The following Fedora 20 Security updates need testing:
Age URL
132
https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20
81
https://admin.fedoraproject.org/updates/FEDORA-2014-7551/asterisk-11.10.2...
81
https://admin.fedoraproject.org/updates/FEDORA-2014-7613/perl-Email-Addre...
33
https://admin.fedoraproject.org/updates/FEDORA-2014-9281/drupal6-6.33-1.fc20
26
https://admin.fedoraproject.org/updates/FEDORA-2014-9474/pipelight-0.2.7....
20
https://admin.fedoraproject.org/updates/FEDORA-2014-9641/polkit-qt-0.112....
20
https://admin.fedoraproject.org/updates/FEDORA-2014-9621/ca-certificates-...
18
https://admin.fedoraproject.org/updates/FEDORA-2014-9706/rubygem-activere...
1
https://admin.fedoraproject.org/updates/FEDORA-2014-10451/geary-0.6.3-1.fc20
1
https://admin.fedoraproject.org/updates/FEDORA-2014-10458/torque-3.0.4-5....
1
https://admin.fedoraproject.org/updates/FEDORA-2014-10479/knot-1.5.2-1.fc20
1
https://admin.fedoraproject.org/updates/FEDORA-2014-10322/apache-poi-3.10...
1
https://admin.fedoraproject.org/updates/FEDORA-2014-10371/openstack-glanc...
1
https://admin.fedoraproject.org/updates/FEDORA-2014-10468/icecream-1.0.1-...
1
https://admin.fedoraproject.org/updates/FEDORA-2014-10357/procmail-3.22-3...
1
https://admin.fedoraproject.org/updates/FEDORA-2014-10497/haproxy-1.5.4-1...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-10626/xerces-j2-2.11....
0
https://admin.fedoraproject.org/updates/FEDORA-2014-10632/pdns-recursor-3...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-10642/libreoffice-4.2...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-10586/not-yet-commons...
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
13
https://admin.fedoraproject.org/updates/FEDORA-2014-9673/cups-1.7.5-4.fc20
13
https://admin.fedoraproject.org/updates/FEDORA-2014-9609/firewalld-0.3.11...
1
https://admin.fedoraproject.org/updates/FEDORA-2014-10467/elfutils-0.160-...
1
https://admin.fedoraproject.org/updates/FEDORA-2014-10421/libbluray-0.6.2...
1
https://admin.fedoraproject.org/updates/FEDORA-2014-10410/orc-0.4.22-2.fc20
0
https://admin.fedoraproject.org/updates/FEDORA-2014-10571/usbmuxd-1.0.9-0...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-10585/p11-kit-0.20.6-...
The following builds have been pushed to Fedora 20 updates-testing
automake-1.13.4-6.fc20
eclipse-cdt-8.3.0-2.fc20
fedora-dockerfiles-0-0.12.gitf6cd84c.fc20
libreoffice-4.2.6.3-2.fc20
lis-1.4.59-1.fc20
pdns-recursor-3.6.1-1.fc20
perl-Date-Manip-6.47-1.fc20
perl-Net-GitHub-0.68-1.fc20
pgp-tools-1.1.5-6.fc20
python-XStatic-Angular-Mock-1.2.1.1-2.fc20
python-XStatic-Hogan-2.0.0.2-2.fc20
python-XStatic-JQuery-Migrate-1.2.1.1-2.fc20
python-XStatic-JQuery-quicksearch-2.0.3.1-2.fc20
python-XStatic-JSEncrypt-2.0.0.2-2.fc20
python-XStatic-Jasmine-1.3.1.1-2.fc20
python-XStatic-QUnit-1.14.0.2-2.fc20
python-retrying-1.2.3-3.fc20
rubygem-domain_name-0.5.21-1.fc20
rubygem-net-scp-1.2.1-1.fc20
skf-1.99.9-1.fc20
socket_wrapper-1.1.1-1.fc20
texstudio-2.8.4-1.fc20
tnef-1.4.12-1.fc20
xerces-j2-2.11.0-17.fc20
Details about builds:
================================================================================
automake-1.13.4-6.fc20 (FEDORA-2014-10638)
A GNU tool for automatically creating Makefiles
--------------------------------------------------------------------------------
Update Information:
update config.{guess,sub} to gnuconfig git HEAD
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 10 2014 Pavel Raiskup <praiskup(a)redhat.com> - 1.13.4-6
- update config.{guess,sub} to gnuconfig git HEAD
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1139354 - update config.* to version with ppc64le support
https://bugzilla.redhat.com/show_bug.cgi?id=1139354
--------------------------------------------------------------------------------
================================================================================
eclipse-cdt-8.3.0-2.fc20 (FEDORA-2014-10650)
Eclipse C/C++ Development Tools (CDT) plugin
--------------------------------------------------------------------------------
Update Information:
Fixes NPE in CDT Formatter/Indexer Preferences UI
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 9 2014 Jeff Johnston <jjohnstn(a)redhat.com> 1:8.3.0-2
- Fix rhbz#1138994 (NPE in Formatter preferences page)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1138994 - Can't open new project's Formatter & Indexer
preferences
https://bugzilla.redhat.com/show_bug.cgi?id=1138994
--------------------------------------------------------------------------------
================================================================================
fedora-dockerfiles-0-0.12.gitf6cd84c.fc20 (FEDORA-2014-10657)
Example dockerfiles to assist standing up containers quickly
--------------------------------------------------------------------------------
Update Information:
update to master commit: f6cd84c2454208c8e0ba8c207f5eaaca37933b70
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 10 2014 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 0-0.12.git
- update to master commit: f6cd84c2454208c8e0ba8c207f5eaaca37933b70
- preserve timestamps while copying files over
--------------------------------------------------------------------------------
