The following Fedora 20 Security updates need testing:
Age URL
24
https://admin.fedoraproject.org/updates/FEDORA-2014-5497/openstack-keysto...
15
https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20
13
https://admin.fedoraproject.org/updates/FEDORA-2014-5972/python-fmn-web-0...
8
https://admin.fedoraproject.org/updates/FEDORA-2014-6098/rubygem-actionpa...
5
https://admin.fedoraproject.org/updates/FEDORA-2014-6277/dpkg-1.16.14-1.fc20
5
https://admin.fedoraproject.org/updates/FEDORA-2014-6258/smb4k-1.1.2-1.fc20
5
https://admin.fedoraproject.org/updates/FEDORA-2014-6263/botan-1.10.8-1.fc20
5
https://admin.fedoraproject.org/updates/FEDORA-2014-6276/seamonkey-2.26-1...
4
https://admin.fedoraproject.org/updates/FEDORA-2014-6303/perl-LWP-Protoco...
2
https://admin.fedoraproject.org/updates/FEDORA-2014-6373/zabbix-2.0.12-1....
0
https://admin.fedoraproject.org/updates/FEDORA-2014-6380/openssh-6.4p1-4....
0
https://admin.fedoraproject.org/updates/FEDORA-2014-6408/mutt-1.5.23-2.fc20
0
https://admin.fedoraproject.org/updates/FEDORA-2014-6440/python-django15-...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-6449/python-django-1....
0
https://admin.fedoraproject.org/updates/FEDORA-2014-6442/python-django14-...
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
11
https://admin.fedoraproject.org/updates/FEDORA-2014-5992/pcmanfm-qt-0.1.0...
10
https://admin.fedoraproject.org/updates/FEDORA-2014-6064/gupnp-0.20.11-1....
2
https://admin.fedoraproject.org/updates/FEDORA-2014-6366/btrfs-progs-3.14...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-6451/libndp-1.2-2.fc20
0
https://admin.fedoraproject.org/updates/FEDORA-2014-6443/xfsprogs-3.2.0-1...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-6416/qt-mobility-1.2....
0
https://admin.fedoraproject.org/updates/FEDORA-2014-6412/taglib-1.9.1-5.fc20
0
https://admin.fedoraproject.org/updates/FEDORA-2014-6381/gdb-7.7.1-13.fc20
0
https://admin.fedoraproject.org/updates/FEDORA-2014-6339/squashfs-tools-4...
The following builds have been pushed to Fedora 20 updates-testing
fence-agents-4.0.9-1.fc20
gnome-terminal-3.10.2-2.fc20
gnome-themes-standard-3.10.0-2.fc20
libndp-1.2-2.fc20
mate-themes-1.8.1-1.fc20
mingw-glib2-2.40.0-2.fc20
openstack-puppet-modules-2013.2-9.1.fc20
php-goutte-1.0.6-1.fc20
php-pecl-xmldiff-0.9.2-4.fc20
piglit-1-0.16.20140414GIT8775223.fc20
python-django-1.6.5-1.fc20
python-django14-1.4.13-1.fc20
python-django15-1.5.8-1.fc20
python-fedbadges-0.4.3-1.fc20
python-fedmsg-meta-fedora-infrastructure-0.2.12-1.fc20
python-fmn-rules-0.2.1-1.fc20
shiny-0.3-1.gitdc53364.fc20
texlive-2013-5.20131226_r32488.fc20
vte3-0.34.9-3.fc20
xfsprogs-3.2.0-1.fc20
Details about builds:
================================================================================
fence-agents-4.0.9-1.fc20 (FEDORA-2014-6448)
Fence Agents for Red Hat Cluster
--------------------------------------------------------------------------------
Update Information:
* new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 16 2014 Marek Grac <mgrac(a)redhat.com> - 4.0.9
- new upstream release
- new package fence-agents-pve
--------------------------------------------------------------------------------
================================================================================
gnome-terminal-3.10.2-2.fc20 (FEDORA-2014-6387)
Terminal emulator for GNOME
--------------------------------------------------------------------------------
Update Information:
Restore transparency
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 15 2014 Debarshi Ray <rishi(a)fedoraproject.org> - 3.10.2-2
- Restore transparency
