The following Fedora 20 Security updates need testing: Age URL 109 https://admin.fedoraproject.org/updates/FEDORA-2014-15988/fail2ban-0.9.1-... 97 https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-... 97 https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.... 89 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-... 67 https://admin.fedoraproject.org/updates/FEDORA-2015-0577/strongswan-5.2.2... 65 https://admin.fedoraproject.org/updates/FEDORA-2015-0633/chicken-4.9.0.1-... 44 https://admin.fedoraproject.org/updates/FEDORA-2015-1648/lcms-1.19-13.fc20 43 https://admin.fedoraproject.org/updates/FEDORA-2015-1718/389-admin-1.1.38... 42 https://admin.fedoraproject.org/updates/FEDORA-2015-1790/fcgi-2.4.0-26.fc20 33 https://admin.fedoraproject.org/updates/FEDORA-2015-2104/drupal7-views-3.... 26 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-... 22 https://admin.fedoraproject.org/updates/FEDORA-2015-2600/echoping-6.1-0.b... 20 https://admin.fedoraproject.org/updates/FEDORA-2015-2826/drupal7-entity-1... 15 https://admin.fedoraproject.org/updates/FEDORA-2015-3211/dokuwiki-0-0.24.... 15 https://admin.fedoraproject.org/updates/FEDORA-2015-3201/xterm-297-2.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2015-1165/patch-2.7.5-1.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2015-3417/389-ds-base-1.3.... 8 https://admin.fedoraproject.org/updates/FEDORA-2015-3590/icu-50.1.2-11.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-3738/ImageMagick-6.8.... 7 https://admin.fedoraproject.org/updates/FEDORA-2015-3791/libssh2-1.5.0-1.... 6 https://admin.fedoraproject.org/updates/FEDORA-2015-3880/php-ZendFramewor... 5 https://admin.fedoraproject.org/updates/FEDORA-2015-3964/nx-libs-3.5.0.29... 4 https://admin.fedoraproject.org/updates/FEDORA-2015-4020/ettercap-0.8.2-1... 1 https://admin.fedoraproject.org/updates/FEDORA-2015-4201/powerpc-utils-py... 1 https://admin.fedoraproject.org/updates/FEDORA-2015-4138/webkitgtk3-2.2.8... 1 https://admin.fedoraproject.org/updates/FEDORA-2015-4151/seamonkey-2.33-1... 0 https://admin.fedoraproject.org/updates/FEDORA-2015-4280/drupal7-ctools-1... 0 https://admin.fedoraproject.org/updates/FEDORA-2015-4216/php-5.5.23-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-4228/mingw-xerces-c-3... 0 https://admin.fedoraproject.org/updates/FEDORA-2015-4285/xerces-c-3.1.1-6... 0 https://admin.fedoraproject.org/updates/FEDORA-2015-4300/openssl-1.0.1e-4... 0 https://admin.fedoraproject.org/updates/FEDORA-2015-4315/drupal7-7.35-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-4332/texlive-2013-6.2... The following Fedora 20 Critical Path updates have yet to be approved: Age URL 26 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-... 11 https://admin.fedoraproject.org/updates/FEDORA-2015-1165/patch-2.7.5-1.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-3791/libssh2-1.5.0-1.... 7 https://admin.fedoraproject.org/updates/FEDORA-2015-3646/device-mapper-mu... 6 https://admin.fedoraproject.org/updates/FEDORA-2015-3896/system-config-ke... 6 https://admin.fedoraproject.org/updates/FEDORA-2015-3871/perl-Text-ParseW... 2 https://admin.fedoraproject.org/updates/FEDORA-2015-4077/krb5-1.11.5-19.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-4138/webkitgtk3-2.2.8... 0 https://admin.fedoraproject.org/updates/FEDORA-2015-4300/openssl-1.0.1e-4... The following builds have been pushed to Fedora 20 updates-testing abduco-0.4-1.fc20 antimicro-2.12-1.fc20 cups-x2go-3.0.1.1-1.fc20 drupal7-7.35-1.fc20 drupal7-ctools-1.7-1.fc20 gmusicbrowser-1.1.14-1.fc20 golang-1.4.2-2.fc20 gssntlmssp-0.6.0-1.fc20 liblangtag-0.5.5-1.fc20 mingw-xerces-c-3.1.1-9.fc20 mksh-50e-1.fc20 openssl-1.0.1e-42.fc20 pcsc-lite-asekey-3.7-1.fc20 perl-Excel-Writer-XLSX-0.83-1.fc20 php-5.5.23-1.fc20 php-symfony-2.5.10-1.fc20 ratools-0.6.1-1.fc20 rubygem-sequel-4.20.0-1.fc20 texlive-2013-6.20131226_r32488.fc20 xerces-c-3.1.1-6.fc20 youtube-dl-2015.03.18-1.fc20 Details about builds: ================================================================================ abduco-0.4-1.fc20 (FEDORA-2015-4265) Session management in a clean and simple way -------------------------------------------------------------------------------- Update Information: Update to 0.4 release -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 Denis Fateyev <denis(a)fateyev.com&gt; - 0.4-1 - Update to 0.4 release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1203475 - abduco-0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1203475 -------------------------------------------------------------------------------- ================================================================================ antimicro-2.12-1.fc20 (FEDORA-2015-4237) Graphical program used to map keyboard buttons and mouse controls to a gamepad -------------------------------------------------------------------------------- Update Information: new upstream release v2.12 (#1202803) -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1202803 - antimicro-2.