Fedora 20 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Fri May 15 13:37:46 UTC 2015
The following Fedora 20 Security updates need testing:
Age URL
164 https://admin.fedoraproject.org/updates/FEDORA-2014-15988/fail2ban-0.9.1-1.fc20
144 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20
99 https://admin.fedoraproject.org/updates/FEDORA-2015-1718/389-admin-1.1.38-1.fc20
82 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20
67 https://admin.fedoraproject.org/updates/FEDORA-2015-3417/389-ds-base-1.3.2.27-1.fc20
62 https://admin.fedoraproject.org/updates/FEDORA-2015-3738/ImageMagick-6.8.6.3-6.fc20
49 https://admin.fedoraproject.org/updates/FEDORA-2015-4672/quassel-0.11.0-2.fc20
34 https://admin.fedoraproject.org/updates/FEDORA-2015-5970/asterisk-11.17.1-1.fc20
34 https://admin.fedoraproject.org/updates/FEDORA-2015-5978/krb5-1.11.5-20.fc20
27 https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6.fc20
16 https://admin.fedoraproject.org/updates/FEDORA-2015-7159/dovecot-2.2.16-2.fc20
15 https://admin.fedoraproject.org/updates/FEDORA-2015-7231/libarchive-3.1.2-8.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-7302/drupal7-views-3.11-1.fc20
4 https://admin.fedoraproject.org/updates/FEDORA-2015-7911/kernel-3.19.7-100.fc20
4 https://admin.fedoraproject.org/updates/FEDORA-2015-7714/ca-certificates-2015.2.4-1.0.fc20
4 https://admin.fedoraproject.org/updates/FEDORA-2015-7887/php-ZendFramework2-2.3.8-1.fc20
4 https://admin.fedoraproject.org/updates/FEDORA-2015-6790/wordpress-4.2.2-1.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2015-7561/openslp-1.2.1-22.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2015-8138/firefox-38.0-4.fc20,thunderbird-31.7.0-1.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2015-8159/rawstudio-2.1-0.1.20150511git983bda1.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2015-8142/cabal-install-1.16.1.0-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-8252/xen-4.3.4-4.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-8251/java-1.8.0-openjdk-1.8.0.45-38.b14.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-8274/phpMyAdmin-4.4.6.1-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-8247/LibRaw-0.15.4-2.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-8248/qemu-1.6.2-14.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-8266/mingw-LibRaw-0.15.4-5.fc20
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
82 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-7281/btrfs-progs-4.0-1.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-7294/perl-Socket-2.019-1.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-7065/ibus-1.5.10-4.fc20
4 https://admin.fedoraproject.org/updates/FEDORA-2015-7719/qt-4.8.6-30.fc20
4 https://admin.fedoraproject.org/updates/FEDORA-2015-7714/ca-certificates-2015.2.4-1.0.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2015-8007/lua-socket-3.0-0.10.rc1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-8257/coreutils-8.21-22.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-8268/fedora-release-20-4
0 https://admin.fedoraproject.org/updates/FEDORA-2015-8261/pcre-8.33-11.fc20
The following builds have been pushed to Fedora 20 updates-testing
LibRaw-0.15.4-2.fc20
burp-1.4.36-5.fc20
coreutils-8.21-22.fc20
fedora-release-20-4
fillets-ng-1.0.1-7.fc20
fillets-ng-data-1.0.1-2.fc20
java-1.8.0-openjdk-1.8.0.45-38.b14.fc20
mbedtls-1.3.10-1.fc20
mingw-LibRaw-0.15.4-5.fc20
mock-1.2.9-1.fc20
pcre-8.33-11.fc20
perl-Tangerine-0.16-1.fc20
phpMyAdmin-4.4.6.1-1.fc20
python-geoip-geolite2-2015.0303-3.fc20
qemu-1.6.2-14.fc20
xen-4.3.4-4.fc20
Details about builds:
================================================================================
LibRaw-0.15.4-2.fc20 (FEDORA-2015-8247)
Library for reading RAW files obtained from digital photo cameras
--------------------------------------------------------------------------------
Update Information:
Patch for ljpeg_start() vulnerability.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1221250 - CVE-2015-3885 LibRaw: dcraw: input sanitization flaw leading to buffer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1221250
--------------------------------------------------------------------------------
================================================================================
burp-1.4.36-5.fc20 (FEDORA-2015-8258)
A network-based backup and restore program
--------------------------------------------------------------------------------
Update Information:
Burp - A network backup and restore program
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1186819 - Review Request: burp - Network backup / restore program
https://bugzilla.redhat.com/show_bug.cgi?id=1186819
--------------------------------------------------------------------------------
================================================================================
coreutils-8.21-22.fc20 (FEDORA-2015-8257)
A set of basic GNU tools commonly used in shell scripts
--------------------------------------------------------------------------------
Update Information:
- sort - fix buffer overflow in some case conversions - patch by Pádraig Brady
- Adjust LS_COLORS in 256 color mode; brighten some, remove hardlink colors (#1196642)
- Drop large ancient docs
- have the LC_TIME subdirs with lang macro (#1169027)
- handle situation with ro /tmp in colorls scripts (#1149761)
- fix the sorting in multibyte locales (NUL-terminate sort keys) - patch by Andreas Schwab (#1146185)
