Fedora 20 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Wed Apr 29 13:09:24 UTC 2015
The following Fedora 20 Security updates need testing:
Age URL
148 https://admin.fedoraproject.org/updates/FEDORA-2014-15988/fail2ban-0.9.1-1.fc20
128 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20
83 https://admin.fedoraproject.org/updates/FEDORA-2015-1718/389-admin-1.1.38-1.fc20
66 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20
51 https://admin.fedoraproject.org/updates/FEDORA-2015-3417/389-ds-base-1.3.2.27-1.fc20
46 https://admin.fedoraproject.org/updates/FEDORA-2015-3738/ImageMagick-6.8.6.3-6.fc20
33 https://admin.fedoraproject.org/updates/FEDORA-2015-4672/quassel-0.11.0-2.fc20
26 https://admin.fedoraproject.org/updates/FEDORA-2015-5398/thunderbird-31.6.0-1.fc20
19 https://admin.fedoraproject.org/updates/FEDORA-2015-5910/netcf-0.2.8-1.fc20
18 https://admin.fedoraproject.org/updates/FEDORA-2015-5970/asterisk-11.17.1-1.fc20
18 https://admin.fedoraproject.org/updates/FEDORA-2015-5978/krb5-1.11.5-20.fc20
11 https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6.fc20
7 https://admin.fedoraproject.org/updates/FEDORA-2015-6428/prosody-0.9.8-1.fc20
7 https://admin.fedoraproject.org/updates/FEDORA-2015-6417/dpkg-1.16.16-1.fc20
6 https://admin.fedoraproject.org/updates/FEDORA-2015-6621/xulrunner-37.0.2-1.fc20,firefox-37.0.2-1.fc20
6 https://admin.fedoraproject.org/updates/FEDORA-2015-6583/xen-4.3.4-3.fc20
6 https://admin.fedoraproject.org/updates/FEDORA-2015-6573/qt3-3.3.8b-63.fc20
4 https://admin.fedoraproject.org/updates/FEDORA-2015-6401/proftpd-1.3.4e-3.fc20
4 https://admin.fedoraproject.org/updates/FEDORA-2015-6815/ikiwiki-3.20150329-1.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2015-6908/v8-3.14.5.10-18.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2015-6933/testdisk-7.0-2.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2015-6862/springframework-3.1.4-3.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2015-6891/async-http-client-1.7.22-2.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2015-6952/wpa_supplicant-2.0-13.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-7057/pdns-3.3.1-3.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-7079/pdns-recursor-3.7.2-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-6790/wordpress-4.2.1-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-7159/dovecot-2.2.16-2.fc20
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
66 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20
11 https://admin.fedoraproject.org/updates/FEDORA-2015-6317/python-slip-0.6.1-1.fc20
11 https://admin.fedoraproject.org/updates/FEDORA-2015-6333/linux-firmware-20150410-47.gitec89525b.fc20
11 https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6.fc20
7 https://admin.fedoraproject.org/updates/FEDORA-2015-6418/lua-socket-3.0-0.7rc1.fc20
6 https://admin.fedoraproject.org/updates/FEDORA-2015-6586/crda-1.1.3_2015.04.06-1.fc20
6 https://admin.fedoraproject.org/updates/FEDORA-2015-6627/mobile-broadband-provider-info-1.20150421git-1.fc20
6 https://admin.fedoraproject.org/updates/FEDORA-2015-6621/xulrunner-37.0.2-1.fc20,firefox-37.0.2-1.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2015-6928/pcre-8.33-10.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2015-6952/wpa_supplicant-2.0-13.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-7065/ibus-1.5.10-3.fc20
The following builds have been pushed to Fedora 20 updates-testing
devscripts-2.15.4-1.fc20
docker-io-1.6.0-0.2.rc6.fc20
dovecot-2.2.16-2.fc20
flxmlrpc-0.1.3-1.fc20
libbluedevil-2.1-3.fc20
lnst-8-1.fc20
nut-2.7.3-2.fc20
perl-Tangerine-0.15-1.fc20
php-horde-Horde-Imap-Client-2.28.0-1.fc20
python-fedmsg-meta-fedora-infrastructure-0.5.2-1.fc20
tangerine-0.16-1.fc20
tzdata-2015d-1.fc20
wordpress-4.2.1-1.fc20
xpra-0.14.22-4.fc20
