Fedora 20 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Fri Jan 9 11:56:13 UTC 2015
The following Fedora 20 Security updates need testing:
Age URL
98 https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20
50 https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionpack-4.0.0-5.fc20
49 https://admin.fedoraproject.org/updates/FEDORA-2014-15489/rubygem-sprockets-2.8.2-5.fc20
28 https://admin.fedoraproject.org/updates/FEDORA-2014-16494/mutt-1.5.23-4.fc20
27 https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.fc20
27 https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.2-1.fc20
27 https://admin.fedoraproject.org/updates/FEDORA-2014-16932/libhtp-0.5.6-2.fc20
22 https://admin.fedoraproject.org/updates/FEDORA-2014-17153/httpd-2.4.10-2.fc20
20 https://admin.fedoraproject.org/updates/FEDORA-2014-17272/ca-certificates-2014.2.2-1.0.fc20
18 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20
15 https://admin.fedoraproject.org/updates/FEDORA-2014-17559/mapserver-6.2.2-1.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2014-17641/dokuwiki-0-0.23.20140929b.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-0072/drupal6-flag-2.1-3.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2015-0259/owasp-esapi-java-2.1.0-2.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2015-0345/xen-4.3.3-9.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-0451/docker-io-1.4.1-4.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-0418/curl-7.32.0-18.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-0471/cross-binutils-2.25-3.fc20
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
8 https://admin.fedoraproject.org/updates/FEDORA-2014-17748/kdelibs-4.14.3-8.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-0082/btrfs-progs-3.18-1.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-0086/perl-Filter-1.53-1.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2015-0220/xorg-x11-drv-synaptics-1.7.7-2.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-0422/samba-4.1.14-2.fc20
The following builds have been pushed to Fedora 20 updates-testing
barman-1.3.3-2.fc20
cross-binutils-2.25-3.fc20
docker-io-1.4.1-4.fc20
fence-agents-4.0.14-1.fc20
gnucash-2.6.5-1.fc20
ikiwiki-3.20141016-1.fc20
mate-settings-daemon-1.8.2-2.fc20
python-biopython-1.65-1.fc20
stunnel-5.08-1.fc20
x2goserver-4.0.1.18-5.fc20
xfdesktop-4.10.3-3.fc20
Details about builds:
================================================================================
barman-1.3.3-2.fc20 (FEDORA-2015-0452)
Backup and Recovery Manager for PostgreSQL
--------------------------------------------------------------------------------
Update Information:
Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1132819 - barman-1.3.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1132819
--------------------------------------------------------------------------------
================================================================================
cross-binutils-2.25-3.fc20 (FEDORA-2015-0471)
A GNU collection of cross-compilation binary utilities
--------------------------------------------------------------------------------
Update Information:
Upgrade to binutils-2.25 thus fixing a number of security bugs
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 7 2015 David Howells <dhowells at redhat.com> - 2.25-2
- Fix up the target for SH64 and cease mixing 32-bit SH targets with SH64.
- SH64: Work around flags not getting set on incremental link of .a into .o [binutils bz 17288].
* Mon Jan 5 2015 David Howells <dhowells at redhat.com> - 2.25-1
- Sync with binutils-2.25 to pick up fixes.
Resolves: BZ #1162577, #1162601, #1162611, #1162625
* Thu Nov 13 2014 David Howells <dhowells at redhat.com> - 2.24-7
- Fix problems with the ar program reported in FSF PR 17533.
Resolves: BZ #1162672, #1162659
* Wed Nov 12 2014 David Howells <dhowells at redhat.com> - 2.24-6
- Sync with binutils to pick up fixes.
- Backport binutils 2.4 upstream branch to pick up more fixes.
