The following Fedora 21 Security updates need testing: Age URL 185 https://admin.fedoraproject.org/updates/FEDORA-2015-1467/openstack-glance-2014.1.3-4.fc21 75 https://admin.fedoraproject.org/updates/FEDORA-2015-8168/cabal-install-1.16.1.0-1.fc21,haskell-platform-2013.2.0.0-39.fc21 65 https://admin.fedoraproject.org/updates/FEDORA-2015-9090/fossil-1.33-1.fc21 65 https://admin.fedoraproject.org/updates/FEDORA-2015-9141/ceph-deploy-1.5.25-1.fc21 54 https://admin.fedoraproject.org/updates/FEDORA-2015-5247/strongswan-5.3.2-1.fc21 54 https://admin.fedoraproject.org/updates/FEDORA-2015-9744/squid-3.4.13-1.fc21 44 https://admin.fedoraproject.org/updates/FEDORA-2015-10175/opensaml-java-openws-1.5.5-2.fc21,opensaml-java-2.5.3-9.fc21 44 https://admin.fedoraproject.org/updates/FEDORA-2015-10301/389-ds-base-1.3.3.12-1.fc21 21 https://admin.fedoraproject.org/updates/FEDORA-2015-11368/nx-libs-3.5.0.32-1.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-12032/uwsgi-2.0.11.1-1.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-11995/bzr-2.6.0-7.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-12028/drupal6-cck-2.10-1.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-12012/openssh-6.6.1p1-14.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-12010/mantis-1.2.19-3.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-12250/lighttpd-1.4.36-1.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-12148/wordpress-4.2.3-1.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-12406/xfsprogs-3.2.2-2.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-12570/community-mysql-5.6.26-1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-12645/lxc-1.0.7-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-12716/devscripts-2.15.8-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-12703/nbd-3.11-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-12714/xen-4.4.2-9.fc21 The following Fedora 21 Critical Path updates have yet to be approved: Age URL 6 https://admin.fedoraproject.org/updates/FEDORA-2015-12049/selinux-policy-3.13.1-105.20.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-12277/libfm-1.2.3-12.D20150713gitf47c9ae7ae.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-12402/gstreamer1-plugins-good-1.4.5-3.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-12715/libidn-1.32-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-12708/bash-4.3.39-6.fc21 The following builds have been pushed to Fedora 21 updates-testing antimicro-2.17-1.fc21 armadillo-5.300.4-1.fc21 bash-4.3.39-6.fc21 devscripts-2.15.8-1.fc21 globus-gass-cache-9.7-1.fc21 globus-gram-job-manager-14.27-1.fc21 globus-proxy-utils-6.13-1.fc21 globus-simple-ca-4.22-1.fc21 gnome-software-3.14.7-1.fc21 libidn-1.32-1.fc21 mintmenu-5.6.4-1.fc21 nbd-3.11-1.fc21 perl-Syntax-Highlight-Engine-Kate-0.10-1.fc21 perl-threads-lite-0.034-2.fc21 php-phpunit-PHP-CodeCoverage-2.2.1-1.fc21 php-phpunit-environment-1.3.2-1.fc21 publicsuffix-list-20150731-1.fc21 rebase-helper-0.6.0-1.fc21 xen-4.4.2-9.fc21 Details about builds: ================================================================================ antimicro-2.17-1.fc21 (FEDORA-2015-12698) Graphical program used to map keyboard buttons and mouse controls to a gamepad -------------------------------------------------------------------------------- Update Information: new upstream release v2.17 (#1249393) new upstream release v2.16 (#1246074) -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 2 2015 Jeff Backus <jeff.backus@xxxxxxxxx> - 2.17-1 - new upstream release v2.17 (#1249393) * Fri Jul 24 2015 Jeff Backus <jeff.backus@xxxxxxxxx> - 2.16-1 - new upstream release v2.16 (#1246074) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1249393 - antimicro-2.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1249393 [ 2 ] Bug #1246074 - antimicro-2.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1246074 -------------------------------------------------------------------------------- ================================================================================ armadillo-5.300.4-1.fc21 (FEDORA-2015-12710) Fast C++ matrix library with interfaces to LAPACK and ATLAS -------------------------------------------------------------------------------- Update Information: Version 5.300.4 (Plutocracy Incorporated) * added generalised Schur decomposition: qz() * added .has_inf() and .has_nan() * expanded interp1() to handle out-of-domain locations * expanded sparse matrix class with .set_imag() and .set_real() * expanded imag(), real() and conj() to handle sparse matrices * expanded diagmat(), reshape() and resize() to handle sparse matrices * faster sparse sum() * faster row-wise sum(), mean(), min(), max() * updated physical constants to NIST 2014 CODATA values * fixes for handling sparse submatrix views -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 3 2015 José Matos <jamatos@xxxxxxxxxxxxxxxxx> - 5.300.4-1 - update to 5.300.4 - add %license tag -------------------------------------------------------------------------------- References: [ 1 ] Bug #1249612 - armadillo-5.300.