Details about builds:
================================================================================
devscripts-2.15.4-1.fc20 (FEDORA-2015-7110)
Scripts for Debian Package maintainers
--------------------------------------------------------------------------------
Update Information:
Update to version 2.15.4, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.4_changelog for details.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 28 2015 Sandro Mani <manisandro at gmail.com> - 2.15.4-1
- Update to 2.15.4
--------------------------------------------------------------------------------
================================================================================
docker-io-1.6.0-0.2.rc6.fc20 (FEDORA-2015-7160)
Automates deployment of containerized applications
--------------------------------------------------------------------------------
Update Information:
Obsolete docker-io-pkg-devel < 1.6.0-1
build @rhatdan/fedora-1.6 commit#b27feb4
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 28 2015 jchaloup <jchaloup at redhat.com> - 1.6.0-0.2.rc6
- Obsolete docker-io-pkg-devel < 1.6.0-1
- Update a list of provides of devel subpackage
resolves: #1215912
* Wed Apr 15 2015 Lokesh Mandvekar <lsm5 at fedoraproject.org> - 1.6.0-0.1.rc6
- build @rhatdan/fedora-1.6 commit#b27feb4
- moved GOTRACEBACK=crash to unitfile
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1215912 - docker-io-pkg-devel conflicts with docker-io-devel
https://bugzilla.redhat.com/show_bug.cgi?id=1215912
--------------------------------------------------------------------------------
================================================================================
dovecot-2.2.16-2.fc20 (FEDORA-2015-7159)
Secure imap and pop3 server
--------------------------------------------------------------------------------
Update Information:
fixes CVE-2015-3420: SSL/TLS handshake failures leading to a crash of the login process
- dovecot updated to 2.2.16
- auth: Don't crash if master user login is attempted without
any configured master=yes passdbs
- Parsing UTF-8 text for mails could have caused broken results
sometimes if buffering was split in the middle of a UTF-8 character.
This affected at least searching messages.
- String sanitization for some logged output wasn't done properly:
UTF-8 text could have been truncated wrongly or the truncation may
not have happened at all.
- fts-lucene: Lookups from virtual mailbox consisting of over 32
physical mailboxes could have caused crashes.
- dovecot updated to 2.2.16
- auth: Don't crash if master user login is attempted without
any configured master=yes passdbs
- Parsing UTF-8 text for mails could have caused broken results
sometimes if buffering was split in the middle of a UTF-8 character.
This affected at least searching messages.
- String sanitization for some logged output wasn't done properly:
UTF-8 text could have been truncated wrongly or the truncation may
not have happened at all.
- fts-lucene: Lookups from virtual mailbox consisting of over 32
physical mailboxes could have caused crashes.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 28 2015 Michal Hlavinka <mhlavink at redhat.com> - 1:2.2.16-2
- fix CVE-2015-3420: SSL/TLS handshake failures leading to a crash of the login process
* Mon Mar 16 2015 Michal Hlavinka <mhlavink at redhat.com> - 1:2.2.16-1
- dovecot updated to 2.2.16
- auth: Don't crash if master user login is attempted without
any configured master=yes passdbs
- Parsing UTF-8 text for mails could have caused broken results
sometimes if buffering was split in the middle of a UTF-8 character.
This affected at least searching messages.
- String sanitization for some logged output wasn't done properly:
UTF-8 text could have been truncated wrongly or the truncation may
not have happened at all.