--------------------------------------------------------------------------------
================================================================================
gnome-themes-standard-3.10.0-2.fc20 (FEDORA-2014-6387)
Standard themes for GNOME applications
--------------------------------------------------------------------------------
Update Information:
Restore transparency
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 16 2014 Debarshi Ray <rishi(a)fedoraproject.org> - 3.10.0-2
- Provide a background-color for menubars
--------------------------------------------------------------------------------
================================================================================
libndp-1.2-2.fc20 (FEDORA-2014-6451)
Library for Neighbor Discovery Protocol
--------------------------------------------------------------------------------
Update Information:
This update fixes a bug that truncated DNSSL domains in NetworkManager and other clients
of libndp.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 21 2014 Jiri Pirko <jpirko(a)redhat.com> - 1.2-2
- libndp: fix [cppcheck] Undefined behavior: Variable 'buf' is used as parameter
and destination in s[n]printf() [1044084] [1091720]
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1091720 - NetworkManager will only take TLD from DNSSL option in IPv6 router
advertisement
https://bugzilla.redhat.com/show_bug.cgi?id=1091720
--------------------------------------------------------------------------------
================================================================================
mate-themes-1.8.1-1.fc20 (FEDORA-2014-6437)
MATE Desktop themes
--------------------------------------------------------------------------------
Update Information:
- update to 1.8.1 release
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 16 2014 Wolfgang Ulbrich <chat-to-me(a)raveit.de> - 1.8.1-1
- update to 1.8.1 release
--------------------------------------------------------------------------------
================================================================================
mingw-glib2-2.40.0-2.fc20 (FEDORA-2014-6441)
MinGW Windows GLib2 library
--------------------------------------------------------------------------------
Update Information:
Fix valgrind support (RHBZ#1095664, GNOME bug 730198).
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 15 2014 Richard W.M. Jones <rjones(a)redhat.com> - 2.40.0-2
- Fix valgrind support (RHBZ#1095664, GNOME bug 730198).
* Sat Mar 29 2014 Kalev Lember <kalevlember(a)gmail.com> - 2.40.0-1
- Update to 2.40.0
* Thu Mar 6 2014 Thomas Sailer <t.sailer(a)alumni.ethz.ch> - 2.39.91-1
- Update to 2.39.91
* Sat Mar 1 2014 Erik van Pienbroek <epienbro(a)fedoraproject.org> - 2.39.90-1
- Update to 2.39.90
* Sat Feb 8 2014 Erik van Pienbroek <epienbro(a)fedoraproject.org> - 2.39.4-1
- Update to 2.39.4
* Tue Dec 17 2013 Erik van Pienbroek <epienbro(a)fedoraproject.org> - 2.39.2-1
- Update to 2.39.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1095664 - Crash in g_type_free_instance for instance objects at an address
> 4GB on win64
https://bugzilla.redhat.com/show_bug.cgi?id=1095664
--------------------------------------------------------------------------------
================================================================================
openstack-puppet-modules-2013.2-9.1.fc20 (FEDORA-2014-6435)
Puppet modules used to deploy OpenStack
--------------------------------------------------------------------------------
Update Information:
Added missing puppetlabs-firewall-pull-request-337.patch. Without this patch fails when
Puppet will try to parse iptables rule containint MAC address.
