Fedora 20 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Sat Nov 2 20:18:20 UTC 2013
The following Fedora 20 Security updates need testing:
Age URL
34 https://admin.fedoraproject.org/updates/FEDORA-2013-17866/chicken-4.8.0.4-4.fc20
23 https://admin.fedoraproject.org/updates/FEDORA-2013-18705/phpMyAdmin-3.5.8.2-1.fc20
15 https://admin.fedoraproject.org/updates/FEDORA-2013-19198/quassel-0.9.1-1.fc20
8 https://admin.fedoraproject.org/updates/FEDORA-2013-19931/mod_nss-1.0.8-24.fc20
8 https://admin.fedoraproject.org/updates/FEDORA-2013-19934/openstack-glance-2013.2-2.fc20
7 https://admin.fedoraproject.org/updates/FEDORA-2013-20032/gnutls-3.1.15-1.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2013-20095/python-backports-ssl_match_hostname-3.4.0.2-1.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2013-20138/mantis-1.2.15-3.fc20
4 https://admin.fedoraproject.org/updates/FEDORA-2013-20216/python-setuptools-0.9.8-2.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2013-20310/spice-0.12.4-3.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2013-19507/openstack-keystone-2013.2-2.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2013-20382/xulrunner-25.0-2.fc20,firefox-25.0-3.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2013-20517/xen-4.3.1-1.fc20
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
13 https://admin.fedoraproject.org/updates/FEDORA-2013-19560/mash-0.6.01-2.fc20
9 https://admin.fedoraproject.org/updates/FEDORA-2013-19861/libcomps-0.1.4-4.fc20
9 https://admin.fedoraproject.org/updates/FEDORA-2013-19854/lua-5.2.2-5.fc20
7 https://admin.fedoraproject.org/updates/FEDORA-2013-20032/gnutls-3.1.15-1.fc20
4 https://admin.fedoraproject.org/updates/FEDORA-2013-20219/perl-Socket-2.013-1.fc20
4 https://admin.fedoraproject.org/updates/FEDORA-2013-20254/gnome-abrt-0.3.3-1.fc20,abrt-2.1.9-1.fc20,libreport-2.1.9-1.fc20,satyr-0.11-1.fc20
4 https://admin.fedoraproject.org/updates/FEDORA-2013-20216/python-setuptools-0.9.8-2.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2013-20303/colord-1.1.3-1.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2013-20406/dnf-0.4.6-1.fc20,libsolv-0.4.0-1.gitd49d319.fc20,librepo-1.3.0-1.fc20,hawkey-0.4.4-1.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2013-20393/phonon-4.6.0-9.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2013-20513/xorg-x11-drv-ati-7.2.0-3.20131101git3b38701.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2013-20522/highlight-3.16.1-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2013-20475/libevdev-0.4.1-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2013-20450/pungi-3.03-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2013-20466/thunderbird-24.1.0-1.fc20,thunderbird-lightning-2.6.2-2.fc20
The following builds have been pushed to Fedora 20 updates-testing
alexandria-0.6.9-8.fc20
curator-2.2.0-1.fc20
freeipa-3.3.3-1.fc20
ghc-MonadRandom-0.1.12-1.fc20
gnome-initial-setup-3.10.1.1-2.fc20
highlight-3.16.1-1.fc20
hugin-2013.0.0-1.fc20
mate-applets-1.6.1-6.fc20
mlmmj-1.2.18.0-2.fc20
mod_qos-10.24-1.fc20
ngircd-21-1.fc20
php-pear-phing-2.6.1-1.fc20
php-pecl-mongo-1.4.4-1.fc20
php-swift-Swift-5.0.2-1.fc20
python-keyring-3.1-1.fc20
rubygem-goocanvas-2.0.2-2.fc20
rubygem-goocanvas1-1.2.6-2.fc20
rubygem-opengl-0.8.0-2.fc20
rubygem-riddle-1.5.9-1.fc20
rubygem-ruby-opengl-0.61.0-1.fc20
spin-kickstarts-0.20.20-1.fc20
wireshark-1.10.3-1.fc20
xen-4.3.1-1.fc20
xorg-x11-drv-ati-7.2.0-3.20131101git3b38701.fc20
Details about builds:
================================================================================
alexandria-0.6.9-8.fc20 (FEDORA-2013-20515)
Book collection manager
--------------------------------------------------------------------------------
Update Information:
Introduce rubygem-goocanvas1 package, which uses goocanvas 1 and gtk2, as current rubygem-goocanvas uses goocanvas 2 and gtk3.
