The following Fedora 20 Security updates need testing:
Age URL
166
https://admin.fedoraproject.org/updates/FEDORA-2014-15988/fail2ban-0.9.1-...
146
https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-...
101
https://admin.fedoraproject.org/updates/FEDORA-2015-1718/389-admin-1.1.38...
84
https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-...
68
https://admin.fedoraproject.org/updates/FEDORA-2015-3417/389-ds-base-1.3....
64
https://admin.fedoraproject.org/updates/FEDORA-2015-3738/ImageMagick-6.8....
51
https://admin.fedoraproject.org/updates/FEDORA-2015-4672/quassel-0.11.0-2...
35
https://admin.fedoraproject.org/updates/FEDORA-2015-5970/asterisk-11.17.1...
35
https://admin.fedoraproject.org/updates/FEDORA-2015-5978/krb5-1.11.5-20.fc20
28
https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6....
17
https://admin.fedoraproject.org/updates/FEDORA-2015-7159/dovecot-2.2.16-2...
16
https://admin.fedoraproject.org/updates/FEDORA-2015-7231/libarchive-3.1.2...
15
https://admin.fedoraproject.org/updates/FEDORA-2015-7302/drupal7-views-3....
6
https://admin.fedoraproject.org/updates/FEDORA-2015-7911/kernel-3.19.7-10...
6
https://admin.fedoraproject.org/updates/FEDORA-2015-7714/ca-certificates-...
6
https://admin.fedoraproject.org/updates/FEDORA-2015-7887/php-ZendFramewor...
6
https://admin.fedoraproject.org/updates/FEDORA-2015-6790/wordpress-4.2.2-...
4
https://admin.fedoraproject.org/updates/FEDORA-2015-7561/openslp-1.2.1-22...
2
https://admin.fedoraproject.org/updates/FEDORA-2015-8138/firefox-38.0-4.f...
2
https://admin.fedoraproject.org/updates/FEDORA-2015-8159/rawstudio-2.1-0....
2
https://admin.fedoraproject.org/updates/FEDORA-2015-8142/cabal-install-1....
1
https://admin.fedoraproject.org/updates/FEDORA-2015-8252/xen-4.3.4-4.fc20
1
https://admin.fedoraproject.org/updates/FEDORA-2015-8251/java-1.8.0-openj...
1
https://admin.fedoraproject.org/updates/FEDORA-2015-8247/LibRaw-0.15.4-2....
1
https://admin.fedoraproject.org/updates/FEDORA-2015-8248/qemu-1.6.2-14.fc20
1
https://admin.fedoraproject.org/updates/FEDORA-2015-8266/mingw-LibRaw-0.1...
0
https://admin.fedoraproject.org/updates/FEDORA-2015-8345/libinfinity-0.6....
0
https://admin.fedoraproject.org/updates/FEDORA-2015-8386/hostapd-2.4-2.fc20
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
84
https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-...
6
https://admin.fedoraproject.org/updates/FEDORA-2015-7719/qt-4.8.6-30.fc20
6
https://admin.fedoraproject.org/updates/FEDORA-2015-7714/ca-certificates-...
4
https://admin.fedoraproject.org/updates/FEDORA-2015-8007/lua-socket-3.0-0...
1
https://admin.fedoraproject.org/updates/FEDORA-2015-8257/coreutils-8.21-2...