================================================================================
libreoffice-4.2.6.3-2.fc20 (FEDORA-2014-10642)
Free Software Productivity Suite
--------------------------------------------------------------------------------
Update Information:
CVE-2014-3575 arbitrary file preview disclosure via ole2 objects
The vulnerability allows an attacker to send a document which when opened will trigger
the prompt to "Update Links" but if the user cancels that prompt may still
generate and insert into the document an OLE2 preview image of a file on the victims
filesystem, Data exposure is possible if the updated document is then distributed to other
parties.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 9 2014 Caolán McNamara <caolanm(a)redhat.com> - 1:4.2.6.3-2
- Resolves: fdo#82496 Change picture by right clicking in writer
* Thu Aug 28 2014 David Tardon <dtardon(a)redhat.com> - 1:4.2.6.3-1
- new bugfix release
- fix build on ppc64
* Fri Aug 15 2014 David Tardon <dtardon(a)redhat.com> - 1:4.2.6.2-2
- Resolves: rhbz#1079672: FileDialog: don't insert stale preview image
- Related: rhbz#1130264 plausible fix for reported crash in avmedia
- Resolves: rhbz#1125588 port LibreOffice to ppc64le
- refine current date/time hotkey handling
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1139592 - CVE-2014-3575 libreoffice: openoffice: Arbitrary file disclosure
via crafted OLE objects [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1139592
--------------------------------------------------------------------------------
================================================================================
lis-1.4.59-1.fc20 (FEDORA-2014-10637)
A library for solving linear equations and eigenvalue problems
--------------------------------------------------------------------------------
Update Information:
Update to 1.4.59
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 10 2014 Florian Lehner <dev(a)der-flo.net> - 1.4.59-1
- Update to 1.4.59
--------------------------------------------------------------------------------
================================================================================
pdns-recursor-3.6.1-1.fc20 (FEDORA-2014-10632)
Modern, advanced and high performance recursing/non authoritative name server
--------------------------------------------------------------------------------
Update Information:
- PowerDNS Recursor Security Release 3.6.1
- CVE-2014-3614
Issue: A specific sequence of packets can crash PowerDNS Recursor 3.6.0 remotely
(CVE-2014-3614)
Affected: All deployments of PowerDNS Recursor 3.6.0
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 10 2014 Morten Stevens <mstevens(a)imt-systems.com> - 3.6.1-1
- Update to 3.6.1
- CVE-2014-3614 (#1139251)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1139251 - CVE-2014-3614 A specific sequence of packets can crash PowerDNS
Recursor 3.6.0 remotely
https://bugzilla.redhat.com/show_bug.cgi?id=1139251
--------------------------------------------------------------------------------
================================================================================
perl-Date-Manip-6.47-1.fc20 (FEDORA-2014-10651)
Date manipulation routines
--------------------------------------------------------------------------------
Update Information:
Update timezone data.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 10 2014 Petr Šabata <contyk(a)redhat.com> - 6.47-1
- Update timezone data
* Thu Aug 28 2014 Jitka Plesnikova <jplesnik(a)redhat.com> - 6.46-2
- Perl 5.20 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1138274 - perl-Date-Manip-6.47 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1138274
--------------------------------------------------------------------------------
================================================================================
perl-Net-GitHub-0.68-1.fc20 (FEDORA-2014-10634)
Perl interface for
github.com
--------------------------------------------------------------------------------
Update Information:
A new version of Net::GitHub is available for Fedora. See upstream changelog for summary
of bugfixes in this release --
http://cpansearch.perl.org/src/FAYLAND/Net-GitHub-0.68/Changes
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 10 2014 Petr Šabata <contyk(a)redhat.com> - 0.68-1
- 0.68 bump
* Mon Sep 1 2014 Jitka Plesnikova <jplesnik(a)redhat.com> - 0.66-2
- Perl 5.20 rebuild
* Fri Aug 1 2014 Petr Šabata <contyk(a)redhat.com> - 0.66-1
- 0.66 bump
* Mon Jun 30 2014 Petr Šabata <contyk(a)redhat.com> - 0.65-1
- 0.65 bump
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.63-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Mon Jun 2 2014 Petr Šabata <contyk(a)redhat.com> - 0.63-1
- 0.63 bump
* Mon May 26 2014 Petr Šabata <contyk(a)redhat.com> - 0.60-1
- 0.60 bump
* Tue Apr 1 2014 Petr Šabata <contyk(a)redhat.com> - 0.59-1
- 0.59 bump
* Fri Mar 28 2014 Petr Šabata <contyk(a)redhat.com> - 0.57-1
- 0.57, POD fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1136269 - perl-Net-GitHub-0.68 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1136269
--------------------------------------------------------------------------------
