The following Fedora 21 Security updates need testing: Age URL 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-1467 openstack-glance-2014.1.3-4.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9090 fossil-1.33-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9141 ceph-deploy-1.5.25-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9744 squid-3.4.13-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12773 python-kdcproxy-0.3.2-1.fc21 0 https://bodhi.fedoraproject.org/updates/conntrack-tools-1.4.2-9.fc21 conntrack-tools-1.4.2-9.fc21 0 https://bodhi.fedoraproject.org/updates/ca-certificates-2015.2.5-1.0.fc21 ca-certificates-2015.2.5-1.0.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14179 libreswan-3.15-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14200 sblim-sfcb-1.4.8-5.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14211 ntp-4.2.6p5-33.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14242 pcre-8.35-14.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14363 xen-4.4.3-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14715 onionshare-0.7.1-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14785 qemu-2.1.3-10.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14849 libvdpau-1.1.1-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14852 libwmf-0.2.8.4-46.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14901 ipython-2.4.1-8.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14953 pdns-3.4.6-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14972 golang-1.5-6.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14976 php-5.6.13-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14996 moodle-2.7.9-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15061 bind-9.9.6-11.P1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15065 pcs-0.9.137-5.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15128 389-ds-base-1.3.3.13-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15198 php-doctrine-cache-1.4.2-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15201 php-doctrine-annotations-1.2.7-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15204 php-doctrine-doctrine-bundle-1.5.2-1.fc21 The following Fedora 21 Critical Path updates have yet to be approved: Age URL 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15104 device-mapper-multipath-0.4.9-68.fc21.4 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15061 bind-9.9.6-11.P1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14405 abrt-2.3.0-10.fc21 libreport-2.3.0-9.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14323 dnf-0.6.4-6.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14307 perl-Thread-Queue-3.06-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14242 pcre-8.35-14.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14209 vim-7.4.827-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14135 libpwquality-1.2.4-3.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14070 selinux-policy-3.13.1-105.21.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14065 perl-generators-1.04-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14019 nss-3.20.0-1.0.fc21 nss-softokn-3.20.0-1.0.fc21 nss-util-3.20.0-1.0.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13885 thunderbird-38.2.0-2.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13877 libteam-1.18-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13805 tigervnc-1.5.0-2.fc21 0 https://bodhi.fedoraproject.org/updates/dracut-038-40.git20150819.fc21 dracut-038-40.git20150819.fc21 0 https://bodhi.fedoraproject.org/updates/ca-certificates-2015.2.5-1.0.fc21 ca-certificates-2015.2.5-1.0.fc21 0 https://bodhi.fedoraproject.org/updates/btrfs-progs-4.1.2-1.fc21 btrfs-progs-4.1.2-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13747 hwdata-0.281-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13233 yum-utils-1.1.31-28.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13239 yum-3.4.3-154.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12575 perl-Encode-2.76-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12402 gstreamer1-plugins-good-1.4.5-3.