The following Fedora 21 Security updates need testing: Age URL 143 https://admin.fedoraproject.org/updates/FEDORA-2015-1467/openstack-glance-2014.1.3-4.fc21 88 https://admin.fedoraproject.org/updates/FEDORA-2015-4689/quassel-0.11.0-2.fc21 73 https://admin.fedoraproject.org/updates/FEDORA-2015-6005/asterisk-11.17.1-1.fc21 39 https://admin.fedoraproject.org/updates/FEDORA-2015-8170/rawstudio-2.1-0.1.20150511git983bda1.fc21 33 https://admin.fedoraproject.org/updates/FEDORA-2015-8168/cabal-install-1.16.1.0-1.fc21,haskell-platform-2013.2.0.0-39.fc21 23 https://admin.fedoraproject.org/updates/FEDORA-2015-9090/fossil-1.33-1.fc21 23 https://admin.fedoraproject.org/updates/FEDORA-2015-9141/ceph-deploy-1.5.25-1.fc21 17 https://admin.fedoraproject.org/updates/FEDORA-2015-9488/redis-2.8.21-1.fc21 12 https://admin.fedoraproject.org/updates/FEDORA-2015-5247/strongswan-5.3.2-1.fc21 12 https://admin.fedoraproject.org/updates/FEDORA-2015-9744/squid-3.4.13-1.fc21 8 https://admin.fedoraproject.org/updates/FEDORA-2015-9925/postgresql-9.3.9-1.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-10144/rubygem-jquery-rails-3.1.0-3.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-10169/php-htmLawed-1.1.20-1.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-10175/opensaml-java-openws-1.5.5-2.fc21,opensaml-java-2.5.3-9.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-10249/python-jwt-1.3.0-1.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-10301/389-ds-base-1.3.3.12-1.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-10389/drupal6-6.36-1.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-10165/chicken-4.9.0.1-4.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-10189/drupal7-7.38-1.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-10254/openstack-cinder-2014.1.4-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-10450/cups-x2go-3.0.1.3-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-10514/openvas-cli-1.4.1-2.fc21,openvas-manager-6.0.3-3.fc21,openvas-scanner-5.0.3-3.fc21,openvas-libraries-8.0.3-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-10520/trafficserver-5.3.0-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-10193/gnome-abrt-1.0.0-3.fc21,abrt-2.3.0-7.fc21,libreport-2.3.0-8.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-10545/rubygem-activesupport-4.1.5-2.fc21 The following Fedora 21 Critical Path updates have yet to be approved: Age URL 12 https://admin.fedoraproject.org/updates/FEDORA-2015-9716/livecd-tools-21.6-1.fc21 11 https://admin.fedoraproject.org/updates/FEDORA-2015-9831/libfm-1.2.3-9.D20150607gite1de98ccba.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2015-10095/rpm-4.12.0.1-7.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-10387/lz4-r130-1.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-10238/nss-3.19.2-1.0.fc21,nss-softokn-3.19.2-1.0.fc21,nss-util-3.19.2-1.0.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-10263/avahi-0.6.31-31.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-10397/notification-daemon-3.14.1-1.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-10251/nautilus-3.14.3-1.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2015-10366/perl-Getopt-Long-2.47-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-10522/thunderbird-38.0.1-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-10556/file-5.22-4.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-10193/gnome-abrt-1.0.0-3.fc21,abrt-2.3.0-7.fc21,libreport-2.3.0-8.fc21 The following builds have been pushed to Fedora 21 updates-testing abrt-2.3.0-7.fc21 amqp-1.0-1.20150622svn1686756.fc21 blueman-2.0-9.fc21 evince-3.14.2-3.fc21 file-5.22-4.fc21 gnome-abrt-1.0.0-3.fc21 gnome-chemistry-utils-0.14.10-5.fc21 gnumeric-1.12.22-1.fc21 goffice-0.10.22-1.fc21 libreport-2.3.0-8.fc21 perl-AnyEvent-HTTP-2.22-1.fc21 python-gevent-1.0.2-1.fc21 qt-creator-3.4.1-3.fc21 rubygem-activesupport-4.1.5-2.fc21 simcrs-1.01.1-1.fc21 simfqt-1.00.1-1.fc21 thunderbird-38.0.1-2.fc21 trafficserver-5.3.0-1.fc21 travelccm-1.00.2-1.fc21 Details about builds: ================================================================================ abrt-2.3.0-7.fc21 (FEDORA-2015-10193) Automatic bug detection and reporting tool -------------------------------------------------------------------------------- Update