unbundling by symlinking system libs into the requests/packages/ dir. * Sun Aug 3 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.3.0-3 - fix license handling * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.3.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu May 29 2014 Arun S A G <sagarun@xxxxxxxxx> - 2.3.0-1 - Latest upstream * Wed May 14 2014 Bohuslav Kabrda <bkabrda@xxxxxxxxxx> - 2.0.0-2 - Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 * Wed Sep 25 2013 Ralph Bean <rbean@xxxxxxxxxx> - 2.0.0-1 - Latest upstream. - Add doc macro to the python3 files section. - Require python-urllib3 greater than or at 1.7.1. -------------------------------------------------------------------------------- ================================================================================ python-urllib3-1.10.3-1.fc20 (FEDORA-2015-8369) Python HTTP library with thread-safe connection pooling and file post -------------------------------------------------------------------------------- Update Information: Update to the version from F21. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2015 Ralph Bean <rbean@xxxxxxxxxx> - 1.10.3-1 - new version * Thu Feb 26 2015 Ralph Bean <rbean@xxxxxxxxxx> - 1.10.2-1 - new version * Wed Feb 18 2015 Ralph Bean <rbean@xxxxxxxxxx> - 1.10.1-1 - new version * Wed Feb 18 2015 Ralph Bean <rbean@xxxxxxxxxx> - 1.10.1-1 - new version * Mon Jan 5 2015 Ralph Bean <rbean@xxxxxxxxxx> - 1.10-2 - Copy in a shim for ssl_match_hostname on python3. * Sun Dec 14 2014 Ralph Bean <rbean@xxxxxxxxxx> - 1.10-1 - Latest upstream 1.10, for python-requests-2.5.0. - Re-do unbundling without patch, with symlinks. - Modernize python2 macros. - Remove the with_dummyserver tests which fail only sometimes. * Wed Nov 5 2014 Ralph Bean <rbean@xxxxxxxxxx> - 1.9.1-1 - Latest upstream, 1.9.1 for latest python-requests. * Mon Aug 4 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.8.2-4 - fix license handling * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.8.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Wed May 14 2014 Bohuslav Kabrda <bkabrda@xxxxxxxxxx> - 1.8.2-2 - Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 -------------------------------------------------------------------------------- ================================================================================ python-vcrpy-1.5.2-1.fc20 (FEDORA-2015-8393) Automatically mock your HTTP interactions to simplify and speed up testing -------------------------------------------------------------------------------- Update Information: Latest upstream -------------------------------------------------------------------------------- ================================================================================ python-wrapt-1.10.4-5.fc20 (FEDORA-2015-8400) A Python module for decorators, wrappers and monkey patching -------------------------------------------------------------------------------- Update Information: Branching from rawhide -------------------------------------------------------------------------------- ================================================================================ sflphone-1.4.1-10.fc20 (FEDORA-2015-8359) SIP/IAX2 compatible enterprise-class software phone -------------------------------------------------------------------------------- Update Information: This update fixes a bug which prevented TLS from working. This updates ensures that the sflphone daemon sflphoned is correctly installed in /usr/libexec according to the packaging guidelines. This updates ensures that the sflphone daemon sflphoned is correctly installed in /usr/libexec according to the packaging guidelines. -------------------------------------------------------------------------------- ChangeLog: * Fri May 15 2015 Sandro Mani <manisandro@xxxxxxxxx> - 1.4.1-10 - Add patch to fix incorrect conditional in SipTransport::createTlsListener * Wed May 6 2015 Sandro Mani <manisandro@xxxxxxxxx> - 1.4.1-9 - Install sflphoned in /usr/libexec - Rename sflphone-libs -> sflphone-daemon * Tue Apr 28 2015 Milan Crha <mcrha@xxxxxxxxxx> - 1.4.1-8 - Rebuild for newer evolution-data-server -------------------------------------------------------------------------------- References: [ 1 ] Bug #1219440 - sflphone cannot connect to TLS server https://bugzilla.redhat.com/show_bug.cgi?id=1219440 [ 2 ] Bug #1219018 - sflphoned shouldn't be in lib directory https://bugzilla.redhat.com/show_bug.cgi?id=1219018 -------------------------------------------------------------------------------- ================================================================================ tiled-0.12.0-1.fc20 (FEDORA-2015-8355) Tiled Map Editor -------------------------------------------------------------------------------- Update Information: New release 0.12.0 with some neat new features (mainly featuring object resizing). See the blog for more info: http://blog.mapeditor.org/2015/05/tiled-0120-released.html -------------------------------------------------------------------------------- ChangeLog: * Fri May 15 2015 Erik Schilling Erik Schilling <ablu.erikschilling@xxxxxxxxxxxxxx> - 0.12.0-1 - New upstream release * Sat May 2 2015 Kalev Lember <kalevlember@xxxxxxxxx> - 0.11.0-2 - Rebuilt for GCC 5 C++11 ABI change -------------------------------------------------------------------------------- ================================================================================ youtube-dl-2015.05.10-1.fc20 (FEDORA-2015-8387) A small command-line program to download online videos -------------------------------------------------------------------------------- Update Information: Update to the latest release (#1218015, 1200569, 1206484) -------------------------------------------------------------------------------- ChangeLog: * Fri May 15 2015 Matej Cepl <mcepl@xxxxxxxxxx> - 2015.05.10-1 - Update to the latest release (#1218015, 1200569, 1206484) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1218015 - youtube-dl-2015.05.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1218015 [ 2 ] Bug #1200569 - [abrt] youtube-dl: common.py:237:report_progress:KeyError: u'total_bytes' https://bugzilla.redhat.com/show_bug.cgi?id=1200569 [ 3 ] Bug #1206484 - [abrt] youtube-dl: ffmpeg.py:122:probe_executable:KeyError: None https://bugzilla.redhat.com/show_bug.cgi?id=1206484 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