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=1202803 -------------------------------------------------------------------------------- ================================================================================ cups-x2go-3.0.1.1-1.fc20 (FEDORA-2015-4329) CUPS backend for printing from X2Go -------------------------------------------------------------------------------- Update Information: Update to 3.0.1.1: - Add a short README that provides some getting started information. -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 11 2015 Orion Poplawski <orion(a)cora.nwra.com&gt; - 3.0.1.1-1 - Update to 3.0.1.1 - Require openssh-clients * Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org&gt; - 3.0.1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri May 9 2014 Orion Poplawski <orion(a)cora.nwra.com&gt; - 3.0.1.0-1 - Update to 3.0.1.0 -------------------------------------------------------------------------------- ================================================================================ drupal7-7.35-1.fc20 (FEDORA-2015-4315) An open-source content-management platform -------------------------------------------------------------------------------- Update Information: - Upstream release notes: https://www.drupal.org/drupal-7.35-release-notes - Official security advisory: https://www.drupal.org/SA-CORE-2015-001 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 Peter Borsa <peter.borsa(a)gmail.com&gt; - 7.35-1 - 7.35, DRUPAL-SA-CORE-2015-001. -------------------------------------------------------------------------------- ================================================================================ drupal7-ctools-1.7-1.fc20 (FEDORA-2015-4280) Primarily a set of APIs and tools to improve the developer experience -------------------------------------------------------------------------------- Update Information: Update to upstream 1.7 release for security fixes -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 Jared Smith <jsmith(a)fedoraproject.org&gt; - 1.7-1 - Update to upstream 1.7 release for security fixes - SA-CONTRIB-2015-079 details at https://www.drupal.org/node/2454909 - Full upstream changelog at https://www.drupal.org/node/2454883 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1203480 - drupal7-ctools-1.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1203480 -------------------------------------------------------------------------------- ================================================================================ gmusicbrowser-1.1.14-1.fc20 (FEDORA-2015-4279) Jukebox for large collections of music files -------------------------------------------------------------------------------- Update Information: From upstream NEWS: * add way to edit "persistent" labels, and dialog to rename labels * add "new label" entry to the "edit labels" submenu * make scroll wheel increase/decrease numbers in the search bar * add options to override default web browser and file browser * add thousand separators in most displayed numbers * various number-related improvements/fixes * fix auto-selected embedded pictures always showing the first picture (only fix newly autoselected pictures) * translations updates: Finnish, French, German, Polish, Korean, Serbian * new translations: Lithuanian, Malay (Malaysia) Notice: Gstreamer 1.x support is not enabled in the package. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 Remi Collet <remi(a)fedoraproject.org&gt; - 1.1.14.1 - update to 1.1.14 -------------------------------------------------------------------------------- ================================================================================ golang-1.4.2-2.fc20 (FEDORA-2015-4313) The Go Programming Language -------------------------------------------------------------------------------- Update Information: update to go1.4.2 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 18 2015 Vincent Batts <vbatts(a)fedoraproject.org&gt; - 1.4.2-2 - obsoleting deprecated packages * Wed Feb 18 2015 Vincent Batts <vbatts(a)fedoraproject.org&gt; - 1.4.2-1 - updating to go1.4.2 * Fri Jan 16 2015 Vincent Batts <vbatts(a)fedoraproject.org&gt; - 1.4.1-1 - updating to go1.4.1 * Fri Jan 2 2015 Vincent Batts <vbatts(a)fedoraproject.org&gt; - 1.4-2 - doc organizing * Thu Dec 11 2014 Vincent Batts <vbatts(a)fedoraproject.org&gt; - 1.4-1 - update to go1.4 release * Wed Dec 3 2014 Vincent Batts <vbatts(a)fedoraproject.org&gt; - 1.3.99-3.1.4rc2 - update to go1.4rc2 * Mon Nov 17 2014 Vincent Batts <vbatts(a)fedoraproject.org&gt; - 1.3.99-2.1.4rc1 - update to go1.4rc1 * Thu Oct 30 2014 Vincent Batts <vbatts(a)fedoraproject.org&gt; - 