Fedora 21 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Tue Aug 4 05:26:27 UTC 2015
The following Fedora 21 Security updates need testing:
Age URL
185 https://admin.fedoraproject.org/updates/FEDORA-2015-1467/openstack-glance-2014.1.3-4.fc21
75 https://admin.fedoraproject.org/updates/FEDORA-2015-8168/cabal-install-1.16.1.0-1.fc21,haskell-platform-2013.2.0.0-39.fc21
65 https://admin.fedoraproject.org/updates/FEDORA-2015-9090/fossil-1.33-1.fc21
65 https://admin.fedoraproject.org/updates/FEDORA-2015-9141/ceph-deploy-1.5.25-1.fc21
54 https://admin.fedoraproject.org/updates/FEDORA-2015-5247/strongswan-5.3.2-1.fc21
54 https://admin.fedoraproject.org/updates/FEDORA-2015-9744/squid-3.4.13-1.fc21
44 https://admin.fedoraproject.org/updates/FEDORA-2015-10175/opensaml-java-openws-1.5.5-2.fc21,opensaml-java-2.5.3-9.fc21
44 https://admin.fedoraproject.org/updates/FEDORA-2015-10301/389-ds-base-1.3.3.12-1.fc21
21 https://admin.fedoraproject.org/updates/FEDORA-2015-11368/nx-libs-3.5.0.32-1.fc21
6 https://admin.fedoraproject.org/updates/FEDORA-2015-12032/uwsgi-2.0.11.1-1.fc21
6 https://admin.fedoraproject.org/updates/FEDORA-2015-11995/bzr-2.6.0-7.fc21
6 https://admin.fedoraproject.org/updates/FEDORA-2015-12028/drupal6-cck-2.10-1.fc21
6 https://admin.fedoraproject.org/updates/FEDORA-2015-12012/openssh-6.6.1p1-14.fc21
6 https://admin.fedoraproject.org/updates/FEDORA-2015-12010/mantis-1.2.19-3.fc21
5 https://admin.fedoraproject.org/updates/FEDORA-2015-12250/lighttpd-1.4.36-1.fc21
5 https://admin.fedoraproject.org/updates/FEDORA-2015-12148/wordpress-4.2.3-1.fc21
3 https://admin.fedoraproject.org/updates/FEDORA-2015-12406/xfsprogs-3.2.2-2.fc21
3 https://admin.fedoraproject.org/updates/FEDORA-2015-12570/community-mysql-5.6.26-1.fc21
1 https://admin.fedoraproject.org/updates/FEDORA-2015-12645/lxc-1.0.7-2.fc21
0 https://admin.fedoraproject.org/updates/FEDORA-2015-12716/devscripts-2.15.8-1.fc21
0 https://admin.fedoraproject.org/updates/FEDORA-2015-12703/nbd-3.11-1.fc21
0 https://admin.fedoraproject.org/updates/FEDORA-2015-12714/xen-4.4.2-9.fc21
The following Fedora 21 Critical Path updates have yet to be approved:
Age URL
6 https://admin.fedoraproject.org/updates/FEDORA-2015-12049/selinux-policy-3.13.1-105.20.fc21
5 https://admin.fedoraproject.org/updates/FEDORA-2015-12277/libfm-1.2.3-12.D20150713gitf47c9ae7ae.fc21
3 https://admin.fedoraproject.org/updates/FEDORA-2015-12402/gstreamer1-plugins-good-1.4.5-3.fc21
0 https://admin.fedoraproject.org/updates/FEDORA-2015-12715/libidn-1.32-1.fc21
0 https://admin.fedoraproject.org/updates/FEDORA-2015-12708/bash-4.3.39-6.fc21
The following builds have been pushed to Fedora 21 updates-testing
antimicro-2.17-1.fc21
armadillo-5.300.4-1.fc21
bash-4.3.39-6.fc21
devscripts-2.15.8-1.fc21
globus-gass-cache-9.7-1.fc21
globus-gram-job-manager-14.27-1.fc21
globus-proxy-utils-6.13-1.fc21
globus-simple-ca-4.22-1.fc21
gnome-software-3.14.7-1.fc21
libidn-1.32-1.fc21
mintmenu-5.6.4-1.fc21
nbd-3.11-1.fc21
perl-Syntax-Highlight-Engine-Kate-0.10-1.fc21
perl-threads-lite-0.034-2.fc21
php-phpunit-PHP-CodeCoverage-2.2.1-1.fc21
php-phpunit-environment-1.3.2-1.fc21
publicsuffix-list-20150731-1.fc21
rebase-helper-0.6.0-1.fc21
xen-4.4.2-9.fc21
Details about builds:
================================================================================
antimicro-2.17-1.fc21 (FEDORA-2015-12698)
Graphical program used to map keyboard buttons and mouse controls to a gamepad
--------------------------------------------------------------------------------
Update Information:
new upstream release v2.17 (#1249393)
new upstream release v2.16 (#1246074)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 2 2015 Jeff Backus <jeff.backus at gmail.com> - 2.17-1
