The following Fedora 21 Security updates need testing: Age URL 216 https://bodhi.fedoraproject.org/updates/FEDORA-2015-1467 openstack-glance-2014.1.3-4.fc21 96 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9090 fossil-1.33-1.fc21 96 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9141 ceph-deploy-1.5.25-1.fc21 85 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9744 squid-3.4.13-1.fc21 75 https://bodhi.fedoraproject.org/updates/FEDORA-2015-10301 389-ds-base-1.3.3.12-1.fc21 29 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12773 python-kdcproxy-0.3.2-1.fc21 15 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13700 drupal6-views_bulk_operations-1.17-1.fc21 13 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13423 php-twig-1.20.0-1.fc21 13 https://bodhi.fedoraproject.org/updates/conntrack-tools-1.4.2-9.fc21 conntrack-tools-1.4.2-9.fc21 13 https://bodhi.fedoraproject.org/updates/ca-certificates-2015.2.5-1.0.fc21 ca-certificates-2015.2.5-1.0.fc21 13 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13917 drupal7-7.39-1.fc21 13 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13926 gdk-pixbuf2-2.31.6-1.fc21 11 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14010 mingw-gdk-pixbuf-2.31.6-1.fc21 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14179 libreswan-3.15-1.fc21 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14200 sblim-sfcb-1.4.8-5.fc21 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14211 ntp-4.2.6p5-33.fc21 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14242 pcre-8.35-14.fc21 6 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14330 drupal6-ctools-1.14-1.fc21 6 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14363 xen-4.4.3-1.fc21 6 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14442 drupal6-6.37-1.fc21 2 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14715 onionshare-0.7.1-1.fc21 2 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14785 qemu-2.1.3-10.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14849 libvdpau-1.1.1-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14852 libwmf-0.2.8.4-46.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14901 ipython-2.4.1-8.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14953 pdns-3.4.6-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14972 golang-1.5-6.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14976 php-5.6.13-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14996 moodle-2.7.9-1.fc21 The following Fedora 21 Critical Path updates have yet to be approved: Age URL 161 https://bodhi.fedoraproject.org/updates/FEDORA-2015-4638 lcms2-2.7-1.fc21 48 https://bodhi.fedoraproject.org/updates/FEDORA-2015-11787 redhat-rpm-config-29-1.fc21 36 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12212 perl-Filter-1.55-1.fc21 34 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12575 perl-Encode-2.76-1.fc21 34 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12402 gstreamer1-plugins-good-1.4.5-3.fc21 22 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13233 yum-utils-1.1.31-28.fc21 22 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13239 yum-3.4.3-154.fc21 15 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13747 hwdata-0.281-1.fc21 15 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13745 kernel-4.1.6-100.fc21 13 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13926 gdk-pixbuf2-2.31.6-1.fc21 13 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13908 librsvg2-2.40.10-1.fc21 13 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13885 thunderbird-38.2.0-2.fc21 13 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13877 libteam-1.18-1.fc21 13 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13805 tigervnc-1.5.0-2.fc21 13 https://bodhi.fedoraproject.org/updates/dracut-038-40.git20150819.fc21 dracut-038-40.git20150819.fc21 13 https://bodhi.fedoraproject.org/updates/ca-certificates-2015.2.5-1.0.fc21 ca-certificates-2015.2.5-1.0.fc21 13 https://bodhi.fedoraproject.org/updates/btrfs-progs-4.1.2-1.fc21 btrfs-progs-4.1.2-1.fc21 11 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14019 nss-3.20.0-1.0.fc21 nss-softokn-3.20.0-1.0.fc21 nss-util-3.20.0-1.0.fc21 10 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14135 libpwquality-1.2.4-3.fc21 10 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14070 selinux-policy-3.13.1-105.21.fc21 10 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14065 perl-generators-1.04-1.fc21 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14242 pcre-8.35-14.fc21 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14209 vim-7.4.827-1.fc21 6 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14405 abrt-2.3.0-10.fc21 libreport-2.3.0-9.fc21 6 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14323 dnf-0.6.4-6.fc21 6 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14307 perl-Thread-Queue-3.06-1.fc21 The following builds have been pushed to Fedora 21 updates-testing SDL_mixer-1.2.12-10.fc21 cscppc-1.3.0-1.fc21 dnf-plugin-system-upgrade-0.4.0-1.fc21 golang-1.5-6.fc21 libreoffice-4.3.7.2-11.fc21 minimodem-0.22.1-1.fc21 moodle-2.7.9-1.fc21 mosquitto-1.4.3-1.fc21 nodejs-single-line-log-1.0.0-1.fc21 ovirt-engine-sdk-java-3.5.4.0-1.fc21 ovirt-engine-sdk-python-3.5.4.0-1.fc21 owncloud-client-1.8.4-3.fc21 pdns-3.4.6-1.fc21 perl-Log-Dispatch-2.50-1.fc21 php-5.6.13-1.fc21 php-horde-Horde-Imap-Client-2.29.2-1.fc21 php-horde-Horde-Mime-2.9.2-1.fc21 python-cliapp-1.20150829-1.fc21 python-phyghtmap-1.74-1.fc21 qxmpp-0.9.2-1.fc21 shinken-2.4.1-5.fc21 statscache-0.0.1-1.fc21 udiskie-1.3.0-1.fc21 Details about builds: ================================================================================ SDL_mixer-1.2.12-10.fc21 (FEDORA-2015-14994) Simple DirectMedia Layer - Sample Mixer Library -------------------------------------------------------------------------------- Update Information: SDL_mixer-1.2.12-10.fc21 - Enable fluidsynth support, BZ 1218776. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1218776 - Please, enable support for fluidsynth https://bugzilla.redhat.com/show_bug.cgi?id=1218776 -------------------------------------------------------------------------------- ================================================================================ cscppc-1.3.0-1.fc21 (FEDORA-2015-14973) A compiler wrapper that runs cppcheck in background -------------------------------------------------------------------------------- Update Information: - update to latest upstream -------------------------------------------------------------------------------- ================================================================================ dnf-plugin-system-upgrade-0.4.0-1.fc21 (FEDORA-2015-15003) System Upgrade plugin for DNF -------------------------------------------------------------------------------- Update Information: This is the first release of the `dnf system-upgrade` plugin, which replaces `fedup`. -------------------------------------------------------------------------------- ================================================================================ golang-1.5-6.fc21 (FEDORA-2015-14972) The Go Programming Language -------------------------------------------------------------------------------- Update Information: update to go1.5; shared objects for x86_64; gdb fixes; full http smuggle fix; fixes for tests -------------------------------------------------------------------------------- References: [ 1 ] Bug #1250352 - CVE-2015-5739 CVE-2015-5740 CVE-2015-5741 golang: HTTP request smuggling in net/http library https://bugzilla.redhat.com/show_bug.cgi?id=1250352 -------------------------------------------------------------------------------- ================================================================================ libreoffice-4.3.7.2-11.fc21 (FEDORA-2015-14940) Free Software Productivity Suite -------------------------------------------------------------------------------- Update Information: libreoffice-4.3.7.2-11.fc21 - Resolves: rhbz#1256843 no obvious means to close template dialog - Related: rhbz#1255200 apparent missing stylesheet ---- Resolves: tdf#92767 use ISO 8601 for internal date string representation Check annotation caption pointers, blind fix for rhbz#1242099. Resolves: tdf#86024 do not attempt to shorten numeric value output. Handle en-GB-oxendict vs en-GB-oed language tag for newer liblangtag data. Resolves: rhbz#1255811 implement Edit modify handler. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1255200 - None https://bugzilla.redhat.com/show_bug.cgi?id=1255200 [ 2 ] Bug #1242099 - [abrt] libreoffice-core: ScXMLExport::WriteAnnotation(): soffice.bin killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1242099 -------------------------------------------------------------------------------- ================================================================================ minimodem-0.22.1-1.fc21 (FEDORA-2015-14928) General-purpose software audio FSK modem -------------------------------------------------------------------------------- Update Information: Latest upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1164134 - minimodem-0.22 is available https://bugzilla.redhat.com/show_bug.cgi?id=1164134 -------------------------------------------------------------------------------- ================================================================================ moodle-2.7.9-1.fc21 (FEDORA-2015-14996) A Course Management System -------------------------------------------------------------------------------- Update Information: moodle-2.7.9-1.fc21 - 2.7.9. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1242777 - CVE-2015-3273 CVE-2015-3272 CVE-2015-3275 CVE-2015-3274 moodle: multiple flaws fixed in 2.9.1, 2.8.7, and 2.7.9 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1242777 [ 2 ] Bug #1222602 - CVE-2015-3181 CVE-2015-3180 CVE-2015-3178 CVE-2015-3179 CVE-2015-3176 CVE-2015-3177 CVE-2015-3174 CVE-2015-3175 moodle: several flaws fixed in 2.9, 2.8.6, 2.7.8, 2.6.11 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1222602 [ 3 ] Bug #1221278 - moodle: multiple unspecified flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1221278 -------------------------------------------------------------------------------- ================================================================================ mosquitto-1.4.3-1.fc21 (FEDORA-2015-14932) An Open Source MQTT v3.1/v3.1.1 Broker -------------------------------------------------------------------------------- Update Information: Update to new upstream version 1.4.3 -------------------------------------------------------------------------------- ================================================================================ nodejs-single-line-log-1.0.0-1.fc21 (FEDORA-2015-15013) Keep writing to the same line in the terminal -------------------------------------------------------------------------------- Update Information: New nodejs packages -------------------------------------------------------------------------------- References: [ 1 ] Bug #1257340 - Review Request: nodejs-single-line-log - Keep writing to the same line in the terminal https://bugzilla.redhat.com/show_bug.cgi?id=1257340 -------------------------------------------------------------------------------- ================================================================================ ovirt-engine-sdk-java-3.5.4.0-1.fc21 (FEDORA-2015-15038) oVirt Engine Software Development Kit (Java) -------------------------------------------------------------------------------- Update Information: Update to upstream 3.5.4.0 -------------------------------------------------------------------------------- ================================================================================ ovirt-engine-sdk-python-3.5.4.0-1.fc21 (FEDORA-2015-15024) oVirt Engine Software Development Kit (Python) -------------------------------------------------------------------------------- Update Information: Update to upstream 3.5.4.0 -------------------------------------------------------------------------------- ================================================================================ owncloud-client-1.8.4-3.fc21 (FEDORA-2015-14999) The ownCloud Client -------------------------------------------------------------------------------- Update Information: Package rename -------------------------------------------------------------------------------- References: [ 1 ] Bug #1202805 - Review Request: owncloud-client - The ownCloud Client https://bugzilla.redhat.com/show_bug.cgi?id=1202805 -------------------------------------------------------------------------------- ================================================================================ pdns-3.4.6-1.fc21 (FEDORA-2015-14953) A modern, advanced and high performance authoritative-only nameserver -------------------------------------------------------------------------------- Update Information: - Upstream released new version - Security fix for CVE-2015-5230 -------------------------------------------------------------------------------- ================================================================================ perl-Log-Dispatch-2.50-1.fc21 (FEDORA-2015-14961) Dispatches messages to one or more outputs -------------------------------------------------------------------------------- Update Information: perl-Log-Dispatch-2.50-1.fc22 - Upstream update. perl-Log- Dispatch-2.50-1.fc21 - Upstream update. perl-Log-Dispatch-2.50-1.fc23 - Upstream update. ---- perl-Log-Dispatch-2.49-1.fc21 - Upstream update. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1258940 - None https://bugzilla.redhat.com/show_bug.cgi?id=1258940 -------------------------------------------------------------------------------- ================================================================================ php-5.6.13-1.fc21 (FEDORA-2015-14976) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: 03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long timeout on pipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST data). (cmb) * Fixed bug #70198 (Checking liveness does not work as expected). (Shafreeck Sea, Anatol Belski) * Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas) * Fixed bug #70219 (Use after free vulnerability in session deserializer). (taoguangchen at icloud dot com) **CLI server:** * Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug #70264 (CLI server directory traversal). (cmb) **Date:** * Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to be optional). (cmb) * Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte). (cmb) **EXIF:** * Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes). (Stas) **hash:** * Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee at naver dot com) **MCrypt:** * Fixed bug #69833 (mcrypt fd caching not working). (Anatol) **Opcache:** * Fixed bug #70237 (Empty while and do-while segmentation fault with opcode on CLI enabled). (Dmitry, Laruence) **PCRE:** * Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string match). (cmb) * Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions). (Anatol Belski) **SOAP:** * Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). (Stas) **SPL:** * Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via ob_start). (hugh at allthethings dot co dot nz) * Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb) * Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). (taoguangchen at icloud dot com) * Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen at icloud dot com) **Standard:** * Fixed bug #70052 (getimagesize() fails for very large and very small WBMP). (cmb) * Fixed bug #70157 (parse_ini_string() segmentation fault with INI_SCANNER_TYPED). (Tjerk) **XSLT:** * Fixed bug #69782 (NULL pointer dereference). (Stas) **ZIP:** * Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories). (neal at fb dot com) -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Imap-Client-2.29.2-1.fc21 (FEDORA-2015-14981) Horde IMAP abstraction interface -------------------------------------------------------------------------------- Update Information: **Horde_Mime 2.9.2** * [mjr] Correctly