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 14 2015 Kamil Dudka <kdudka at redhat.com> 8.21-22
- fix occasional assertion failure of gnulib tests that check ctime
- sort - fix buffer overflow in some case conversions
- patch by Pádraig Brady
- Adjust LS_COLORS in 256 color mode; brighten some, remove hardlink colors (#1196642)
- Drop large ancient docs
- have the LC_TIME subdirs with lang macro (#1169027)
- handle situation with ro /tmp in colorls scripts (#1149761)
- fix the sorting in multibyte locales (NUL-terminate sort keys)
- patch by Andreas Schwab (#1146185)
- fix failed tests on ppc(backport from gnulib upstream)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1169027 - missing %lang info for LC_TIME locale subdirs
https://bugzilla.redhat.com/show_bug.cgi?id=1169027
[ 2 ] Bug #1149761 - root login in emergency mode shows errors
https://bugzilla.redhat.com/show_bug.cgi?id=1149761
[ 3 ] Bug #1196642 - DIR_COLORS.256color ls colors hard to read with white and dark gray background
https://bugzilla.redhat.com/show_bug.cgi?id=1196642
[ 4 ] Bug #1146185 - "sort" looks at more than the flags specify in non-C locales
https://bugzilla.redhat.com/show_bug.cgi?id=1146185
--------------------------------------------------------------------------------
================================================================================
fedora-release-20-4 (FEDORA-2015-8268)
Fedora release files
--------------------------------------------------------------------------------
Update Information:
add the Fedora 22 gpg keys rhbz#1220358
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 14 2015 Dennis Gilmore <dennis at ausil.us> - 20-4
- add the Fedora 22 gpg keys rhbz#1220358
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1220358 - Fedora 20 doesn't contain F22 gpg keys, prevents fedup
https://bugzilla.redhat.com/show_bug.cgi?id=1220358
--------------------------------------------------------------------------------
================================================================================
fillets-ng-1.0.1-7.fc20 (FEDORA-2015-7825)
Fish Fillets Next Generation, a puzzle game with 70 levels
--------------------------------------------------------------------------------
Update Information:
Fix start up failure
Remove bundled fonts
Bring data packade up to date
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 8 2015 Bruno Wolff III <bruno at wolff.to> = 1.0.1-7
- The lua 5.2 patch wasn't working, switch to using compat version for 5.1
* Sat May 2 2015 Kalev Lember <kalevlember at gmail.com> - 1.0.1-6
- Rebuilt for GCC 5 C++11 ABI change
* Thu Mar 26 2015 Richard Hughes <rhughes at redhat.com> - 1.0.1-5
- Add an AppData file for the software center
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1084250 - fillets-ng fails to start
https://bugzilla.redhat.com/show_bug.cgi?id=1084250
[ 2 ] Bug #1220008 - Fonts are incorrectly included in the package
https://bugzilla.redhat.com/show_bug.cgi?id=1220008
--------------------------------------------------------------------------------
================================================================================
fillets-ng-data-1.0.1-2.fc20 (FEDORA-2015-7825)
Game data files for Fish Fillets Next Generation
--------------------------------------------------------------------------------
Update Information:
Fix start up failure
Remove bundled fonts
Bring data packade up to date
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 9 2015 Bruno Wolff III <bruno at wolff.to> - 1.0.1-2
- Fix files being listed twice by the spec file
- Use proper fonts
* Fri May 8 2015 Bruno Wolff III <bruno at wolff.to> - 1.0.1-1
- Update to latest release
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1084250 - fillets-ng fails to start
https://bugzilla.redhat.com/show_bug.cgi?id=1084250
[ 2 ] Bug #1220008 - Fonts are incorrectly included in the package
https://bugzilla.redhat.com/show_bug.cgi?id=1220008
--------------------------------------------------------------------------------
================================================================================
java-1.8.0-openjdk-1.8.0.45-38.b14.fc20 (FEDORA-2015-8251)
OpenJDK Runtime Environment
--------------------------------------------------------------------------------
Update Information:
updated to 8u45-b14 with hope to fix rhbz#1123870
This update adds debugging information to all the Java code included in the JDK, make it easier to debug the code.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2015 Jiri Vanek <jvanek at redhat.com> - 1:1.8.0.45-35.b14
- updated to 8u45-b14 with hope to fix rhbz#1123870
* Thu Apr 16 2015 Omair Majid <omajid at redhat.com> - 1:1.8.0.45-32.b13
- Build all java code with -g
- Test at build-time to ensure debugging information is included
- Resolves: rhbz#1150932
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1123870 - CVE-2015-0383 OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807)
https://bugzilla.redhat.com/show_bug.cgi?id=1123870
--------------------------------------------------------------------------------
================================================================================
mbedtls-1.3.10-1.fc20 (FEDORA-2015-8265)
Light-weight cryptographic and SSL/TLS library
--------------------------------------------------------------------------------
Update Information:
As of Nov 2014, polarssl has been acquired by ARM Inc.[1][2], then the name was changed to mbedtls.
