The following Fedora 21 Security updates need testing:
Age URL
128
https://admin.fedoraproject.org/updates/FEDORA-2015-0264/gcab-0.4-7.fc21
104
https://admin.fedoraproject.org/updates/FEDORA-2015-1467/openstack-glance...
49
https://admin.fedoraproject.org/updates/FEDORA-2015-4689/quassel-0.11.0-2...
35
https://admin.fedoraproject.org/updates/FEDORA-2015-5929/qpid-cpp-0.32-1....
34
https://admin.fedoraproject.org/updates/FEDORA-2015-6005/asterisk-11.17.1...
16
https://admin.fedoraproject.org/updates/FEDORA-2015-7089/dovecot-2.2.16-2...
15
https://admin.fedoraproject.org/updates/FEDORA-2015-7216/libarchive-3.1.2...
15
https://admin.fedoraproject.org/updates/FEDORA-2015-7242/389-ds-base-1.3....
13
https://admin.fedoraproject.org/updates/FEDORA-2015-7326/drupal7-views-3....
13
https://admin.fedoraproject.org/updates/FEDORA-2015-7288/libtasn1-4.5-1.fc21
4
https://admin.fedoraproject.org/updates/FEDORA-2015-7878/krb5-1.12.2-17.fc21
4
https://admin.fedoraproject.org/updates/FEDORA-2015-7886/suricata-2.0.8-1...
4
https://admin.fedoraproject.org/updates/FEDORA-2015-7687/php-ZendFramewor...
4
https://admin.fedoraproject.org/updates/FEDORA-2015-6808/wordpress-4.2.2-...
2
https://admin.fedoraproject.org/updates/FEDORA-2015-8040/LibRaw-0.16.1-6....
2
https://admin.fedoraproject.org/updates/FEDORA-2015-8087/mingw-LibRaw-0.1...
2
https://admin.fedoraproject.org/updates/FEDORA-2015-7623/NetworkManager-0...
1
https://admin.fedoraproject.org/updates/FEDORA-2015-8170/rawstudio-2.1-0....
1
https://admin.fedoraproject.org/updates/FEDORA-2015-8168/cabal-install-1....
0
https://admin.fedoraproject.org/updates/FEDORA-2015-8270/xen-4.4.2-4.fc21
0
https://admin.fedoraproject.org/updates/FEDORA-2015-8267/phpMyAdmin-4.4.6...
0
https://admin.fedoraproject.org/updates/FEDORA-2015-8264/java-1.8.0-openj...
0
https://admin.fedoraproject.org/updates/FEDORA-2015-8249/qemu-2.1.3-7.fc21
The following Fedora 21 Critical Path updates have yet to be approved:
Age URL
13
https://admin.fedoraproject.org/updates/FEDORA-2015-7062/ibus-1.5.10-4.fc21
4
https://admin.fedoraproject.org/updates/FEDORA-2015-7878/krb5-1.12.2-17.fc21
4
https://admin.fedoraproject.org/updates/FEDORA-2015-7864/pyparted-3.10.4-...
2
https://admin.fedoraproject.org/updates/FEDORA-2015-8045/libnl3-3.2.25-6....
2
https://admin.fedoraproject.org/updates/FEDORA-2015-8055/lua-socket-3.0-0...
2
https://admin.fedoraproject.org/updates/FEDORA-2015-7623/NetworkManager-0...
0
https://admin.fedoraproject.org/updates/FEDORA-2015-8276/gtk2-2.24.28-1.fc21
0
https://admin.fedoraproject.org/updates/FEDORA-2015-8246/dbus-1.8.18-1.fc21
0
https://admin.fedoraproject.org/updates/FEDORA-2015-8269/pcre-8.35-11.fc21
0
https://admin.fedoraproject.org/updates/FEDORA-2015-8242/coreutils-8.22-2...
0
https://admin.fedoraproject.org/updates/FEDORA-2015-8262/createrepo_c-0.8...