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12212 perl-Filter-1.55-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-11787 redhat-rpm-config-29-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-4638 lcms2-2.7-1.fc21 The following builds have been pushed to Fedora 21 updates-testing 389-ds-base-1.3.3.13-1.fc21 amsynth-1.5.1-5.fc21 digikam-4.13.0-1.fc21 gst-entrans-1.0.2-5.fc21 ipv6calc-0.99.1-13.fc21 java-mersenne-twister-22-2.fc21 java-vash-1.1.0-0.6.30f001fgit.fc21 mozilla-adblockplus-2.6.10-2.fc21 mozilla-https-everywhere-5.1.1-1.fc21 nodejs-ast-types-0.4.5-2.fc21 nodejs-async-queue-0.1.0-2.fc21 nodejs-defs-1.1.0-1.fc21 nodejs-esprima-fb-15001.1.0-4.fc21 nodejs-function-bind-1.0.2-1.fc21 nodejs-module-not-found-error-1.0.1-1.fc21 nodejs-numeral-1.5.3-1.fc21 nodejs-strip-indent-1.0.1-1.fc21 nrpe-2.15-6.fc21 obnam-1.15-1.fc21 php-aws-sdk-2.8.20-1.fc21 php-doctrine-annotations-1.2.7-1.fc21 php-doctrine-cache-1.4.2-1.fc21 php-doctrine-doctrine-bundle-1.5.2-1.fc21 php-php-gettext-1.0.11-12.fc21 python-blockdiag-1.5.3-1.fc21 rubygem-pdfkit-0.8.2-1.fc21 scap-security-guide-0.1.25-1.fc21 xfoil-6.99-1.fc21 xpra-0.15.5-1.fc21 Details about builds: ================================================================================ 389-ds-base-1.3.3.13-1.fc21 (FEDORA-2015-15128) 389 Directory Server (base) -------------------------------------------------------------------------------- Update Information: 389-ds-base-1.3.3.13-1.fc21 - release 1.3.3.13 - Ticket 48265 - Complex filter in a search request doen't work as expected. (regression) - Ticket 47981 - COS cache doesn't properly mark vattr cache as invalid when there are multiple suffixes - Ticket 48252 - db2index creates index entry from deleted records - Ticket 48228 - wrong password check if passwordInHistory is decreased. - Ticket 48252 - db2index creates index entry from deleted records - Ticket 48254 - CLI db2index fails with usage errors - Ticket 47831 - remove debug logging from retro cl - Ticket 48245 - Man pages and help for remove-ds.pl doesn't display "-a" option - Ticket 47931 - Fix coverity issues - Ticket 47931 - memberOf & retrocl deadlocks - Ticket 48228 - wrong password check if passwordInHistory is decreased. - Ticket 48215 - update dbverify usage in main.c - Ticket 48215 - update dbverify usage - Ticket 48215 - verify_db.pl doesn't verify DB specified by -a option - Ticket 47810 - memberOf plugin not properly rejecting updates - Ticket 48231 - logconv autobind handling regression caused by 47446 - Ticket 48232 - winsync lastlogon attribute not syncing between DS and AD. - Ticket 48206 - Crash during retro changelog trimming - Ticket 48224 - redux 2 - logconv.pl should handle *.tar.xz, *.txz, *.xz log files - Ticket 48226 - In MMR, double free coould occur under some special condition - Ticket 48224 - redux - logconv.pl should handle *.tar.xz, *.txz, *.xz log files - Ticket 48224 - redux - logconv.pl should handle *.tar.xz, *.txz, *.xz log files - Ticket 48224 - logconv.pl should handle *.tar.xz, *.txz, *.xz log files - Ticket 48192 - Individual abandoned simple paged results request has no chance to be cleaned up - Ticket 48212 - Dynamic nsMatchingRule changes had no effect on the attrinfo thus following reindexing, as well. - Ticket 48195 - Slow replication when deleting large quantities of multi-valued attributes - Ticket 48175 - Avoid using regex in ACL if possible -------------------------------------------------------------------------------- References: [ 1 ] Bug #1232896 - CVE-2015-3230 389-ds-base: nsSSL3Ciphers preference not enforced server side (regression) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1232896 -------------------------------------------------------------------------------- ================================================================================ amsynth-1.5.1-5.fc21 (FEDORA-2015-15175) A classic synthesizer with dual oscillators -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- ================================================================================ digikam-4.13.0-1.fc21 (FEDORA-2015-15146) A digital camera accessing & photo management application -------------------------------------------------------------------------------- Update Information: digiKam 4.13.0 -------------------------------------------------------------------------------- ================================================================================ gst-entrans-1.0.2-5.fc21 (FEDORA-2015-15209) Plug-ins and tools for transcoding and recording with GStreamer -------------------------------------------------------------------------------- Update Information: This update fixes an incorrect dependency on GStreamer 0.10 Python bindings, pulling in the correct GStreamer 1.0 bindings instead. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1258649 - Requires: gstreamer-python is incorrect. https://bugzilla.redhat.com/show_bug.cgi?id=1258649 -------------------------------------------------------------------------------- ================================================================================ ipv6calc-0.99.1-13.fc21 (FEDORA-2015-15144) IPv6 address format change and calculation utility -------------------------------------------------------------------------------- Update Information: new release 0.99.1 (introduces new subpackage mod_ipv6calc) -------------------------------------------------------------------------------- ================================================================================ java-mersenne-twister-22-2.fc21 (FEDORA-2015-15159) Mersenne Twister random number generator in Java -------------------------------------------------------------------------------- Update Information: javadoc improvements -------------------------------------------------------------------------------- ================================================================================ java-vash-1.1.0-0.6.30f001fgit.fc21 (FEDORA-2015-15157) Visual hashing algorithms that convert data into images -------------------------------------------------------------------------------- Update Information: Unbundle the Mersenne Twister library. -------------------------------------------------------------------------------- ================================================================================ mozilla-adblockplus-2.6.10-2.fc21 (FEDORA-2015-15181) Adblocking extension for Mozilla Firefox, Thunderbird, and SeaMonkey -------------------------------------------------------------------------------- Update Information: lots of fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1154263 - mozilla-adblockplus-2.6.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1154263 -------------------------------------------------------------------------------- ================================================================================ mozilla-https-everywhere-5.1.1-1.fc21 (FEDORA-2015-15184) HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey -------------------------------------------------------------------------------- Update Information: - Ruleset fixes - Remove the AMO signature - Fix the "not appearing" problem -------------------------------------------------------------------------------- ================================================================================ nodejs-ast-types-0.4.5-2.fc21 (FEDORA-2015-15152) Esprima-compatible implementation of the Mozilla JS Parser API -------------------------------------------------------------------------------- Update Information: package missing def dir -------------------------------------------------------------------------------- References: [ 1 ] Bug #1260268 - def directory not packaged https://bugzilla.redhat.com/show_bug.cgi?id=1260268 -------------------------------------------------------------------------------- ================================================================================ nodejs-async-queue-0.1.0-2.fc21 (FEDORA-2015-15115) Simple FIFO queue to execute async functions linear -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1257336 - Review Request: nodejs-async-queue - Simple FIFO queue to execute async functions linear https://bugzilla.redhat.com/show_bug.cgi?id=1257336 -------------------------------------------------------------------------------- ================================================================================ nodejs-defs-1.1.0-1.fc21 (FEDORA-2015-15218) Static scope analysis and transpilation -------------------------------------------------------------------------------- Update Information: Update to 1.1.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1239725 - nodejs-defs: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1239725 [ 2 ] Bug #1152091 - nodejs-defs-1.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1152091 [ 3 ] Bug #1260366 - build/es5/defs-main.js not packaged https://bugzilla.redhat.com/show_bug.cgi?id=1260366 -------------------------------------------------------------------------------- ================================================================================ nodejs-esprima-fb-15001.1.0-4.fc21 (FEDORA-2015-15177) Facebook-specific fork of the esprima project -------------------------------------------------------------------------------- Update Information: Fix conflicts with npm(esprima) binaries -------------------------------------------------------------------------------- References: [ 1 ] Bug #1241423 - Review Request: nodejs-esprima-fb - Facebook-specific fork of the esprima project https://bugzilla.redhat.com/show_bug.cgi?id=1241423 -------------------------------------------------------------------------------- ================================================================================ nodejs-function-bind-1.0.2-1.fc21 (FEDORA-2015-15162) Implementation of Function.prototype.bind -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1258200 - Review Request: nodejs-function-bind - Implementation of Function.prototype.bind https://bugzilla.redhat.com/show_bug.cgi?id=1258200 -------------------------------------------------------------------------------- ================================================================================ nodejs-module-not-found-error-1.0.1-1.fc21 (FEDORA-2015-15170) Create a module not found error -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1257302 - Review Request: nodejs-module-not-found-error - Create a module not found error https://bugzilla.redhat.com/show_bug.cgi?id=1257302 -------------------------------------------------------------------------------- ================================================================================ nodejs-numeral-1.5.3-1.fc21 (FEDORA-2015-15164) A javascript library for formatting and manipulating numbers -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1257342 - Review Request: nodejs-numeral - A javascript library for formatting and manipulating numbers https://bugzilla.redhat.com/show_bug.cgi?id=1257342 -------------------------------------------------------------------------------- ================================================================================ nodejs-strip-indent-1.0.1-1.fc21 (FEDORA-2015-15215) Strip leading whitespace from every line in a string -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1258146 - Review Request: nodejs-strip-indent - Strip leading whitespace from every line in a string https://bugzilla.redhat.com/show_bug.cgi?id=1258146 -------------------------------------------------------------------------------- ================================================================================ nrpe-2.15-6.fc21 (FEDORA-2015-15123) Host/service/network monitoring agent for Nagios -------------------------------------------------------------------------------- Update Information: nrpe-2.15-6.el7 - Fix spec file for missing /usr/share/libtool/config/config.guess nrpe-2.15-6.el6 - Fix spec file for missing /usr/share/libtool/config/config.guess nrpe-2.15-6.fc23 - Fix spec file for missing /usr/share/libtool/config/config.guess nrpe-2.15-6.fc22 - Fix spec file for missing /usr/share/libtool/config/config.guess nrpe-2.15-6.fc21 - Fix spec file for missing /usr/share/libtool/config/config.guess -------------------------------------------------------------------------------- References: [ 1 ] Bug #1089880 - CVE-2014-2913 nrpe: remote command execution when command arguments are enabled [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1089880 [ 2 ] Bug #1239738 - nrpe: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1239738 -------------------------------------------------------------------------------- ================================================================================ obnam-1.15-1.fc21 (FEDORA-2015-15134) An easy, secure backup program -------------------------------------------------------------------------------- Update Information: Version 1.15, released 2015-08-19 --------------------------------- * Fixed a typo in a variable name ("netloc"), found by Dirk. Version 1.14, released 2015-08-14 --------------------------------- Bug fixes: * Since 1.9, Obnam has had trouble with sftp URLs for backup roots, particularly for URLs specifying the server's root directory. Dennis Jacobfeuerborn found the reason: the backup plugin was treating URLs as filenames. This should now be fixed. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1253875 - obnam-1.15.orig is available https://bugzilla.redhat.com/show_bug.cgi?id=1253875 -------------------------------------------------------------------------------- ================================================================================ php-aws-sdk-2.8.20-1.fc21 (FEDORA-2015-15197) Amazon Web Services framework for PHP -------------------------------------------------------------------------------- Update Information: ## 2.8.20 - 2015-09-03 * `Aws\CodePipeline` - Added support for using encryption keys with artifact stores. * `Aws\ConfigService` - Added support for the `ListDiscoveredResources` operation and new resource types. * `Aws\Ec2` - Added support for using instance weights with the `RequestSpotFleet` API. * `Aws\Sns` - Added support for configurable SigningCertURL host patterns. * `Aws\StorageGateway` - Added support for tagging and untagging resources. * Fixed issue with loading the phar from opcache. ## 2.8.19 - 2015-08-20 * `Aws\S3` - Added support for event notification filters. ## 2.8.18 - 2015-08-12 * `Aws\ElasticBeanstalk` - Added support for enhanced health reporting. * `Aws\Glacier` - Fixed an issue where content bodies that equaled false (e.g., '0') would not be uploaded. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1253094 - php-aws-sdk-2.8.20 is available https://bugzilla.redhat.com/show_bug.cgi?id=1253094 -------------------------------------------------------------------------------- ================================================================================ php-doctrine-annotations-1.2.7-1.fc21 (FEDORA-2015-15201) PHP docblock annotations parser library -------------------------------------------------------------------------------- Update Information: CVE-2015-5723 http://www.doctrine-project.org/2015/08/31/security_misconfigurat ion_vulnerability_in_various_doctrine_projects.html -------------------------------------------------------------------------------- References: [ 1 ] Bug #1258669 - php-doctrine-annotations-v1.2.