Information: Security fixes for: * CVE-2015-3315 * CVE-2015-3142 * CVE-2015-1869 * CVE-2015-1870 * CVE-2015-3151 * CVE-2015-3150 * CVE-2015-3159 abrt: ===== * Move the default dump location from /var/tmp/abrt to /var/spool/abrt * Use root for owner of all dump directories * Stop reading hs_error.log from /tmp * Don not save the system logs by default * Don not save dmesg if kernel.dmesg_restrict=1 libreport: ========== * Harden the code against directory traversal, symbolic and hard link attacks * Fix a bug causing that the first value of AlwaysExcludedElements was ignored * Fix missing icon for the "Stop" button icon name * Improve development documentation * Translations updates gnome-abrt: =========== * Use DBus to get problem data for detail dialog * Fix an error introduced with the details on System page * Enabled the Details also for the System problems -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 22 2015 Matej Habrnal <mhabrnal@xxxxxxxxxx> - 2.3.0-7 - dependency fix * Thu Jun 18 2015 Matej Habrnal <mhabrnal@xxxxxxxxxx> - 2.3.0-6 - add option always generate backtrace locally - Resolves: #986876 * Tue Jun 16 2015 Matej Habrnal <mhabrnal@xxxxxxxxxx> - 2.3.0-5 - move the default dump location to /var/spool/abrt from /var/tmp/abrt - hooks: use root for owner of all dump directories - ccpp: do not unlink failed and big user cores - ccpp: don't save the system logs by default - ccpp: stop reading hs_error.log from /tmp - ccpp: emulate selinux for creation of compat cores - koops: don't save dmesg if kernel.dmesg_restrict=1 - dbus: validate passed arguments - turn off exploring crashed process's root directories - abrt-python: bug fixes and improvements - fixes for CVE-2015-3315, CVE-2015-3142, CVE-2015-1869, CVE-2015-1870 - fixes for CVE-2015-3147, CVE-2015-3151, CVE-2015-3150, CVE-2015-3159 - spec: add abrt-dbus to Rs of abrt-python and abrt-cli - spec: restart abrt-dbus in posttrans - Resolves: #1179752 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1214609 - CVE-2015-3150 abrt: abrt-dbus does not guard against crafted problem directory path arguments [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1214609 [ 2 ] Bug #1216975 - CVE-2015-3159 abrt: missing process environment sanitizaton in abrt-action-install-debuginfo-to-abrt-cache [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1216975 [ 3 ] Bug #1214452 - CVE-2015-3151 abrt: directory traversals in several D-Bus methods implemented by abrt-dbus [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1214452 [ 4 ] Bug #1212871 - CVE-2015-1870 abrt: default abrt event scripts lead to information disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212871 [ 5 ] Bug #1212821 - CVE-2015-3142 abrt: abrt-hook-ccpp writes core dumps to existing files owned by others [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212821 [ 6 ] Bug #1213485 - Can't extract files from downloaded debuginfo package https://bugzilla.redhat.com/show_bug.cgi?id=1213485 [ 7 ] Bug #1169774 - failure to extract debuginfo https://bugzilla.redhat.com/show_bug.cgi?id=1169774 [ 8 ] Bug #1193656 - abrt-gui renders crash list white-on-white when using dark theme https://bugzilla.redhat.com/show_bug.cgi?id=1193656 [ 9 ] Bug #986876 - RFE: Disallow core dump upload entirely https://bugzilla.redhat.com/show_bug.cgi?id=986876 [ 10 ] Bug #1212865 - CVE-2015-1869 abrt: default event scripts follow symbolic links [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212865 [ 11 ] Bug #1218239 - CVE-2015-3315 abrt: Various race-conditions and symlink issues found in abrt [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1218239 [ 12 ] Bug #1179752 - undocumented options in abrt-cli https://bugzilla.redhat.com/show_bug.cgi?id=1179752 -------------------------------------------------------------------------------- ================================================================================ amqp-1.0-1.20150622svn1686756.fc21 (FEDORA-2015-10555) The AMQP specification -------------------------------------------------------------------------------- Update Information: bump to revision 1686756 (rhbz#1234167) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1234167 - Revision 1686756 is available https://bugzilla.redhat.com/show_bug.cgi?id=1234167 -------------------------------------------------------------------------------- ================================================================================ blueman-2.0-9.fc21 (FEDORA-2015-10528) GTK+ Bluetooth Manager -------------------------------------------------------------------------------- Update Information: - add upstream fix for bz 1233237 -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 22 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.0-9 - add upstream fix for bz 1233237 * Wed Jun 17 2015 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.0-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1233237 - [abrt] blueman: Functions.py:285:get_lockfile:OSError: [Errno 17] File exists: '/home/ssabchev/.cache' https://bugzilla.redhat.com/show_bug.cgi?id=1233237 -------------------------------------------------------------------------------- ================================================================================ evince-3.14.2-3.fc21 (FEDORA-2015-10552) Document viewer -------------------------------------------------------------------------------- Update Information: This update avoids possible crash when reloading document. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 22 2015 Martin Hatina <mhatina@xxxxxxxxxx> - 3.14.2-3 - Avoid crash after reloading document - Resolves: #1203277 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1203277 - [abrt] evince: g_type_check_instance_is_a(): evince killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1203277 -------------------------------------------------------------------------------- ================================================================================ file-5.22-4.fc21 (FEDORA-2015-10556) A utility for determining file types -------------------------------------------------------------------------------- Update Information: Fix problems with recognition of JPEG files. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 22 2015 Jan Kaluza <jkaluza@xxxxxxxxxx> - 5.22-4 - fix #1201630 - fix recursion in JPEG magic pattern -------------------------------------------------------------------------------- References: [ 1 ] Bug #1201630 - File fails with some jpg files https://bugzilla.redhat.com/show_bug.cgi?id=1201630 -------------------------------------------------------------------------------- ================================================================================ gnome-abrt-1.0.0-3.fc21 (FEDORA-2015-10193) A utility for viewing problems that have occurred with the system -------------------------------------------------------------------------------- Update Information: Security fixes for: * CVE-2015-3315 * CVE-2015-3142 * CVE-2015-1869 * CVE-2015-1870 * CVE-2015-3151 * CVE-2015-3150 * CVE-2015-3159 abrt: ===== * Move the default dump location from /var/tmp/abrt to /var/spool/abrt * Use root for owner of all dump directories * Stop reading hs_error.log from /tmp * Don not save the system logs by default * Don not save dmesg if kernel.dmesg_restrict=1 libreport: ========== * Harden the code against directory traversal, symbolic and hard link attacks * Fix a bug causing that the first value of AlwaysExcludedElements was ignored * Fix missing icon for the "Stop" button icon name * Improve development documentation * Translations updates gnome-abrt: =========== * Use DBus to get problem data for detail dialog * Fix an error introduced with the details on System page * Enabled the Details also for the System problems -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 22 2015 Matej Habrnal <mhabrnal@xxxxxxxxxx> - 1.0.0-3 - dependency fix * Tue Jun 16 2015 Matej Habrnal <mhabrnal@xxxxxxxxxx> - 1.0.0-2 - Fix an error introduced with the details on System page - Enabled the Details also for the System problems - Use DBus to get problem data for detail dialog - Resolves: #1193656 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1214609 - CVE-2015-3150 abrt: abrt-dbus does not guard against crafted problem directory path arguments [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1214609 [ 2 ] Bug #1216975 - CVE-2015-3159 abrt: missing process environment sanitizaton in abrt-action-install-debuginfo-to-abrt-cache [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1216975 [ 3 ] Bug #1214452 - CVE-2015-3151 abrt: directory traversals in several D-Bus methods implemented by abrt-dbus [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1214452 [ 4 ] Bug #1212871 - CVE-2015-1870 abrt: default abrt event scripts lead to information disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212871 [ 5 ] Bug #1212821 - CVE-2015-3142 abrt: abrt-hook-ccpp writes core dumps to existing files owned by others [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212821 [ 6 ] Bug #1213485 - Can't extract files from downloaded debuginfo package https://bugzilla.redhat.com/show_bug.cgi?id=1213485 [ 7 ] Bug #1169774 - failure to extract debuginfo https://bugzilla.redhat.com/show_bug.cgi?id=1169774 [ 8 ] Bug #1193656 - abrt-gui renders crash list white-on-white when using dark theme https://bugzilla.redhat.com/show_bug.cgi?id=1193656 [ 9 ] Bug #986876 - RFE: Disallow core dump upload entirely https://bugzilla.redhat.com/show_bug.cgi?id=986876 [ 10 ] Bug #1212865 - CVE-2015-1869 abrt: default event scripts follow symbolic links [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212865 [ 11 ] Bug #1218239 - CVE-2015-3315 abrt: Various race-conditions and symlink issues found in abrt [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1218239 [ 12 ] Bug #1179752 - undocumented options in abrt-cli https://bugzilla.redhat.com/show_bug.cgi?id=1179752 -------------------------------------------------------------------------------- ================================================================================ gnome-chemistry-utils-0.14.10-5.fc21 (FEDORA-2015-10518) A set of chemical utilities -------------------------------------------------------------------------------- Update Information: This is an update to the latest upstream releases of gnumeric and goffice: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.21.html * http://gnumeric.org/announcements/1.12/gnumeric-1.12.22.html -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2015 Julian Sikorski <belegdol@xxxxxxxxxxxxxxxxx> - 0.14.10-5 - Rebuilt for gnumeric-1.12.22 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1220034 - exporting images to any excel format does not work https://bugzilla.redhat.com/show_bug.cgi?id=1220034 -------------------------------------------------------------------------------- ================================================================================ gnumeric-1.12.22-1.fc21 (FEDORA-2015-10518) Spreadsheet program for GNOME -------------------------------------------------------------------------------- Update Information: This is an update to the latest upstream releases of gnumeric and goffice: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.21.html * http://gnumeric.org/announcements/1.12/gnumeric-1.12.22.html -------------------------------------------------------------------------------- ChangeLog: * Thu May 28 2015 Julian Sikorski <belegdol@xxxxxxxxxxxxxxxxx> - 1:1.12.22-1 - Updated to 1.12.22 * Tue Apr 7 2015 Julian Sikorski <belegdol@xxxxxxxxxxxxxxxxx> - 1:1.12.21-1 - Updated to 1.12.21 * Mon Mar 30 2015 Richard Hughes <rhughes@xxxxxxxxxx> - 1:1.12.20-2 - Use better AppData screenshots -------------------------------------------------------------------------------- References: [ 1 ] Bug #1220034 - exporting images to any excel format does not work https://bugzilla.redhat.com/show_bug.cgi?id=1220034 -------------------------------------------------------------------------------- ================================================================================ goffice-0.10.22-1.fc21 (FEDORA-2015-10518) G Office support libraries -------------------------------------------------------------------------------- Update Information: This is an update to the latest upstream releases of gnumeric and goffice: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.21.html * http://gnumeric.org/announcements/1.12/gnumeric-1.12.22.html -------------------------------------------------------------------------------- ChangeLog: * Thu May 28 2015 Julian Sikorski <belegdol@xxxxxxxxxxxxxxxxx> - 0.10.22-1 - Updated to 0.10.22 * Tue Apr 7 2015 Julian Sikorski <belegdol@xxxxxxxxxxxxxxxxx> - 0.10.21-1 - Updated to 0.10.21 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1220034 - exporting images to any