The following Fedora 20 Security updates need testing:
Age URL
79
https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16....
32
https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionp...
31
https://admin.fedoraproject.org/updates/FEDORA-2014-15489/rubygem-sprocke...
17
https://admin.fedoraproject.org/updates/FEDORA-2014-16250/cpio-2.11-28.fc20
16
https://admin.fedoraproject.org/updates/FEDORA-2014-16357/pyxdg-0.25-5.fc20
14
https://admin.fedoraproject.org/updates/FEDORA-2014-16459/gpgme-1.3.2-5.fc20
9
https://admin.fedoraproject.org/updates/FEDORA-2014-16572/links-2.8-4.fc20
9
https://admin.fedoraproject.org/updates/FEDORA-2014-16626/qemu-1.6.2-12.fc20
9
https://admin.fedoraproject.org/updates/FEDORA-2014-16494/mutt-1.5.23-4.fc20
8
https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-...
8
https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14....
8
https://admin.fedoraproject.org/updates/FEDORA-2014-16869/docker-io-1.4.0...
8
https://admin.fedoraproject.org/updates/FEDORA-2014-16854/freetype-2.5.0-...
8
https://admin.fedoraproject.org/updates/FEDORA-2014-16932/libhtp-0.5.6-2....
8
https://admin.fedoraproject.org/updates/FEDORA-2014-16838/rpm-4.11.3-2.fc20
6
https://admin.fedoraproject.org/updates/FEDORA-2014-16964/mpfr-3.1.2-5.fc20
4
https://admin.fedoraproject.org/updates/FEDORA-2014-17067/denyhosts-2.6-2...
3
https://admin.fedoraproject.org/updates/FEDORA-2014-17107/ettercap-0.8.1-...
3
https://admin.fedoraproject.org/updates/FEDORA-2014-16530/nss-util-3.17.3...
3
https://admin.fedoraproject.org/updates/FEDORA-2014-17153/httpd-2.4.10-2....
3
https://admin.fedoraproject.org/updates/FEDORA-2014-17219/seamonkey-2.31-...
3
https://admin.fedoraproject.org/updates/FEDORA-2014-17222/subversion-1.8....
2
https://admin.fedoraproject.org/updates/FEDORA-2014-16349/jasper-1.900.1-...
2
https://admin.fedoraproject.org/updates/FEDORA-2014-17245/mailx-12.5-11.fc20
2
https://admin.fedoraproject.org/updates/FEDORA-2014-17228/mediawiki-1.23....
2
https://admin.fedoraproject.org/updates/FEDORA-2014-17229/php-5.5.20-2.fc20
2
https://admin.fedoraproject.org/updates/FEDORA-2014-17272/ca-certificates...
2
https://admin.fedoraproject.org/updates/FEDORA-2014-17274/mingw-jasper-1....
1
https://admin.fedoraproject.org/updates/FEDORA-2014-17303/libssh-0.6.4-1....
0
https://admin.fedoraproject.org/updates/FEDORA-2014-17415/thermostat-1.0....
0
https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-17461/roundcubemail-1...
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
8
https://admin.fedoraproject.org/updates/FEDORA-2014-16810/ppp-2.4.5-35.fc20
3
https://admin.fedoraproject.org/updates/FEDORA-2014-16530/nss-util-3.17.3...
2
https://admin.fedoraproject.org/updates/FEDORA-2014-17287/btrfs-progs-3.1...
2
https://admin.fedoraproject.org/updates/FEDORA-2014-16705/ibus-1.5.9-8.fc20
2
https://admin.fedoraproject.org/updates/FEDORA-2014-16349/jasper-1.900.1-...
The following builds have been pushed to Fedora 20 updates-testing
4Pane-3.0-5.fc20
aeskulap-0.2.2-0.20beta1.fc20
dcmtk-3.6.1-1.fc20
git-review-1.24-3.fc20
mdds-0.11.2-1.fc20
musique-1.4-1.fc20
nemo-2.4.4-2.fc20
orthanc-0.8.5-2.fc20
owncloud-7.0.4-2.fc20
php-google-apiclient-1.0.6-0.3.beta.fc20
phpMyAdmin-4.3.3-1.fc20
python-tilestache-1.49.11-3.fc20
roundcubemail-1.0.4-2.fc20
rubygem-domain_name-0.5.23-1.fc20
scidavis-1.D8-6.fc20
subsurface-4.3-1.fc20
waffle-1.5.0-1.fc20
Details about builds:
================================================================================
4Pane-3.0-5.fc20 (FEDORA-2014-17438)
Multi-pane, detailed-list file manager
--------------------------------------------------------------------------------
Update Information:
Include man page
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 21 2014 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 3.0-5
- Add man page, appdata (on F-21+)
--------------------------------------------------------------------------------
================================================================================
aeskulap-0.2.2-0.20beta1.fc20 (FEDORA-2014-17089)
A full open source replacement for commercially available DICOM viewers
--------------------------------------------------------------------------------
Update Information:
This upgrade to latest upstream snapshot fixes a setuid vulnerability.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 16 2014 Mario Ceresa <mrceresa AT fedoraproject DOT org> -
0.2.2-0.20beta1
- Bump up for dcmtk rebuild
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.2.2-0.19beta1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.2.2-0.18beta1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1104041 - CVE-2013-6825 dcmtk: possible privilege escalation if setuid()
fails [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1104041
--------------------------------------------------------------------------------
================================================================================
dcmtk-3.6.1-1.fc20 (FEDORA-2014-17089)
Offis DICOM Toolkit (DCMTK)
--------------------------------------------------------------------------------
Update Information:
This upgrade to latest upstream snapshot fixes a setuid vulnerability.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 15 2014 Mario Ceresa <mrceresa AT fedoraproject DOT org> - 3.6.1-1
- Upgraded to new upstream version.
