Fedora 20 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Mon Mar 3 03:13:20 UTC 2014
The following Fedora 20 Security updates need testing:
Age URL
73 https://admin.fedoraproject.org/updates/FEDORA-2013-23636/rubygem-actionpack-4.0.0-2.fc20
65 https://admin.fedoraproject.org/updates/FEDORA-2013-24018/varnish-3.0.5-1.fc20
46 https://admin.fedoraproject.org/updates/FEDORA-2014-0792/libinfinity-0.5.5-1.fc20
20 https://admin.fedoraproject.org/updates/FEDORA-2014-2221/NetworkManager-ssh-0.9.2-0.2.20140209git46247c2.fc20
19 https://admin.fedoraproject.org/updates/FEDORA-2014-2264/python-tahrir-0.5.1-1.fc20
19 https://admin.fedoraproject.org/updates/FEDORA-2014-2263/python-tahrir-0.5.2-1.fc20
16 https://admin.fedoraproject.org/updates/FEDORA-2014-2452/augeas-1.2.0-1.fc20
12 https://admin.fedoraproject.org/updates/FEDORA-2014-2693/openstack-glance-2013.2.2-1.fc20
11 https://admin.fedoraproject.org/updates/FEDORA-2014-2751/zabbix-2.0.11-2.fc20
9 https://admin.fedoraproject.org/updates/FEDORA-2014-2875/oath-toolkit-2.4.1-3.fc20
9 https://admin.fedoraproject.org/updates/FEDORA-2014-2804/easy-rsa-2.2.2-1.fc20
6 https://admin.fedoraproject.org/updates/FEDORA-2014-2999/perl-CGI-Application-4.50-9.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2014-3054/python-swiftclient-2.0.2-1.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2014-3169/rubygem-activerecord-4.0.0-2.fc20,rubygem-actionpack-4.0.0-3.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2014-3184/freeradius-3.0.1-4.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2014-3222/v8-3.14.5.10-6.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2014-3300/pylint-1.1.0-1.fc20,python-astroid-1.0.1-2.fc20,python-logilab-common-0.61.0-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-3338/mediawiki-1.21.6-1.fc20
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
110 https://admin.fedoraproject.org/updates/FEDORA-2013-21163/libproxy-0.4.11-8.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2014-3065/langtable-0.0.24-1.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2014-3244/audit-2.3.4-1.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2014-3218/evolution-3.10.4-2.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2014-3203/testdisk-6.14-3.fc20,ntfs-3g-2014.2.15-1.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2014-3292/harfbuzz-0.9.26-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-3330/gdisk-0.8.9-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-3313/colord-1.1.7-1.fc20
The following builds have been pushed to Fedora 20 updates-testing
ShellCheck-0.3.1-4.fc20
asunder-2.4-1.fc20
darktable-1.4.1-1.fc20
drbdlinks-1.26-1.fc20
edgar-1.15-1.fc20
fsarchiver-0.6.19-1.fc20
gdisk-0.8.9-1.fc20
mediawiki-1.21.6-1.fc20
perl-Symbol-Global-Name-0.05-1.fc20
qbittorrent-3.1.9-1.fc20
valyriatear-0.6.0-1.fc20
wxGTK3-3.0.0-4.fc20
xfce4-equake-plugin-1.3.4-1.fc20
Details about builds:
================================================================================
ShellCheck-0.3.1-4.fc20 (FEDORA-2014-3342)
Tool for checking common errors in POSIX shell scripts
--------------------------------------------------------------------------------
Update Information:
executable dynamically linked to the library
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 1 2014 Dridi <dridi.boukelmoune at gmail.com> - 0.3.1-4
- executable dynamically linked to the library (bug #1069048)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1069048 - minor spec file improvements: for README and symlink
https://bugzilla.redhat.com/show_bug.cgi?id=1069048
--------------------------------------------------------------------------------
================================================================================
asunder-2.4-1.fc20 (FEDORA-2014-3343)
A graphical Audio CD ripper and encoder
--------------------------------------------------------------------------------
Update Information:
Upstream release notes:
- Added Bengali, Traditional Chinese translations.
- Updated Hungarian, Italian translations.
- Fixed the eject functionality to be more reliable.
