The following Fedora 21 Security updates need testing: Age URL 229 https://bodhi.fedoraproject.org/updates/FEDORA-2015-1467 openstack-glance-2014.1.3-4.fc21 109 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9090 fossil-1.33-1.fc21 109 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9141 ceph-deploy-1.5.25-1.fc21 98 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9744 squid-3.4.13-1.fc21 42 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12773 python-kdcproxy-0.3.2-1.fc21 25 https://bodhi.fedoraproject.org/updates/conntrack-tools-1.4.2-9.fc21 conntrack-tools-1.4.2-9.fc21 21 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14179 libreswan-3.15-1.fc21 21 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14200 sblim-sfcb-1.4.8-5.fc21 21 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14211 ntp-4.2.6p5-33.fc21 15 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14785 qemu-2.1.3-10.fc21 13 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14849 libvdpau-1.1.1-1.fc21 13 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14852 libwmf-0.2.8.4-46.fc21 13 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14901 ipython-2.4.1-8.fc21 12 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14953 pdns-3.4.6-1.fc21 12 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15061 bind-9.9.6-11.P1.fc21 12 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15065 pcs-0.9.137-5.fc21 10 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15128 389-ds-base-1.3.3.13-1.fc21 9 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15274 php-pecl-zip-1.12.5-1.fc21 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15290 ipsilon-1.1.0-1.fc21 5 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15588 jakarta-commons-httpclient-3.1-20.fc21 3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15618 golang-1.5.1-0.fc21 3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15677 icedtea-web-1.6.1-1.fc21 2 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15768 bugzilla-4.4.10-1.fc21 2 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15832 seamonkey-2.35-1.fc21 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15859 unzip-6.0-22.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15927 openjpeg2-2.1.0-6.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15933 kernel-4.1.7-100.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15935 libvpx-1.3.0-7.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15946 xen-4.4.3-3.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15982 wordpress-4.3.1-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16024 xpra-0.15.6-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16032 php-ZendFramework2-2.4.8-1.fc21 The following Fedora 21 Critical Path updates have yet to be approved: Age URL 174 https://bodhi.fedoraproject.org/updates/FEDORA-2015-4638 lcms2-2.7-1.fc21 60 https://bodhi.fedoraproject.org/updates/FEDORA-2015-11787 redhat-rpm-config-29-1.fc21 47 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12402 gstreamer1-plugins-good-1.4.5-3.fc21 35 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13233 yum-utils-1.1.31-28.fc21 35 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13239 yum-3.4.3-154.fc21 28 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13747 hwdata-0.281-1.fc21 25 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13885 thunderbird-38.2.0-2.fc21 25 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13877 libteam-1.18-1.fc21 25 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13805 tigervnc-1.5.0-2.fc21 25 https://bodhi.fedoraproject.org/updates/dracut-038-40.git20150819.fc21 dracut-038-40.git20150819.fc21 25 https://bodhi.fedoraproject.org/updates/btrfs-progs-4.1.2-1.fc21 btrfs-progs-4.1.2-1.fc21 24 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14019 nss-3.20.0-1.0.fc21 nss-softokn-3.20.0-1.0.fc21 nss-util-3.20.0-1.0.fc21 23 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14070 selinux-policy-3.13.1-105.21.fc21 21 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14209 vim-7.4.827-1.fc21 19 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14405 abrt-2.3.0-10.fc21 libreport-2.3.0-9.fc21 19 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14323 dnf-0.6.4-6.fc21 12 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15104 device-mapper-multipath-0.4.9-68.fc21.4 12 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15061 bind-9.9.6-11.P1.fc21 9 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15261 python-pycurl-7.19.3.1-6.fc21 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15357 cryptsetup-1.6.8-2.fc21 7 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15440 PackageKit-1.0.6-2.fc21 7 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15404 gnupg2-2.0.29-1.fc21 5 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15565 enca-1.16-1.fc21 3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15683 fedora-repos-21-3 3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15614 mesa-10.4.7-2.20150323.fc21 2 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15811 attr-2.4.47-10.fc21 2 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15805 gnutls-3.3.18-1.fc21 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15882 libassuan-2.3.0-1.fc21 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15862 libtalloc-2.1.2-1.fc21 samba-4.1.20-1.fc21 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15859 unzip-6.0-22.