1
https://admin.fedoraproject.org/updates/FEDORA-2015-8268/fedora-release-20-4
1
https://admin.fedoraproject.org/updates/FEDORA-2015-8261/pcre-8.33-11.fc20
The following builds have been pushed to Fedora 20 updates-testing
burp-1.4.36-6.fc20
copr-cli-1.44-1.fc20
fbb-7.0.8-0.3.beta.fc20
hostapd-2.4-2.fc20
hpl-2.1-9.fc20.1
inxi-2.2.21-1.fc20
libinfinity-0.6.6-1.fc20
libmtp-1.1.9-1.fc20
mom-0.4.4-1.fc20
php-5.5.25-1.fc20
phpMyAdmin-4.4.7-1.fc20
python-ipaddress-1.0.7-1.fc20
python-requests-2.6.0-1.fc20
python-urllib3-1.10.3-1.fc20
python-vcrpy-1.5.2-1.fc20
python-wrapt-1.10.4-5.fc20
sflphone-1.4.1-10.fc20
tiled-0.12.0-1.fc20
youtube-dl-2015.05.10-1.fc20
Details about builds:
================================================================================
burp-1.4.36-6.fc20 (FEDORA-2015-8331)
A network-based backup and restore program
--------------------------------------------------------------------------------
Update Information:
Added two configuration files so they would not be overwritten on update
Burp - A network backup and restore program
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1186819 - Review Request: burp - Network backup / restore program
https://bugzilla.redhat.com/show_bug.cgi?id=1186819
--------------------------------------------------------------------------------
================================================================================
copr-cli-1.44-1.fc20 (FEDORA-2015-8372)
Command line interface for COPR
--------------------------------------------------------------------------------
Update Information:
bugfix
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 15 2015 Miroslav Suchý <msuchy(a)redhat.com> 1.44-1
- mark license as license in spec
- 1188022 - accept dash in project name
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1188022 - copr-cli does not respect the project argument
https://bugzilla.redhat.com/show_bug.cgi?id=1188022
--------------------------------------------------------------------------------
================================================================================
fbb-7.0.8-0.3.beta.fc20 (FEDORA-2015-8348)
Packet radio mailbox and utilities
--------------------------------------------------------------------------------
Update Information:
This is new package - FBB packet radio mailbox and utilities.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1214834 - Review Request:fbb - Packet radio mailbox and utilities
https://bugzilla.redhat.com/show_bug.cgi?id=1214834
--------------------------------------------------------------------------------
================================================================================
hostapd-2.4-2.fc20 (FEDORA-2015-8386)
IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
--------------------------------------------------------------------------------
Update Information:
Security update for integer underflow in AP mode WMM Action frame processing.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 15 2015 John W. Linville <linville(a)redhat.com> - 2.4-2
- apply fix for underflow in WMM action frame parser
* Tue Apr 21 2015 John W. Linville <linville(a)redhat.com> - 2.4-1
- Update to version 2.4 from upstream
- Enable support for IEEE802.11r and IEEE802.11ac
* Wed Feb 4 2015 John W. Linville <linville(a)redhat.com> - 2.3-4
- Use BSD instead of %doc for file containing license information
* Sun Nov 2 2014 poma <poma(a)gmail.com> - 2.3-3
- Further simplify hostapd.conf installation
- Rebase "EAP-TLS server" patch to 2.3
* Tue Oct 28 2014 John W. Linville <linville(a)redhat.com> - 2.3-2
- Remove version info from /usr/share/doc/hostapd/hostapd.conf
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1221178 - wpa_supplicant and hostapd: integer underflow in AP mode WMM Action
frame processing
https://bugzilla.redhat.com/show_bug.cgi?id=1221178
--------------------------------------------------------------------------------
================================================================================
hpl-2.1-9.fc20.1 (FEDORA-2015-8330)
A Portable Implementation of the High-Performance Linpack Benchmark
--------------------------------------------------------------------------------
Update Information:
This is new package - a portable implementation of the High-Performance Linpack.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #830869 - Review Request: hpl - A Portable Implementation of the
High-Performance Linpack Benchmark
https://bugzilla.redhat.com/show_bug.cgi?id=830869
--------------------------------------------------------------------------------
================================================================================
inxi-2.2.21-1.fc20 (FEDORA-2015-8338)
A full featured system information script
--------------------------------------------------------------------------------
Update Information:
Update to 2.2.21
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 15 2015 Vasiliy N. Glazov <vascom2(a)gmail.com> 2.2.21-1
- Update to 2.2.21
--------------------------------------------------------------------------------
================================================================================
libinfinity-0.6.6-1.fc20 (FEDORA-2015-8345)
Library implementing the infinote protocol
--------------------------------------------------------------------------------
Update Information:
Security update to make libinfinity properly check certificates:
https://github.com/gobby/gobby/issues/61
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 15 2015 Till Maas <opensource(a)till.name> - 0.6.6-1
- Update to new release, fixes security issue:
https://github.com/gobby/gobby/issues/61, #1221266
* Sun Nov 9 2014 Till Maas <opensource(a)till.name> - 0.6.4-1
- Update to new release
* Tue Oct 21 2014 Till Maas <opensource(a)till.name> - 0.6.3-1
- Update to new release
* Sat Sep 20 2014 Till Maas <opensource(a)till.name> - 0.6.2-1
- Update to new release
* Fri Aug 29 2014 Till Maas <opensource(a)till.name> - 0.6.1-1
- Update to new release
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.5.5-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.5.5-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1221266 - libinfinity: incorrect validation of certificates
https://bugzilla.redhat.com/show_bug.cgi?id=1221266
--------------------------------------------------------------------------------
================================================================================
libmtp-1.1.9-1.fc20 (FEDORA-2015-8353)
A software library for MTP media players
--------------------------------------------------------------------------------
Update Information:
New upstream version with many fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 11 2015 Linus Walleij <triad(a)df.lth.se> - 1.1.9-1
- New upstream version with many fixes.