0
https://admin.fedoraproject.org/updates/FEDORA-2015-8277/man-db-2.6.7.1-1...
0
https://admin.fedoraproject.org/updates/FEDORA-2015-8272/libcap-ng-0.7.5-...
0
https://admin.fedoraproject.org/updates/FEDORA-2015-8256/libseccomp-2.2.1...
The following builds have been pushed to Fedora 21 updates-testing
burp-1.4.36-5.fc21
coreutils-8.22-22.fc21
createrepo_c-0.8.2-1.fc21
dbus-1.8.18-1.fc21
fillets-ng-1.0.1-7.fc21
fillets-ng-data-1.0.1-2.fc21
gtk2-2.24.28-1.fc21
java-1.8.0-openjdk-1.8.0.45-38.b14.fc21
libcap-ng-0.7.5-2.fc21
libseccomp-2.2.1-0.fc21
man-db-2.6.7.1-14.fc21
mbedtls-1.3.10-1.fc21
mock-1.2.9-1.fc21
pcre-8.35-11.fc21
perl-Parse-Debian-Packages-0.03-2.fc21
perl-Tangerine-0.16-1.fc21
perl-Test-Strict-0.27-1.fc21
php-seld-cli-prompt-1.0.0-1.fc21
php-seld-phar-utils-1.0.0-1.fc21
phpMyAdmin-4.4.6.1-1.fc21
python-geoip-geolite2-2015.0303-3.fc21
python-sphinx_rtd_theme-0.1.8-1.fc21
qemu-2.1.3-7.fc21
rubygem-webkit-gtk-2.2.5-1.fc21
simple-scan-3.14.3.1-1.fc21
taskd-1.1.0-1.fc21
xen-4.4.2-4.fc21
Details about builds:
================================================================================
burp-1.4.36-5.fc21 (FEDORA-2015-8250)
A network-based backup and restore program
--------------------------------------------------------------------------------
Update Information:
Burp - A network backup and restore program
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1186819 - Review Request: burp - Network backup / restore program
https://bugzilla.redhat.com/show_bug.cgi?id=1186819
--------------------------------------------------------------------------------
================================================================================
coreutils-8.22-22.fc21 (FEDORA-2015-8242)
A set of basic GNU tools commonly used in shell scripts
--------------------------------------------------------------------------------
Update Information:
- sort - fix buffer overflow in some case conversions - patch by Pádraig Brady
- Adjust LS_COLORS in 256 color mode; brighten some, remove hardlink colors (#1196642)
- Drop large ancient docs
- have the LC_TIME subdirs with lang macro (#1169027)
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 14 2015 Kamil Dudka <kdudka(a)redhat.com> - 8.22-22
- sort - fix buffer overflow in some case conversions
- patch by Pádraig Brady
- Adjust LS_COLORS in 256 color mode; brighten some, remove hardlink colors (#1196642)
- Drop large ancient docs
- have the LC_TIME subdirs with lang macro (#1169027)
* Thu Oct 23 2014 Adam Williamson <awilliam(a)redhat.com> - 8.22-21
- revert -20 change: turns out there's a better fix elsewhere
* Thu Oct 23 2014 Adam Williamson <awilliam(a)redhat.com> - 8.22-20
- disable openssl support for now due to dep issues (#1156198)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1196642 - DIR_COLORS.256color ls colors hard to read with white and dark gray
background
https://bugzilla.redhat.com/show_bug.cgi?id=1196642
[ 2 ] Bug #1169027 - missing %lang info for LC_TIME locale subdirs
https://bugzilla.redhat.com/show_bug.cgi?id=1169027
--------------------------------------------------------------------------------
================================================================================
createrepo_c-0.8.2-1.fc21 (FEDORA-2015-8262)
Creates a common metadata repository
--------------------------------------------------------------------------------
Update Information:
Update to 0.8.2
Replace g_error() with g_critical() (RhBug: 1162102)
Update to 0.7.1
Update to 0.7.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 14 2015 Tomas Mlcoch <tmlcoch at redhat.com> - 0.8.2-1
- doc: Add man pages for sqliterepo and update manpages for other tools
- mergerepo: Work only with noarch packages if --koji is used and
no archlist is specified
- mergerepo: Use file:// protocol in local baseurl
- mergerepo: Do not include baseurl for first repo if --koji is specified (RhBug:
1220082)
- mergerepo_c: Support multilib arch for --koji repos
- mergerepo_c: Refactoring
- Print debug message with version in each tool when --verbose is used
- modifyrepo: Don't override file with itself (RhBug: 1215229)
* Wed May 6 2015 Tomas Mlcoch <tmlcoch at redhat.com> - 0.8.1-1
- Fix bash completion for RHEL 6
* Tue May 5 2015 Tomas Mlcoch <tmlcoch at redhat.com> - 0.8.0-1
- New tool Sqliterepo_c - It generates sqlite databases into repos
where the sqlite is missing.