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1249612 -------------------------------------------------------------------------------- ================================================================================ bash-4.3.39-6.fc21 (FEDORA-2015-12708) The GNU Bourne Again shell -------------------------------------------------------------------------------- Update Information: Ancient memory leak came up again, fix taken from upstream's devel branch. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 3 2015 Ondrej Oprala - 4.3.39-6 - #1245233 - fixed memleak -------------------------------------------------------------------------------- References: [ 1 ] Bug #1245233 - bash script shows memory leak https://bugzilla.redhat.com/show_bug.cgi?id=1245233 -------------------------------------------------------------------------------- ================================================================================ devscripts-2.15.8-1.fc21 (FEDORA-2015-12716) Scripts for Debian Package maintainers -------------------------------------------------------------------------------- Update Information: Update to version 2.15.8, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.8_changelog for details. Fixes CVE-2015-5705. Update to version 2.15.7, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.7_changelog for details. This update fixes licensecheck refusing to parse some text files such as C++ source files. Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details. Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details. This update fixes licensecheck refusing to parse some text files such as C++ source files. Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details. Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details. Update to version 2.15.7, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.7_changelog for details. This update fixes licensecheck refusing to parse some text files such as C++ source files. Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details. Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details. This update fixes licensecheck refusing to parse some text files such as C++ source files. Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details. Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 3 2015 Sandro Mani <manisandro@xxxxxxxxx> - 2.15.8-1 - Update to 2.15.8 * Sat Aug 1 2015 Sandro Mani <manisandro@xxxxxxxxx> - 2.15.7-1 - Update to 2.15.7 * Sat Aug 1 2015 Sandro Mani <manisandro@xxxxxxxxx> - 2.15.6-2 - Fix licensecheck incorrectly detecting mime strings such as text/x-c++ as a binary file (#1249227) * Wed Jul 29 2015 Sandro Mani <manisandro@xxxxxxxxx> - 2.15.6-1 - Update to 2.15.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1249635 - CVE-2015-5704 devscripts: arbitrary shell command injection https://bugzilla.redhat.com/show_bug.cgi?id=1249635 [ 2 ] Bug #1249645 - CVE-2015-5705 devscripts: argument injection vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1249645 -------------------------------------------------------------------------------- ================================================================================ globus-gass-cache-9.7-1.fc21 (FEDORA-2015-12718) Globus Toolkit - Globus Gass Cache -------------------------------------------------------------------------------- Update Information: Globus Toolkit updates: * globus-gass-cache 9.7 * globus-gram-job-manager 14.27 * globus-proxy-utils 6.13 * globus-simple-ca 4.22 Fixed issues: * https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for globus-simple-ca * https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling causes crash * https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager cause crash -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 3 2015 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 9.7-1 - GT6 update: GT-618: GASS Cache error mishandling causes crash * Wed Jun 17 2015 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 9.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ globus-gram-job-manager-14.27-1.fc21 (FEDORA-2015-12718) Globus Toolkit - GRAM Jobmanager -------------------------------------------------------------------------------- Update Information: Globus Toolkit updates: * globus-gass-cache 9.7 * globus-gram-job-manager 14.27 * globus-proxy-utils 6.13 * globus-simple-ca 4.22 Fixed issues: * https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for globus-simple-ca * https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling causes crash * https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager cause crash -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 3 2015 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 14.27-1 - GT6 update: GT-619: Uninitialized data in job manager cause crash -------------------------------------------------------------------------------- ================================================================================ globus-proxy-utils-6.13-1.fc21 (FEDORA-2015-12718) Globus Toolkit - Globus GSI Proxy Utility Programs -------------------------------------------------------------------------------- Update Information: Globus Toolkit updates: * globus-gass-cache 9.7 * globus-gram-job-manager 14.27 * globus-proxy-utils 6.13 * globus-simple-ca 4.22 Fixed issues: * https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for globus-simple-ca * https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling causes crash * https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager cause crash -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 3 2015 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 6.13-1 - GT6 update: Add explicit name comparison mode selection option -------------------------------------------------------------------------------- ================================================================================ globus-simple-ca-4.22-1.fc21 (FEDORA-2015-12718) Globus Toolkit - Simple CA Utility -------------------------------------------------------------------------------- Update Information: Globus Toolkit updates: * globus-gass-cache 9.7 * globus-gram-job-manager 14.27 * globus-proxy-utils 6.13 * globus-simple-ca 4.22 Fixed issues: * https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for globus-simple-ca * https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling causes crash * https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager cause crash -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 3 2015 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 4.22-1 - GT6 update: Use 4096-bit RSA key for globus-simple-ca * Wed Jun 17 2015 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.20-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ gnome-software-3.14.7-1.fc21 (FEDORA-2015-12695) A software center for GNOME -------------------------------------------------------------------------------- Update Information: gnome-software 3.14.7 release. * Show installation progress when installing apps * Make sure apps that aren't installable are properly hidden in the category view -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 3 2015 Kalev Lember <klember@xxxxxxxxxx> - 3.14.7-1 - Update to 3.14.7 -------------------------------------------------------------------------------- ================================================================================ libidn-1.32-1.fc21 (FEDORA-2015-12715) Internationalized Domain Name support library -------------------------------------------------------------------------------- Update Information: This update fixes a crash with malformed UTF-8. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 3 2015 Miroslav Lichvar <mlichvar@xxxxxxxxxx> - 1.32-1.fc21 - update to 1.32 -------------------------------------------------------------------------------- ================================================================================ mintmenu-5.6.4-1.fc21 (FEDORA-2015-12704) Advanced Menu for the MATE Desktop -------------------------------------------------------------------------------- Update Information: - update to 5.6.4 release -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 2 2015 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 5.6.4-1 - update to 5.6.4 release - adjust mintmenu_datadir.patch - adjust mintmenu_run-as-superuser.patch - install %{_datadir}/linuxmint/mintMenu/search_engines - adjust icon cache scriptlets - adjust panel icon * Wed Jun 17 2015 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 5.6.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ nbd-3.11-1.fc21 (FEDORA-2015-12703) Network Block Device user-space tools (TCP version) -------------------------------------------------------------------------------- Update Information: * Fix unsafe signal handlers to avoid DoS attack [CVE-2015-0847]. -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 11 2015 Christopher Meng <rpm@xxxxxxxx> - 3.11-1 - Update to 3.11 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1222027 - CVE-2015-0847 nbd: nbd-server denial of service due to unsafe signal handlers https://bugzilla.redhat.com/show_bug.cgi?id=1222027 -------------------------------------------------------------------------------- ================================================================================ perl-Syntax-Highlight-Engine-Kate-0.10-1.fc21 (FEDORA-2015-12705) Port to Perl of the syntax highlight engine of the Kate text editor -------------------------------------------------------------------------------- Update Information: This release improves documentation. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 3 2015 Petr Pisar <ppisar@xxxxxxxxxx> - 0.10-1 - 0.10 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1249360 - perl-Syntax-Highlight-Engine-Kate-0.