- fts-lucene: Lookups from virtual mailbox consisting of over 32
physical mailboxes could have caused crashes.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1216057 - CVE-2015-3420 dovecot: SSL/TLS handshake failures leading to a crash of the login process.
https://bugzilla.redhat.com/show_bug.cgi?id=1216057
--------------------------------------------------------------------------------
================================================================================
flxmlrpc-0.1.3-1.fc20 (FEDORA-2015-7109)
An xmlrpc library for the NBEMS suite of programs
--------------------------------------------------------------------------------
Update Information:
Initial import (#1214467).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1214467 - Review Request: flxmlrpc - An xmlrpc library for the NBEMS suite of programs
https://bugzilla.redhat.com/show_bug.cgi?id=1214467
--------------------------------------------------------------------------------
================================================================================
libbluedevil-2.1-3.fc20 (FEDORA-2015-7114)
A Qt wrapper for bluez
--------------------------------------------------------------------------------
Update Information:
Pull in upstream crash fix when resuming from suspend, see http://bugs.kde.org/346329
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 28 2015 Rex Dieter <rdieter at fedoraproject.org> 2.1-3
- kded4 crash when resume from suspend (kde#346329)
* Tue Feb 3 2015 Rex Dieter <rdieter at fedoraproject.org> 2.1-2
- pull in upstream fix for abi break (introduced in 2.1)
--------------------------------------------------------------------------------
================================================================================
lnst-8-1.fc20 (FEDORA-2015-7124)
Common code for lnst-ctl and lnst-slave
--------------------------------------------------------------------------------
Update Information:
- Updating to stable release 8
- Fixed subpackages dependencies
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 27 2015 Jiri Pirko <jpirko at redhat.com> - 8-1
- Updating to stable release 8
- Fixed subpackages dependencies
--------------------------------------------------------------------------------
================================================================================
nut-2.7.3-2.fc20 (FEDORA-2015-7117)
Network UPS Tools
--------------------------------------------------------------------------------
Update Information:
- support for new devices
- usbhid-ups: add support for OpenUPS2 (PID: D005), Liebert GXT3 (PID: 0008)
APC AP9584 Serial->USB kit (PID: 0000), and some Powercom models
(PID: 0001). Fixed scaling for Cyberpower 0764:0501.
- USB core: do not call usb_set_altinterface(0) by default
- nutdrv_qx: added fabula, fuji USB and Voltronic-QS-HEX subdrivers; add bestups subdriver to supersede the old standalone bestups driver
- NUT Monitor: added FreeDesktop AppData file (including screenshots)
- renamed udev rules file to 62-nut-usbups.rules (permissions fix)
- all drivers: a new 'synchronous' driver flag is available for very verbose units, such as some ePDUs
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 28 2015 Michal Hlavinka <mhlavink at redhat.com> - 2.7.3-2
- start nut driver before the daemon
* Thu Apr 23 2015 Michal Hlavinka <mhlavink at redhat.com> - 2.7.3-1
- nut updated to 2.7.3
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.7.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.7.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1215801 - problem in nut-server.service in version 2.7.3
https://bugzilla.redhat.com/show_bug.cgi?id=1215801
--------------------------------------------------------------------------------
================================================================================
perl-Tangerine-0.15-1.fc20 (FEDORA-2015-7146)
Analyse perl files and report module-related information
--------------------------------------------------------------------------------
Update Information:
This update introduces, together with other improvements and bugfixes, support for parallel processing (the `-j' option) and diffs (the `-d' option).
Note this update also splits the `tangerine' utility into its own package.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 27 2015 Petr Šabata <contyk at redhat.com> - 0.15-1
- 0.15 bump
- The utility is now provided by a separate distribution/package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1215296 - perl-Tangerine-0.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1215296
[ 2 ] Bug #1215575 - Review Request: tangerine - Perl dependency metadata tool
https://bugzilla.redhat.com/show_bug.cgi?id=1215575
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Imap-Client-2.28.0-1.fc20 (FEDORA-2015-7158)
Horde IMAP abstraction interface
--------------------------------------------------------------------------------
Update Information:
**Horde_Imap_Client 2.28.0**
* [mms] Fix parsing mailbox name from STATUS response on servers that have the UTF8 extension enabled.
* [jan] Fix searching with non-ASCII strings in AND/OR-combined searches.
* [jan] Fix issues with certain locales like Turkish.
* [mms] Pipeline ID command with other commands, if possible.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 28 2015 Remi Collet <remi at fedoraproject.org> - 2.28.0-1
- Update to 2.28.0
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-meta-fedora-infrastructure-0.5.2-1.fc20 (FEDORA-2015-7111)
Metadata providers for Fedora Infrastructure's fedmsg deployment
--------------------------------------------------------------------------------
Update Information:
New FAF processor \(thanks @mbrysa!\) and a bugfix to the planet processor.