- Internal refactoring and code cleanup
* Fri Feb 20 2015 Tomas Mlcoch <tmlcoch at redhat.com> - 0.7.7-1
- Proper directory for temporary files when --local-sqlite is used (Issue #12)
- Bring bash completion install dir and filenames up to date with current bash-completion
* Thu Jan 8 2015 Tomas Mlcoch <tmlcoch at redhat.com> - 0.7.6-1
- Python: Add __contains__ method to Repomd() class
* Sun Dec 28 2014 Tomas Mlcoch <tmlcoch at redhat.com> - 0.7.5-1
- Python repomd: Support for iteration and indexing by type - e.g. record =
repomd['primary']
- Show warning if an XML parser probably parsed a bad type of medata (New XML parser
warning type CR_XML_WARNING_BADMDTYPE)
- drpm library: Explicitly try to locate libdrpm.so.0
- deltarpms: Don't show options for delta rpms if support is not available
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1162102 - [abrt] createrepo_c: cr_parse_repomd(): mergerepo_c killed by
SIGTRAP
https://bugzilla.redhat.com/show_bug.cgi?id=1162102
--------------------------------------------------------------------------------
================================================================================
dbus-1.8.18-1.fc21 (FEDORA-2015-8246)
D-BUS message bus
--------------------------------------------------------------------------------
Update Information:
Update to 1.8.18
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 14 2015 David King <amigadave(a)amigadave.com> - 1:1.8.18-1
- Update to 1.8.18
--------------------------------------------------------------------------------
================================================================================
fillets-ng-1.0.1-7.fc21 (FEDORA-2015-7739)
Fish Fillets Next Generation, a puzzle game with 70 levels
--------------------------------------------------------------------------------
Update Information:
Fix start up failure
Remove bundled fonts
Bring data packade up to date
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 8 2015 Bruno Wolff III <bruno(a)wolff.to> = 1.0.1-7
- The lua 5.2 patch wasn't working, switch to using compat version for 5.1
* Sat May 2 2015 Kalev Lember <kalevlember(a)gmail.com> - 1.0.1-6
- Rebuilt for GCC 5 C++11 ABI change
* Thu Mar 26 2015 Richard Hughes <rhughes(a)redhat.com> - 1.0.1-5
- Add an AppData file for the software center
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1084250 - fillets-ng fails to start
https://bugzilla.redhat.com/show_bug.cgi?id=1084250
[ 2 ] Bug #1220008 - Fonts are incorrectly included in the package
https://bugzilla.redhat.com/show_bug.cgi?id=1220008
--------------------------------------------------------------------------------
================================================================================
fillets-ng-data-1.0.1-2.fc21 (FEDORA-2015-7739)
Game data files for Fish Fillets Next Generation
--------------------------------------------------------------------------------
Update Information:
Fix start up failure
Remove bundled fonts
Bring data packade up to date
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 9 2015 Bruno Wolff III <bruno(a)wolff.to> - 1.0.1-2
- Fix files being listed twice by the spec file
- Use proper fonts
* Fri May 8 2015 Bruno Wolff III <bruno(a)wolff.to> - 1.0.1-1
- Update to latest release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1084250 - fillets-ng fails to start
https://bugzilla.redhat.com/show_bug.cgi?id=1084250
[ 2 ] Bug #1220008 - Fonts are incorrectly included in the package
https://bugzilla.redhat.com/show_bug.cgi?id=1220008
--------------------------------------------------------------------------------
================================================================================
gtk2-2.24.28-1.fc21 (FEDORA-2015-8276)
The GIMP ToolKit (GTK+), a library for creating GUIs for X
--------------------------------------------------------------------------------
Update Information:
A gtk2 update which contains a small number of bug fixes:
* 693738 gtk print dialog shows "Getting printer information failed"...