Synchronized modules with current havana branch of
redhat-openstack/openstack-puppet-modules
Added puppet-ceilometer, puppetlabs-mongodb, puppet-heat and puppet-pacemaker
--------------------------------------------------------------------------------
================================================================================
php-goutte-1.0.6-1.fc20 (FEDORA-2014-6444)
A simple PHP web scraper
--------------------------------------------------------------------------------
Update Information:
Updated to 1.0.6
* 1.0.5 to 1.0.6:
https://github.com/fabpot/Goutte/compare/v1.0.5...v1.0.6
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 16 2014 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 1.0.6-1
- Updated to 1.0.6
--------------------------------------------------------------------------------
================================================================================
php-pecl-xmldiff-0.9.2-4.fc20 (FEDORA-2014-6456)
Pecl package for XML diff and merge
--------------------------------------------------------------------------------
Update Information:
Initially import php-pecl-xmldiff into Fedora/epel
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1094864 - Review Request: php-pecl-xmldiff - Pecl package for XML diff and
merge
https://bugzilla.redhat.com/show_bug.cgi?id=1094864
--------------------------------------------------------------------------------
================================================================================
piglit-1-0.16.20140414GIT8775223.fc20 (FEDORA-2014-6434)
Collection of automated tests for OpenGL implementations
--------------------------------------------------------------------------------
Update Information:
importlib is since python 2.7 in the standard library, no need to import it.
Put ExcludeArch back for ppc64 and missing python-importlib Require
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 16 2014 Matěj Cepl <mcepl(a)redhat.com> - 1-0.16.20140414GIT8775223
- importlib is since python 2.7 in the standard library, no need to
import it.
* Thu May 15 2014 Matěj Cepl <mcepl(a)redhat.com> - 1-0.15.20140414GIT8775223
- Put ExcludeArch back for ppc64.
- Add python-importlib Require
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1098113 - missing lib/ include
https://bugzilla.redhat.com/show_bug.cgi?id=1098113
[ 2 ] Bug #1098170 - summary.py tries to access the "templates" dir in current
dir
https://bugzilla.redhat.com/show_bug.cgi?id=1098170
--------------------------------------------------------------------------------
================================================================================
python-django-1.6.5-1.fc20 (FEDORA-2014-6449)
A high-level Python Web framework
--------------------------------------------------------------------------------
Update Information:
update to 1.6.5 fixing CVE-2014-1418
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 16 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.5-1
- update to 1.6.5 CVE-2014-1418, CVE-2014-3730 (rhbz#1097935)
* Mon May 12 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.4-2
- don't hardcode python3.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1097500 - CVE-2014-1418 Django: cached data possibly served to the wrong
session
https://bugzilla.redhat.com/show_bug.cgi?id=1097500
[ 2 ] Bug #1097505 - CVE-2014-3730 Django: insufficient URL validation could lead to
redirects
https://bugzilla.redhat.com/show_bug.cgi?id=1097505
--------------------------------------------------------------------------------
================================================================================
python-django14-1.4.13-1.fc20 (FEDORA-2014-6442)
A high-level Python Web framework
--------------------------------------------------------------------------------
Update Information:
fix for CVE-2014-1418
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 16 2014 Matthias Runge <mrunge(a)redhat.com> - 1.4.13-1
- update to 1.4.13 fixing CVE-2014-1418 (rhbz#1097936)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1097500 - CVE-2014-1418 Django: cached data possibly served to the wrong
session
https://bugzilla.redhat.com/show_bug.cgi?id=1097500
[ 2 ] Bug #1097505 - CVE-2014-3730 Django: insufficient URL validation could lead to
redirects
https://bugzilla.redhat.com/show_bug.cgi?id=1097505
--------------------------------------------------------------------------------
================================================================================
python-django15-1.5.8-1.fc20 (FEDORA-2014-6440)
A high-level Python Web framework
--------------------------------------------------------------------------------
Update Information:
fix for CVE-2014-1418
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 16 2014 Matthias Runge <mrunge(a)redhat.com> - 1.5.8-1
- update to 1.5.8 fixing CVE-2014-1418 (rhbz#1097935)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1097500 - CVE-2014-1418 Django: cached data possibly served to the wrong
session
https://bugzilla.redhat.com/show_bug.cgi?id=1097500
[ 2 ] Bug #1097505 - CVE-2014-3730 Django: insufficient URL validation could lead to
redirects
https://bugzilla.redhat.com/show_bug.cgi?id=1097505
--------------------------------------------------------------------------------
================================================================================
python-fedbadges-0.4.3-1.fc20 (FEDORA-2014-6433)
fedmsg consumer for awarding open badges
--------------------------------------------------------------------------------
Update Information:
pkgdb2 fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 16 2014 Ralph Bean <rbean(a)redhat.com> - 0.4.3-1
- Bugfix release for pkgdb2 support.
