Fedora 20 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Wed Feb 18 05:57:02 UTC 2015
The following Fedora 20 Security updates need testing:
Age URL
138 https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20
90 https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionpack-4.0.0-5.fc20
66 https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.fc20
66 https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.2-1.fc20
61 https://admin.fedoraproject.org/updates/FEDORA-2014-17153/httpd-2.4.10-2.fc20
58 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20
55 https://admin.fedoraproject.org/updates/FEDORA-2014-17559/mapserver-6.2.2-1.fc20
52 https://admin.fedoraproject.org/updates/FEDORA-2014-17641/dokuwiki-0-0.23.20140929b.fc20
36 https://admin.fedoraproject.org/updates/FEDORA-2015-0577/strongswan-5.2.2-1.fc20
34 https://admin.fedoraproject.org/updates/FEDORA-2015-0633/chicken-4.9.0.1-3.fc20
32 https://admin.fedoraproject.org/updates/FEDORA-2015-0773/arc-5.21p-5.fc20
28 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.35.rc3.fc20
27 https://admin.fedoraproject.org/updates/FEDORA-2015-1007/dump-0.4-0.24.b44.fc20
15 https://admin.fedoraproject.org/updates/FEDORA-2015-1165/patch-2.7.4-1.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-1648/lcms-1.19-13.fc20
11 https://admin.fedoraproject.org/updates/FEDORA-2015-1790/fcgi-2.4.0-26.fc20
9 https://admin.fedoraproject.org/updates/FEDORA-2015-1871/qpid-cpp-0.30-8.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2015-1993/unzip-6.0-17.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2015-2060/dbus-1.6.30-1.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2015-1936/drupal6-views-2.18-1.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2015-2104/drupal7-views-3.10-1.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2015-2090/apache-poi-3.10.1-2.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-2216/freetype-2.5.0-9.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-2134/librsvg2-2.40.7-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-2152/cups-1.7.5-12.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-2223/libhtp-0.5.6-3.fc20
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
28 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.35.rc3.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-1635/highlight-3.21-1.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-1648/lcms-1.19-13.fc20
11 https://admin.fedoraproject.org/updates/FEDORA-2015-1822/libbluray-0.7.0-1.fc20
9 https://admin.fedoraproject.org/updates/FEDORA-2015-1846/libdvdread-5.0.2-1.fc20,libdvdnav-5.0.3-1.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-1901/ibus-1.5.9-10.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2015-2034/perl-5.18.4-292.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2015-2046/linux-firmware-20150213-43.git17657c35.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2015-1998/perl-Socket-2.018-1.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2015-1993/unzip-6.0-17.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2015-2060/dbus-1.6.30-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-2216/freetype-2.5.0-9.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-2134/librsvg2-2.40.7-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-2152/cups-1.7.5-12.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-2191/abrt-2.2.2-2.fc20,libreport-2.2.3-3.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-2121/perl-Pod-Usage-1.65-1.fc20
The following builds have been pushed to Fedora 20 updates-testing
bugwarrior-1.1.1-1.fc20
freetype-2.5.0-9.fc20
globus-ftp-client-8.19-1.fc20
globus-xio-5.7-1.fc20
haproxy-1.5.11-3.fc20
ldns-1.6.17-9.fc20
libhtp-0.5.6-3.fc20
profile-sync-daemon-5.68-1.fc20
python-taskw-1.0.3-1.fc20
reposurgeon-3.19-1.fc20
task-2.4.1-1.fc20
tellico-2.3.10-1.fc20
Details about builds:
================================================================================
bugwarrior-1.1.1-1.fc20 (FEDORA-2015-2215)
Sync github, bitbucket, and trac issues with taskwarrior
--------------------------------------------------------------------------------
Update Information:
Typofixes.