* 746064 "sticky" window state reported wrongly on X11
* 746269 Segfault in gtk_tree_view_move_cursor_page_up_down
* 748014 W32: Tilting mousewheel left/right does not scroll horizontally
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2015 Matthias Clasen <mclasen(a)redhat.com> - 2.24.28-1
- Update to 2.24.28
--------------------------------------------------------------------------------
================================================================================
java-1.8.0-openjdk-1.8.0.45-38.b14.fc21 (FEDORA-2015-8264)
OpenJDK Runtime Environment
--------------------------------------------------------------------------------
Update Information:
updated to 8u45-b14. fixes rhbz#1123870
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2015 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.45-35.b14
- updated to 8u45-b14 with hope to fix rhbz#1123870
- sync with f22
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1123870 - CVE-2015-0383 OpenJDK: insecure hsperfdata temporary file handling
(Hotspot, 8050807)
https://bugzilla.redhat.com/show_bug.cgi?id=1123870
--------------------------------------------------------------------------------
================================================================================
libcap-ng-0.7.5-2.fc21 (FEDORA-2015-8272)
An alternate posix capabilities library
--------------------------------------------------------------------------------
Update Information:
Updated to support newer kernels.
Updated to support newer kernels.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2015 Steve Grubb <sgrubb(a)redhat.com> 0.7.5-2
- Don't leak file descriptor
* Thu May 7 2015 Steve Grubb <sgrubb(a)redhat.com> 0.7.5-1
- New upstream release
--------------------------------------------------------------------------------
================================================================================
libseccomp-2.2.1-0.fc21 (FEDORA-2015-8256)
Enhanced seccomp library
--------------------------------------------------------------------------------
Update Information:
New upstream version
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2015 Paul Moore <pmoore(a)redhat.com> - 2.2.1-0
- New upstream version
- Added aarch64 support
- Added a static build
- Fully builds on i686, x86_64, and armv7hl (RHBZ #1106071)
--------------------------------------------------------------------------------
================================================================================
man-db-2.6.7.1-14.fc21 (FEDORA-2015-8277)
Tools for searching and reading man pages
--------------------------------------------------------------------------------
Update Information:
Fix buildroot construction for packages that pull this in via BuildRequires
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2015 Cole Robinson <crobinso(a)redhat.com> 2.6.7.1-14
- Test for /run/systemd to detect systemd state rather than invoking
rpm in % pre - it is not really supported by rpm.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1220938 - calling rpm in %pre breaks buildroot construction
https://bugzilla.redhat.com/show_bug.cgi?id=1220938
--------------------------------------------------------------------------------
================================================================================
mbedtls-1.3.10-1.fc21 (FEDORA-2015-8245)
Light-weight cryptographic and SSL/TLS library
--------------------------------------------------------------------------------
Update Information:
As of Nov 2014, polarssl has been acquired by ARM Inc.[1][2], then the name was changed to
mbedtls.
This is the initial mbedtls package for Fedora.
[1]
https://polarssl.org/tech-updates/blog/polarssl-part-of-arm
[2]
http://community.arm.com/groups/internet-of-things/blog/2015/02/09/polars...
