The following Fedora 20 Security updates need testing: Age URL 174 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20 129 https://admin.fedoraproject.org/updates/FEDORA-2015-1718/389-admin-1.1.38-1.fc20 112 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 97 https://admin.fedoraproject.org/updates/FEDORA-2015-3417/389-ds-base-1.3.2.27-1.fc20 93 https://admin.fedoraproject.org/updates/FEDORA-2015-3738/ImageMagick-6.8.6.3-6.fc20 79 https://admin.fedoraproject.org/updates/FEDORA-2015-4672/quassel-0.11.0-2.fc20 64 https://admin.fedoraproject.org/updates/FEDORA-2015-5970/asterisk-11.17.1-1.fc20 64 https://admin.fedoraproject.org/updates/FEDORA-2015-5978/krb5-1.11.5-20.fc20 57 https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6.fc20 45 https://admin.fedoraproject.org/updates/FEDORA-2015-7231/libarchive-3.1.2-8.fc20 44 https://admin.fedoraproject.org/updates/FEDORA-2015-7302/drupal7-views-3.11-1.fc20 31 https://admin.fedoraproject.org/updates/FEDORA-2015-8159/rawstudio-2.1-0.1.20150511git983bda1.fc20 22 https://admin.fedoraproject.org/updates/FEDORA-2015-8142/cabal-install-1.16.1.0-1.fc20,haskell-platform-2013.2.0.0-39.fc20 22 https://admin.fedoraproject.org/updates/FEDORA-2015-8727/fail2ban-0.9.2-1.fc20 15 https://admin.fedoraproject.org/updates/FEDORA-2015-9163/fossil-1.33-1.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2015-9371/openssl-1.0.1e-43.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-9604/python-django14-1.4.20-1.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-9625/mbedtls-1.3.11-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-9649/libwmf-0.2.8.4-43.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-5375/strongswan-5.3.2-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-9703/squid-3.3.14-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-9965/xen-4.3.4-6.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-9985/postgresql-9.3.9-1.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 112 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2015-9379/perl-Getopt-Long-2.46-1.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2015-9371/openssl-1.0.1e-43.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2015-9452/gnupg2-2.0.28-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-8911/kdelibs-4.14.9-2.fc20,kdepimlibs-4.14.9-1.fc20,kde-runtime-15.04.2-1.fc20,kde-baseapps-15.04.2-1.fc20,oxygen-icon-theme-15.04.2-1.fc20 The following builds have been pushed to Fedora 20 updates-testing gambas3-3.7.1-2.fc20 luarocks-2.2.2-1.fc20 perl-File-Touch-0.09-1.fc20 perl-JSON-MaybeXS-1.003005-1.fc20 php-horde-Horde-Core-2.20.5-1.fc20 postgresql-9.3.9-1.fc20 python-fedmsg-meta-fedora-infrastructure-0.5.8-1.fc20 tito-0.6.0-1.fc20 tzdata-2015d-3.fc20 xen-4.3.4-6.fc20 xpra-0.15.0-2.fc20 Details about builds: ================================================================================ gambas3-3.7.1-2.fc20 (FEDORA-2015-9979) IDE based on a basic interpreter with object extensions -------------------------------------------------------------------------------- Update Information: Fix -examples to properly be provided/obsoleted by the -ide subpackage. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 3.7.1-2 - provides/obsoletes the old -examples subpackage -------------------------------------------------------------------------------- ================================================================================ luarocks-2.2.2-1.fc20 (FEDORA-2015-9975) A deployment and management system for Lua modules -------------------------------------------------------------------------------- Update Information: Changes since 2.2.1: * `luarocks build --only-deps` and `luarocks install --only-deps` for installing dependencies only * Mercurial support * Improved command-line argument parser, now validates arguments (it previously ignored unrecognized arguments) and accepts both `--flag=option` and `--flag option` in flags that take arguments. * For consistency with `luarocks show`, `luarocks doc --homepage` is now `luarocks doc --home` * Improvements to CMake build backend * Improved Makefiles for handling simultaneous bootstrapped installations * "https://luarocks.org";; is the default rocks server URL * Various bugfixes Changes since 2.2.0: * Improved compatibility with Lua 5.3 * `luarocks list --outdated` for listing modules with available upgrades * Assorted bugfixes -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 2 2015 Michel Alexandre Salim <salimma@xxxxxxxxxxxxxxxxx> - 2.2.2-1 - Update to 2.2.2 - Add runtime dependencies on unzip and zip (h/t Ignacio Burgueño) * Fri Oct 17 2014 Michel Alexandre Salim <salimma@xxxxxxxxxxxxxxxxx> - 2.2.0-1 - Update to 2.2.