- Require libgrypt-devel to build, build libmtpz.
- Install hwdb file.
- Move documentation to a good place.
--------------------------------------------------------------------------------
================================================================================
mom-0.4.4-1.fc20 (FEDORA-2015-8394)
Dynamically manage system resources on virtualization hosts
--------------------------------------------------------------------------------
Update Information:
Upgrade to 0.4.4
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 15 2015 Adam Litke <alitke(a)redhat.com> - 0.4.4-1
- Upgrade to 0.4.4
--------------------------------------------------------------------------------
================================================================================
php-5.5.25-1.fc20 (FEDORA-2015-8370)
PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:
14 May 2015, **PHP 5.5.25**
**Core:**
* Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas)
* Fixed bug #69403 (str_repeat() sign mismatch based memory corruption). (Stas)
* Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas)
* Fixed bug #69522 (heap buffer overflow in unpack()). (Stas)
* Fixed bug #69467 (Wrong checked for the interface by using Trait). (Laruence)
* Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence)
* Fixed bug #60022 ("use statement [...] has no effect" depends on leading
backslash). (Nikita)
* Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer). (Dmitry)
* Fixed bug #68652 (segmentation fault in destructor). (Dmitry)
* Fixed bug #69419 (Returning compatible sub generator produces a warning). (Nikita)
* Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA).
(Jan Starke)
**FTP:**
* Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow).
(Stas)
**ODBC:**
* Fixed bug #69474 (ODBC: Query with same field name from two tables returns incorrect
result). (Anatol)
* Fixed bug #69381 (out of memory with sage odbc driver). (Frederic Marchall, Anatol
Belski)
**OpenSSL:**
* Fixed bug #69402 (Reading empty SSL stream hangs until timeout). (Daniel Lowrey)
**PCNTL:**
* Fixed bug #68598 (pcntl_exec() should not allow null char). (Stas)
**Phar:**
* Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts
with null). (Stas)
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 16 2015 Remi Collet <remi(a)fedoraproject.org> 5.5.25-1
- Update to 5.5.25
http://www.php.net/releases/5_5_25.php
- adapt systzdata patch for upstream changes for new zic
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-4.4.7-1.fc20 (FEDORA-2015-8363)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.4.7.0 (2015-05-16)
===============================
- Settings issues (Favorite tables shown twice in Settings)
- Non-styled error page when following results link
- Deleting without confirmation
- Issues with SQL autocomplete
- Column hint in SQL autocomplete is sometimes not shown
- JS error after selecting a field and press Enter
- Honor proxy settings when getting Git commit information
- Missing title on link
- ForceSSL Redirect Check
- Undefined index collation_connection
- Error when the reporting server is down
- Escape database and table names for partition maintenance
- Invalid value for CURLOPT_SSL_VERIFYPEER
- Import status infinite loop
- Designer: Loading does not work
- Setup: Overview > Display does not work
- Designer: pages from all databases
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 16 2015 Robert Scheck <robert(a)fedoraproject.org> 4.4.7-1
- Upgrade to 4.4.7 (#1222215)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1222215 - phpMyAdmin-4.4.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1222215
--------------------------------------------------------------------------------
================================================================================
python-ipaddress-1.0.7-1.fc20 (FEDORA-2015-8334)
Port of the python 3.3+ ipaddress module to 2.6+
--------------------------------------------------------------------------------
Update Information:
New package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1221742 - Review Request: python-ipaddress - Port of the python 3.3+
ipaddress module to 2.6+
https://bugzilla.redhat.com/show_bug.cgi?id=1221742
--------------------------------------------------------------------------------
================================================================================
python-requests-2.6.0-1.fc20 (FEDORA-2015-8403)
HTTP library, written in Python, for human beings
--------------------------------------------------------------------------------
Update Information:
Update to the version from F21.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 22 2015 Ralph Bean <rbean(a)redhat.com> - 2.6.0-1
- new version
- Remove patch for CVE-2015-2296, now included in the upstream release.
