The following Fedora 20 Security updates need testing: Age URL 101 https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionpack... 77 https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.f... 77 https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.2-1... 69 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.2... 66 https://admin.fedoraproject.org/updates/FEDORA-2014-17559/mapserver-6.2.2-1.... 63 https://admin.fedoraproject.org/updates/FEDORA-2014-17641/dokuwiki-0-0.23.20... 47 https://admin.fedoraproject.org/updates/FEDORA-2015-0577/strongswan-5.2.2-1.... 45 https://admin.fedoraproject.org/updates/FEDORA-2015-0633/chicken-4.9.0.1-3.f... 43 https://admin.fedoraproject.org/updates/FEDORA-2015-0773/arc-5.21p-5.fc20 26 https://admin.fedoraproject.org/updates/FEDORA-2015-1165/patch-2.7.4-1.fc20 24 https://admin.fedoraproject.org/updates/FEDORA-2015-1648/lcms-1.19-13.fc20 22 https://admin.fedoraproject.org/updates/FEDORA-2015-1790/fcgi-2.4.0-26.fc20 13 https://admin.fedoraproject.org/updates/FEDORA-2015-2104/drupal7-views-3.10-... 8 https://admin.fedoraproject.org/updates/FEDORA-2015-2382/krb5-1.11.5-18.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2015-2328/php-5.5.22-1.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.3... 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2548/bind-9.9.4-18.P2.fc... 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2516/e2fsprogs-1.42.12-3... 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2580/libjpeg-turbo-1.3.1... 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2310/nodejs-0.10.36-3.fc... 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2600/echoping-6.1-0.beta... 1 https://admin.fedoraproject.org/updates/FEDORA-2015-2736/lftp-4.5.4-3.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-2730/cabextract-1.5-1.fc... 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2830/libpng10-1.0.63-1.f... 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2826/drupal7-entity-1.6-... 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2901/qt3-3.3.8b-62.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2897/qt-4.8.6-25.fc20
The following Fedora 20 Critical Path updates have yet to be approved: Age URL 11 https://admin.fedoraproject.org/updates/FEDORA-2015-2191/abrt-2.2.2-2.fc20,l... 8 https://admin.fedoraproject.org/updates/FEDORA-2015-2357/kde-settings-20-18.... 7 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.3... 1 https://admin.fedoraproject.org/updates/FEDORA-2015-2725/ibus-1.5.10-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2897/qt-4.8.6-25.fc20
The following builds have been pushed to Fedora 20 updates-testing
antimicro-2.11.1-1.fc20 darkhttpd-1.11-1.fc20 golang-github-evanphx-json-patch-0-0.1.gita1ba76c.fc20 inkscape-0.91-2.fc20 libticonv-1.1.4-4.fc20 mate-themes-extras-3.10.5-1.fc20 qt-4.8.6-25.fc20 qt3-3.3.8b-62.fc20 synergy-1.6.2-1.fc20
Details about builds:
================================================================================ antimicro-2.11.1-1.fc20 (FEDORA-2015-2907) Graphical program used to map keyboard buttons and mouse controls to a gamepad -------------------------------------------------------------------------------- Update Information:
new upstream release v2.11.1 -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 27 2015 Jeff Backus jeff.backus@gmail.com - 2.11.1-1 - new upstream release v2.11.1 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1196447 - antimicro-2.11.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1196447 --------------------------------------------------------------------------------
================================================================================ darkhttpd-1.11-1.fc20 (FEDORA-2015-2896) A secure, lightweight, fast, single-threaded HTTP/1.1 server -------------------------------------------------------------------------------- Update Information:
* Call setgroups() before setgid().
== Fedora package == * Fix erroneous %post section * Add mimetype option for users in darkhttpd.sysconfig * /bin/darkhttpd -> /sbin/darkhttpd -------------------------------------------------------------------------------- ChangeLog:
* Sat Jan 17 2015 Christopher Meng rpm@cicku.me - 1.11-1 - Update to 1.11 * Sat Aug 16 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.10-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.10-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1178330 - darkhttpd-1.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1178330 --------------------------------------------------------------------------------
================================================================================ golang-github-evanphx-json-patch-0-0.1.gita1ba76c.fc20 (FEDORA-2015-2904) A Go library to apply RFC6902 patches to JSON documents -------------------------------------------------------------------------------- Update Information:
First package for Fedora -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1196992 - Review Request: golang-github-evanphx-json-patch - A Go library to apply RFC6902 patches to JSON documents https://bugzilla.redhat.com/show_bug.cgi?id=1196992 --------------------------------------------------------------------------------
================================================================================ inkscape-0.91-2.fc20 (FEDORA-2015-2906) Vector-based drawing program using SVG -------------------------------------------------------------------------------- Update Information:
Latest upstream release, many enhancements and bugfixes. -------------------------------------------------------------------------------- ChangeLog:
