The following Fedora 21 Security updates need testing:
Age URL
106
https://admin.fedoraproject.org/updates/FEDORA-2015-0264/gcab-0.4-7.fc21
82
https://admin.fedoraproject.org/updates/FEDORA-2015-1467/openstack-glance...
75
https://admin.fedoraproject.org/updates/FEDORA-2015-1803/fcgi-2.4.0-26.fc21
45
https://admin.fedoraproject.org/updates/FEDORA-2015-3505/389-ds-base-1.3....
27
https://admin.fedoraproject.org/updates/FEDORA-2015-4689/quassel-0.11.0-2...
21
https://admin.fedoraproject.org/updates/FEDORA-2015-5216/mailman-2.1.20-1...
14
https://admin.fedoraproject.org/updates/FEDORA-2015-5823/zarafa-7.1.12-1....
14
https://admin.fedoraproject.org/updates/FEDORA-2015-5872/netcf-0.2.8-1.fc21
13
https://admin.fedoraproject.org/updates/FEDORA-2015-5929/qpid-cpp-0.32-1....
12
https://admin.fedoraproject.org/updates/FEDORA-2015-6002/yourls-1.7-3.201...
12
https://admin.fedoraproject.org/updates/FEDORA-2015-6005/asterisk-11.17.1...
12
https://admin.fedoraproject.org/updates/FEDORA-2015-5979/krb5-1.12.2-16.fc21
10
https://admin.fedoraproject.org/updates/FEDORA-2015-6087/icu-52.1-6.fc21
5
https://admin.fedoraproject.org/updates/FEDORA-2015-6364/qt5-qtbase-5.4.1...
5
https://admin.fedoraproject.org/updates/FEDORA-2015-6377/ruby-2.1.6-27.fc21
5
https://admin.fedoraproject.org/updates/FEDORA-2015-6252/qt-4.8.6-28.fc21
5
https://admin.fedoraproject.org/updates/FEDORA-2015-6387/realmd-0.15.2-2....
5
https://admin.fedoraproject.org/updates/FEDORA-2015-5830/ntp-4.2.6p5-30.fc21
5
https://admin.fedoraproject.org/updates/FEDORA-2015-6295/wesnoth-1.12.2-1...
5
https://admin.fedoraproject.org/updates/FEDORA-2015-6392/cherokee-1.2.103...
1
https://admin.fedoraproject.org/updates/FEDORA-2015-6510/dpkg-1.16.16-1.fc21
1
https://admin.fedoraproject.org/updates/FEDORA-2015-6424/ax25-tools-0.0.1...
1
https://admin.fedoraproject.org/updates/FEDORA-2015-6441/FlightGear-data-...
1
https://admin.fedoraproject.org/updates/FEDORA-2015-6550/mksh-50f-1.fc21
0
https://admin.fedoraproject.org/updates/FEDORA-2015-6670/xen-4.4.2-3.fc21
0
https://admin.fedoraproject.org/updates/FEDORA-2015-6661/qt3-3.3.8b-63.fc21
0
https://admin.fedoraproject.org/updates/FEDORA-2015-6728/curl-7.37.0-14.fc21
0
https://admin.fedoraproject.org/updates/FEDORA-2015-6615/xulrunner-37.0.2...
The following Fedora 21 Critical Path updates have yet to be approved:
Age URL
12
https://admin.fedoraproject.org/updates/FEDORA-2015-5979/krb5-1.12.2-16.fc21
5
https://admin.fedoraproject.org/updates/FEDORA-2015-6322/geoclue2-2.1.10-...
5
https://admin.fedoraproject.org/updates/FEDORA-2015-6325/libgweather-3.14...
5
https://admin.fedoraproject.org/updates/FEDORA-2015-6382/python-slip-0.6....
5
https://admin.fedoraproject.org/updates/FEDORA-2015-6332/dnf-plugins-core...
5
https://admin.fedoraproject.org/updates/FEDORA-2015-6387/realmd-0.15.2-2....
1
https://admin.fedoraproject.org/updates/FEDORA-2015-6544/perl-Encode-2.73...
1
https://admin.fedoraproject.org/updates/FEDORA-2015-6538/gnome-bluetooth-...