Compatibility with task-2.4.1.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 17 2015 Ralph Bean <rbean at redhat.com> - 1.1.1-1
- new version
* Tue Feb 17 2015 Ralph Bean <rbean at redhat.com> - 1.1.0-1
- new version
- new bugwarrior-uda command
--------------------------------------------------------------------------------
================================================================================
freetype-2.5.0-9.fc20 (FEDORA-2015-2216)
A free and portable font rendering engine
--------------------------------------------------------------------------------
Update Information:
This update fixes several security issues.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 17 2015 Marek Kasik <mkasik at redhat.com> - 2.5.0-9
- Fixes CVE-2014-9656
- Check `p' before `num_glyphs'.
- Fixes CVE-2014-9657
- Check minimum size of `record_size'.
- Fixes CVE-2014-9658
- Use correct value for minimum table length test.
- Fixes CVE-2014-9675
- New macro that checks one character more than `strncmp'.
- Fixes CVE-2014-9660
- Check `_BDF_GLYPH_BITS'.
- Fixes CVE-2014-9661
- Initialize `face->ttf_size'.
- Always set `face->ttf_size' directly.
- Exclusively use the `truetype' font driver for loading
the font contained in the `sfnts' array.
- Fixes CVE-2014-9662
- Handle return values of point allocation routines.
- Fixes CVE-2014-9663
- Fix order of validity tests.
- Fixes CVE-2014-9664
- Add another boundary testing.
- Fix boundary testing.
- Fixes CVE-2014-9666
- Protect against addition and multiplication overflow.
- Fixes CVE-2014-9667
- Protect against addition overflow.
- Fixes CVE-2014-9669
- Protect against overflow in additions and multiplications.
- Fixes CVE-2014-9670
- Add sanity checks for row and column values.
- Fixes CVE-2014-9671
- Check `size' and `offset' values.
- Fixes CVE-2014-9672
- Prevent a buffer overrun caused by a font including too many (> 63)
strings to store names[] table.
- Fixes CVE-2014-9673
- Fix integer overflow by a broken POST table in resource-fork.
- Fixes CVE-2014-9674
- Fix integer overflow by a broken POST table in resource-fork.
- Additional overflow check in the summation of POST fragment lengths.
- Resolves: #1191099, #1191191, #1191193
* Wed Dec 17 2014 Marek Kasik <mkasik at redhat.com> - 2.5.0-8
- Fix of URL of the bug #1172634
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1191192 - CVE-2014-9675 freetype: bypass the ASLR protection mechanism via a crafted BDF font
https://bugzilla.redhat.com/show_bug.cgi?id=1191192
[ 2 ] Bug #1191078 - CVE-2014-9656 freetype: integer overflow in the tt_sbit_decoder_load_image function in sfnt/ttsbit.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191078
[ 3 ] Bug #1191079 - CVE-2014-9657 freetype: DoS in the tt_face_load_hdmx function in truetype/ttpload.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191079
[ 4 ] Bug #1191080 - CVE-2014-9658 freetype: DoS in the tt_face_load_kern function in sfnt/ttkern.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191080
[ 5 ] Bug #1191081 - CVE-2014-9659 freetype: stack-based buffer overflow in cff/cf2intrp.c in the CFF CharString interpreter
https://bugzilla.redhat.com/show_bug.cgi?id=1191081
[ 6 ] Bug #1191082 - CVE-2014-9660 freetype: NULL pointer dereference in the _bdf_parse_glyphs function in bdf/bdflib.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191082
[ 7 ] Bug #1191083 - CVE-2014-9661 freetype: use-after-free in type42/t42parse.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191083
[ 8 ] Bug #1191084 - CVE-2014-9662 freetype: heap-based buffer overflow in cff/cf2ft.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191084
[ 9 ] Bug #1191085 - CVE-2014-9663 freetype: out-of-bounds read in the tt_cmap4_validate function in sfnt/ttcmap.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191085
[ 10 ] Bug #1191086 - CVE-2014-9664 freetype: out-of-bounds read via a crafted Type42 font
https://bugzilla.redhat.com/show_bug.cgi?id=1191086
[ 11 ] Bug #1191087 - CVE-2014-9665 freetype: integer overflow and heap-based buffer overflow in the Load_SBit_Png function in sfnt/pngshim.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191087
[ 12 ] Bug #1191089 - CVE-2014-9666 freetype: integer overflow and out-of-bounds read in the tt_sbit_decoder_init function in sfnt/ttsbit.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191089
[ 13 ] Bug #1191090 - CVE-2014-9667 freetype: integer overflow and out-of-bounds read in sfnt/ttload.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191090
[ 14 ] Bug #1191091 - CVE-2014-9668 freetype: integer overflow and heap-based buffer overflow in the woff_open_font function in sfnt/sfobjs.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191091
[ 15 ] Bug #1191092 - CVE-2014-9669 freetype: Multiple integer overflows in sfnt/ttcmap.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191092