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.24-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1162577 - CVE-2014-8501 cross-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162577
[ 2 ] Bug #1162601 - CVE-2014-8502 cross-binutils: binutils: heap overflow in objdump [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162601
[ 3 ] Bug #1162611 - CVE-2014-8503 cross-binutils: binutils: stack overflow in objdump when parsing specially crafted ihex file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162611
[ 4 ] Bug #1162625 - CVE-2014-8504 cross-binutils: binutils: stack overflow in the SREC parser [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162625
[ 5 ] Bug #1162659 - cross-binutils: binutils: directory traversal vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162659
[ 6 ] Bug #1162672 - cross-binutils: binutils: out of bounds memory write [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162672
--------------------------------------------------------------------------------
================================================================================
docker-io-1.4.1-4.fc20 (FEDORA-2015-0451)
Automates deployment of containerized applications
--------------------------------------------------------------------------------
Update Information:
allow unitfile to use /etc/sysconfig/docker-network
Security fix for CVE-2014-9357, CVE-2014-9358, CVE-2014-9356
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 8 2015 Lokesh Mandvekar <lsm5 at fedoraproject.org> - 1.4.1-4
- allow unitfile to use /etc/sysconfig/docker-network
- MountFlags private
* Fri Dec 19 2014 Dan Walsh <dwalsh at redhat.com> - 1.4.1-3
- Add check to run unit tests
* Thu Dec 18 2014 Lokesh Mandvekar <lsm5 at fedoraproject.org> - 1.4.1-2
- update and rename logrotate cron script
- install /etc/sysconfig/docker-network
* Wed Dec 17 2014 Lokesh Mandvekar <lsm5 at fedoraproject.org> - 1.4.1-1
- Resolves: rhbz#1175144 - update to upstream v1.4.1
- Resolves: rhbz#1175097, rhbz#1127570 - subpackages
for fish and zsh completion and vim syntax highlighting
- Provide subpackage to run logrotate on running containers as a daily cron
job
* Thu Dec 11 2014 Lokesh Mandvekar <lsm5 at fedoraproject.org> - 1.4.0-2
- update metaprovides
* Thu Dec 11 2014 Lokesh Mandvekar <lsm5 at fedoraproject.org> - 1.4.0-1
- Resolves: rhbz#1173324
- Resolves: rhbz#1172761 - CVE-2014-9356
- Resolves: rhbz#1172782 - CVE-2014-9357
- Resolves: rhbz#1172787 - CVE-2014-9358
- update to upstream v1.4.0
- override DOCKER_CERT_PATH in sysconfig instead of patching the source
- create dockerroot user if doesn't exist prior
- update metaprovides
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1172782 - CVE-2014-9357 docker: Escalation of privileges during decompression of LZMA archives
https://bugzilla.redhat.com/show_bug.cgi?id=1172782
[ 2 ] Bug #1172761 - CVE-2014-9356 docker: Path traversal during processing of absolute symlinks
https://bugzilla.redhat.com/show_bug.cgi?id=1172761
[ 3 ] Bug #1172787 - CVE-2014-9358 docker: Path traversal and spoofing opportunities presented through image identifiers
https://bugzilla.redhat.com/show_bug.cgi?id=1172787
--------------------------------------------------------------------------------
================================================================================
fence-agents-4.0.14-1.fc20 (FEDORA-2015-0475)
Fence Agents for Red Hat Cluster
--------------------------------------------------------------------------------
Update Information:
new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 8 2015 Marek Grac <mgrac at redhat.com> - 4.0.14-1
- new upstream release
- new packages fence-agents-zvm and fence-agents-emerson
--------------------------------------------------------------------------------
================================================================================
gnucash-2.6.5-1.fc20 (FEDORA-2015-0474)
Finance management application
--------------------------------------------------------------------------------
Update Information:
This updates GnuCash to the latest upstream release, 2.6.5, which contains a variety of bugfixes. For more information, see the upstream release notes at http://gnucash.org/#n-141216-2.6.5.news.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 8 2015 Bill Nottingham <notting at splat.cc> - 2.6.5-1
- update to 2.6.5 (#1176892) which fixes guile cache issues (#1151870) and charts (#1157203)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1151870 - gnucash-2.6.4-1.fc20.x86_64 doesn't launch
https://bugzilla.redhat.com/show_bug.cgi?id=1151870
[ 2 ] Bug #1176892 - gnucash-2.6.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1176892
[ 3 ] Bug #1157203 - Bar charts all messed up after latest gnucash update
https://bugzilla.redhat.com/show_bug.cgi?id=1157203
--------------------------------------------------------------------------------
================================================================================
ikiwiki-3.20141016-1.fc20 (FEDORA-2015-0449)
A wiki compiler
--------------------------------------------------------------------------------
Update Information:
Update to version 3.20141016.