--------------------------------------------------------------------------------
================================================================================
mock-1.2.9-1.fc21 (FEDORA-2015-8253)
Builds packages inside chroots
--------------------------------------------------------------------------------
Update Information:
Fix regression in mockchain. New plugin pm_request.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2015 Miroslav Suchý <msuchy(a)redhat.com> - 1.2.9-1
- scm: do not keep copy of environ, this is now handled by uidmanager [RHBZ#1204395]
- Add pm_request plugin
- Drop lvm2-python-libs requires and enable lvm subpackage on el6
- Use lvs instead of lvm python bindings
- Unshare IPC ns only for chroot processes
- Add missing flush in logOutput
- Avoid infinite recursion in selinux plugin
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1204395 - mock-scm not using SSH_AUTH_SOCK environment variable
https://bugzilla.redhat.com/show_bug.cgi?id=1204395
--------------------------------------------------------------------------------
================================================================================
pcre-8.35-11.fc21 (FEDORA-2015-8269)
Perl-compatible regular expression library
--------------------------------------------------------------------------------
Update Information:
This release updates patch for bug #1210383 to allow building pcre without UTF support.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 14 2015 Petr Pisar <ppisar(a)redhat.com> - 8.35-11
- Amend Fix-memory-bug-for-S-V-H-compile patch to allow building with disabled
UTF support (bug #1210383)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1210383 - Crash when compiling /[\\S\\V\\H]/8
https://bugzilla.redhat.com/show_bug.cgi?id=1210383
--------------------------------------------------------------------------------
================================================================================
perl-Parse-Debian-Packages-0.03-2.fc21 (FEDORA-2015-8260)
Parse the data from a Debian Packages.gz
--------------------------------------------------------------------------------
Update Information:
New package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1168260 - Review Request: perl-Parse-Debian-Packages - Parse the data from a
debian Packages.gz
https://bugzilla.redhat.com/show_bug.cgi?id=1168260
--------------------------------------------------------------------------------
================================================================================
perl-Tangerine-0.16-1.fc21 (FEDORA-2015-8273)
Analyse perl files and report module-related information
--------------------------------------------------------------------------------
Update Information:
Module names consisting solely of digits are also valid. Don't ignore them.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 14 2015 Petr Šabata <contyk(a)redhat.com> - 0.16-1
- 0.16 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1221422 - perl-Tangerine-0.16 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1221422
--------------------------------------------------------------------------------
================================================================================
perl-Test-Strict-0.27-1.fc21 (FEDORA-2015-8254)
Check syntax, presence of use strict/warnings, and test coverage
--------------------------------------------------------------------------------
Update Information:
Introduce support for -t and -w switches.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 14 2015 Petr Šabata <contyk(a)redhat.com> - 0.27-1
- 0.27 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1211045 - perl-Test-Strict-0.27 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1211045
--------------------------------------------------------------------------------
================================================================================
php-seld-cli-prompt-1.0.0-1.fc21 (FEDORA-2015-8244)
Allows you to prompt for user input on the command line
--------------------------------------------------------------------------------
Update Information:
While prompting for user input using fgets() is quite easy, sometimes you need to prompt
for sensitive information. In these cases, the characters typed in by the user should not
be directly visible, and this is quite a pain to do in a cross-platform way.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1218089 - Review Request: php-seld-cli-prompt - Allows you to prompt for
user input on the command line
https://bugzilla.redhat.com/show_bug.cgi?id=1218089
--------------------------------------------------------------------------------
================================================================================
php-seld-phar-utils-1.0.0-1.fc21 (FEDORA-2015-8271)
PHAR file format utilities
--------------------------------------------------------------------------------
Update Information:
PHAR file format utilities, for when PHP phars you up.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1218090 - Review Request: php-seld-phar-utils - PHAR file format utilities