[ 16 ] Bug #1191093 - CVE-2014-9670 freetype: Multiple integer signedness errors in the pcf_get_encodings function inpcf/pcfread.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191093
[ 17 ] Bug #1191190 - CVE-2014-9674 freetype: integer overflow and heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c
https://bugzilla.redhat.com/show_bug.cgi?id=1191190
--------------------------------------------------------------------------------
================================================================================
globus-ftp-client-8.19-1.fc20 (FEDORA-2015-2218)
Globus Toolkit - GridFTP Client Library
--------------------------------------------------------------------------------
Update Information:
Fix for GGUS 105158 and 109576.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 17 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 8.19-1
- GT6 update (GGUS 105158 and 109576)
--------------------------------------------------------------------------------
================================================================================
globus-xio-5.7-1.fc20 (FEDORA-2015-2218)
Globus Toolkit - Globus XIO Framework
--------------------------------------------------------------------------------
Update Information:
Fix for GGUS 105158 and 109576.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 17 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.7-1
- GT6 update (Prefer IPv6 address)
--------------------------------------------------------------------------------
================================================================================
haproxy-1.5.11-3.fc20 (FEDORA-2015-2236)
HAProxy reverse proxy for high availability environments
--------------------------------------------------------------------------------
Update Information:
- Add sysconfig file to allow for setting extra options/
- Add tcp-ut bind option to set TCP_USER_TIMEOUT
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 11 2015 Ryan O'Hara <rohara at redhat.com> - 1.5.11-3
- Add sysconfig file
* Tue Feb 10 2015 Ryan O'Hara <rohara at redhat.com> - 1.5.11-2
- Add tcp-ut bind option to set TCP_USER_TIMEOUT (#1190783)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1188029 - haproxy-1.5.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1188029
--------------------------------------------------------------------------------
================================================================================
ldns-1.6.17-9.fc20 (FEDORA-2015-2227)
Low-level DNS(SEC) library with API
--------------------------------------------------------------------------------
Update Information:
Fix ldns-config
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 16 2015 Paul Wouters <pwouters at redhat.com> - 1.6.17-9
- bump evr
* Tue Sep 30 2014 Paul Wouters <pwouters at redhat.com> - 1.6.17-8
- Fix ldns-config (rhbz#1147972) [Florian Lehner]
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1147972 - ldns-config is broken because of syntax errors
https://bugzilla.redhat.com/show_bug.cgi?id=1147972
--------------------------------------------------------------------------------
================================================================================
libhtp-0.5.6-3.fc20 (FEDORA-2015-2223)
Security-aware parser for the HTTP protocol and the related bits and pieces
--------------------------------------------------------------------------------
Update Information:
Backport an upstream patch to fix a security issue.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 17 2015 Mathieu Bridon <bochecha at daitauha.fr> - 0.5.6-3
- Backport an upstream patch to fix a security issue
https://bugzilla.redhat.com/show_bug.cgi?id=1190866
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1190864 - libhtp: denial of service under memory stress
https://bugzilla.redhat.com/show_bug.cgi?id=1190864
--------------------------------------------------------------------------------
================================================================================
profile-sync-daemon-5.68-1.fc20 (FEDORA-2015-2226)
Offload browser profiles to RAM for speed a wear reduction
--------------------------------------------------------------------------------
Update Information:
Update to 5.68
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 17 2015 Christopher Meng <rpm at cicku.me> - 5.68-1
- Update to 5.68
--------------------------------------------------------------------------------
================================================================================
python-taskw-1.0.3-1.fc20 (FEDORA-2015-2212)
Python bindings for your taskwarrior database
--------------------------------------------------------------------------------
Update Information:
Convert .is: filters to == so url matching works.