1.3.99-1.1.4beta1 - update to go1.4beta1 * Thu Oct 30 2014 Vincent Batts <vbatts(a)fedoraproject.org&gt; - 1.3.3-3 - macros will need to be in their own rpm * Fri Oct 24 2014 Vincent Batts <vbatts(a)fedoraproject.org&gt; - 1.3.3-2 - split out rpm macros (bz1156129) - progress on gccgo accomodation -------------------------------------------------------------------------------- References: [ 1 ] Bug #1203811 - update to go1.4 :: for etcd requirement https://bugzilla.redhat.com/show_bug.cgi?id=1203811 -------------------------------------------------------------------------------- ================================================================================ gssntlmssp-0.6.0-1.fc20 (FEDORA-2015-4243) GSSAPI NTLMSSP Mechanism -------------------------------------------------------------------------------- Update Information: Fixes for 32 bit arches -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 Simo Sorce <simo(a)samba.org&gt; - 0.6.0-1 - New verion with fixes for 32 bit arches -------------------------------------------------------------------------------- ================================================================================ liblangtag-0.5.5-1.fc20 (FEDORA-2015-4319) An interface library to access tags for identifying languages -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 20 2015 David Tardon <dtardon(a)redhat.com&gt; - 0.5.5-1 - new upstream release -------------------------------------------------------------------------------- ================================================================================ mingw-xerces-c-3.1.1-9.fc20 (FEDORA-2015-4228) MingGW Windows validating XML parser -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-0252. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 20 2015 Kalev Lember <kalevlember(a)gmail.com&gt; - 3.1.1-9 - Fix CVE-2015-0252 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1199103 - CVE-2015-0252 xerces-c: crashes on malformed input https://bugzilla.redhat.com/show_bug.cgi?id=1199103 -------------------------------------------------------------------------------- ================================================================================ mksh-50e-1.fc20 (FEDORA-2015-4293) MirBSD enhanced version of the Korn Shell -------------------------------------------------------------------------------- Update Information: R50e is a required bugfix release: * Add more tests detailing behaviour difference from GNU bash * Introduce a memory leak for x=<< fixing use of freed memory instead, bug tracked as LP#1380389 still live * Add x+=<< parallel to x=<< * POSIX “command” loses builtin special-ness * Fix LP#1381965 and LP#1381993 (more field splitting) * Update location of FreeBSD testsuite for test(1) * Remove dead NULL elements from Emacs keybindings * Change several testcases for $*/$@ expansion with/without quotes to expected-fail, with even more to come ☹ * Fix miscalculating required memory for encoding the double-quoted parts of a here document or here string delimiter, leading to a buffer overflow; discovered by zacts from IRC * Rename a function conflicting with a MacRelix system header * Use size_t (and ssize_t) consistently, stop using ptrdiff_t; fixes some arithmetics and S/390 bugs * Remove old workarounds for Clang 3.2 scan-build * Remove all Clang/Coverity assertions, making room for new checks * Fix NSIG generation on Debian sid gcc-snapshot * Make a testcase not fail in a corner case * Fix issues detected by GCC’s new sanitisers: data type of a value to be shifted constantly must be unsigned (what not, in C…); shebang check array accesses are always unsigned char * Be even more explicit wrt. POSIX in the manpage * Fix shebang / file magic decoding * More int → bool conversion * Let Build.sh be run by GNU bash 1.12.1 (Slackware 1.01) * Fix here string parsing issue * Point out more future changes in the manpage * Call setgid(2), setegid(2), setuid(2) before seteuid(2) * Fix spurious empty line after ENOENT “whence -v”, found by Ypnose * Optimise dot.mkshrc and modernise it a bit * Use MAXPATHLEN from <sys/param.h> for PATH_MAX fallback * Some code cleanup and warnings fixes * Add options -a argv0 and -c to exec * Prevent use-after-free when hitting multiple errors unwinding * Fix use of $* and $@ in scalar context: within [[ … ]] and after case (spotted by Stéphane Chazelas) and in here documents (spotted by tg@); fix here document expansion * Unbreak when $@ shares double quotes with others * Fix set -x in PS4 expansion infinite loop -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 Robert Scheck <robert(a)fedoraproject.org&gt; 50e-1 - Upgrade to 50e - Apply https://fedoraproject.org/wiki/Features/UsrMove -------------------------------------------------------------------------------- ================================================================================ openssl-1.0.1e-42.fc20 (FEDORA-2015-4300) Utilities from the general purpose cryptography library with TLS implementation -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-0209, CVE-2015-0289, CVE-2015-0292, CVE-2015-0287, CVE-2015-0286, CVE-2015-0288 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 Tomáš Mráz <tmraz(a)redhat.com&gt; 1.0.1e-42 - fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey() - fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison - fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption - fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data - fix CVE-2015-0292 - integer underflow in base64 decoder - fix CVE-2015-0293 - triggerable assert in SSLv2 server -------------------------------------------------------------------------------- References: [ 1 ] Bug #1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp() https://bugzilla.redhat.com/show_bug.cgi?id=1202366 [ 2 ] Bug #1202384 - CVE-2015-0289 openssl: PKCS7 NULL pointer dereference https://bugzilla.redhat.com/show_bug.cgi?id=1202384 [ 3 ] Bug #1202404 - CVE-2015-0293 openssl: assertion failure in SSLv2 servers https://bugzilla.redhat.com/show_bug.cgi?id=1202404 [ 4 ] Bug #1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import https://bugzilla.redhat.com/show_bug.cgi?id=1196737 [ 5 ] Bug #1202380 - CVE-2015-0287 openssl: ASN.1 structure reuse memory corruption https://bugzilla.redhat.com/show_bug.cgi?id=1202380 [ 6 ] Bug #1202395 - CVE-2015-0292 openssl: integer underflow leading to buffer overflow in base64 decoding https://bugzilla.redhat.com/show_bug.cgi?id=1202395 [ 7 ] Bug #1202418 - CVE-2015-0288 openssl: X509_to_X509_REQ NULL pointer dereference https://bugzilla.redhat.com/show_bug.cgi?id=1202418 -------------------------------------------------------------------------------- ================================================================================ pcsc-lite-asekey-3.7-1.fc20 (FEDORA-2015-4247) ASEKey USB token driver -------------------------------------------------------------------------------- Update Information: This package brings PCSC driver for ASEKey USB cryptographic token. -------------------------------------------------------------------------------- References: [ 1 ] Bug #893399 - Review Request: pcsc-lite-asekey - ASEKey USB token driver https://bugzilla.redhat.com/show_bug.cgi?id=893399 -------------------------------------------------------------------------------- ================================================================================ perl-Excel-Writer-XLSX-0.83-1.fc20 (FEDORA-2015-4220) Create a new file in the Excel 2007+ XLSX format -------------------------------------------------------------------------------- Update Information: Update to 0.83 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 David Dick <ddick(a)cpan.org&gt; - 0.83-1 - Update to 0.83 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1202069 - perl-Excel-Writer-XLSX-0.83 is available https://bugzilla.redhat.com/show_bug.cgi?id=1202069 -------------------------------------------------------------------------------- ================================================================================ php-5.5.23-1.fc20 (FEDORA-2015-4216) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: **19 Mar 2015, PHP 5.5.23** Core: * Fixed bug #69174 (leaks when unused inner class use traits precedence). (Laruence) * Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize). (Laruence) * Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build). (dan at syneto dot net) * Fixed bug #65593 (Segfault when calling ob_start from output buffering callback). (Mike) * Fixed bug #69017 (Fail to push to the empty array with the constant value defined in class scope). (Laruence) * Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file not validated in memory.c). (nayana at ddproperty dot com) * Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus) * Fixed bug #69141 (Missing arguments in reflection info for some builtin functions). (kostyantyn dot lysyy at oracle dot com) * Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (Stas) * Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). (Anatol Belski) * Fixed bug #69207 (move_uploaded_file allows nulls in path). (Stas) CGI: * Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence) CLI: * Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia) cURL: * Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on Win32). (Grant Pannell) * Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl. (Linus Unneback) Ereg: * Fixed bug #69248 (heap overflow vulnerability in regcomp.c). (Stas) FPM: * Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com) ODBC: * Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol) Opcache: * Fixed bug #69125 (Array