1
https://admin.fedoraproject.org/updates/FEDORA-2015-6499/pkgconfig-0.28-8...
0
https://admin.fedoraproject.org/updates/FEDORA-2015-6728/curl-7.37.0-14.fc21
0
https://admin.fedoraproject.org/updates/FEDORA-2015-6576/crda-3.18_2015.0...
0
https://admin.fedoraproject.org/updates/FEDORA-2015-6565/telepathy-glib-0...
0
https://admin.fedoraproject.org/updates/FEDORA-2015-6575/mobile-broadband...
0
https://admin.fedoraproject.org/updates/FEDORA-2015-6615/xulrunner-37.0.2...
The following builds have been pushed to Fedora 21 updates-testing
community-mysql-5.6.24-1.fc21
curl-7.37.0-14.fc21
dock-1.2.0-1.fc21
gambas3-3.7.1-1.fc21
ibus-anthy-1.5.6-6.fc21
perl-DBD-ODBC-1.52-1.fc21
python-requests-2.6.0-1.fc21
python-urllib3-1.10.3-1.fc21
qt5-qtdeclarative-5.4.1-3.fc21
vagrant-libvirt-0.0.24-4.fc21
Details about builds:
================================================================================
community-mysql-5.6.24-1.fc21 (FEDORA-2015-6698)
MySQL client programs and shared libraries
--------------------------------------------------------------------------------
Update Information:
Update to 5.6.24
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 9 2015 Honza Horak <hhorak(a)redhat.com> - 5.6.24-1
- Update to 5.6.24
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1209282 - community-mysql-5.6.24 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1209282
--------------------------------------------------------------------------------
================================================================================
curl-7.37.0-14.fc21 (FEDORA-2015-6728)
A utility for getting files from remote servers (FTP, HTTP, and others)
--------------------------------------------------------------------------------
Update Information:
- require credentials to match for NTLM re-use (CVE-2015-3143)
- fix invalid write with a zero-length host name in URL (CVE-2015-3144)
- fix invalid write in cookie path sanitization code (CVE-2015-3145)
- close Negotiate connections when done (CVE-2015-3148)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 22 2015 Kamil Dudka <kdudka(a)redhat.com> 7.37.0-14
- require credentials to match for NTLM re-use (CVE-2015-3143)
- fix invalid write with a zero-length host name in URL (CVE-2015-3144)
- fix invalid write in cookie path sanitization code (CVE-2015-3145)
- close Negotiate connections when done (CVE-2015-3148)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1213351 - CVE-2015-3148 curl: "Negotiate" not treated as
connection-oriented
https://bugzilla.redhat.com/show_bug.cgi?id=1213351
[ 2 ] Bug #1213306 - CVE-2015-3143 curl: re-using authenticated connection when
unauthenticated
https://bugzilla.redhat.com/show_bug.cgi?id=1213306
[ 3 ] Bug #1213335 - CVE-2015-3144 curl: host name out of boundary memory access
https://bugzilla.redhat.com/show_bug.cgi?id=1213335
[ 4 ] Bug #1213347 - CVE-2015-3145 curl: cookie parser out of boundary memory access
https://bugzilla.redhat.com/show_bug.cgi?id=1213347
--------------------------------------------------------------------------------
================================================================================
dock-1.2.0-1.fc21 (FEDORA-2015-6697)
Improved builder for Docker images
--------------------------------------------------------------------------------
Update Information:
new upstream release 1.2.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 21 2015 Tomas Tomecek <ttomecek(a)redhat.com> - 1.2.0-1
- new upstream release 1.2.0
--------------------------------------------------------------------------------
================================================================================
gambas3-3.7.1-1.fc21 (FEDORA-2015-6730)
IDE based on a basic interpreter with object extensions
--------------------------------------------------------------------------------
Update Information:
Update to 3.7.1. This release is notable because all of the "examples" moved out
of the source and into an upstream Gambas repository (think CPAN).