* Mon Mar 16 2015 Ralph Bean <rbean(a)redhat.com> - 2.5.3-2
- Backport fix for CVE-2015-2296.
* Thu Feb 26 2015 Ralph Bean <rbean(a)redhat.com> - 2.5.3-1
- new version
* Wed Feb 18 2015 Ralph Bean <rbean(a)redhat.com> - 2.5.1-1
- new version
* Tue Dec 16 2014 Ralph Bean <rbean(a)redhat.com> - 2.5.0-3
- Pin python-urllib3 requirement at 1.10.
- Fix requirement pinning syntax.
* Thu Dec 11 2014 Ralph Bean <rbean(a)redhat.com> - 2.5.0-2
- Do the most basic of tests in the check section.
* Thu Dec 11 2014 Ralph Bean <rbean(a)redhat.com> - 2.5.0-1
- Latest upstream, 2.5.0 for #1171068
* Wed Nov 5 2014 Ralph Bean <rbean(a)redhat.com> - 2.4.3-1
- Latest upstream, 2.4.3 for #1136283
* Wed Nov 5 2014 Ralph Bean <rbean(a)redhat.com> - 2.3.0-4
- Re-do unbundling by symlinking system libs into the requests/packages/ dir.
* Sun Aug 3 2014 Tom Callaway <spot(a)fedoraproject.org> - 2.3.0-3
- fix license handling
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.3.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu May 29 2014 Arun S A G <sagarun(a)gmail.com> - 2.3.0-1
- Latest upstream
* Wed May 14 2014 Bohuslav Kabrda <bkabrda(a)redhat.com> - 2.0.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Changes/Python_3.4
* Wed Sep 25 2013 Ralph Bean <rbean(a)redhat.com> - 2.0.0-1
- Latest upstream.
- Add doc macro to the python3 files section.
- Require python-urllib3 greater than or at 1.7.1.
--------------------------------------------------------------------------------
================================================================================
python-urllib3-1.10.3-1.fc20 (FEDORA-2015-8369)
Python HTTP library with thread-safe connection pooling and file post
--------------------------------------------------------------------------------
Update Information:
Update to the version from F21.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 22 2015 Ralph Bean <rbean(a)redhat.com> - 1.10.3-1
- new version
* Thu Feb 26 2015 Ralph Bean <rbean(a)redhat.com> - 1.10.2-1
- new version
* Wed Feb 18 2015 Ralph Bean <rbean(a)redhat.com> - 1.10.1-1
- new version
* Wed Feb 18 2015 Ralph Bean <rbean(a)redhat.com> - 1.10.1-1
- new version
* Mon Jan 5 2015 Ralph Bean <rbean(a)redhat.com> - 1.10-2
- Copy in a shim for ssl_match_hostname on python3.
* Sun Dec 14 2014 Ralph Bean <rbean(a)redhat.com> - 1.10-1
- Latest upstream 1.10, for python-requests-2.5.0.