- new upstream release v2.17 (#1249393)
* Fri Jul 24 2015 Jeff Backus <jeff.backus at gmail.com> - 2.16-1
- new upstream release v2.16 (#1246074)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1249393 - antimicro-2.17 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1249393
[ 2 ] Bug #1246074 - antimicro-2.16 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1246074
--------------------------------------------------------------------------------
================================================================================
armadillo-5.300.4-1.fc21 (FEDORA-2015-12710)
Fast C++ matrix library with interfaces to LAPACK and ATLAS
--------------------------------------------------------------------------------
Update Information:
Version 5.300.4 (Plutocracy Incorporated)
* added generalised Schur decomposition: qz()
* added .has_inf() and .has_nan()
* expanded interp1() to handle out-of-domain locations
* expanded sparse matrix class with .set_imag() and .set_real()
* expanded imag(), real() and conj() to handle sparse matrices
* expanded diagmat(), reshape() and resize() to handle sparse matrices
* faster sparse sum()
* faster row-wise sum(), mean(), min(), max()
* updated physical constants to NIST 2014 CODATA values
* fixes for handling sparse submatrix views
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 José Matos <jamatos at fedoraproject.org> - 5.300.4-1
- update to 5.300.4
- add %license tag
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1249612 - armadillo-5.300.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1249612
--------------------------------------------------------------------------------
================================================================================
bash-4.3.39-6.fc21 (FEDORA-2015-12708)
The GNU Bourne Again shell
--------------------------------------------------------------------------------
Update Information:
Ancient memory leak came up again, fix taken from upstream's devel branch.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Ondrej Oprala - 4.3.39-6
- #1245233 - fixed memleak
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1245233 - bash script shows memory leak
https://bugzilla.redhat.com/show_bug.cgi?id=1245233
--------------------------------------------------------------------------------
================================================================================
devscripts-2.15.8-1.fc21 (FEDORA-2015-12716)
Scripts for Debian Package maintainers
--------------------------------------------------------------------------------
Update Information:
Update to version 2.15.8, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.8_changelog for details. Fixes CVE-2015-5705.
Update to version 2.15.7, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.7_changelog for details.
This update fixes licensecheck refusing to parse some text files such as C++ source files.
Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.
Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.
This update fixes licensecheck refusing to parse some text files such as C++ source files.
Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.
Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.
Update to version 2.15.7, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.7_changelog for details.
This update fixes licensecheck refusing to parse some text files such as C++ source files.
Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.
Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.
This update fixes licensecheck refusing to parse some text files such as C++ source files.
Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.
Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Sandro Mani <manisandro at gmail.com> - 2.15.8-1
- Update to 2.15.8
* Sat Aug 1 2015 Sandro Mani <manisandro at gmail.com> - 2.15.7-1
- Update to 2.15.7
* Sat Aug 1 2015 Sandro Mani <manisandro at gmail.com> - 2.15.6-2
- Fix licensecheck incorrectly detecting mime strings such as text/x-c++ as a binary file (#1249227)
* Wed Jul 29 2015 Sandro Mani <manisandro at gmail.com> - 2.15.6-1
- Update to 2.15.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1249635 - CVE-2015-5704 devscripts: arbitrary shell command injection
https://bugzilla.redhat.com/show_bug.cgi?id=1249635
[ 2 ] Bug #1249645 - CVE-2015-5705 devscripts: argument injection vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1249645
--------------------------------------------------------------------------------
================================================================================
globus-gass-cache-9.7-1.fc21 (FEDORA-2015-12718)
Globus Toolkit - Globus Gass Cache
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* globus-gass-cache 9.7
* globus-gram-job-manager 14.27
* globus-proxy-utils 6.13
* globus-simple-ca 4.22
Fixed issues:
* https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for globus-simple-ca
* https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling causes crash
* https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager cause crash
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 9.7-1
- GT6 update: GT-618: GASS Cache error mishandling causes crash
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 9.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
globus-gram-job-manager-14.27-1.fc21 (FEDORA-2015-12718)
Globus Toolkit - GRAM Jobmanager
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* globus-gass-cache 9.7
* globus-gram-job-manager 14.27
* globus-proxy-utils 6.13
* globus-simple-ca 4.22
Fixed issues:
* https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for globus-simple-ca
* https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling causes crash
* https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager cause crash
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 14.27-1
- GT6 update: GT-619: Uninitialized data in job manager cause crash
--------------------------------------------------------------------------------
================================================================================
globus-proxy-utils-6.13-1.fc21 (FEDORA-2015-12718)
Globus Toolkit - Globus GSI Proxy Utility Programs
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* globus-gass-cache 9.7
* globus-gram-job-manager 14.27
* globus-proxy-utils 6.13
* globus-simple-ca 4.22
Fixed issues:
* https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for globus-simple-ca
* https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling causes crash
* https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager cause crash
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.13-1
- GT6 update: Add explicit name comparison mode selection option
--------------------------------------------------------------------------------
================================================================================
globus-simple-ca-4.22-1.fc21 (FEDORA-2015-12718)
Globus Toolkit - Simple CA Utility
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* globus-gass-cache 9.7
* globus-gram-job-manager 14.27
* globus-proxy-utils 6.13
* globus-simple-ca 4.22
Fixed issues:
* https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for globus-simple-ca
* https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling causes crash
* https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager cause crash
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 4.22-1
- GT6 update: Use 4096-bit RSA key for globus-simple-ca
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.20-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
gnome-software-3.14.7-1.fc21 (FEDORA-2015-12695)
A software center for GNOME
--------------------------------------------------------------------------------
Update Information:
gnome-software 3.14.7 release.
* Show installation progress when installing apps
* Make sure apps that aren't installable are properly hidden in the category view
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Kalev Lember <klember at redhat.com> - 3.14.7-1
- Update to 3.14.7
--------------------------------------------------------------------------------
================================================================================
libidn-1.32-1.fc21 (FEDORA-2015-12715)
Internationalized Domain Name support library
--------------------------------------------------------------------------------
Update Information:
This update fixes a crash with malformed UTF-8.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Miroslav Lichvar <mlichvar at redhat.com> - 1.32-1.fc21
- update to 1.32
--------------------------------------------------------------------------------
================================================================================
mintmenu-5.6.4-1.fc21 (FEDORA-2015-12704)
Advanced Menu for the MATE Desktop
--------------------------------------------------------------------------------
Update Information:
- update to 5.6.4 release
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 2 2015 Wolfgang Ulbrich <chat-to-me at raveit.de> - 5.6.4-1
- update to 5.6.4 release
- adjust mintmenu_datadir.patch
- adjust mintmenu_run-as-superuser.patch
- install %{_datadir}/linuxmint/mintMenu/search_engines
- adjust icon cache scriptlets
- adjust panel icon
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 5.6.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
nbd-3.11-1.fc21 (FEDORA-2015-12703)
Network Block Device user-space tools (TCP version)
--------------------------------------------------------------------------------
Update Information:
* Fix unsafe signal handlers to avoid DoS attack [CVE-2015-0847].