See https://ikiwiki.info/news/version_3.20141016/ for the list of changes.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 18 2014 Thomas Moschny <thomas.moschny at gmx.de> - 3.20141016-1
- Update to 3.20141016.
--------------------------------------------------------------------------------
================================================================================
mate-settings-daemon-1.8.2-2.fc20 (FEDORA-2015-0464)
MATE Desktop settings daemon
--------------------------------------------------------------------------------
Update Information:
- fix rhbz (1102581)
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1102581 - [abrt] mate-settings-daemon: on_screen_size_changed(): mate-settings-daemon killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1102581
--------------------------------------------------------------------------------
================================================================================
python-biopython-1.65-1.fc20 (FEDORA-2015-0453)
Python tools for computational molecular biology
--------------------------------------------------------------------------------
Update Information:
python-biopython-1.65 is available
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 8 2015 Luis Bazan <lbazan at fedoraproject.org> - 1.65-1
- New upstream version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1176949 - python-biopython-1.65 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1176949
--------------------------------------------------------------------------------
================================================================================
stunnel-5.08-1.fc20 (FEDORA-2015-0477)
An SSL-encrypting socket wrapper
--------------------------------------------------------------------------------
Update Information:
new upstream release.
New upstream release.
New upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 11 2014 Avesh Agarwal <avagarwa at redhat.com> - 5.08-1
- 1163349: New upstream release 5.08
* Sun Nov 23 2014 Avesh Agarwal <avagarwa at redhat.com> - 5.08b6-1
- 1163349: New upstream beta release 5.08b6
- Fixed incorrect reporting of fips status in configure.ac
at compile time, requires autoconf automake at buildtime
- Fixed default OpenSSL directory issue by using with-ssl
- Updates local patches
- 1155977: Fixes man page issues
* Tue Nov 4 2014 Avesh Agarwal <avagarwa at redhat.com> - 5.07-1
- New upstream release 5.07
* Fri Oct 17 2014 Avesh Agarwal <avagarwa at redhat.com> - 5.06-1
- New upstream release 5.06
- Addresses Poodle security issue
* Wed Oct 8 2014 Avesh Agarwal <avagarwa at redhat.com> - 5.05b5-1
- rhbz #1144393: New upstream beta release
- systemd socket activation support
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1154004 - stunnel-5.07 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1154004
--------------------------------------------------------------------------------
================================================================================
x2goserver-4.0.1.18-5.fc20 (FEDORA-2015-0473)
X2Go Server
--------------------------------------------------------------------------------
Update Information:
Fix local desktop sharing breakage (bug #1180303)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 8 2015 Orion Poplawski <orion at cora.nwra.com> - 4.0.1.18-5
- Fix local desktop sharing breakage (bug #1180303)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1180303 - can't connect to local desktop since the version released on Dec 25,2014
https://bugzilla.redhat.com/show_bug.cgi?id=1180303
--------------------------------------------------------------------------------
================================================================================
xfdesktop-4.10.3-3.fc20 (FEDORA-2015-0472)
Desktop manager for the Xfce Desktop Environment
--------------------------------------------------------------------------------
Update Information:
Add patch with fix for crash in timed desktop backdrop changes. Fixes bug #1174160
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 8 2015 Kevin Fenzi <kevin at scrye.com> 4.10.3-3
- Add patch with fix for crash in timed desktop backdrop changes. Fixes bug #1174160
* Thu Nov 27 2014 Mukundan Ragavan <nonamedotc at fedoraproject.org> - 4.10.3-2
- bump release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1174160 - [abrt] xfdesktop: xfdesktop_backdrop_list_choose_random(): xfdesktop killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1174160
--------------------------------------------------------------------------------
More information about the test
mailing list