New zanata processor. Fixes to anitya processor.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 28 2015 Ralph Bean <rbean at redhat.com> - 0.5.2-1
- new version
* Thu Apr 23 2015 Ralph Bean <rbean at redhat.com> - 0.5.1-1
- new version
* Thu Apr 23 2015 Ralph Bean <rbean at redhat.com> - 0.5.0-1
- new version
--------------------------------------------------------------------------------
================================================================================
tangerine-0.16-1.fc20 (FEDORA-2015-7146)
Perl dependency metadata tool
--------------------------------------------------------------------------------
Update Information:
This update introduces, together with other improvements and bugfixes, support for parallel processing (the `-j' option) and diffs (the `-d' option).
Note this update also splits the `tangerine' utility into its own package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1215296 - perl-Tangerine-0.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1215296
[ 2 ] Bug #1215575 - Review Request: tangerine - Perl dependency metadata tool
https://bugzilla.redhat.com/show_bug.cgi?id=1215575
--------------------------------------------------------------------------------
================================================================================
tzdata-2015d-1.fc20 (FEDORA-2015-7103)
Timezone data
--------------------------------------------------------------------------------
Update Information:
Rebase to 2015
- Egypt will not observe DST in 2015 and will consider canceling it permanently. For now, assume no DST indefinitely.
- The abbreviations for Hawaii-Aleutian standard and daylight times have been changed from HAST/HADT to HST/HDT, as per US Government Printing Office style. This affects only America/Adak since 1983, as America/Honolulu was already using the new style.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 27 2015 Patsy Franklin <pfrankli at redhat.com> - 2015d-1
- Rebase to 2015d
- Egypt will not observe DST in 2015 and will consider canceling it
permanently. For now, assume no DST indefinitely.
- The abbreviations for Hawaii-Aleutian standard and daylight times
have been changed from HAST/HADT to HST/HDT, as per US Government
Printing Office style. This affects only America/Adak since 1983,
as America/Honolulu was already using the new style.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1215298 - tzdata-2015d is available
https://bugzilla.redhat.com/show_bug.cgi?id=1215298
--------------------------------------------------------------------------------
================================================================================
wordpress-4.2.1-1.fc20 (FEDORA-2015-6790)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 4.2 “Powell” **
* Upstream announcement https://wordpress.org/news/2015/04/powell/
**WordPress 4.2.1 Security Release**
* Upstream announcement https://wordpress.org/news/2015/04/wordpress-4-2-1/
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 28 2015 Remi Collet <remi at fedoraproject.org> - 4.2.1-1
- WordPress 4.2.1 Security Release
- WordPress 4.2 “Powell”
* Fri Apr 24 2015 Remi Collet <remi at fedoraproject.org> - 4.1.3-1
- WordPress 4.1.3 Maintenance Release
* Thu Apr 23 2015 Remi Collet <remi at fedoraproject.org> - 4.1.2-1
- WordPress 4.1.2 Security Release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1214650 - wordpress: several vulnerabilities fixed in Wordpress 4.1.2
https://bugzilla.redhat.com/show_bug.cgi?id=1214650
[ 2 ] Bug #1216069 - wordpress: stored XSS via long comments
https://bugzilla.redhat.com/show_bug.cgi?id=1216069
--------------------------------------------------------------------------------
================================================================================
xpra-0.14.22-4.fc20 (FEDORA-2015-7136)
Remote display server for applications and desktops
--------------------------------------------------------------------------------
Update Information:
Update to 0.14.22 (various bug fixes). Add patch to remove reference to the xorg void driver in xorg.conf (BZ #1215527).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1215527 - Drop usage of xorg-x11-drv-void in xpra's xorg.conf
https://bugzilla.redhat.com/show_bug.cgi?id=1215527
[ 2 ] Bug #1210752 - xpra-0.14.22 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1210752
[ 3 ] Bug #1206914 - Package should contain an AppData file
https://bugzilla.redhat.com/show_bug.cgi?id=1206914
--------------------------------------------------------------------------------
More information about the test
mailing list