https://bugzilla.redhat.com/show_bug.cgi?id=1218090
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-4.4.6.1-1.fc21 (FEDORA-2015-8267)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.4.6.1 (2015-05-13)
===============================
- [security] CSRF vulnerability in setup
- [security] Vulnerability allowing man-in-the-middle attack
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 14 2015 Robert Scheck <robert(a)fedoraproject.org> 4.4.6.1-1
- Upgrade to 4.4.6.1 (#1221418, #1221580, #1221581)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1221580 - CVE-2015-3902 phpMyAdmin: XSRF/CSRF vulnerability in phpMyAdmin
setup
https://bugzilla.redhat.com/show_bug.cgi?id=1221580
[ 2 ] Bug #1221581 - CVE-2015-3903 phpMyAdmin: Vulnerability allowing man-in-the-middle
attack on API call to GitHub
https://bugzilla.redhat.com/show_bug.cgi?id=1221581
--------------------------------------------------------------------------------
================================================================================
python-geoip-geolite2-2015.0303-3.fc21 (FEDORA-2015-8275)
GeoIP database access for Python under a BSD license
--------------------------------------------------------------------------------
Update Information:
2015.0303-3
--------------------------------------------------------------------------------
================================================================================
python-sphinx_rtd_theme-0.1.8-1.fc21 (FEDORA-2015-8259)
Sphinx theme for
readthedocs.org
--------------------------------------------------------------------------------
Update Information:
Upstream notes on this release:
- Add support for Sphinx 1.3
- Add sidebar headers for :caption: in Sphinx toctree
- Clean up sidebar scrolling behavior so it never scrolls out of view
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2015 Jerry James <loganjerry(a)gmail.com> - 0.1.8-1
- New upstream version
- Unbundle the Lato fonts
--------------------------------------------------------------------------------
================================================================================
qemu-2.1.3-7.fc21 (FEDORA-2015-8249)
QEMU is a FAST! processor emulator
--------------------------------------------------------------------------------
Update Information:
* CVE-2015-3456: (VENOM) fdc: out-of-bounds fifo buffer memory access (bz #1221152)
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2015 Cole Robinson <crobinso(a)redhat.com> - 2:2.1.3-7
- CVE-2015-3456: (VENOM) fdc: out-of-bounds fifo buffer memory access (bz
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1218611 - CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access
https://bugzilla.redhat.com/show_bug.cgi?id=1218611
--------------------------------------------------------------------------------
================================================================================
rubygem-webkit-gtk-2.2.5-1.fc21 (FEDORA-2015-8241)
Ruby binding of WebKitGTK+ using GTK3
--------------------------------------------------------------------------------
Update Information:
This is a new package.
--------------------------------------------------------------------------------
================================================================================
simple-scan-3.14.3.1-1.fc21 (FEDORA-2015-8263)
Simple scanning utility
--------------------------------------------------------------------------------
Update Information:
Update to 3.14.3.1 (#1221448)
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 14 2015 David King <amigadave(a)amigadave.com> - 3.14.3.1-1
- Update to 3.14.3.1 (#1221448)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1221448 - simple-scan LC_MESSAGES in wrong location
https://bugzilla.redhat.com/show_bug.cgi?id=1221448
--------------------------------------------------------------------------------
================================================================================
taskd-1.1.0-1.fc21 (FEDORA-2015-8240)
Secure server providing multi-user, multi-client access to task data
--------------------------------------------------------------------------------
Update Information:
Latest upstream
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 14 2015 Ralph Bean <rbean(a)redhat.com> - 1.1.0-1
- Latest upstream.
* Sat May 2 2015 Kalev Lember <kalevlember(a)gmail.com> - 1.0.0-11
- Rebuilt for GCC 5 C++11 ABI change
--------------------------------------------------------------------------------
================================================================================
xen-4.4.2-4.fc21 (FEDORA-2015-8270)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2015 Michael Young <m.a.young(a)durham.ac.uk> - 4.4.2-4
- Privilege escalation via emulated floppy disk drive [XSA-133,
CVE-2015-3456] (#1221153)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1218611 - CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access
https://bugzilla.redhat.com/show_bug.cgi?id=1218611
--------------------------------------------------------------------------------