Patch against alexandria so that alexandria uses rubygem-goocanvas1 even if rubygem-goocanvas is also installed.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 1 2013 Mamoru TASAKA <mtasaka at fedoraproject.org> - 0.6.9-8
- Change dependency on goocanvas on F-20+ (bug 1025095)
- Specify goocanvas version (bug 1024931)
* Mon Oct 7 2013 Mamoru TASAKA <mtasaka at fedoraproject.org> - 0.6.9-7
- Read negative value as integer in case position has such value
(bug 1014295)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1024931 - Alexandria can't start
https://bugzilla.redhat.com/show_bug.cgi?id=1024931
--------------------------------------------------------------------------------
================================================================================
curator-2.2.0-1.fc20 (FEDORA-2013-20512)
A set of Java libraries that make using Apache ZooKeeper much easier
--------------------------------------------------------------------------------
Update Information:
Addition of apache curator
--------------------------------------------------------------------------------
================================================================================
freeipa-3.3.3-1.fc20 (FEDORA-2013-20514)
The Identity, Policy and Audit system
--------------------------------------------------------------------------------
Update Information:
Update to upstream 3.3.3
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 1 2013 Martin Kosek <mkosek at redhat.com> - 3.3.3-1
- Update to upstream 3.3.3
* Fri Oct 4 2013 Martin Kosek <mkosek at redhat.com> - 3.3.2-1
- Update to upstream 3.3.2
--------------------------------------------------------------------------------
================================================================================
ghc-MonadRandom-0.1.12-1.fc20 (FEDORA-2013-20520)
Random-number generation monad
--------------------------------------------------------------------------------
Update Information:
New release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 1 2013 Shakthi Kannan <shakthimaan [AT] fedoraproject dot org> - 0.1.12-1
- Updated to new upstream 0.1.12
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1016212 - ghc-MonadRandom-0.1.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1016212
--------------------------------------------------------------------------------
================================================================================
gnome-initial-setup-3.10.1.1-2.fc20 (FEDORA-2013-20516)
Bootstrapping your OS
--------------------------------------------------------------------------------
Update Information:
This update makes it possible to add online accounts in gnome-initial-setup, by populating the add dialog properly.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 1 2013 Matthias Clasen <mclasen at redhat.com> - 3.10.1.1-2
- Fix goa add dialog to not be empty
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1014304 - Online account selection dialog is empty and 'Cancel' button doesn't work
https://bugzilla.redhat.com/show_bug.cgi?id=1014304
--------------------------------------------------------------------------------
================================================================================
highlight-3.16.1-1.fc20 (FEDORA-2013-20522)
Universal source code to formatted text converter
--------------------------------------------------------------------------------
Update Information:
Remove of superfluid debug output.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 1 2013 Jochen Schmitt <Jochen herr-schmitt de> - 3.16.1-1
- Minor bug fix release from upstream
* Sun Oct 13 2013 Jochen Schmitt <Jochen herr-schmitt de> - 3.16-1
- New upstream release
--------------------------------------------------------------------------------
================================================================================
hugin-2013.0.0-1.fc20 (FEDORA-2013-20532)
A panoramic photo stitcher and more
--------------------------------------------------------------------------------
Update Information:
New release with a GUI overhaul
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 31 2013 Bruno Postle <bruno at postle.net> - 2013.0.0-1
- upstream stable release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1023906 - hugin-2013.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1023906
--------------------------------------------------------------------------------
================================================================================
mate-applets-1.6.1-6.fc20 (FEDORA-2013-20529)
MATE Desktop panel applets
--------------------------------------------------------------------------------
Update Information:
- disable upower BR > f20, until we know to handle upower-1.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 1 2013 Wolfgang Ulbrich <chat-to-me at raveit.de> - 1.6.1-6
- disable upower BR > f20, until we know to handle upower-1.0
--------------------------------------------------------------------------------
================================================================================
mlmmj-1.2.18.0-2.fc20 (FEDORA-2013-20524)
A simple and slim mailing list manager inspired by ezmlm
--------------------------------------------------------------------------------
Update Information:
New RPM.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 26 2013 Christopher Meng <rpm at cicku.me> - 1.2.18.0-2
- Filter out wrong dependencies.