- Added support for XDG_CACHE_HOME
- Fixed some memory corruption bugs that may have caused crashes and undefined behaviour.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 1 2014 Marcin Zajaczkowski <mszpak ATT wp DOTT pl> - 2.4-1
- Update to 2.4
- Fix bogus date in changelog
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1047183 - asunder-2.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1047183
--------------------------------------------------------------------------------
================================================================================
darktable-1.4.1-1.fc20 (FEDORA-2014-3337)
Utility to organize and develop raw images
--------------------------------------------------------------------------------
Update Information:
Upgrade to 1.4.1
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 12 2014 Edouard Bourguignon <madko at linuxed.net> - 1.4.1-1
- Upgrade to 1.4.1
- Remove tools source files
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1063007 - darktable-1.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1063007
--------------------------------------------------------------------------------
================================================================================
drbdlinks-1.26-1.fc20 (FEDORA-2014-3339)
A program for managing links into a DRBD shared partition
--------------------------------------------------------------------------------
Update Information:
Upstream changes:
* "Link local" relative symlink detection would add empty strings.strings (Fix by Flavio Grossi)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 2 2014 Robert Scheck <robert at fedoraproject.org> 1.26-1
- Upgrade to 1.26
--------------------------------------------------------------------------------
================================================================================
edgar-1.15-1.fc20 (FEDORA-2014-3352)
A platform game
--------------------------------------------------------------------------------
Update Information:
* Updated Dutch, Japanese, Russian and Ukrainian translations
* Fixed a minor issue when changing direction using an analogue controller
* Fixed the corrupted message that appears when Edgar's inventory is full
* The slime timer above Edgar is now removed when changing maps or loading a game
* Crushers no longer get stuck if they hit a pushable object
* Ice cubes can no longer bounce on springs forever
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 2 2014 Andrea Musuruane <musuruan at gmail.com> - 1.15-1
- Updated to upstream 1.15-1
--------------------------------------------------------------------------------
================================================================================
fsarchiver-0.6.19-1.fc20 (FEDORA-2014-3335)
Safe and flexible file-system backup/deployment tool
--------------------------------------------------------------------------------
Update Information:
Update to 0.6.19, fixes a regression introduced in 0.6.18
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 1 2014 Adel Gadllah <adel.gadllah at gmail.com> - 0.6.19-1
- Update to 0.6.19
- Fixes regression introduced in 0.6.18
--------------------------------------------------------------------------------
================================================================================
gdisk-0.8.9-1.fc20 (FEDORA-2014-3330)
An fdisk-like partitioning tool for GPT disks
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release gdisk 0.8.9.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 2 2014 Terje Rosten <terje.rosten at ntnu.no> - 0.8.9-1
- 0.8.9
* Wed Feb 12 2014 Nils Philippsen <nils at redhat.com> - 0.8.8-2
- fix bogus dates in changelog
- rebuild for new libicu
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1066290 - gdisk-0.8.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1066290
--------------------------------------------------------------------------------
================================================================================
mediawiki-1.21.6-1.fc20 (FEDORA-2014-3338)
A wiki engine
--------------------------------------------------------------------------------
Update Information:
* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. User will get an error including the namespace name if they use a non-whitelisted namespace.
* (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time.
* (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 1 2014 Michael Cronenworth <mike at cchtml.com> - 1.21.6-1
- Update to 1.21.6
- (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. User will get an error including the namespace name if they use a non- whitelisted namespace.
- (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time.
- (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1071135 - mediawiki: cross-site scripting flaw when handling SVG images
https://bugzilla.redhat.com/show_bug.cgi?id=1071135
[ 2 ] Bug #1071136 - mediawiki: timing attack on token
https://bugzilla.redhat.com/show_bug.cgi?id=1071136
[ 3 ] Bug #1071139 - mediawiki: HTML injection
https://bugzilla.redhat.com/show_bug.cgi?id=1071139
--------------------------------------------------------------------------------
================================================================================
perl-Symbol-Global-Name-0.05-1.fc20 (FEDORA-2014-3341)
Finds name and type of a global variable
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
qbittorrent-3.1.9-1.fc20 (FEDORA-2014-3334)
A Bittorrent Client
--------------------------------------------------------------------------------
Update Information:
- update to 3.1.9 release
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 2 2014 Leigh Scott <leigh123linux at googlemail.com> - 1:3.1.9-1
- update to 3.1.9 release
--------------------------------------------------------------------------------
================================================================================
valyriatear-0.6.0-1.fc20 (FEDORA-2014-3329)
Valyria Tear is a free 2D J-RPG based on the Hero of Allacrost engine
--------------------------------------------------------------------------------
Update Information:
New release!
Overview of changes:
- Many, many, many bugfixes and performance improvements.
- The characters actual weapon is shown in battles, along with weaponless attack support.
- Custom minimap support.
- New art!
- Battle enemies scriptable AI support.
- Better scripted battle events.
- Equipment and Battle status effect support in battles.
- UI theme change support.
- Menu mode UI stats info display improvements.
- Translated into 4 languages (French, Galician Italian, and German) - Come and add your own!
- Map enemies using patrol way points.
- Scripted puzzle objects.
- and of course, more of the story :)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 1 2014 Erik Schilling <ablu.erikschilling at googlemail.com> - 0.6.0-1
- New release
* Wed Sep 4 2013 Erik Schilling <ablu.erikschilling at googlemail.com> 0.6-0.1rc1
- New rc release
--------------------------------------------------------------------------------
================================================================================
wxGTK3-3.0.0-4.fc20 (FEDORA-2014-3349)
GTK port of the wxWidgets GUI library
--------------------------------------------------------------------------------
Update Information:
new wxGTK3 package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1020942 - Package Request: wxGTK3
https://bugzilla.redhat.com/show_bug.cgi?id=1020942
--------------------------------------------------------------------------------
================================================================================
xfce4-equake-plugin-1.3.4-1.fc20 (FEDORA-2014-3327)
Plugin for the XFCE panel which monitors earthquakes
--------------------------------------------------------------------------------
Update Information:
Initial RPM version 1.3.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1069050 - Review Request: xfce4-equake-plugin - Plugin for the XFCE panel which monitors earthquakes
https://bugzilla.redhat.com/show_bug.cgi?id=1069050
--------------------------------------------------------------------------------
More information about the test
mailing list