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16031 perl-Encode-2.77-1.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16027 perl-5.18.4-309.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15935 libvpx-1.3.0-7.fc21 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15933 kernel-4.1.7-100.fc21 The following builds have been pushed to Fedora 21 updates-testing admeshgui-1.0.1-1.fc21 caja-extensions-1.10.1-1.fc21 cinnamon-desktop-2.6.5-5.fc21 dar-2.4.18-1.fc21 dnf-plugin-system-upgrade-0.4.1-1.fc21 flpsed-0.7.3-2.fc21 golang-github-AdRoll-goamz-0-0.1.gitf8c4952.fc21 golang-github-Azure-azure-sdk-for-go-1.2-0.1.git97d9593.fc21 golang-github-denverdino-aliyungo-0-0.1.git0e0f322.fc21 golang-github-go-fsnotify-fsnotify-1.2.0-0.1.git96c060f.fc21 golang-github-gorilla-handlers-0-0.1.git60c7bfd.fc21 golang-github-noahdesu-go-ceph-0.3.0-0.1.gitb15639c.fc21 golang-github-stevvooe-resumable-0-0.1.git51ad441.fc21 kchildlock-0.91.1-1.fc21 kernel-4.1.7-100.fc21 libsearpc-3.0-5.fc21 libvpx-1.3.0-7.fc21 liquibase-3.4.1-1.fc21 mate-themes-1.10.5-1.fc21 openjpeg2-2.1.0-6.fc21 owncloud-client-2.0.1-1.fc21 perl-5.18.4-309.fc21 perl-Encode-2.77-1.fc21 perl-TeX-Encode-1.3-2.fc21 php-ZendFramework2-2.4.8-1.fc21 python-pyqtgraph-0.9.10-4.fc21.1 rubygem-locale-2.1.2-1.fc21 wordpress-4.3.1-1.fc21 xen-4.4.3-3.fc21 xpra-0.15.6-1.fc21 Details about builds: ================================================================================ admeshgui-1.0.1-1.fc21 (FEDORA-2015-16038) STL viewer and manipulation tool -------------------------------------------------------------------------------- Update Information: STL viewer and manipulation tool -------------------------------------------------------------------------------- References: [ 1 ] Bug #1224397 - Review Request: admeshgui - STL viewer and manipulation tool https://bugzilla.redhat.com/show_bug.cgi?id=1224397 -------------------------------------------------------------------------------- ================================================================================ caja-extensions-1.10.1-1.fc21 (FEDORA-2015-15966) Set of extensions for caja file manager -------------------------------------------------------------------------------- Update Information: caja-extensions-1.10.1-1.fc21 - update to 1.10.1 release caja- extensions-1.10.1-1.fc22 - update to 1.10.1 release caja- extensions-1.10.1-1.el7 - update to 1.10.1 release caja- extensions-1.10.1-1.fc23 - update to 1.10.1 release - enable gajim sendto plugin -------------------------------------------------------------------------------- ================================================================================ cinnamon-desktop-2.6.5-5.fc21 (FEDORA-2015-16043) Shared code among cinnamon-session, nemo, etc -------------------------------------------------------------------------------- Update Information: cinnamon-desktop-2.6.5-5.fc23 - fix warning message when background is xml file cinnamon-desktop-2.6.5-5.fc22 - fix warning message when background is xml file cinnamon-desktop-2.6.5-5.fc21 - fix warning message when background is xml file -------------------------------------------------------------------------------- ================================================================================ dar-2.4.18-1.fc21 (FEDORA-2015-15956) Software for making/restoring incremental CD/DVD backups -------------------------------------------------------------------------------- Update Information: New upstream version dar-2.4.18-1.fc23 - New upstream version dar-2.4.18-1.el7 - new upstream version dar-2.4.18-1.el6 - new upstream version dar-2.4.18-1.el5 - new upstream version dar-2.4.18-1.fc22 - New upstream version dar-2.4.18-1.fc21 - new upstream version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1258281 - dar-2.4.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1258281 -------------------------------------------------------------------------------- ================================================================================ dnf-plugin-system-upgrade-0.4.1-1.fc21 (FEDORA-2015-15941) System Upgrade plugin for DNF -------------------------------------------------------------------------------- Update Information: This is the first release of the `dnf system-upgrade` plugin, which replaces `fedup`. ---- What's changed since version 0.4.0: * Fixed `dnf system- upgrade clean` * Added man page `dnf.plugin.system-upgrade(8)` * Silenced duplicate DNF output during upgrade * Package now conflicts with old versions of PackageKit that don't let other programs do offline updates -------------------------------------------------------------------------------- References: [ 1 ] Bug #1259937 - dnf-plugin-system-upgrade should have explicit conflicts with older PackageKit https://bugzilla.redhat.com/show_bug.cgi?id=1259937 [ 2 ] Bug #1262145 - 'dnf system-upgrade clean' and 'dnf clean packages' does not clean downloaded system upgrade packages https://bugzilla.redhat.com/show_bug.cgi?id=1262145 [ 3 ] Bug #1260164 - Fix default Requires: to its python3 subpackage https://bugzilla.redhat.com/show_bug.cgi?id=1260164 -------------------------------------------------------------------------------- ================================================================================ flpsed-0.7.3-2.fc21 (FEDORA-2015-15958) WYSIWYG pseudo PostScript editor -------------------------------------------------------------------------------- Update Information: flpsed-0.7.3-2.fc21 - fix copying file path flpsed-0.7.3-2.fc22 - fix copying file path flpsed-0.7.3-2.fc23 - fix license COPYING file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1247059 - Packaging issues https://bugzilla.redhat.com/show_bug.cgi?id=1247059 -------------------------------------------------------------------------------- ================================================================================ golang-github-AdRoll-goamz-0-0.1.gitf8c4952.fc21 (FEDORA-2015-15989) Fork of the GOAMZ with additional functionality with DynamoDB -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262714 - Review Request: golang-github-AdRoll-goamz - Fork of the GOAMZ with additional functionality with DynamoDB https://bugzilla.redhat.com/show_bug.cgi?id=1262714 -------------------------------------------------------------------------------- ================================================================================ golang-github-Azure-azure-sdk-for-go-1.2-0.1.git97d9593.fc21 (FEDORA-2015-15988) Microsoft Azure SDK for Go -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262716 - Review Request: golang-github-Azure-azure-sdk-for-go - Microsoft Azure SDK for Go https://bugzilla.redhat.com/show_bug.cgi?id=1262716 -------------------------------------------------------------------------------- ================================================================================ golang-github-denverdino-aliyungo-0-0.1.git0e0f322.fc21 (FEDORA-2015-16004) Go SDK for Aliyun Services -------------------------------------------------------------------------------- Update Information: needed by docker/distribution -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262704 - Review Request: golang-github-denverdino-aliyungo - Go SDK for Aliyun Services https://bugzilla.redhat.com/show_bug.cgi?id=1262704 -------------------------------------------------------------------------------- ================================================================================ golang-github-go-fsnotify-fsnotify-1.2.0-0.1.git96c060f.fc21 (FEDORA-2015-15979) File system notifications for Go -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262426 - Review Request: golang-github-go-fsnotify-fsnotify - File system notifications for Go https://bugzilla.redhat.com/show_bug.cgi?id=1262426 -------------------------------------------------------------------------------- ================================================================================ golang-github-gorilla-handlers-0-0.1.git60c7bfd.fc21 (FEDORA-2015-15999) A collection of useful handlers for Go's net/http package -------------------------------------------------------------------------------- Update Information: needed by docker/distribution -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262705 - Review Request: golang-github-gorilla-handlers - A collection of useful handlers for Go's net/http package https://bugzilla.redhat.com/show_bug.cgi?id=1262705 -------------------------------------------------------------------------------- ================================================================================ golang-github-noahdesu-go-ceph-0.3.0-0.1.gitb15639c.fc21 (FEDORA-2015-15993) Go bindings for RADOS, RBD, and CephFS -------------------------------------------------------------------------------- Update Information: needed by docker/distribution -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262711 - Review Request: golang-github-noahdesu-go-ceph - Go bindings for RADOS, RBD, and CephFS https://bugzilla.redhat.com/show_bug.cgi?id=1262711 -------------------------------------------------------------------------------- ================================================================================ golang-github-stevvooe-resumable-0-0.1.git51ad441.fc21 (FEDORA-2015-16005) Subset of the Go `crypto` Package with a Resumable Hash Interface -------------------------------------------------------------------------------- Update Information: needed by docker/distribution -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262709 - Review Request: golang-github-stevvooe-resumable - Subset of the Go `crypto` Package with a Resumable Hash Interface https://bugzilla.redhat.com/show_bug.cgi?id=1262709 -------------------------------------------------------------------------------- ================================================================================ kchildlock-0.91.1-1.fc21 (FEDORA-2015-16021) KDE Parental Control Application -------------------------------------------------------------------------------- Update Information: kchildlock-0.91.1-1.fc21 - Update to 0.91.1 kchildlock-0.91.1-1.fc22 - Update to 0.91.1 kchildlock-0.91.1-1.fc23 - Update to 0.91.1 -------------------------------------------------------------------------------- ================================================================================ kernel-4.1.7-100.fc21 (FEDORA-2015-15933) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 4.1.7 update contains a number of important updates across the tree. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1256746 - CVE-2015-6666 kernel: Linux x86_64 NT flag handling optimization allowing DoS https://bugzilla.redhat.com/show_bug.cgi?id=1256746 -------------------------------------------------------------------------------- ================================================================================ libsearpc-3.0-5.fc21 (FEDORA-2015-15951) A simple and easy-to-use C language RPC framework -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1129224 - Review Request: libsearpc - A simple and easy-to-use C language RPC framework https://bugzilla.redhat.com/show_bug.cgi?id=1129224 -------------------------------------------------------------------------------- ================================================================================ libvpx-1.3.0-7.fc21 (FEDORA-2015-15935) VP8 Video Codec SDK -------------------------------------------------------------------------------- Update Information: libvpx-1.3.0-7.fc21 - set --size-limit=16384x16384 to fix CVE-2015-1258 libvpx-1.3.0-7.fc22 - set --size-limit=16384x16384 to fix CVE-2015-1258 libvpx-1.4.0-5.fc23 - set --size-limit=16384x16384 to avoid CVE-2015-1258 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1223266 - CVE-2015-1258 chromium-browser: Negative-size parameter in Libvpx. https://bugzilla.redhat.com/show_bug.cgi?id=1223266 -------------------------------------------------------------------------------- ================================================================================ liquibase-3.4.1-1.fc21 (FEDORA-2015-15930) Database Refactoring Tool -------------------------------------------------------------------------------- Update Information: Update to 3.4.1. This release is primarily bug fixes. See http://www.liquibase.org/2015/07/liquibase-3-4-1-released.html for details. -------------------------------------------------------------------------------- ================================================================================ mate-themes-1.10.5-1.fc21 (FEDORA-2015-15968) MATE Desktop themes -------------------------------------------------------------------------------- Update Information: mate-themes-1.10.5-1.fc21 - update to 1.10.5 release mate- themes-1.10.5-1.fc22 - update to 1.10.5 release mate-themes-1.10.5-1.fc23 - update to 1.10.5 release -------------------------------------------------------------------------------- ================================================================================ openjpeg2-2.1.0-6.fc21 (FEDORA-2015-15927) C-Library for JPEG 2000 -------------------------------------------------------------------------------- Update Information: Security fix for use after free vulnerability -------------------------------------------------------------------------------- References: [ 1 ] Bug #1263359 - openjpeg: Use-after-free vulnerability in opj_j2k_write_mco https://bugzilla.redhat.com/show_bug.cgi?id=1263359 -------------------------------------------------------------------------------- ================================================================================ owncloud-client-2.0.1-1.fc21 (FEDORA-2015-15945) The ownCloud Client -------------------------------------------------------------------------------- Update Information: Updated to 2.0.1 ---- Package rename -------------------------------------------------------------------------------- References: [ 1 ] Bug #1202805 - Review Request: owncloud-client - The ownCloud Client https://bugzilla.redhat.com/show_bug.cgi?id=1202805 -------------------------------------------------------------------------------- ================================================================================ perl-5.18.4-309.fc21 (FEDORA-2015-16027) Practical Extraction and Report Language -------------------------------------------------------------------------------- Update Information: Do not leak the temp utf8 copy of namepv (bug #1062576) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1062576 - memory leak when including a file with "use utf8" https://bugzilla.redhat.com/show_bug.cgi?id=1062576 -------------------------------------------------------------------------------- ================================================================================ perl-Encode-2.77-1.fc21 (FEDORA-2015-16031) Character encodings in Perl -------------------------------------------------------------------------------- Update Information: This release accepts UTF-16 encoding identifier and defaults to big endian variant as dictated by Unicode 8. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1263486 - perl-Encode-2.77 is available https://bugzilla.redhat.com/show_bug.cgi?id=1263486 -------------------------------------------------------------------------------- ================================================================================ perl-TeX-Encode-1.3-2.fc21 (FEDORA-2015-15937) Encoding to LaTeX escapes -------------------------------------------------------------------------------- Update Information: New package: perl-TeX-Encode -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262872 - Review Request: perl-TeX-Encode - Encoding to LaTeX escapes https://bugzilla.redhat.com/show_bug.cgi?id=1262872 -------------------------------------------------------------------------------- ================================================================================ php-ZendFramework2-2.4.8-1.fc21 (FEDORA-2015-16032) Zend Framework 2 -------------------------------------------------------------------------------- Update Information: **Zend Framework 2.4.8** **Security Update** * **ZF2015-07**: The filesystem storage adapter of Zend\Cache was creating directories with a liberal umask that could lead to local arbitrary code execution and/or local privilege escalation. This release contains a patch that ensures the directories are created using permissions of 0775 and files using 0664 (essentially umask 0002). **Bug fixed** from upstream [Changelog](http://framework.zend.com/changelog/2.4.8) * validate against DateTimeImmutable instead of DateTimeInterface * treat 0.0 as non-empty, restoring pre-2.4 behavior * deprecate "magic" logic for auto- attaching NonEmpty validators in favor of explicit attachment * ensure fallback values work as per pre-2.4 behavior * update the InputFilterInterface::add() docblock to match implementations * Fix how missing optoinal fields are validated to match pre 2.4.0 behavior * deprecate AllowEmpty and ContinueIfEmpty annotations, per zend-inputfilter#26 * fix typos in aria attribute names of AbstractHelper * fixes the ContentType header to properly handle encoded parameter values * fixes the Sender header to allow mailbox addresses without TLDs * fixes parsing of messages that contain an initial blank line before headers * fixes the SetCookie header to allow multiline values (as they are always encoded * fixes DefaultRenderingStrategy errors due to controllers returning non-view model results -------------------------------------------------------------------------------- ================================================================================ python-pyqtgraph-0.9.10-4.fc21.1 (FEDORA-2015-15974) Scientific Graphics and GUI Library for Python -------------------------------------------------------------------------------- Update Information: Added macros to fix build on F21 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1249368 - Review Request: python-pyqtgraph - Scientific Graphics and GUI Library for Python https://bugzilla.redhat.com/show_bug.cgi?id=1249368 -------------------------------------------------------------------------------- ================================================================================ rubygem-locale-2.1.2-1.fc21 (FEDORA-2015-15964) Pure ruby library which provides basic APIs for localization -------------------------------------------------------------------------------- Update Information: New version 2.1.2 is released. -------------------------------------------------------------------------------- ================================================================================ wordpress-4.3.1-1.fc21 (FEDORA-2015-15982) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: **WordPress 4.3.1 Security and Maintenance Release** [Upstream announcement](https://wordpress.org/news/2015/09/wordpress-4-3-1/): WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation. * WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point. * A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team. * Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check Point. WordPress 4.3.1 also fixes twenty-six bugs. For more information, see the [release notes](https://codex.wordpress.org/Version_4.3.1) or consult the [list of changes](https://core.trac.wordpress.org/log/branches/4.3/?rev=34199&st op_rev=33647). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1263657 - CVE-2015-5714 CVE-2015-5715 wordpress: XSS and permission issue fixed in wordpress 4.3.1 https://bugzilla.redhat.com/show_bug.cgi?id=1263657 -------------------------------------------------------------------------------- ================================================================================ xen-4.4.3-3.fc21 (FEDORA-2015-15946) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: libxl fails to honour readonly flag on disks with qemu-xen [XSA-142 (possible fix)] ---- update to xen-4.4.3, including Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166], QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] -------------------------------------------------------------------------------- References: [ 1 ] Bug #1248997 - CVE-2015-5166 Qemu: BlockBackend object use after free issue (XSA-139) https://bugzilla.redhat.com/show_bug.cgi?id=1248997 [ 2 ] Bug #1248760 - CVE-2015-5165 Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140) https://bugzilla.redhat.com/show_bug.cgi?id=1248760 -------------------------------------------------------------------------------- ================================================================================ xpra-0.15.6-1.fc21 (FEDORA-2015-16024) Remote display server for applications and desktops -------------------------------------------------------------------------------- Update Information: This update fixes a critical bug with the Xdummy setup which allows local users to access the virtual display used for the xpra sessions. xpra-0.15.6-1.fc21 - Update to 0.15.6 xpra-0.15.6-1.fc22 - Update to 0.15.6 xpra-0.15.6-1.fc23 - Update to 0.15.6 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