excel format does not work https://bugzilla.redhat.com/show_bug.cgi?id=1220034 -------------------------------------------------------------------------------- ================================================================================ libreport-2.3.0-8.fc21 (FEDORA-2015-10193) Generic library for reporting various problems -------------------------------------------------------------------------------- Update Information: Security fixes for: * CVE-2015-3315 * CVE-2015-3142 * CVE-2015-1869 * CVE-2015-1870 * CVE-2015-3151 * CVE-2015-3150 * CVE-2015-3159 abrt: ===== * Move the default dump location from /var/tmp/abrt to /var/spool/abrt * Use root for owner of all dump directories * Stop reading hs_error.log from /tmp * Don not save the system logs by default * Don not save dmesg if kernel.dmesg_restrict=1 libreport: ========== * Harden the code against directory traversal, symbolic and hard link attacks * Fix a bug causing that the first value of AlwaysExcludedElements was ignored * Fix missing icon for the "Stop" button icon name * Improve development documentation * Translations updates gnome-abrt: =========== * Use DBus to get problem data for detail dialog * Fix an error introduced with the details on System page * Enabled the Details also for the System problems -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 18 2015 Matej Habrnal <mhabrnal@xxxxxxxxxx> 2.3.0-8 - introduce a new function ask_yes_no_save_result * Tue Jun 16 2015 Matej Habrnal <mhabrnal@xxxxxxxxxx> 2.3.0-7 - harden the code against directory traversal, symbolic and hard link attacks - fix a bug causing that the first value of AlwaysExcludedElements was ignored - fix missing icon for the "Stop" button icon name - switch the default dump dir mode to 0640 - fix races in dump directory handling code - improve development documentation - translations updates - Resolves #1213485, #1169774 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1214609 - CVE-2015-3150 abrt: abrt-dbus does not guard against crafted problem directory path arguments [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1214609 [ 2 ] Bug #1216975 - CVE-2015-3159 abrt: missing process environment sanitizaton in abrt-action-install-debuginfo-to-abrt-cache [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1216975 [ 3 ] Bug #1214452 - CVE-2015-3151 abrt: directory traversals in several D-Bus methods implemented by abrt-dbus [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1214452 [ 4 ] Bug #1212871 - CVE-2015-1870 abrt: default abrt event scripts lead to information disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212871 [ 5 ] Bug #1212821 - CVE-2015-3142 abrt: abrt-hook-ccpp writes core dumps to existing files owned by others [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212821 [ 6 ] Bug #1213485 - Can't extract files from downloaded debuginfo package https://bugzilla.redhat.com/show_bug.cgi?id=1213485 [ 7 ] Bug #1169774 - failure to extract debuginfo https://bugzilla.redhat.com/show_bug.cgi?id=1169774 [ 8 ] Bug #1193656 - abrt-gui renders crash list white-on-white when using dark theme https://bugzilla.redhat.com/show_bug.cgi?id=1193656 [ 9 ] Bug #986876 - RFE: Disallow core dump upload entirely https://bugzilla.redhat.com/show_bug.cgi?id=986876 [ 10 ] Bug #1212865 - CVE-2015-1869 abrt: default event scripts follow symbolic links [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212865 [ 11 ] Bug #1218239 - CVE-2015-3315 abrt: Various race-conditions and symlink issues found in abrt [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1218239 [ 12 ] Bug #1179752 - undocumented options in abrt-cli https://bugzilla.redhat.com/show_bug.cgi?id=1179752 -------------------------------------------------------------------------------- ================================================================================ perl-AnyEvent-HTTP-2.22-1.fc21 (FEDORA-2015-10534) Simple but non-blocking HTTP/HTTPS client -------------------------------------------------------------------------------- Update Information: **2.22** Thu May 14 04:04:03 CEST 2015 * ipv6 literals were not correctly parsed (analyzed by Raphael Geissert). * delete the body when mutating request to GET request when redirecting (reported by joe trader). * send proxy-authorization header to proxy when using CONNECT (reported by dzagashev@). * do not send Proxy-Authroization header when not using a proxy. * when retrying a persistent request, switch persistency off. * added t/02_ip_literals.t. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 22 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.22-1 - update to 2.22 -------------------------------------------------------------------------------- ================================================================================ python-gevent-1.0.2-1.fc21 (FEDORA-2015-10543) A coroutine-based Python networking library -------------------------------------------------------------------------------- Update Information: Bug fix release 1.0.2: https://github.com/gevent/gevent/blob/v1.0.2/changelog.rst#release-102-may-23-2015 -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 22 2015 Dan Callaghan <dcallagh@xxxxxxxxxx> - 1.0.2-1 - bug fix release 1.0.2: https://github.com/gevent/gevent/blob/v1.0.2/changelog.rst#release-102-may-23-2015 * Thu Jun 18 2015 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ qt-creator-3.4.1-3.fc21 (FEDORA-2015-10531) Cross-platform IDE for Qt -------------------------------------------------------------------------------- Update Information: This update splits off the translations in a qt-creator-translations subpackage, which in turn has a dependency on qt5-qttranslations, preventing situations where qt-creator does not list any translations when qt5-qttranslations is not installed. -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 21 2015 Sandro Mani <manisandro@xxxxxxxxx> - 3.4.1-3 - Add -translations subpackage * Thu Jun 18 2015 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.4.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1234106 - Qt creator doesn't see its translations. https://bugzilla.redhat.com/show_bug.cgi?id=1234106 -------------------------------------------------------------------------------- ================================================================================ rubygem-activesupport-4.1.5-2.fc21 (FEDORA-2015-10545) Support and utility classes used by the Rails framework -------------------------------------------------------------------------------- Update Information: Fixes for: CVE-2015-3226 Escape HTML entities in JSON keys CVE-2015-3227 XML documents that are too deep can cause an stack overflow, which in turn will cause a potential DoS attack. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 22 2015 Josef Stribny <jstribny@xxxxxxxxxx> - 1:4.1.5-2 - Fix for CVE-2015-3226 - Related: rhbz#1232310 - Fix for CVE-2015-3227 - Related: rhbz#1232302 -------------------------------------------------------------------------------- ================================================================================ simcrs-1.01.1-1.fc21 (FEDORA-2015-10542) C++ Simulated Travel-Oriented Distribution System library -------------------------------------------------------------------------------- Update Information: Travel Market Simulator -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 21 2015 Denis Arnaud <denis.arnaud_fedora@xxxxxxx> - 1.01.1-1 - Removed the dependency on ZeroMQ (only AirInv is dependent on it, not StdAir) * Fri Jun 19 2015 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.00.0-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Mon May 4 2015 Kalev Lember <kalevlember@xxxxxxxxx> - 1.00.0-11 - Rebuilt for GCC 5 C++11 ABI change * Thu Jan 29 2015 Petr Machata <pmachata@xxxxxxxxxx> - 1.00.0-10 - Rebuild for boost 1.57.0 - Cmake should look for zmq.h, not zmq.hpp (stdair-1.00.1-cmake.patch) -------------------------------------------------------------------------------- ================================================================================ simfqt-1.00.1-1.fc21 (FEDORA-2015-10535) C++ Simulated Fare Quote System Library -------------------------------------------------------------------------------- Update Information: Travel Market Simulator -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 21 2015 Denis Arnaud <denis.arnaud_fedora@xxxxxxx> - 1.00.1-1 - Removed the dependency on ZeroMQ (only AirInv is dependent on it, not StdAir) * Fri Jun 19 2015 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.00.0-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Sat