* Fri Jan 30 2015 Jon Ciesla limburgher@gmail.com - 0.91-2 - Move tutorials into main package, BZ 1187686. * Thu Jan 29 2015 Jon Ciesla limburgher@gmail.com - 0.91-1 - Latest upstream. * Tue Jan 27 2015 Petr Machata pmachata@redhat.com - 0.48.5-7 - Rebuild for boost 1.57.0 * Fri Jan 23 2015 Marek Kasik mkasik@redhat.com - 0.48.5-6 - Rebuild (poppler-0.30.0) - Backport commit "Fix build with poppler 0.29.0 (Bug #1399811)" -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1197336 - Update Fedora 20's Inkscape https://bugzilla.redhat.com/show_bug.cgi?id=1197336 --------------------------------------------------------------------------------
================================================================================ libticonv-1.1.4-4.fc20 (FEDORA-2015-2894) Texas Instruments calculators charsets library -------------------------------------------------------------------------------- Update Information:
Texas Instruments calculators charsets library -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1186494 - Review Request: libticonv - Texas Instruments calculators charsets library https://bugzilla.redhat.com/show_bug.cgi?id=1186494 --------------------------------------------------------------------------------
================================================================================ mate-themes-extras-3.10.5-1.fc20 (FEDORA-2015-2887) Extra gtk-2/3 themes for gtk based desktops -------------------------------------------------------------------------------- Update Information:
update -------------------------------------------------------------------------------- ChangeLog:
* Sat Feb 28 2015 Wolfgang Ulbrich chat-to-me@raveit.de - 3.10.5.1 - update to 3.14.5 release --------------------------------------------------------------------------------
================================================================================ qt-4.8.6-25.fc20 (FEDORA-2015-2897) Qt toolkit -------------------------------------------------------------------------------- Update Information:
DoS vulnerability in the BMP image handler (CVE-2015-0295) -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 27 2015 Rex Dieter rdieter@fedoraproject.org 1:4.8.6-25 - DoS vulnerability in the BMP image handler (CVE-2015-0295) * Mon Feb 16 2015 Rex Dieter rdieter@fedoraproject.org 1:4.8.6-24 - more gcc5 detection fixes, in particular, ensure same QT_BUILD_KEY as gcc4 for now * Fri Feb 13 2015 Rex Dieter rdieter@fedoraproject.org - 1:4.8.6-23 - Qt: FTBFS with gcc5 (#1192464) - Make Adwaita the default theme for applications running in the GNOME DE (#1192453) * Wed Feb 11 2015 Rex Dieter rdieter@fedoraproject.org 1:4.8.6-22 - rebuild (gcc5) * Thu Jan 29 2015 Rex Dieter rdieter@fedoraproject.org 1:4.8.6-21 - refresh boost/moc patch (QTBUG-22829) * Sun Jan 18 2015 Rex Dieter rdieter@fedoraproject.org 1:4.8.6-20 - fix %pre scriptlet (#1183299) * Sat Jan 17 2015 Rex Dieter rdieter@fedoraproject.org 1:4.8.6-19 - ship /etc/xdg/qtchooser/4.conf alternative instead (of qt4.conf) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1197273 - CVE-2015-0295 QT: BMP image handler crash https://bugzilla.redhat.com/show_bug.cgi?id=1197273 --------------------------------------------------------------------------------
================================================================================ qt3-3.3.8b-62.fc20 (FEDORA-2015-2901) The shared library for the Qt 3 GUI toolkit -------------------------------------------------------------------------------- Update Information:
This update fixes CVE-2015-0295, a division by zero when loading some specific invalid BMP/DIB image files, which could be exploited for denial of service (application crash) attacks. The security patch is backported from Qt 4. -------------------------------------------------------------------------------- ChangeLog:
* Sat Feb 28 2015 Kevin Kofler Kevin@tigcc.ticalc.org - 3.3.8b-62 - backport CVE-2015-0295 (BMP image handler DoS, #1197275) fix from Qt 4 * Fri Feb 27 2015 Rex Dieter rdieter@fedoraproject.org 3.3.8b-61 - rebuild (gcc5) * Sun Aug 17 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 3.3.8b-60 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 8 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 3.3.8b-59 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1197273 - CVE-2015-0295 QT: BMP image handler crash https://bugzilla.redhat.com/show_bug.cgi?id=1197273 --------------------------------------------------------------------------------
================================================================================ synergy-1.6.2-1.fc20 (FEDORA-2015-2909) Share mouse and keyboard between multiple computers over the network -------------------------------------------------------------------------------- Update Information:
Update to 1.6.2 -------------------------------------------------------------------------------- ChangeLog:
* Sat Dec 20 2014 Johan Swensson kupo@kupo.se - 1.6.2-1 - Update to 1.6.2 * Fri Nov 28 2014 Johan Swensson kupo@kupo.se - 1.6.1-1 - Update to 1.6.1 - BuildRequire avahi-compat-libdns_sd-devel * Sat Aug 23 2014 Johan Swensson kupo@kupo.se - 1.5.1-1 - Update to 1.5.1 * Mon Aug 18 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.5.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Fri Jul 25 2014 Johan Swensson kupo@kupo.se - 1.5.0-1 - Update to 1.5.0 - Update source url - libcurl-devel, qt-devel, cryptopp-devel and desktop-file-utils buildrequired - unbundle cryptopp - unbundle gmock and gtest - include synergy gui - fix icon path * Sun Jun 8 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.4.10-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Wed May 7 2014 Michael Schwendt mschwendt@fedoraproject.org - 1.4.10-4 - increase synergy-plus obs_ver once more to obsolete the F20 rebuild * Mon Sep 16 2013 Michael Schwendt mschwendt@fedoraproject.org - 1.4.10-3 - correct synergy-plus obs_ver -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1044629 - [RFE] Upgrade synergy to 1.5 https://bugzilla.redhat.com/show_bug.cgi?id=1044629 --------------------------------------------------------------------------------