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-meta-fedora-infrastructure-0.2.12-1.fc20 (FEDORA-2014-6445)
Metadata providers for Fedora Infrastructure's fedmsg deployment
--------------------------------------------------------------------------------
Update Information:
PkgDB2 support. New Icons. Meetbot topic fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 16 2014 Ralph Bean <rbean(a)redhat.com> - 0.2.12-1
- Fixes for pkgdb.
- New icons for copr and meetbot.
- Fixes to supybot topic changes.
--------------------------------------------------------------------------------
================================================================================
python-fmn-rules-0.2.1-1.fc20 (FEDORA-2014-6446)
Message processing rules for Fedora Notifications
--------------------------------------------------------------------------------
Update Information:
package-centric caching.
pkgdb2 fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 16 2014 Ralph Bean <rbean(a)redhat.com> - 0.2.1-1
- Package-centric caching (over user-centric caching).
* Fri May 16 2014 Ralph Bean <rbean(a)redhat.com> - 0.2.0-1
- Fixes for pkgdb2 support.
- Remove pkgdb1 code.
--------------------------------------------------------------------------------
================================================================================
shiny-0.3-1.gitdc53364.fc20 (FEDORA-2014-6455)
Shader and material management library for OGRE
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1097584 - Review Request: shiny - Shader and material management library for
OGRE
https://bugzilla.redhat.com/show_bug.cgi?id=1097584
--------------------------------------------------------------------------------
================================================================================
texlive-2013-5.20131226_r32488.fc20 (FEDORA-2014-6450)
TeX formatting system
--------------------------------------------------------------------------------
Update Information:
This release removes spurious Perl modules dependency declarations from the packages.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 15 2014 Petr Pisar <ppisar(a)redhat.com> - 2013-5-20131226
- Do not export private perl modules (bug #1085424)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1085424 - texlive provides perl(PDF::Reuse)
https://bugzilla.redhat.com/show_bug.cgi?id=1085424
--------------------------------------------------------------------------------
================================================================================
vte3-0.34.9-3.fc20 (FEDORA-2014-6387)
A terminal emulator
--------------------------------------------------------------------------------
Update Information:
Restore transparency
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 15 2014 Debarshi Ray <rishi(a)fedoraproject.org> - 0.34.9-3
- Backport transparency fixes
* Fri May 9 2014 Matthias Clasen <mclasen(a)redhat.com> - 0.34.9-2
- Apply an upstream fix for xterm escape sequences
--------------------------------------------------------------------------------
================================================================================
xfsprogs-3.2.0-1.fc20 (FEDORA-2014-6443)
Utilities for managing the XFS filesystem
--------------------------------------------------------------------------------
Update Information:
New upstream release fully supporting metadata CRCs, which will be fully supported in the
3.15 kernel.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 16 2014 Eric Sandeen <sandeen(a)redhat.com> 3.2.0-1
- New upstream release
* Fri May 9 2014 Eric Sandeen <sandeen(a)redhat.com> 3.2.0-0.5.rc3
- New upstream release
* Thu May 8 2014 Eric Sandeen <sandeen(a)redhat.com> 3.2.0-0.4.rc2
- New upstream release
* Mon Nov 25 2013 Eric Sandeen <sandeen(a)redhat.com> 3.2.0-0.3.alpha2
- New upstream release
* Thu Nov 14 2013 Eric Sandeen <sandeen(a)redhat.com> 3.2.0-0.2.alpha1
- Move xfs_types.h into xfsprogs-devel package
* Thu Sep 26 2013 Eric Sandeen <sandeen(a)redhat.com> 3.2.0-0.1.alpha1
- New upstream alpha release with incomplete CRC support
--------------------------------------------------------------------------------