work around PHP bug 65776. **Horde_Imap_Client 2.29.2** * [mms] Improved performance of Horde_Imap_Client_Data_Thread object when containing large number of messages (Request 14075). * [mms] Catch translation errors when creating Exceptions (PR 143; baso10dev). -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Mime-2.9.2-1.fc21 (FEDORA-2015-14981) Horde MIME Library -------------------------------------------------------------------------------- Update Information: **Horde_Mime 2.9.2** * [mjr] Correctly work around PHP bug 65776. **Horde_Imap_Client 2.29.2** * [mms] Improved performance of Horde_Imap_Client_Data_Thread object when containing large number of messages (Request 14075). * [mms] Catch translation errors when creating Exceptions (PR 143; baso10dev). -------------------------------------------------------------------------------- ================================================================================ python-cliapp-1.20150829-1.fc21 (FEDORA-2015-15007) Python framework for Unix command line programs -------------------------------------------------------------------------------- Update Information: Important, backwards incompatible bug fixes: * Jan Gerber fixed string list option handling. Command line options no longer parse values by commas, so that `--foo=bar,foobar` results in a single value `bar,foobar`, instead of two values (`bar` and `foobar`). Also, in configuration files, values may be quoted with double quotes. Bug fixes: * Memory use profiling with Meliae was fixed. New features: * Richard Ipsum added the `cliapp.Application.get_subcommand_usage` method to return a short usage text for a subcommand. This allows better error message. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1258184 - python-cliapp-1.20150829.orig is available https://bugzilla.redhat.com/show_bug.cgi?id=1258184 -------------------------------------------------------------------------------- ================================================================================ python-phyghtmap-1.74-1.fc21 (FEDORA-2015-15025) Generate OSM contour lines from NASA SRTM data -------------------------------------------------------------------------------- Update Information: * Fixed bug causing phyghtmap crashes when writing single output files using parallelization. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1258852 - python-phyghtmap-1.74.orig is available https://bugzilla.redhat.com/show_bug.cgi?id=1258852 -------------------------------------------------------------------------------- ================================================================================ qxmpp-0.9.2-1.fc21 (FEDORA-2015-14946) Qt XMPP Library -------------------------------------------------------------------------------- Update Information: qxmpp-0.9.2-1.fc21 - v0.9.2. Introducing libraries for qt5. Documentation into the separate package qxmpp-0.9.2-1.fc22 - v0.9.2. Introducing libraries for qt5. Documentation into the separate package qxmpp-0.9.2-1.fc23 - v0.9.2. Introducing libraries for qt5. Documentation into the separate package ---- qxmpp-0.9.0-1.fc21 - v0.9.0 qxmpp-0.9.0-1.fc22 - v0.9.0 qxmpp-0.9.0-1.fc23 - v0.9.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1258229 - None https://bugzilla.redhat.com/show_bug.cgi?id=1258229 [ 2 ] Bug #1131114 - qxmpp-v0.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1131114 -------------------------------------------------------------------------------- ================================================================================ shinken-2.4.1-5.fc21 (FEDORA-2015-15011) Python Monitoring tool -------------------------------------------------------------------------------- Update Information: Fix Bug 1257871 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1257871 - shinken-broker systemd script failed to restart broker daemon https://bugzilla.redhat.com/show_bug.cgi?id=1257871 -------------------------------------------------------------------------------- ================================================================================ statscache-0.0.1-1.fc21 (FEDORA-2015-15021) A daemon to build and keep fedmsg statistics -------------------------------------------------------------------------------- Update Information: Initial packaging. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1234605 - Review Request: statscache - A daemon to build and keep fedmsg statistics https://bugzilla.redhat.com/show_bug.cgi?id=1234605 -------------------------------------------------------------------------------- ================================================================================ udiskie-1.3.0-1.fc21 (FEDORA-2015-14949) Removable disk auto-mounter -------------------------------------------------------------------------------- Update Information: udiskie-1.3.0-1.fc21 - Update to 1.3.0 udiskie-1.3.0-1.fc22 - Update to 1.3.0 udiskie-1.3.0-1.el7 - Update to 1.3.0 udiskie-1.3.0-1.fc23 - Update to 1.3.0 ---- udiskie-1.2.1-1.fc21 - Update to 1.2.1. udiskie-1.2.1-1.fc22 - Update to 1.2.1. udiskie-1.2.1-1.el7 - Update to 1.2.1. udiskie-1.2.1-1.fc23 - Update to 1.2.1. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1258675 - udiskie-1.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1258675 [ 2 ] Bug #1259101 - None https://bugzilla.redhat.com/show_bug.cgi?id=1259101 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