================================================================================
pgp-tools-1.1.5-6.fc20 (FEDORA-2014-10627)
Collection of several utilities related to OpenPGP
--------------------------------------------------------------------------------
Update Information:
Fix Unicode-issue (#1139704)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 10 2014 Jochen Schmitt <Jochen herr-schmitt de> - 1.1.5-6
- Fix Unicode-issue (#1139704)
* Tue Sep 2 2014 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.1.5-5
- Perl 5.20 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1139704 - caff handles unicode in configuration file incorrectly
https://bugzilla.redhat.com/show_bug.cgi?id=1139704
--------------------------------------------------------------------------------
================================================================================
python-XStatic-Angular-Mock-1.2.1.1-2.fc20 (FEDORA-2014-10652)
Angular-Mock (XStatic packaging standard)
--------------------------------------------------------------------------------
Update Information:
changed BR to python2-devel (rhbz#1134376)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1134376 - Review Request: python-XStatic-Angular-Mock - Angular-Mock (XStatic
packaging standard)
https://bugzilla.redhat.com/show_bug.cgi?id=1134376
--------------------------------------------------------------------------------
================================================================================
python-XStatic-Hogan-2.0.0.2-2.fc20 (FEDORA-2014-10646)
Hogan (XStatic packaging standard)
--------------------------------------------------------------------------------
Update Information:
changed BR to python2-devel (rhbz#1134800)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1134800 - Review Request: python-XStatic-Hogan - Hogan (XStatic packaging
standard)
https://bugzilla.redhat.com/show_bug.cgi?id=1134800
--------------------------------------------------------------------------------
================================================================================
python-XStatic-JQuery-Migrate-1.2.1.1-2.fc20 (FEDORA-2014-10630)
JQuery-Migrate (XStatic packaging standard)
--------------------------------------------------------------------------------
Update Information:
change BR to python2-devel (rhbz#1134865)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1134865 - Review Request: python-XStatic-JQuery-Migrate - JQuery-Migrate
(XStatic packaging standard)
https://bugzilla.redhat.com/show_bug.cgi?id=1134865
--------------------------------------------------------------------------------
================================================================================
python-XStatic-JQuery-quicksearch-2.0.3.1-2.fc20 (FEDORA-2014-10636)
JQuery-quicksearch (XStatic packaging standard)
--------------------------------------------------------------------------------
Update Information:
change BR to python2-devel (rhbz#1134900)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1134900 - Review Request: python-XStatic-JQuery-quicksearch -
JQuery-quicksearch (XStatic packaging standard)
https://bugzilla.redhat.com/show_bug.cgi?id=1134900
--------------------------------------------------------------------------------
================================================================================
python-XStatic-JSEncrypt-2.0.0.2-2.fc20 (FEDORA-2014-10653)
JSEncrypt (XStatic packaging standard)
--------------------------------------------------------------------------------
Update Information:
change BR to python2-devel (rhbz#1135424)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1135424 - Review Request: python-XStatic-JSEncrypt - JSEncrypt (XStatic
packaging standard)
https://bugzilla.redhat.com/show_bug.cgi?id=1135424
--------------------------------------------------------------------------------
================================================================================
python-XStatic-Jasmine-1.3.1.1-2.fc20 (FEDORA-2014-10654)
Jasmine (XStatic packaging standard)
--------------------------------------------------------------------------------
Update Information:
changed BR to python2-devel (rhbz#1134852)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1134852 - Review Request: python-XStatic-Jasmine - Jasmine (XStatic packaging
standard)
https://bugzilla.redhat.com/show_bug.cgi?id=1134852
--------------------------------------------------------------------------------
================================================================================
python-XStatic-QUnit-1.14.0.2-2.fc20 (FEDORA-2014-10648)
QUnit (XStatic packaging standard)
--------------------------------------------------------------------------------
Update Information:
change BR to python2-devel (rhbz#1135448)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1135448 - Review Request: python-XStatic-QUnit - QUnit (XStatic packaging
standard)
https://bugzilla.redhat.com/show_bug.cgi?id=1135448
--------------------------------------------------------------------------------
================================================================================
python-retrying-1.2.3-3.fc20 (FEDORA-2014-10633)
General-purpose retrying library in Python.