- Re-do unbundling without patch, with symlinks.
- Modernize python2 macros.
- Remove the with_dummyserver tests which fail only sometimes.
* Wed Nov 5 2014 Ralph Bean <rbean(a)redhat.com> - 1.9.1-1
- Latest upstream, 1.9.1 for latest python-requests.
* Mon Aug 4 2014 Tom Callaway <spot(a)fedoraproject.org> - 1.8.2-4
- fix license handling
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.8.2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 14 2014 Bohuslav Kabrda <bkabrda(a)redhat.com> - 1.8.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Changes/Python_3.4
--------------------------------------------------------------------------------
================================================================================
python-vcrpy-1.5.2-1.fc20 (FEDORA-2015-8393)
Automatically mock your HTTP interactions to simplify and speed up testing
--------------------------------------------------------------------------------
Update Information:
Latest upstream
--------------------------------------------------------------------------------
================================================================================
python-wrapt-1.10.4-5.fc20 (FEDORA-2015-8400)
A Python module for decorators, wrappers and monkey patching
--------------------------------------------------------------------------------
Update Information:
Branching from rawhide
--------------------------------------------------------------------------------
================================================================================
sflphone-1.4.1-10.fc20 (FEDORA-2015-8359)
SIP/IAX2 compatible enterprise-class software phone
--------------------------------------------------------------------------------
Update Information:
This update fixes a bug which prevented TLS from working.
This updates ensures that the sflphone daemon sflphoned is correctly installed in
/usr/libexec according to the packaging guidelines.
This updates ensures that the sflphone daemon sflphoned is correctly installed in
/usr/libexec according to the packaging guidelines.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 15 2015 Sandro Mani <manisandro(a)gmail.com> - 1.4.1-10
- Add patch to fix incorrect conditional in SipTransport::createTlsListener
* Wed May 6 2015 Sandro Mani <manisandro(a)gmail.com> - 1.4.1-9
- Install sflphoned in /usr/libexec
- Rename sflphone-libs -> sflphone-daemon
* Tue Apr 28 2015 Milan Crha <mcrha(a)redhat.com> - 1.4.1-8
- Rebuild for newer evolution-data-server
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1219440 - sflphone cannot connect to TLS server
https://bugzilla.redhat.com/show_bug.cgi?id=1219440
[ 2 ] Bug #1219018 - sflphoned shouldn't be in lib directory
https://bugzilla.redhat.com/show_bug.cgi?id=1219018
--------------------------------------------------------------------------------
================================================================================
tiled-0.12.0-1.fc20 (FEDORA-2015-8355)
Tiled Map Editor
--------------------------------------------------------------------------------
Update Information:
New release 0.12.0 with some neat new features (mainly featuring object resizing).
See the blog for more info:
http://blog.mapeditor.org/2015/05/tiled-0120-released.html
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 15 2015 Erik Schilling Erik Schilling <ablu.erikschilling(a)googlemail.com>
- 0.12.0-1
- New upstream release
* Sat May 2 2015 Kalev Lember <kalevlember(a)gmail.com> - 0.11.0-2
- Rebuilt for GCC 5 C++11 ABI change
--------------------------------------------------------------------------------
================================================================================
youtube-dl-2015.05.10-1.fc20 (FEDORA-2015-8387)
A small command-line program to download online videos
--------------------------------------------------------------------------------
Update Information:
Update to the latest release (#1218015, 1200569, 1206484)
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 15 2015 Matej Cepl <mcepl(a)redhat.com> - 2015.05.10-1
- Update to the latest release (#1218015, 1200569, 1206484)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1218015 - youtube-dl-2015.05.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1218015
[ 2 ] Bug #1200569 - [abrt] youtube-dl: common.py:237:report_progress:KeyError:
u'total_bytes'
https://bugzilla.redhat.com/show_bug.cgi?id=1200569
[ 3 ] Bug #1206484 - [abrt] youtube-dl: ffmpeg.py:122:probe_executable:KeyError: None
https://bugzilla.redhat.com/show_bug.cgi?id=1206484
--------------------------------------------------------------------------------