- Various fixes to the specfile
- Fixes CVE-2013-6825 dcmtk: possible privilege escalation if setuid() fails
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
3.6.0-18
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
3.6.0-17
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1104041 - CVE-2013-6825 dcmtk: possible privilege escalation if setuid()
fails [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1104041
--------------------------------------------------------------------------------
================================================================================
git-review-1.24-3.fc20 (FEDORA-2014-17459)
A Git helper for integration with Gerrit
--------------------------------------------------------------------------------
Update Information:
This update corrects an unreadable manpage.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 11 2014 Pete Zaitcev <zaitcev(a)redhat.com> - 1.24-3
- Fix up the man page (#1170410)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1170410 - git-review's man page needs help
https://bugzilla.redhat.com/show_bug.cgi?id=1170410
--------------------------------------------------------------------------------
================================================================================
mdds-0.11.2-1.fc20 (FEDORA-2014-17447)
A collection of multi-dimensional data structures and indexing algorithms
--------------------------------------------------------------------------------
Update Information:
new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 21 2014 David Tardon <dtardon(a)redhat.com> - 0.11.2-1
- new upstream release
--------------------------------------------------------------------------------
================================================================================
musique-1.4-1.fc20 (FEDORA-2014-17446)
A music player designed by and for people that love music
--------------------------------------------------------------------------------
Update Information:
Updated to new upstream version 1.4
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 20 2014 Germán A. Racca <skytux(a)fedoraproject.org> - 1.4-1
- Updated to new upstream version 1.4
- Re-created patch to use system qtsingleapplication
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.3-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Wed Aug 13 2014 Rex Dieter <rdieter(a)fedoraproject.org> 1.3-3
- rebuild (qt/phonon)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
nemo-2.4.4-2.fc20 (FEDORA-2014-17434)
File manager for Cinnamon
--------------------------------------------------------------------------------
Update Information:
- add patch to fix nemo desktop font colour\r\n- raise thunbnail file size limit
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 21 2014 Leigh Scott <leigh123linux(a)googlemail.com> - 2.4.4-2
- add patch to fix nemo desktop font colour
- raise thunbnail file size limit
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1176370 - "Adwaita" default gtk-theme results in incorrect title
bar and desktop icon text colors
https://bugzilla.redhat.com/show_bug.cgi?id=1176370
--------------------------------------------------------------------------------
================================================================================
orthanc-0.8.5-2.fc20 (FEDORA-2014-17089)
RESTful DICOM server for healthcare and medical research
--------------------------------------------------------------------------------
Update Information:
This upgrade to latest upstream snapshot fixes a setuid vulnerability.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 16 2014 Mario Ceresa <mrceresa(a)gmail.com> 0.8.5-2
- Rebuild for dcmtk update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1104041 - CVE-2013-6825 dcmtk: possible privilege escalation if setuid()
fails [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1104041
--------------------------------------------------------------------------------
================================================================================
owncloud-7.0.4-2.fc20 (FEDORA-2014-17441)
Private file sync and share server
--------------------------------------------------------------------------------
Update Information:
This update backports ownCloud support for v1.x of the Google API PHP library (plus some
associated bug fixes) from upstream (it will be a part of the 8.x upstream release
series), and drops ownCloud's bundled copy of the 0.6 version of the library. The
update to the library package itself is a minor one which simply provides a new dependency
according to the packaging guidelines.\r\n\r\nThe 0.6 version of the library is deprecated
and has been for some time, and bundling is to be avoided when possible. There are many
bug fixes in v1.x of the library compared to 0.6, and combined with the bug fixes to
ownCloud's integration code, this update should substantially improve the experience
of using Google Drive as an external storage provider with the Fedora ownCloud packages.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 20 2014 Adam Williamson <awilliam(a)redhat.com> - 7.0.4-2
- backport upstream support for google PHP lib 1.x and unbundle it
* Tue Dec 9 2014 Adam Williamson <awilliam(a)redhat.com> - 7.0.4-1
- new release 7.0.4
--------------------------------------------------------------------------------
================================================================================
php-google-apiclient-1.0.6-0.3.beta.fc20 (FEDORA-2014-17441)
Client library for Google APIs
--------------------------------------------------------------------------------
Update Information:
This update backports ownCloud support for v1.x of the Google API PHP library (plus some
associated bug fixes) from upstream (it will be a part of the 8.x upstream release
series), and drops ownCloud's bundled copy of the 0.6 version of the library. The
update to the library package itself is a minor one which simply provides a new dependency
according to the packaging guidelines.\r\n\r\nThe 0.6 version of the library is deprecated
