The following Fedora 20 Security updates need testing:
Age URL
101
https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionp...
77
https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-...
77
https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14....
69
https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-...
66
https://admin.fedoraproject.org/updates/FEDORA-2014-17559/mapserver-6.2.2...
63
https://admin.fedoraproject.org/updates/FEDORA-2014-17641/dokuwiki-0-0.23...
47
https://admin.fedoraproject.org/updates/FEDORA-2015-0577/strongswan-5.2.2...
45
https://admin.fedoraproject.org/updates/FEDORA-2015-0633/chicken-4.9.0.1-...
43
https://admin.fedoraproject.org/updates/FEDORA-2015-0773/arc-5.21p-5.fc20
26
https://admin.fedoraproject.org/updates/FEDORA-2015-1165/patch-2.7.4-1.fc20
24
https://admin.fedoraproject.org/updates/FEDORA-2015-1648/lcms-1.19-13.fc20
22
https://admin.fedoraproject.org/updates/FEDORA-2015-1790/fcgi-2.4.0-26.fc20
13
https://admin.fedoraproject.org/updates/FEDORA-2015-2104/drupal7-views-3....
8
https://admin.fedoraproject.org/updates/FEDORA-2015-2382/krb5-1.11.5-18.fc20
8
https://admin.fedoraproject.org/updates/FEDORA-2015-2328/php-5.5.22-1.fc20
7
https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-...
3
https://admin.fedoraproject.org/updates/FEDORA-2015-2548/bind-9.9.4-18.P2...
3
https://admin.fedoraproject.org/updates/FEDORA-2015-2516/e2fsprogs-1.42.1...
3
https://admin.fedoraproject.org/updates/FEDORA-2015-2580/libjpeg-turbo-1....
3
https://admin.fedoraproject.org/updates/FEDORA-2015-2310/nodejs-0.10.36-3...
3
https://admin.fedoraproject.org/updates/FEDORA-2015-2600/echoping-6.1-0.b...
1
https://admin.fedoraproject.org/updates/FEDORA-2015-2736/lftp-4.5.4-3.fc20
1
https://admin.fedoraproject.org/updates/FEDORA-2015-2730/cabextract-1.5-1...
0
https://admin.fedoraproject.org/updates/FEDORA-2015-2830/libpng10-1.0.63-...
0
https://admin.fedoraproject.org/updates/FEDORA-2015-2826/drupal7-entity-1...
0
https://admin.fedoraproject.org/updates/FEDORA-2015-2901/qt3-3.3.8b-62.fc20
0
https://admin.fedoraproject.org/updates/FEDORA-2015-2897/qt-4.8.6-25.fc20
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
11
https://admin.fedoraproject.org/updates/FEDORA-2015-2191/abrt-2.2.2-2.fc2...
8
https://admin.fedoraproject.org/updates/FEDORA-2015-2357/kde-settings-20-...
7
https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-...
1
https://admin.fedoraproject.org/updates/FEDORA-2015-2725/ibus-1.5.10-1.fc20
0
https://admin.fedoraproject.org/updates/FEDORA-2015-2897/qt-4.8.6-25.fc20
The following builds have been pushed to Fedora 20 updates-testing
antimicro-2.11.1-1.fc20
darkhttpd-1.11-1.fc20
golang-github-evanphx-json-patch-0-0.1.gita1ba76c.fc20
inkscape-0.91-2.fc20
libticonv-1.1.4-4.fc20
mate-themes-extras-3.10.5-1.fc20
qt-4.8.6-25.fc20
qt3-3.3.8b-62.fc20
synergy-1.6.2-1.fc20
Details about builds:
================================================================================
antimicro-2.11.1-1.fc20 (FEDORA-2015-2907)
Graphical program used to map keyboard buttons and mouse controls to a gamepad
--------------------------------------------------------------------------------
Update Information:
new upstream release v2.11.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 27 2015 Jeff Backus <jeff.backus(a)gmail.com> - 2.11.1-1
- new upstream release v2.11.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1196447 - antimicro-2.11.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1196447
--------------------------------------------------------------------------------
================================================================================
darkhttpd-1.11-1.fc20 (FEDORA-2015-2896)
A secure, lightweight, fast, single-threaded HTTP/1.1 server
--------------------------------------------------------------------------------
Update Information:
* Call setgroups() before setgid().
== Fedora package ==
* Fix erroneous %post section
* Add mimetype option for users in darkhttpd.sysconfig
* /bin/darkhttpd -> /sbin/darkhttpd
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 17 2015 Christopher Meng <rpm(a)cicku.me> - 1.11-1
- Update to 1.11
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.10-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.10-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1178330 - darkhttpd-1.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1178330
--------------------------------------------------------------------------------
================================================================================
golang-github-evanphx-json-patch-0-0.1.gita1ba76c.fc20 (FEDORA-2015-2904)
A Go library to apply RFC6902 patches to JSON documents
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1196992 - Review Request: golang-github-evanphx-json-patch - A Go library to
apply RFC6902 patches to JSON documents
https://bugzilla.redhat.com/show_bug.cgi?id=1196992
--------------------------------------------------------------------------------
================================================================================
inkscape-0.91-2.fc20 (FEDORA-2015-2906)
Vector-based drawing program using SVG
--------------------------------------------------------------------------------
Update Information:
Latest upstream release, many enhancements and bugfixes.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 30 2015 Jon Ciesla <limburgher(a)gmail.com> - 0.91-2
- Move tutorials into main package, BZ 1187686.
* Thu Jan 29 2015 Jon Ciesla <limburgher(a)gmail.com> - 0.91-1
- Latest upstream.