numeric string as key). (Laruence) * Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence) OpenSSL: * Fixed bugs #61285, #68329, #68046, #41631 (encrypted streams don't observe socket timeouts). (Brad Broerman) pgsql: * Fixed bug #68638 (pg_update() fails to store infinite values). (william dot welter at 4linux dot com dot br, Laruence) Readline: * Fixed bug #69054 (Null dereference in readline_(read|write)_history() without parameters). (Laruence) SOAP: * Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()). (andrea dot palazzo at truel dot it, Laruence) SPL: * Fixed bug #69108 ("Segmentation fault" when (de)serializing SplObjectStorage). (Laruence) * Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after calling getChildren()). (Julien) ZIP: * Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap boundary) (CVE-2015-2331). (Stas) -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 20 2015 Remi Collet <remi(a)fedoraproject.org&gt; 5.5.23-1 - Update to 5.5.23 http://www.php.net/releases/5_5_23.php -------------------------------------------------------------------------------- ================================================================================ php-symfony-2.5.10-1.fc20 (FEDORA-2015-4261) PHP framework for web projects -------------------------------------------------------------------------------- Update Information: Release notes: * http://symfony.com/blog/symfony-2-5-9-released * http://symfony.com/blog/symfony-2-5-10-released -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 18 2015 Remi Collet <remi(a)fedoraproject.org&gt; - 2.5.10-1 - Update to 2.5.10 -------------------------------------------------------------------------------- ================================================================================ ratools-0.6.1-1.fc20 (FEDORA-2015-4291) Framework for IPv6 Router Advertisements -------------------------------------------------------------------------------- Update Information: Update to Version 0.6.1 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 18 2015 Florian Lehner <dev(a)der-flo.net&gt; - 0.6.1-1 - Update to Version 0.6.1 - Use license-Macro -------------------------------------------------------------------------------- ================================================================================ rubygem-sequel-4.20.0-1.fc20 (FEDORA-2015-4257) The Database Toolkit for Ruby -------------------------------------------------------------------------------- Update Information: Ugrade to sequel 4.20.0 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 18 2015 Alejandro Perez <alejandro.perez.torres(a)gmail.com&gt; - 4.20.0-1 - Initial package -------------------------------------------------------------------------------- ================================================================================ texlive-2013-6.20131226_r32488.fc20 (FEDORA-2015-4332) TeX formatting system -------------------------------------------------------------------------------- Update Information: CVE-2015-0296 texlive rpm scriptlet allows unprivileged user to delete arbitrary files. This update fixes this issue -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 27 2015 Than Ngo <than(a)redhat.com&gt; 3:2013-6-20131226 - bz#1197084, Security fix for CVE-2015-0296 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1197082 - CVE-2015-0296 texlive rpm scriptlet allows unprivileged user to delete arbitrary files https://bugzilla.redhat.com/show_bug.cgi?id=1197082 -------------------------------------------------------------------------------- ================================================================================ xerces-c-3.1.1-6.fc20 (FEDORA-2015-4285) Validating XML Parser -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-0252. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 20 2015 Kalev Lember <kalevlember(a)gmail.com&gt; - 3.1.1-6 - Fix CVE-2015-0252 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1199103 - CVE-2015-0252 xerces-c: crashes on malformed input https://bugzilla.redhat.com/show_bug.cgi?id=1199103 -------------------------------------------------------------------------------- ================================================================================ youtube-dl-2015.03.18-1.fc20 (FEDORA-2015-4278) A small command-line program to download online videos -------------------------------------------------------------------------------- Update Information: Update to latest release (# 1201585) -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 Matej Cepl <mcepl(a)redhat.com&gt; - 2015.03.18-1 - Update to latest release (# 1201585) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1201585 - youtube-dl-2015.03.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1201585 --------------------------------------------------------------------------------