* Fri Aug 9 2013 Christopher Meng <rpm at cicku.me> - 1.2.18.0-1
- Resubmit the package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #995933 - Re-Review Request: mlmmj - A simple and slim mailing list manager inspired by ezmlm
https://bugzilla.redhat.com/show_bug.cgi?id=995933
--------------------------------------------------------------------------------
================================================================================
mod_qos-10.24-1.fc20 (FEDORA-2013-20519)
Quality of service module for Apache
--------------------------------------------------------------------------------
Update Information:
upstream 10.24
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 2 2013 Christof Damian <christof at damian.net> - 10.24-1
- upstream 10.24
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1000688 - mod_qos-10.24 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1000688
--------------------------------------------------------------------------------
================================================================================
ngircd-21-1.fc20 (FEDORA-2013-20526)
Next Generation IRC Daemon
--------------------------------------------------------------------------------
Update Information:
Misc upstream enhancements/bug fixes. See: http://ngircd.barton.de/doc/NEWS for detailed changes.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 1 2013 Kevin Fenzi <kevin at scrye.com> 21-1
- Update to 21
* Wed Sep 4 2013 Kevin Fenzi <kevin at scrye.com> 20.3-2
- Fix docs to not include Makefiles. Fixes bug #1004557
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1025162 - ngircd-21 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1025162
--------------------------------------------------------------------------------
================================================================================
php-pear-phing-2.6.1-1.fc20 (FEDORA-2013-20528)
A project build system based on Apache Ant
--------------------------------------------------------------------------------
Update Information:
upstream 2.6.1
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 2 2013 Christof Damian <christof at damian.net> - 2.6.1-1
- upstream 2.6.1
--------------------------------------------------------------------------------
================================================================================
php-pecl-mongo-1.4.4-1.fc20 (FEDORA-2013-20511)
PHP MongoDB database driver
--------------------------------------------------------------------------------
Update Information:
upstream 1.4.4
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 2 2013 Christof Damian <christof at damian.net> - 1.4.4-1
- upstream 1.4.4
--------------------------------------------------------------------------------
================================================================================
php-swift-Swift-5.0.2-1.fc20 (FEDORA-2013-20525)
Free Feature-rich PHP Mailer
--------------------------------------------------------------------------------
Update Information:
upstream 5.0.2
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 2 2013 Christof Damian <christof at damian.net> - 5.0.2-1
- upstream 5.0.2
--------------------------------------------------------------------------------
================================================================================
python-keyring-3.1-1.fc20 (FEDORA-2013-20531)
Python library to access the system keyring service
--------------------------------------------------------------------------------
Update Information:
Update to version 3.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 22 2013 rtnpro <rtnpro at gmail.com> - 3.1-1
- Bump to version 3.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1007354 - Please update this package ASAP
https://bugzilla.redhat.com/show_bug.cgi?id=1007354
--------------------------------------------------------------------------------
================================================================================
rubygem-goocanvas-2.0.2-2.fc20 (FEDORA-2013-20521)
Ruby binding of GooCanvas
--------------------------------------------------------------------------------
Update Information:
Add some license file
Rebase to ruby-gnome2 2.0.x suite
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 1 2013 Mamoru TASAKA <mtasaka at fedoraproject.org> - 2.0.2-2
- Include license file
* Mon Oct 28 2013 Mamoru TASAKA <mtasaka at fedoraproject.org> - 2.0.2-1
- 2.0.2
--------------------------------------------------------------------------------
================================================================================
rubygem-goocanvas1-1.2.6-2.fc20 (FEDORA-2013-20515)
Ruby binding of GooCanvas
--------------------------------------------------------------------------------
Update Information:
Introduce rubygem-goocanvas1 package, which uses goocanvas 1 and gtk2, as current rubygem-goocanvas uses goocanvas 2 and gtk3.
Patch against alexandria so that alexandria uses rubygem-goocanvas1 even if rubygem-goocanvas is also installed.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1024931 - Alexandria can't start
https://bugzilla.redhat.com/show_bug.cgi?id=1024931
--------------------------------------------------------------------------------
================================================================================
rubygem-opengl-0.8.0-2.fc20 (FEDORA-2013-20530)
An OpenGL wrapper for Ruby
--------------------------------------------------------------------------------
Update Information:
Introducing new package rubygem-opengl.
Now new rubygem-ruby-opengl uses rubygem-opengl.