* Tue Jan 27 2015 Petr Machata <pmachata(a)redhat.com> - 0.48.5-7
- Rebuild for boost 1.57.0
* Fri Jan 23 2015 Marek Kasik <mkasik(a)redhat.com> - 0.48.5-6
- Rebuild (poppler-0.30.0)
- Backport commit "Fix build with poppler 0.29.0 (Bug #1399811)"
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1197336 - Update Fedora 20's Inkscape
https://bugzilla.redhat.com/show_bug.cgi?id=1197336
--------------------------------------------------------------------------------
================================================================================
libticonv-1.1.4-4.fc20 (FEDORA-2015-2894)
Texas Instruments calculators charsets library
--------------------------------------------------------------------------------
Update Information:
Texas Instruments calculators charsets library
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1186494 - Review Request: libticonv - Texas Instruments calculators charsets
library
https://bugzilla.redhat.com/show_bug.cgi?id=1186494
--------------------------------------------------------------------------------
================================================================================
mate-themes-extras-3.10.5-1.fc20 (FEDORA-2015-2887)
Extra gtk-2/3 themes for gtk based desktops
--------------------------------------------------------------------------------
Update Information:
update
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 28 2015 Wolfgang Ulbrich <chat-to-me(a)raveit.de> - 3.10.5.1
- update to 3.14.5 release
--------------------------------------------------------------------------------
================================================================================
qt-4.8.6-25.fc20 (FEDORA-2015-2897)
Qt toolkit
--------------------------------------------------------------------------------
Update Information:
DoS vulnerability in the BMP image handler (CVE-2015-0295)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 27 2015 Rex Dieter <rdieter(a)fedoraproject.org> 1:4.8.6-25
- DoS vulnerability in the BMP image handler (CVE-2015-0295)
* Mon Feb 16 2015 Rex Dieter <rdieter(a)fedoraproject.org> 1:4.8.6-24
- more gcc5 detection fixes, in particular, ensure same QT_BUILD_KEY as gcc4 for now
* Fri Feb 13 2015 Rex Dieter <rdieter(a)fedoraproject.org> - 1:4.8.6-23
- Qt: FTBFS with gcc5 (#1192464)
- Make Adwaita the default theme for applications running in the GNOME DE (#1192453)
* Wed Feb 11 2015 Rex Dieter <rdieter(a)fedoraproject.org> 1:4.8.6-22
- rebuild (gcc5)
* Thu Jan 29 2015 Rex Dieter <rdieter(a)fedoraproject.org> 1:4.8.6-21
- refresh boost/moc patch (QTBUG-22829)
* Sun Jan 18 2015 Rex Dieter <rdieter(a)fedoraproject.org> 1:4.8.6-20
- fix %pre scriptlet (#1183299)
* Sat Jan 17 2015 Rex Dieter <rdieter(a)fedoraproject.org> 1:4.8.6-19
- ship /etc/xdg/qtchooser/4.conf alternative instead (of qt4.conf)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1197273 - CVE-2015-0295 QT: BMP image handler crash
https://bugzilla.redhat.com/show_bug.cgi?id=1197273
--------------------------------------------------------------------------------
================================================================================
qt3-3.3.8b-62.fc20 (FEDORA-2015-2901)
The shared library for the Qt 3 GUI toolkit
--------------------------------------------------------------------------------
Update Information:
This update fixes CVE-2015-0295, a division by zero when loading some specific invalid
BMP/DIB image files, which could be exploited for denial of service (application crash)
attacks. The security patch is backported from Qt 4.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 28 2015 Kevin Kofler <Kevin(a)tigcc.ticalc.org> - 3.3.8b-62
- backport CVE-2015-0295 (BMP image handler DoS, #1197275) fix from Qt 4
* Fri Feb 27 2015 Rex Dieter <rdieter(a)fedoraproject.org> 3.3.8b-61
- rebuild (gcc5)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
3.3.8b-60
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
3.3.8b-59
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1197273 - CVE-2015-0295 QT: BMP image handler crash
https://bugzilla.redhat.com/show_bug.cgi?id=1197273
--------------------------------------------------------------------------------
================================================================================
synergy-1.6.2-1.fc20 (FEDORA-2015-2909)
Share mouse and keyboard between multiple computers over the network
--------------------------------------------------------------------------------
Update Information:
Update to 1.6.2
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 20 2014 Johan Swensson <kupo(a)kupo.se> - 1.6.2-1
- Update to 1.6.2
* Fri Nov 28 2014 Johan Swensson <kupo(a)kupo.se> - 1.6.1-1
- Update to 1.6.1
- BuildRequire avahi-compat-libdns_sd-devel
* Sat Aug 23 2014 Johan Swensson <kupo(a)kupo.se> - 1.5.1-1
- Update to 1.5.1
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.5.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Fri Jul 25 2014 Johan Swensson <kupo(a)kupo.se> - 1.5.0-1
- Update to 1.5.0
- Update source url
- libcurl-devel, qt-devel, cryptopp-devel and desktop-file-utils buildrequired
- unbundle cryptopp
- unbundle gmock and gtest
- include synergy gui
- fix icon path
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.4.10-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 7 2014 Michael Schwendt <mschwendt(a)fedoraproject.org> - 1.4.10-4
- increase synergy-plus obs_ver once more to obsolete the F20 rebuild
* Mon Sep 16 2013 Michael Schwendt <mschwendt(a)fedoraproject.org> - 1.4.10-3
- correct synergy-plus obs_ver
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1044629 - [RFE] Upgrade synergy to 1.5
https://bugzilla.redhat.com/show_bug.cgi?id=1044629
--------------------------------------------------------------------------------