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1249360 -------------------------------------------------------------------------------- ================================================================================ perl-threads-lite-0.034-2.fc21 (FEDORA-2015-12717) Actor model threading for Perl -------------------------------------------------------------------------------- Update Information: Disable tests on AArch64 platform as a workaround for relesed Fedoras. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 3 2015 Petr Pisar <ppisar@xxxxxxxxxx> - 0.034-2 - Disable checks on aarch64 (bug #719874) -------------------------------------------------------------------------------- References: [ 1 ] Bug #719874 - perl-threads-lite keeps hanging during self checks https://bugzilla.redhat.com/show_bug.cgi?id=719874 -------------------------------------------------------------------------------- ================================================================================ php-phpunit-PHP-CodeCoverage-2.2.1-1.fc21 (FEDORA-2015-12269) PHP code coverage information -------------------------------------------------------------------------------- Update Information: **php-code-coverage 2.2.1** - 2015-08-02 * Bumped required version of sebastian/environment to 1.3.1 for #365 **php-code-coverage 2.2.0** - 2015-08-01 * Added a driver for PHPDBG (requires PHP 7) * Added PHP_CodeCoverage::setDisableIgnoredLines() to disable the ignoring of lines using annotations such as @codeCoverageIgnore -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 2 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.2.1-1 - update to 2.2.1 (no change) - raise dependency on sebastian/environment ~1.3.1 -------------------------------------------------------------------------------- ================================================================================ php-phpunit-environment-1.3.2-1.fc21 (FEDORA-2015-12269) Handle HHVM/PHP environments -------------------------------------------------------------------------------- Update Information: **php-code-coverage 2.2.1** - 2015-08-02 * Bumped required version of sebastian/environment to 1.3.1 for #365 **php-code-coverage 2.2.0** - 2015-08-01 * Added a driver for PHPDBG (requires PHP 7) * Added PHP_CodeCoverage::setDisableIgnoredLines() to disable the ignoring of lines using annotations such as @codeCoverageIgnore -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 3 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.3.2-1 - update to 1.3.2 * Sun Jul 26 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.3.0-1 - update to 1.3.0 -------------------------------------------------------------------------------- ================================================================================ publicsuffix-list-20150731-1.fc21 (FEDORA-2015-12706) Cross-vendor public domain suffix database -------------------------------------------------------------------------------- Update Information: The latest revision - 20150731 -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 3 2015 Yanko Kaneti <yaneti@xxxxxxxxxxx> - 20150731-1 - The latest revision - 20150731 - Move to the new upstream filename. Install a compat symlink for now * Thu Jun 18 2015 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 20150506-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rebase-helper-0.6.0-1.fc21 (FEDORA-2015-12711) The tool which helps you with rebase package -------------------------------------------------------------------------------- Update Information: New upstream version 0.6.0 (#1249518) -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 31 2015 Petr Hracek <phracek@xxxxxxxxxx> - 0.6.0-1 - New upstream version 0.6.0 (#1249518) * Thu Jun 18 2015 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1249518 - rebase-helper-0.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1249518 -------------------------------------------------------------------------------- ================================================================================ xen-4.4.2-9.fc21 (FEDORA-2015-12714) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) rebuild efi grub.cfg if it is present (#1239309), add gcc5 build fixes, one needed for the following patch, modify gnutls use in line with Fedora's crypto policies (#117935) -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 2 2015 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.4.2-9 - QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) * Sat Jul 25 2015 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.4.2-8 - rebuild efi grub.cfg if it is present (#1239309) - add gcc5 build fixes from F22+ package, one needed for the following patch - modify gnutls use in line with Fedora's crypto policies (#1179352) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1243563 - CVE-2015-5154 qemu: ide: atapi: heap overflow during I/O buffer memory access https://bugzilla.redhat.com/show_bug.cgi?id=1243563 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