--------------------------------------------------------------------------------
Update Information:
General-purpose retrying library in Python.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1136946 - Review Request: python-retrying - General-purpose retrying library
in Python.
https://bugzilla.redhat.com/show_bug.cgi?id=1136946
--------------------------------------------------------------------------------
================================================================================
rubygem-domain_name-0.5.21-1.fc20 (FEDORA-2014-10656)
Domain Name manipulation library for Ruby
--------------------------------------------------------------------------------
Update Information:
New version 0.5.21 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 10 2014 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 0.5.21-1
- 0.5.21
--------------------------------------------------------------------------------
================================================================================
rubygem-net-scp-1.2.1-1.fc20 (FEDORA-2014-10645)
A pure Ruby implementation of the SCP client protocol
--------------------------------------------------------------------------------
Update Information:
Update to net-scp 1.2.1.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 17 2014 Vít Ondruch <vondruch(a)redhat.com> - 1.2.1-1
- Update to net-scp 1.2.1.
--------------------------------------------------------------------------------
================================================================================
skf-1.99.9-1.fc20 (FEDORA-2014-10643)
Utility binary files in Simple Kanji Filter
--------------------------------------------------------------------------------
Update Information:
New version 1.99.9 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 10 2014 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 1.99.9-1
- 1.99.9
* Wed Aug 27 2014 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.99.8-1.4
- Perl 5.20 rebuild
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.99.8-1.3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.99.8-1.2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue Apr 29 2014 Vít Ondruch <vondruch(a)redhat.com> - 1.99.8-1.1
- Rebuilt for
https://fedoraproject.org/wiki/Changes/Ruby_2.1
--------------------------------------------------------------------------------
================================================================================
socket_wrapper-1.1.1-1.fc20 (FEDORA-2014-10629)
A library passing all socket communications trough Unix sockets
--------------------------------------------------------------------------------
Update Information:
Update to version 1.1.1.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 9 2014 - Andreas Schneider <asn(a)redhat.com> - 1.1.1-1
- Update to version 1.1.1.
--------------------------------------------------------------------------------
================================================================================
texstudio-2.8.4-1.fc20 (FEDORA-2014-10644)
A feature-rich editor for LaTeX documents
--------------------------------------------------------------------------------
Update Information:
- update to 2.8.4
-
http://texstudio.sourceforge.net/manual/current/usermanual_en.html#SECTIO...
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 9 2014 Johannes Lips <hannes(a)fedoraproject.org> 2.8.4-1
- Update to latest upstream version 2.8.4
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.8.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
tnef-1.4.12-1.fc20 (FEDORA-2014-10635)
Extract files from email attachments like WINMAIL.DAT
--------------------------------------------------------------------------------
Update Information:
Update to 1.4.12, a release which resolves an issue in extracting multi-value fields from
the tnef archive.
Upgrading to this version resolves an issue in 1.4.9 in which tnef files with multi-value
fields could not be extracted.
Upgrading to this version resolves an issue in 1.4.9 in which tnef files with multi-value
fields could not be extracted.
Upgrading to this version resolves an issue in 1.4.9 in which tnef files with multi-value
fields could not be extracted.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 9 2014 David Timms <iinet.net.au@dtimms> - 1.4.12-1
- update to 1.4.12
* Sun Aug 31 2014 David Timms <iinet.net.au@dtimms> - 1.4.11-1.20140826git0b35ad8
- update to 1.4.11 / git tag of 2014-08-26.
- add autoreconf to build process now that upstream no longer creates source tarballs.
- drop upstreamed format-security patch.
- drop document file TODO and update path for README.
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.4.9-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Fri Jun 13 2014 Yaakov Selkowitz <yselkowi(a)redhat.com> - 1.4.9-5
- Fix FTBFS with -Werror=format-security (#1037361, #1107453)
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.4.9-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
xerces-j2-2.11.0-17.fc20 (FEDORA-2014-10626)
Java XML parser
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2013-4002
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 10 2014 Mat Booth <mat.booth(a)redhat.com> - 2.11.0-17
- Add patch for CVE-2013-4002, rhbz #1140031
- Fix ownership of javadoc directory
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1019176 - CVE-2013-4002 Xerces-J2 OpenJDK: XML parsing Denial of Service
(JAXP, 8017298)
https://bugzilla.redhat.com/show_bug.cgi?id=1019176
--------------------------------------------------------------------------------