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 11 2015 Christopher Meng <rpm at cicku.me> - 3.11-1
- Update to 3.11
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1222027 - CVE-2015-0847 nbd: nbd-server denial of service due to unsafe signal handlers
https://bugzilla.redhat.com/show_bug.cgi?id=1222027
--------------------------------------------------------------------------------
================================================================================
perl-Syntax-Highlight-Engine-Kate-0.10-1.fc21 (FEDORA-2015-12705)
Port to Perl of the syntax highlight engine of the Kate text editor
--------------------------------------------------------------------------------
Update Information:
This release improves documentation.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Petr Pisar <ppisar at redhat.com> - 0.10-1
- 0.10 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1249360 - perl-Syntax-Highlight-Engine-Kate-0.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1249360
--------------------------------------------------------------------------------
================================================================================
perl-threads-lite-0.034-2.fc21 (FEDORA-2015-12717)
Actor model threading for Perl
--------------------------------------------------------------------------------
Update Information:
Disable tests on AArch64 platform as a workaround for relesed Fedoras.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Petr Pisar <ppisar at redhat.com> - 0.034-2
- Disable checks on aarch64 (bug #719874)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #719874 - perl-threads-lite keeps hanging during self checks
https://bugzilla.redhat.com/show_bug.cgi?id=719874
--------------------------------------------------------------------------------
================================================================================
php-phpunit-PHP-CodeCoverage-2.2.1-1.fc21 (FEDORA-2015-12269)
PHP code coverage information
--------------------------------------------------------------------------------
Update Information:
**php-code-coverage 2.2.1** - 2015-08-02
* Bumped required version of sebastian/environment to 1.3.1 for #365
**php-code-coverage 2.2.0** - 2015-08-01
* Added a driver for PHPDBG (requires PHP 7)
* Added PHP_CodeCoverage::setDisableIgnoredLines() to disable the ignoring of lines using annotations such as @codeCoverageIgnore
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 2 2015 Remi Collet <remi at fedoraproject.org> - 2.2.1-1
- update to 2.2.1 (no change)
- raise dependency on sebastian/environment ~1.3.1
--------------------------------------------------------------------------------
================================================================================
php-phpunit-environment-1.3.2-1.fc21 (FEDORA-2015-12269)
Handle HHVM/PHP environments
--------------------------------------------------------------------------------
Update Information:
**php-code-coverage 2.2.1** - 2015-08-02
* Bumped required version of sebastian/environment to 1.3.1 for #365
**php-code-coverage 2.2.0** - 2015-08-01
* Added a driver for PHPDBG (requires PHP 7)
* Added PHP_CodeCoverage::setDisableIgnoredLines() to disable the ignoring of lines using annotations such as @codeCoverageIgnore
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Remi Collet <remi at fedoraproject.org> - 1.3.2-1
- update to 1.3.2
* Sun Jul 26 2015 Remi Collet <remi at fedoraproject.org> - 1.3.0-1
- update to 1.3.0
--------------------------------------------------------------------------------
================================================================================
publicsuffix-list-20150731-1.fc21 (FEDORA-2015-12706)
Cross-vendor public domain suffix database
--------------------------------------------------------------------------------
Update Information:
The latest revision - 20150731
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 3 2015 Yanko Kaneti <yaneti at declera.com> - 20150731-1
- The latest revision - 20150731
- Move to the new upstream filename. Install a compat symlink for now
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 20150506-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rebase-helper-0.6.0-1.fc21 (FEDORA-2015-12711)
The tool which helps you with rebase package
--------------------------------------------------------------------------------
Update Information:
New upstream version 0.6.0 (#1249518)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 31 2015 Petr Hracek <phracek at redhat.com> - 0.6.0-1
- New upstream version 0.6.0 (#1249518)
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.5.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1249518 - rebase-helper-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1249518
--------------------------------------------------------------------------------
================================================================================
xen-4.4.2-9.fc21 (FEDORA-2015-12714)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
QEMU heap overflow flaw while processing certain ATAPI commands.
[XSA-138, CVE-2015-5154] (#1247142)
rebuild efi grub.cfg if it is present (#1239309),
add gcc5 build fixes, one needed for the following patch,
modify gnutls use in line with Fedora's crypto policies (#117935)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 2 2015 Michael Young <m.a.young at durham.ac.uk> - 4.4.2-9
- QEMU heap overflow flaw while processing certain ATAPI commands.
[XSA-138, CVE-2015-5154] (#1247142)
* Sat Jul 25 2015 Michael Young <m.a.young at durham.ac.uk> - 4.4.2-8
- rebuild efi grub.cfg if it is present (#1239309)
- add gcc5 build fixes from F22+ package, one needed for the following patch
- modify gnutls use in line with Fedora's crypto policies (#1179352)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1243563 - CVE-2015-5154 qemu: ide: atapi: heap overflow during I/O buffer memory access
https://bugzilla.redhat.com/show_bug.cgi?id=1243563
--------------------------------------------------------------------------------
More information about the test
mailing list