May 2 2015 Kalev Lember <kalevlember@xxxxxxxxx> - 1.00.0-11 - Rebuilt for GCC 5 C++11 ABI change * Wed Jan 28 2015 Petr Machata <pmachata@xxxxxxxxxx> - 1.00.0-10 - Rebuild for boost 1.57.0 - Cmake should look for zmq.h, not zmq.hpp (stdair-1.00.1-cmake.patch) -------------------------------------------------------------------------------- ================================================================================ thunderbird-38.0.1-2.fc21 (FEDORA-2015-10522) Mozilla Thunderbird mail/newsgroup client -------------------------------------------------------------------------------- Update Information: Rebase to Thunderbird 38. By this release thunderbird-lightning (calendar) package has become obsolete, because it is a part of Thunderbird 38 package now. For changes see: https://www.mozilla.org/en-US/thunderbird/38.0.1/releasenotes/ -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 18 2015 Jan Horak <jhorak@xxxxxxxxxx> - 38.0.1-2 - Bundling calendar extension * Tue Jun 9 2015 Jan Horak <jhorak@xxxxxxxxxx> - 38.0.1-1 - Update to 38.0.1 -------------------------------------------------------------------------------- ================================================================================ trafficserver-5.3.0-1.fc21 (FEDORA-2015-10520) Fast, scalable and extensible HTTP/1.1 compliant caching proxy server -------------------------------------------------------------------------------- Update Information: https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v5.3.x -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 21 2015 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 5.3.0-1 - Update to 5.3.0 LTS release - Build on aarch64 and power64 - Split perl bindings to sub package - Cleanup and modernise spec * Fri Jun 19 2015 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 5.0.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Sat May 2 2015 Kalev Lember <kalevlember@xxxxxxxxx> - 5.0.1-3 - Rebuilt for GCC 5 C++11 ABI change * Mon Jan 26 2015 Petr Machata <pmachata@xxxxxxxxxx> - 5.0.1-2 - Rebuild for boost 1.57.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1102559 - Add AArch64 support to trafficserver https://bugzilla.redhat.com/show_bug.cgi?id=1102559 [ 2 ] Bug #1103173 - trafficserver: insecure temporary file usage [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1103173 [ 3 ] Bug #1179204 - trafficserver: incorrect handling of "Max-Forwards" header [fedora-21] https://bugzilla.redhat.com/show_bug.cgi?id=1179204 [ 4 ] Bug #1103174 - trafficserver: insecure temporary file usage [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1103174 [ 5 ] Bug #1133387 - CVE-2014-3525 trafficserver: unspecified flaw related to health checks fixed in versions 4.2.1.1 and 5.0.1 [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1133387 [ 6 ] Bug #1179205 - trafficserver: incorrect handling of "Max-Forwards" header [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1179205 [ 7 ] Bug #994224 - trafficserver must be compiled with -fno-strict-aliasing, but it is not https://bugzilla.redhat.com/show_bug.cgi?id=994224 [ 8 ] Bug #955127 - trafficserver package should be built with PIE flags https://bugzilla.redhat.com/show_bug.cgi?id=955127 -------------------------------------------------------------------------------- ================================================================================ travelccm-1.00.2-1.fc21 (FEDORA-2015-10519) C++ Travel Customer Choice Model (CCM) Library -------------------------------------------------------------------------------- Update Information: Travel Market Simulator -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 21 2015 Denis Arnaud <denis.arnaud_fedora@xxxxxxx> - 1.00.2-1 - Removed the dependency on ZeroMQ (only AirInv is dependent on it, not StdAir) * Fri Jun 19 2015 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.00.1-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Sat May 2 2015 Kalev Lember <kalevlember@xxxxxxxxx> - 1.00.1-10 - Rebuilt for GCC 5 C++11 ABI change * Tue Jan 27 2015 Petr Machata <pmachata@xxxxxxxxxx> - 1.00.1-9 - Rebuild for boost 1.57.0 - Cmake should look for zmq.h, not zmq.hpp (stdair-1.00.1-cmake.patch) -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