This is the initial mbedtls package for Fedora.
[1] https://polarssl.org/tech-updates/blog/polarssl-part-of-arm
[2] http://community.arm.com/groups/internet-of-things/blog/2015/02/09/polarssl-is-dead-long-live-mbed-tls
--------------------------------------------------------------------------------
================================================================================
mingw-LibRaw-0.15.4-5.fc20 (FEDORA-2015-8266)
Library for reading RAW files obtained from digital photo cameras
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2015-3885
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 14 2015 Sandro Mani <manisandro at gmail.com> - 0.15.4-5
- Add fix for CVE-2015-3885
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1221249 - CVE-2015-3885 dcraw: input sanitization flaw leading to buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1221249
--------------------------------------------------------------------------------
================================================================================
mock-1.2.9-1.fc20 (FEDORA-2015-8243)
Builds packages inside chroots
--------------------------------------------------------------------------------
Update Information:
Fix regression in mockchain. New plugin pm_request.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2015 Miroslav Suchý <msuchy at redhat.com> - 1.2.9-1
- scm: do not keep copy of environ, this is now handled by uidmanager [RHBZ#1204395]
- Add pm_request plugin
- Drop lvm2-python-libs requires and enable lvm subpackage on el6
- Use lvs instead of lvm python bindings
- Unshare IPC ns only for chroot processes
- Add missing flush in logOutput
- Avoid infinite recursion in selinux plugin
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1204395 - mock-scm not using SSH_AUTH_SOCK environment variable
https://bugzilla.redhat.com/show_bug.cgi?id=1204395
--------------------------------------------------------------------------------
================================================================================
pcre-8.33-11.fc20 (FEDORA-2015-8261)
Perl-compatible regular expression library
--------------------------------------------------------------------------------
Update Information:
This release updates patch for bug #1210383 to allow building pcre without UTF support.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 14 2015 Petr Pisar <ppisar at redhat.com> - 8.33-11
- Amend Fix-memory-bug-for-S-V-H-compile patch to allow building with disabled
UTF support (bug #1210383)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1210383 - Crash when compiling /[\\S\\V\\H]/8
https://bugzilla.redhat.com/show_bug.cgi?id=1210383
--------------------------------------------------------------------------------
================================================================================
perl-Tangerine-0.16-1.fc20 (FEDORA-2015-8278)
Analyse perl files and report module-related information
--------------------------------------------------------------------------------
Update Information:
Module names consisting solely of digits are also valid. Don't ignore them.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 14 2015 Petr Šabata <contyk at redhat.com> - 0.16-1
- 0.16 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1221422 - perl-Tangerine-0.16 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1221422
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-4.4.6.1-1.fc20 (FEDORA-2015-8274)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.4.6.1 (2015-05-13)
===============================
- [security] CSRF vulnerability in setup
- [security] Vulnerability allowing man-in-the-middle attack
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 14 2015 Robert Scheck <robert at fedoraproject.org> 4.4.6.1-1
- Upgrade to 4.4.6.1 (#1221418, #1221580, #1221581)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1221580 - CVE-2015-3902 phpMyAdmin: XSRF/CSRF vulnerability in phpMyAdmin setup
https://bugzilla.redhat.com/show_bug.cgi?id=1221580
[ 2 ] Bug #1221581 - CVE-2015-3903 phpMyAdmin: Vulnerability allowing man-in-the-middle attack on API call to GitHub
https://bugzilla.redhat.com/show_bug.cgi?id=1221581
--------------------------------------------------------------------------------
================================================================================
python-geoip-geolite2-2015.0303-3.fc20 (FEDORA-2015-8255)
GeoIP database access for Python under a BSD license
--------------------------------------------------------------------------------
Update Information:
2015.0303-3
--------------------------------------------------------------------------------
================================================================================
qemu-1.6.2-14.fc20 (FEDORA-2015-8248)
QEMU is a FAST! processor emulator
--------------------------------------------------------------------------------
Update Information:
* CVE-2015-3456: (VENOM) fdc: out-of-bounds fifo buffer memory access (bz #1221152)
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2015 Cole Robinson <crobinso at redhat.com> - 2:1.6.2-14
- CVE-2015-3456: (VENOM) fdc: out-of-bounds fifo buffer memory access (bz
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1218611 - CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access
https://bugzilla.redhat.com/show_bug.cgi?id=1218611
--------------------------------------------------------------------------------
================================================================================
xen-4.3.4-4.fc20 (FEDORA-2015-8252)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 13 2015 Michael Young <m.a.young at durham.ac.uk> - 4.3.4-4
- Privilege escalation via emulated floppy disk drive [XSA-133,
CVE-2015-3456] (#1221153)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1218611 - CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access
https://bugzilla.redhat.com/show_bug.cgi?id=1218611
--------------------------------------------------------------------------------
More information about the test
mailing list