and has been for some time, and bundling is to be avoided when possible. There are many
bug fixes in v1.x of the library compared to 0.6, and combined with the bug fixes to
ownCloud's integration code, this update should substantially improve the experience
of using Google Drive as an external storage provider with the Fedora ownCloud packages.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 20 2014 Adam Williamson <awilliam(a)redhat.com> - 1.0.6-0.3.beta
- use new ASL 2.0 directory
- add Packagist/Composer provide
* Fri Nov 7 2014 Adam Williamson <awilliam(a)redhat.com> - 1.0.6-0.2.beta
- apply CA trust store path substitution to Curl as well as Stream
* Fri Nov 7 2014 Adam Williamson <awilliam(a)redhat.com> - 1.0.6-0.1.beta
- new upstream release 1.0.6-beta
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.0.3-0.3.beta
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-4.3.3-1.fc20 (FEDORA-2014-17440)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.3.3.0 (2014-12-21)\r\n===============================\r\n\r\n - The
"Recently used tables" setting should be with Nav panel\r\n - Can't disable
Favorites\r\n - Version Check Broken\r\n - AJAX request infinite loop\r\n - Attributes
field size smaller than others\r\n - Cannot remove table ordering on a Mac\r\n - Fix
initial replication configuration\r\n - Undefined index central_columnswork\r\n -
Don't have default blowfish_secret\r\n - Some error popups fade away too quickly\r\n
- Consistency in borders\r\n - $cfg['Error_Handler']['display'] no longer
necessary\r\n - Leading and trailing whitespace in column name
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 21 2014 Robert Scheck <robert(a)fedoraproject.org> 4.3.3-1
- Upgrade to 4.3.3
* Fri Dec 12 2014 Robert Scheck <robert(a)fedoraproject.org> 4.3.2-1
- Upgrade to 4.3.2
* Thu Dec 11 2014 Robert Scheck <robert(a)fedoraproject.org> 4.3.1-2
- Use %{pkgname} rather %{name} in %post scriptlet (#1173189)
--------------------------------------------------------------------------------
================================================================================
python-tilestache-1.49.11-3.fc20 (FEDORA-2014-17433)
A stylish alternative for caching your map tiles
--------------------------------------------------------------------------------
Update Information:
New package python-tilestache
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1147356 - Review Request: python-tilestache - A stylish alternative for
caching your map tiles
https://bugzilla.redhat.com/show_bug.cgi?id=1147356
--------------------------------------------------------------------------------
================================================================================
roundcubemail-1.0.4-2.fc20 (FEDORA-2014-17461)
Round Cube Webmail is a browser-based multilingual IMAP client
--------------------------------------------------------------------------------
Update Information:
This update provides Roundcube 1.0.4. This is a stable security update: the security fix
is described by upstream as "Fix possible CSRF attacks to some address book
operations as well as to the ACL and Managesieve plugins." More details on the update
are available at
http://roundcube.net/news/2014/12/18/update-1.0.4-released/ . The update
should apply without any special handling by the system administrator.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 20 2014 Adam Williamson <awilliam(a)redhat.com> - 1.0.4-2
- drop tinymce bbcode plugin for safety (CVE-2012-4230)
* Sat Dec 20 2014 Adam Williamson <awilliam(a)redhat.com> - 1.0.4-1
- new release 1.0.4 (security update)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1091438 - CVE-2012-4230 tinymce: XSS attacks via security policy bypass
https://bugzilla.redhat.com/show_bug.cgi?id=1091438
--------------------------------------------------------------------------------
================================================================================
rubygem-domain_name-0.5.23-1.fc20 (FEDORA-2014-17464)
Domain Name manipulation library for Ruby
--------------------------------------------------------------------------------
Update Information:
New version 0.5.23 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 21 2014 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 0.5.23-1
- 0.5.23
--------------------------------------------------------------------------------
================================================================================
scidavis-1.D8-6.fc20 (FEDORA-2014-17460)
Application for Scientific Data Analysis and Visualization
--------------------------------------------------------------------------------
Update Information:
Add scidavis to Fedora, added find_lang macro missing in release 5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1127636 - Review Request: scidavis - Application for Scientific Data Analysis
and Visualization
https://bugzilla.redhat.com/show_bug.cgi?id=1127636
--------------------------------------------------------------------------------
================================================================================
subsurface-4.3-1.fc20 (FEDORA-2014-17437)
A feature-full divelog in Qt
--------------------------------------------------------------------------------
Update Information:
Updates subsurface to 4.3
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 20 2014 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 4.3
- Update to 4.3
--------------------------------------------------------------------------------
================================================================================
waffle-1.5.0-1.fc20 (FEDORA-2014-17451)
Platform independent GL API layer
--------------------------------------------------------------------------------
Update Information:
1.5.0 release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 16 2014 Dave Airlie <airlied(a)redhat.com> 1.5.0-1
- 1.5.0 release
--------------------------------------------------------------------------------