Better support for multiple taskwarrior versions.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 17 2015 Ralph Bean <rbean at redhat.com> - 1.0.3-1
- new version
* Wed Feb 11 2015 Ralph Bean <rbean at redhat.com> - 1.0.2-1
- new version
* Wed Feb 11 2015 Ralph Bean <rbean at redhat.com> - 1.0.0-1
- new version
--------------------------------------------------------------------------------
================================================================================
reposurgeon-3.19-1.fc20 (FEDORA-2015-2235)
SCM Repository Manipulation Tool
--------------------------------------------------------------------------------
Update Information:
== 3.19 ==
* Minor bugfix for handling of indexed action stamps.
== 3.18 ==
* The graft command now has a --prune option like unite.
== 3.17 ==
* Export support for SRC and RCS.
* Bug fix for automated preservation under hg.
* Bug fix for reparenting and checkout of commits with inline data.
== 3.16 ==
* Import support for SRC.
== 3.15 ==
* New 'add' command to insert new fileops in commits.
== 3.14 ==
* Assignments are preserved across squashes (including deletions).
* Name lookups are, after the first one, significantly faster.
== 3.13 ==
* Read/write support for the Fossil system.
* Fixes for timezone handling.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 22 2015 Christopher Meng <rpm at cicku.me> - 3.19-1
- Update to 3.19
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166407 - reposurgeon-3.19 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1166407
--------------------------------------------------------------------------------
================================================================================
task-2.4.1-1.fc20 (FEDORA-2015-2232)
A command-line to do list manager
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
Move shell completion pieces to the right places.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 15 2015 Ralph Bean <rbean at redhat.com> - 2.4.1-1
- Latest upstream.
- Removed obsoleted task-faq and task-tutorial man pages.
- Use CMAKE_BUILD_TYPE=release for a faster binary (at upstream's request).
* Mon Feb 9 2015 Ralph Bean <rbean at redhat.com> - 2.3.0-3
- Move shell completion pieces to the right place.
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.3.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1190545 - zsh completion not installed properly
https://bugzilla.redhat.com/show_bug.cgi?id=1190545
--------------------------------------------------------------------------------
================================================================================
tellico-2.3.10-1.fc20 (FEDORA-2015-2229)
A collection manager
--------------------------------------------------------------------------------
Update Information:
Update to latest stable release:
* Updated Discogs fetcher to new API (Bug kde#342827).
* Updated Moviemeter fetcher to new API.
* Added filter rules for Greater than and Less than numbers.
* Updated BoardGameGeek fetcher to new API.
* Added capability to import a BoardGameGeek collection.
* Added a data source for Mathematical Reviews.
* Fixed crashing bug with some ISBNdb results (Bug kde#339063).
* Updated Producer results for IMDb and TheMovieDB fetchers (Bug kde#336765).
* Fixed bug with Allocine API search using punctuation (Bug kde#337432).
* Fixed bug with importing Goodreads collection.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 17 2015 José Matos <jamatos at fedoraproject.org> - 2.3.10-1
- update to 2.3.10
- x-tellico.desktop is gone
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1193435 - tellico-2.3.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1193435
--------------------------------------------------------------------------------
More information about the test
mailing list