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1258669 -------------------------------------------------------------------------------- ================================================================================ php-doctrine-cache-1.4.2-1.fc21 (FEDORA-2015-15198) Doctrine Cache -------------------------------------------------------------------------------- Update Information: CVE-2015-5723 http://www.doctrine-project.org/2015/08/31/security_misconfigurat ion_vulnerability_in_various_doctrine_projects.html -------------------------------------------------------------------------------- References: [ 1 ] Bug #1258670 - php-doctrine-cache-v1.4.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1258670 -------------------------------------------------------------------------------- ================================================================================ php-doctrine-doctrine-bundle-1.5.2-1.fc21 (FEDORA-2015-15204) Symfony Bundle for Doctrine -------------------------------------------------------------------------------- Update Information: ## 1.5.2 (2015-08-31) ### Security: * Fix Security Misconfiguration Vulnerability, allowing potential local arbitrary code execution * CVE-2015-5723 * http://www.doctrine-project.org/2015/08/31/security_misconfi guration_vulnerability_in_various_doctrine_projects.html ## 1.5.1 (2015-08-12) ### Bugfix: * Fixed the JS expanding all queries in the profiler in case of multiple connections * Fixed the retrieval of the namespace in DisconnectedMetadataFactory * Changed the composer constraint to allow Symfony 3.0 for people wanting to do early testing -------------------------------------------------------------------------------- References: [ 1 ] Bug #1253092 - php-doctrine-doctrine-bundle-v1.5.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1253092 -------------------------------------------------------------------------------- ================================================================================ php-php-gettext-1.0.11-12.fc21 (FEDORA-2015-15113) Gettext emulation in PHP -------------------------------------------------------------------------------- Update Information: Added a patch for compatibility with PHP 7 -------------------------------------------------------------------------------- ================================================================================ python-blockdiag-1.5.3-1.fc21 (FEDORA-2015-15148) Generate block-diagram images from text -------------------------------------------------------------------------------- Update Information: python-blockdiag-1.5.3-1.fc22 - Upstream 1.5.3 python- blockdiag-1.5.3-1.fc21 - Upstream 1.5.3 -------------------------------------------------------------------------------- ================================================================================ rubygem-pdfkit-0.8.2-1.fc21 (FEDORA-2015-15133) HTML+CSS to PDF using wkhtmltopdf -------------------------------------------------------------------------------- Update Information: New version 0.8.2 is released. -------------------------------------------------------------------------------- ================================================================================ scap-security-guide-0.1.25-1.fc21 (FEDORA-2015-15180) Security guidance and baselines in SCAP formats -------------------------------------------------------------------------------- Update Information: update to the latest upstream release -------------------------------------------------------------------------------- ================================================================================ xfoil-6.99-1.fc21 (FEDORA-2015-15189) Subsonic Airfoil Development System -------------------------------------------------------------------------------- Update Information: Update to version 6.99, see http://web.mit.edu/drela/Public/web/xfoil/version_notes.txt for details. -------------------------------------------------------------------------------- ================================================================================ xpra-0.15.5-1.fc21 (FEDORA-2015-15167) Remote display server for applications and desktops -------------------------------------------------------------------------------- Update Information: New upstream bugfix release which fixes color encoding problems. xpra-0.15.5-1.fc21 - Update to 0.15.5 - Drop patches related to color encoding xpra-0.15.5-1.fc22 - Update to 0.15.5 - Drop patches related to color encoding xpra-0.15.5-1.fc23 - Update to 0.15.5 - Drop patches related to color encoding -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