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1101966 - luarocks-2.2.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1101966 -------------------------------------------------------------------------------- ================================================================================ perl-File-Touch-0.09-1.fc20 (FEDORA-2015-9944) Update access, modification timestamps, creating nonexistent files -------------------------------------------------------------------------------- Update Information: New upstream release: 0.0.9 -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 12 2015 Andrea Veri <averi@xxxxxxxxxxxxxxxxx> - 0.09-1 - New upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1230585 - Upgrade perl-File-Touch to 0.09 https://bugzilla.redhat.com/show_bug.cgi?id=1230585 -------------------------------------------------------------------------------- ================================================================================ perl-JSON-MaybeXS-1.003005-1.fc20 (FEDORA-2015-9984) Use Cpanel::JSON::XS with a fallback to JSON::XS and JSON::PP -------------------------------------------------------------------------------- Update Information: Current upstream release, with a variety of minor bug fixes, new features and documentation updates. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 23 2015 Paul Howarth <paul@xxxxxxxxxxxx> - 1.003005-1 - Update to 1.003005 - Fix x_contributors metadata that was killing metacpan (see https://github.com/CPAN-API/cpan-api/issues/401) * Sun Mar 15 2015 Paul Howarth <paul@xxxxxxxxxxxx> - 1.003004-1 - Update to 1.003004 - Caveat added to documentation about type checking the object returned by new() (CPAN RT#102733) * Mon Dec 8 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 1.003003-1 - Update to 1.003003 - Ensure an old Cpanel::JSON::XS is upgraded if it is too old, as it will always be used in preference to JSON::XS - Avoid "JSON::XS::Boolean::* redefined" warnings caused by an old JSON::XS loaded at the same time as a newer Cpanel::JSON::XS * Sun Nov 16 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 1.003002-1 - Update to 1.003002 - Correctly fix boolean interoperability with older Cpanel::JSON::MaybeXS * Thu Nov 13 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 1.003001-1 - Update to 1.003001 - Add :legacy tag to support legacy apps - Fix boolean interoperability with older Cpanel::JSON::MaybeXS * Wed Oct 22 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 1.002006-1 - Update to 1.002006 - Add some additional test diagnostics, to help find bad version combinations of JSON backends * Wed Oct 15 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 1.002005-1 - Update to 1.002005 - Fix "can I haz XS?" logic precedence in Makefile.PL - Added the ':all' export tag - Removed dependency on Safe::Isa - Repository moved to git://git.shadowcat.co.uk/p5sagit/JSON-MaybeXS.git * Sun Oct 12 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 1.002004-1 - Update to 1.002004 - Support use of PUREPERL_ONLY in Makefile.PL to avoid adding an XS dependency - New is_bool() interface * Wed Oct 8 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 1.002003-1 - Update to 1.002003 - Document how to use booleans * Fri Aug 29 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.002002-4 - Perl 5.20 rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.002002-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1230120 - Please update to >= 1.003003 https://bugzilla.redhat.com/show_bug.cgi?id=1230120 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Core-2.20.5-1.fc20 (FEDORA-2015-9970) Horde Core Framework libraries -------------------------------------------------------------------------------- Update Information: **Horde_Core 2.20.5** * [mjr] Fix typo that was causing ActiveSync