--------------------------------------------------------------------------------
================================================================================
rubygem-riddle-1.5.9-1.fc20 (FEDORA-2013-20523)
An API for Sphinx, written in and for Ruby
--------------------------------------------------------------------------------
Update Information:
New package. A Ruby API and configuration helper for the Sphinx search service.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1025100 - Review Request: rubygem-riddle - An API for Sphinx, written in and for Ruby
https://bugzilla.redhat.com/show_bug.cgi?id=1025100
--------------------------------------------------------------------------------
================================================================================
rubygem-ruby-opengl-0.61.0-1.fc20 (FEDORA-2013-20530)
OpenGL Interface for Ruby
--------------------------------------------------------------------------------
Update Information:
Introducing new package rubygem-opengl.
Now new rubygem-ruby-opengl uses rubygem-opengl.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 1 2013 Mamoru TASAKA <mtasaka at fedoraproject.org> - 0.61.0-1
- 0.61.0
* Fri Nov 1 2013 Mamoru TASAKA <mtasaka at fedoraproject.org> - 0.60.1-14
- Remove files with unclear licenses
--------------------------------------------------------------------------------
================================================================================
spin-kickstarts-0.20.20-1.fc20 (FEDORA-2013-20527)
Kickstart files and templates for creating your own Fedora Spins
--------------------------------------------------------------------------------
Update Information:
This should be very close to what gets used for beta compose.
Get an up to date version for beta.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 2 2013 <bruno at wolff.to> - 0.20.20-1
- Get a relatively current build for beta
* Tue Oct 8 2013 <bruno at wolff.to> - 0.20.19-1
- Get a relatively current build for beta
--------------------------------------------------------------------------------
================================================================================
wireshark-1.10.3-1.fc20 (FEDORA-2013-20518)
Network traffic analyzer
--------------------------------------------------------------------------------
Update Information:
* Ver. 1.10.3
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 2 2013 Peter Lemenkov <lemenkov at gmail.com> - 1.10.3-1
- Ver. 1.10.3
- Dropped upsteamed patch no. 13
--------------------------------------------------------------------------------
================================================================================
xen-4.3.1-1.fc20 (FEDORA-2013-20517)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
update to xen-4.3.1,
Lock order reversal between page allocation and grant table lock
ocaml xenstored mishandles oversized message replies
systemd changes to allow oxenstored to be used instead of xenstored
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 1 2013 Michael Young <m.a.young at durham.ac.uk> - 4.3.1-1
- update to xen-4.3.1
- Lock order reversal between page allocation and grant table locks
[XSA-73, CVE-2013-4494]
* Tue Oct 29 2013 Michael Young <m.a.young at durham.ac.uk> - 4.3.0-10
- ocaml xenstored mishandles oversized message replies
[XSA-72, CVE-2013-4416] (#1024450)
* Thu Oct 24 2013 Michael Young <m.a.young at durham.ac.uk> - 4.3.0-9
- systemd changes to allow oxenstored to be used instead of xenstored (#1022640)
* Thu Oct 10 2013 Michael Young <m.a.young at durham.ac.uk> - 4.3.0-8
- security fixes (#1017843)
Information leak through outs instruction emulation in 64-bit PV guests
[XSA-67, CVE-2013-4368]
possible null dereference when parsing vif ratelimiting info
[XSA-68, CVE-2013-4369]
misplaced free in ocaml xc_vcpu_getaffinity stub
[XSA-69, CVE-2013-4370]
use-after-free in libxl_list_cpupool under memory pressure
[XSA-70, CVE-2013-4371]
qemu disk backend (qdisk) resource leak (Fedora doesn't build this qemu)
[XSA-71, CVE-2013-4375]
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1017875 - CVE-2013-4416 xen: ocaml xenstored mishandles oversized message replies (XSA-72)
https://bugzilla.redhat.com/show_bug.cgi?id=1017875
--------------------------------------------------------------------------------
================================================================================
xorg-x11-drv-ati-7.2.0-3.20131101git3b38701.fc20 (FEDORA-2013-20513)
Xorg X11 ati video driver
--------------------------------------------------------------------------------
Update Information:
Fix radeonsi gnome-shell rendering and other fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 1 2013 Jerome Glisse <jglisse at redhat.com> - 7.2.0-3
- Update to lastest upstream git snapshot
* Fri Oct 25 2013 Jerome Glisse <jglisse at redhat.com> - 7.2.0-2
- Fix gnome-shell rendering issue with radeonsi
* Fri Oct 25 2013 Adam Jackson <ajax at redhat.com> - 7.2.0-1
- ABI rebuild
* Thu Aug 29 2013 Dave Airlie <airlied at redhat.com> 7.2.0-0
- update to latest upstream release 7.2.0
--------------------------------------------------------------------------------
More information about the test
mailing list