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 13 2015 Tom Callaway <spot(a)fedoraproject.org> - 3.7.1-1
- update to 3.7.1
* Fri Jan 23 2015 Marek Kasik <mkasik(a)redhat.com> 3.6.1-3
- Rebuild (poppler-0.30.0)
--------------------------------------------------------------------------------
================================================================================
ibus-anthy-1.5.6-6.fc21 (FEDORA-2015-6704)
The Anthy engine for IBus input platform
--------------------------------------------------------------------------------
Update Information:
Fixed segv when ibus-anthy cannot communicate with ibus-dconf.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 22 2015 Takao Fujiwara <tfujiwar(a)redhat.com> - 1.5.6-6
- Resolved #1214092 Updated ibus-anthy-HEAD.patch
- Added with_appdata macro and removed with_python_pkg macro
* Wed Mar 25 2015 Richard Hughes <rhughes(a)redhat.com> - 1.5.6-5
- Add the AppData file to the right built RPM, in this case we have to install
ibus-anthy-python rather than the main package in gnome-software.
- It turns out adding the AppData file to spec files is a great way to fix these
kinds of bugs. :)
* Wed Mar 25 2015 Richard Hughes <rhughes(a)redhat.com> - 1.5.6-4
- Use an AppStream file compatible with F22 also.
* Wed Mar 25 2015 Richard Hughes <rhughes(a)redhat.com> - 1.5.6-3
- Register as an AppStream component.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1214092 - [abrt] ibus-anthy-python: factory.py:55:__init__:NameError: global
name 'sys' is not defined
https://bugzilla.redhat.com/show_bug.cgi?id=1214092
--------------------------------------------------------------------------------
================================================================================
perl-DBD-ODBC-1.52-1.fc21 (FEDORA-2015-6706)
ODBC Driver for DBI
--------------------------------------------------------------------------------
Update Information:
Updated to upstream version 1.52.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 20 2015 Jan Holcapek <holcapek(a)gmail.com> - 1.52-1
- Updated to upstream version 1.52.
* Thu Aug 28 2014 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.50-5
- Perl 5.20 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1212025 - perl-DBD-ODBC-1.52 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1212025
--------------------------------------------------------------------------------
================================================================================
python-requests-2.6.0-1.fc21 (FEDORA-2015-6721)
HTTP library, written in Python, for human beings
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 22 2015 Ralph Bean <rbean(a)redhat.com> - 2.6.0-1
- new version
- Remove patch for CVE-2015-2296, now included in the upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1202077 - python-requests-2.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1202077
--------------------------------------------------------------------------------
================================================================================
python-urllib3-1.10.3-1.fc21 (FEDORA-2015-6721)
Python HTTP library with thread-safe connection pooling and file post
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 22 2015 Ralph Bean <rbean(a)redhat.com> - 1.10.3-1
- new version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1202077 - python-requests-2.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1202077
--------------------------------------------------------------------------------
================================================================================
qt5-qtdeclarative-5.4.1-3.fc21 (FEDORA-2015-6715)
Qt5 - QtDeclarative component
--------------------------------------------------------------------------------
Update Information:
This update fixes qt5-qtdeclarative to work on x86 machines without SSE2, and may improve
performance on SSE2-enabled 32-bit x86 machines.
The update builds a non-SSE2 version of libQt5Qml with the SSE2-only JIT disabled. It also
builds an SSE2 version of libQt5Qml that has the JIT enabled as before, and in addition
enables the -msse2 and -mfpmath=sse flags that were previously missing. The runtime linker
ld.so automatically picks the correct libQt5Qml build for your hardware.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 22 2015 Kevin Kofler <Kevin(a)tigcc.ticalc.org> - 5.4.1-3
- fix non-sse2 support (kde#346244) and optimize sse2 binaries
* Fri Feb 27 2015 Rex Dieter <rdieter(a)fedoraproject.org> - 5.4.1-2
- rebuild (gcc5)
--------------------------------------------------------------------------------
================================================================================
vagrant-libvirt-0.0.24-4.fc21 (FEDORA-2015-6731)
libvirt provider for Vagrant
--------------------------------------------------------------------------------
Update Information:
Fix upstream bug #347: Wait for libvirt to shutdown the domain
This fix will prevent Vagrant to discard your project's configuration on vagrant halt.
Latest release of vagrant-libvirt plugin.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 21 2015 Josef Stribny <jstribny(a)redhat.com> - 0.0.24-4
- Fix: Wait for libvirt to shutdown the domain
--------------------------------------------------------------------------------