FILTERTYPE changes to go undetected. * [mjr] Support for Horde_History in Horde_Kolab_Storage. Requires Horde_Kolab_Storage 2.2.0+. * [jan] Don't allow empty From: addresses if verifying identities. * [mjr] Fix fatal error when disconnecting a user Twitter account. -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 12 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.20.5-1 - Update to 2.20.5 -------------------------------------------------------------------------------- ================================================================================ postgresql-9.3.9-1.fc20 (FEDORA-2015-9985) PostgreSQL client programs -------------------------------------------------------------------------------- Update Information: update to 9.3.9 minor release update to 9.3.8 per release notes update to 9.3.7 per release notes -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Pavel Raiskup <praiskup@xxxxxxxxxx> - 9.3.9-1 - update to 9.3.9 per release notes http://www.postgresql.org/docs/9.3/static/release-9-3-9.html * Thu Jun 4 2015 Jozef Mlich <jmlich@xxxxxxxxxx> - 9.3.8-1 - update to 9.3.8 per release notes http://www.postgresql.org/docs/9.3/static/release-9-3-8.html * Fri May 22 2015 Pavel Raiskup <praiskup@xxxxxxxxxx> - 9.3.7-1 - update to 9.3.7 per release notes http://www.postgresql.org/docs/9.3/static/release-9-3-7.html -------------------------------------------------------------------------------- ================================================================================ python-fedmsg-meta-fedora-infrastructure-0.5.8-1.fc20 (FEDORA-2015-9998) Metadata providers for Fedora Infrastructure's fedmsg deployment -------------------------------------------------------------------------------- Update Information: Fix a KeyError in the pagure processor. Fixes to pagure processors. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Ralph Bean <rbean@xxxxxxxxxx> - 0.5.8-1 - new version * Tue Jun 2 2015 Ralph Bean <rbean@xxxxxxxxxx> - 0.5.7-1 - new version * Mon Jun 1 2015 Ralph Bean <rbean@xxxxxxxxxx> - 0.5.6-1 - new version -------------------------------------------------------------------------------- ================================================================================ tito-0.6.0-1.fc20 (FEDORA-2015-9936) A tool for managing rpm based git projects -------------------------------------------------------------------------------- Update Information: - Add support for Red Hat Java MEAD builds. (awood@xxxxxxxxxx) - Enable mkdocs and add documentation on Mead. (awood@xxxxxxxxxx) - Add RHPKG/FEDPKG_USER to be passed to rh/fedpkg (elobatocs@xxxxxxxxx) - Replace old Perl script for munging RPM release number. (awood@xxxxxxxxxx) - Give Tito some color! (awood@xxxxxxxxxx) - Remove support for very old spacewalk user config file. (dgoodwin@xxxxxxxxxx) - Allow builder arguments to be given multiple times. (awood@xxxxxxxxxx) - Fix tarball timestamps from git archive with Python. (awood@xxxxxxxxxx) - New - bash-completion facilities (john_florian@xxxxxxxx) - clarify --offline option #141 (miroslav@xxxxxxxx) - substitute /releng for /.tito #161 (miroslav@xxxxxxxx) - Allow override of rpmbuild_options from builder arguments (dcleal@xxxxxxxxxx) - Fixes macro initialisation on EL6, F22+ (dcleal@xxxxxxxxxx) - Help new packagers find tools related to tito (craig@xxxxxxxxxxxxxxx) - no need to gzip man pages, rpmbuild do that automatically (miroslav@xxxxxxxx) - use python3 on Fedora 22 (miroslav@xxxxxxxx) -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 12 2015 Devan Goodwin <dgoodwin@xxxxxxxx> 0.6.0-1 - Add support for Red Hat Java MEAD builds. (awood@xxxxxxxxxx) - Enable mkdocs and add documentation on Mead. (awood@xxxxxxxxxx) - Add RHPKG/FEDPKG_USER to be passed to rh/fedpkg (elobatocs@xxxxxxxxx) - Replace old Perl script for munging RPM release number. (awood@xxxxxxxxxx) - Give Tito some color! (awood@xxxxxxxxxx) - Remove support for very old spacewalk user config file. (dgoodwin@xxxxxxxxxx) - Allow builder arguments to be given multiple times. (awood@xxxxxxxxxx) - Fix tarball timestamps from git archive with Python. (awood@xxxxxxxxxx) - New - bash-completion facilities (john_florian@xxxxxxxx) - clarify --offline option #141 (miroslav@xxxxxxxx) - substitute /releng for /.tito #161 (miroslav@xxxxxxxx) - Allow override of rpmbuild_options from builder arguments (dcleal@xxxxxxxxxx) - Fixes macro initialisation on EL6, F22+ (dcleal@xxxxxxxxxx) - Help new packagers find tools related to tito (craig@xxxxxxxxxxxxxxx) - no need to gzip man pages, rpmbuild do that automatically (miroslav@xxxxxxxx) - use python3 on Fedora 22 (miroslav@xxxxxxxx) -------------------------------------------------------------------------------- ================================================================================ tzdata-2015d-3.fc20 (FEDORA-2015-10000) Timezone data -------------------------------------------------------------------------------- Update Information: - Morocco will suspend DST from 2015-06-14 03:00 through 2015-07-19 02:00, not 06-13 and 07-18 as we had guessed. -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 12 2015 Patsy Franklin <pfrankli@xxxxxxxxxx> - 2015d-3 - Morocco will suspend DST from 2015-06-14 03:00 through 2015-07-19 02:00, not 06-13 and 07-18 as we had guessed. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1231313 - Change in Morocco DST Interruption during Ramadan 2015 https://bugzilla.redhat.com/show_bug.cgi?id=1231313 -------------------------------------------------------------------------------- ================================================================================ xen-4.3.4-6.fc20 (FEDORA-2015-9965) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164] Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103], PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104], Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105], Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.3.4-6 - Heap overflow in QEMU PCNET controller, allowing guest->host escape [XSA-135, CVE-2015-3209] (#1230537) - GNTTABOP_swap_grant_ref operation misbehavior [XSA-134, CVE-2015-4163] - vulnerability in the iret hypercall handler [XSA-136, CVE-2015-4164] * Tue Jun 2 2015 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.3.4-5 - Potential unintended writes to host MSI message data field via qemu [XSA-128, CVE-2015-4103] (#1227627) - PCI MSI mask bits inadvertently exposed to guests [XSA-129, CVE-2015-4104] (#1227628) - Guest triggerable qemu MSI-X pass-through error messages [XSA-130, CVE-2015-4105] (#1227629) - Unmediated PCI register access in qemu [XSA-131, CVE-2015-4106] (#1227631) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1223846 - CVE-2015-4103 xen: potential unintended writes to host MSI message data field via qemu (xsa-128) https://bugzilla.redhat.com/show_bug.cgi?id=1223846 [ 2 ] Bug #1223851 - CVE-2015-4104 xen: PCI MSI mask bits inadvertently exposed to guests (xsa-129) https://bugzilla.redhat.com/show_bug.cgi?id=1223851 [ 3 ] Bug #1223853 - xen: guest triggerable qemu MSI-X pass-through error messages (xsa-130) https://bugzilla.redhat.com/show_bug.cgi?id=1223853 [ 4 ] Bug #1223859 - xen: unmediated PCI register access in qemu (xsa-131) https://bugzilla.redhat.com/show_bug.cgi?id=1223859 [ 5 ] Bug #1225882 - CVE-2015-3209 qemu: pcnet: multi-tmd buffer overflow in the tx path https://bugzilla.redhat.com/show_bug.cgi?id=1225882 -------------------------------------------------------------------------------- ================================================================================ xpra-0.15.0-2.fc20 (FEDORA-2015-9937) Remote display server for applications and desktops -------------------------------------------------------------------------------- Update Information: Update to new release 0.15 which brings VP9 encoding and other enhancements. See link below for full details: http://xpra.org/trac/wiki/News#a0.15.0Release -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 4 2015 Jonathan G. Underwood <jonathan.underwood@xxxxxxxxx> - 0.15.0-2 - Remove extraneous second definition of cupslibdir * Mon Jun 1 2015 Jonathan G. Underwood <jonathan.underwood@xxxxxxxxx> - 0.15.0-1 - Update to 0.15.0 - Add BuildRequires for cups-devel and Requires for cups-filesystem - Replace mention of avcodec with avcodec2 - Drop xpra-unbundle-rencode.patch, and no longer patch to use system rencode - Drop xpra-0.14-stop-using-void-driver.patch - Drop xpra-0.14.22-fedora22-xorg.patch -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
