The following Fedora 21 Security updates need testing: Age URL 185 https://admin.fedoraproject.org/updates/FEDORA-2015-1467/openstack-glance-20... 75 https://admin.fedoraproject.org/updates/FEDORA-2015-8168/cabal-install-1.16.... 65 https://admin.fedoraproject.org/updates/FEDORA-2015-9090/fossil-1.33-1.fc21 65 https://admin.fedoraproject.org/updates/FEDORA-2015-9141/ceph-deploy-1.5.25-... 54 https://admin.fedoraproject.org/updates/FEDORA-2015-5247/strongswan-5.3.2-1.... 54 https://admin.fedoraproject.org/updates/FEDORA-2015-9744/squid-3.4.13-1.fc21 44 https://admin.fedoraproject.org/updates/FEDORA-2015-10175/opensaml-java-open... 44 https://admin.fedoraproject.org/updates/FEDORA-2015-10301/389-ds-base-1.3.3.... 21 https://admin.fedoraproject.org/updates/FEDORA-2015-11368/nx-libs-3.5.0.32-1... 6 https://admin.fedoraproject.org/updates/FEDORA-2015-12032/uwsgi-2.0.11.1-1.f... 6 https://admin.fedoraproject.org/updates/FEDORA-2015-11995/bzr-2.6.0-7.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-12028/drupal6-cck-2.10-1... 6 https://admin.fedoraproject.org/updates/FEDORA-2015-12012/openssh-6.6.1p1-14... 6 https://admin.fedoraproject.org/updates/FEDORA-2015-12010/mantis-1.2.19-3.fc... 5 https://admin.fedoraproject.org/updates/FEDORA-2015-12250/lighttpd-1.4.36-1.... 5 https://admin.fedoraproject.org/updates/FEDORA-2015-12148/wordpress-4.2.3-1.... 3 https://admin.fedoraproject.org/updates/FEDORA-2015-12406/xfsprogs-3.2.2-2.f... 3 https://admin.fedoraproject.org/updates/FEDORA-2015-12570/community-mysql-5.... 1 https://admin.fedoraproject.org/updates/FEDORA-2015-12645/lxc-1.0.7-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-12716/devscripts-2.15.8-... 0 https://admin.fedoraproject.org/updates/FEDORA-2015-12703/nbd-3.11-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-12714/xen-4.4.2-9.fc21
The following Fedora 21 Critical Path updates have yet to be approved: Age URL 6 https://admin.fedoraproject.org/updates/FEDORA-2015-12049/selinux-policy-3.1... 5 https://admin.fedoraproject.org/updates/FEDORA-2015-12277/libfm-1.2.3-12.D20... 3 https://admin.fedoraproject.org/updates/FEDORA-2015-12402/gstreamer1-plugins... 0 https://admin.fedoraproject.org/updates/FEDORA-2015-12715/libidn-1.32-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-12708/bash-4.3.39-6.fc21
The following builds have been pushed to Fedora 21 updates-testing
antimicro-2.17-1.fc21 armadillo-5.300.4-1.fc21 bash-4.3.39-6.fc21 devscripts-2.15.8-1.fc21 globus-gass-cache-9.7-1.fc21 globus-gram-job-manager-14.27-1.fc21 globus-proxy-utils-6.13-1.fc21 globus-simple-ca-4.22-1.fc21 gnome-software-3.14.7-1.fc21 libidn-1.32-1.fc21 mintmenu-5.6.4-1.fc21 nbd-3.11-1.fc21 perl-Syntax-Highlight-Engine-Kate-0.10-1.fc21 perl-threads-lite-0.034-2.fc21 php-phpunit-PHP-CodeCoverage-2.2.1-1.fc21 php-phpunit-environment-1.3.2-1.fc21 publicsuffix-list-20150731-1.fc21 rebase-helper-0.6.0-1.fc21 xen-4.4.2-9.fc21
Details about builds:
================================================================================ antimicro-2.17-1.fc21 (FEDORA-2015-12698) Graphical program used to map keyboard buttons and mouse controls to a gamepad -------------------------------------------------------------------------------- Update Information:
new upstream release v2.17 (#1249393) new upstream release v2.16 (#1246074) -------------------------------------------------------------------------------- ChangeLog:
* Sun Aug 2 2015 Jeff Backus jeff.backus@gmail.com - 2.17-1 - new upstream release v2.17 (#1249393) * Fri Jul 24 2015 Jeff Backus jeff.backus@gmail.com - 2.16-1 - new upstream release v2.16 (#1246074) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1249393 - antimicro-2.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1249393 [ 2 ] Bug #1246074 - antimicro-2.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1246074 --------------------------------------------------------------------------------
================================================================================ armadillo-5.300.4-1.fc21 (FEDORA-2015-12710) Fast C++ matrix library with interfaces to LAPACK and ATLAS -------------------------------------------------------------------------------- Update Information:
Version 5.300.4 (Plutocracy Incorporated)
* added generalised Schur decomposition: qz() * added .has_inf() and .has_nan() * expanded interp1() to handle out-of-domain locations * expanded sparse matrix class with .set_imag() and .set_real() * expanded imag(), real() and conj() to handle sparse matrices * expanded diagmat(), reshape() and resize() to handle sparse matrices * faster sparse sum() * faster row-wise sum(), mean(), min(), max() * updated physical constants to NIST 2014 CODATA values * fixes for handling sparse submatrix views -------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 3 2015 José Matos jamatos@fedoraproject.org - 5.300.4-1 - update to 5.300.4 - add %license tag -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1249612 - armadillo-5.300.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1249612 --------------------------------------------------------------------------------
================================================================================ bash-4.3.39-6.fc21 (FEDORA-2015-12708) The GNU Bourne Again shell -------------------------------------------------------------------------------- Update Information:
Ancient memory leak came up again, fix taken from upstream's devel branch. -------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 3 2015 Ondrej Oprala - 4.3.39-6 - #1245233 - fixed memleak -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1245233 - bash script shows memory leak https://bugzilla.redhat.com/show_bug.cgi?id=1245233 --------------------------------------------------------------------------------
================================================================================ devscripts-2.15.8-1.fc21 (FEDORA-2015-12716) Scripts for Debian Package maintainers -------------------------------------------------------------------------------- Update Information:
Update to version 2.15.8, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscrip... for details. Fixes CVE-2015-5705. Update to version 2.15.7, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscrip... for details. This update fixes licensecheck refusing to parse some text files such as C++ source files. Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscrip... for details. Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscrip... for details. This update fixes licensecheck refusing to parse some text files such as C++ source files. Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscrip... for details. Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscrip... for details. Update to version 2.15.7, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscrip... for details. This update fixes licensecheck refusing to parse some text files such as C++ source files. Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscrip... for details. Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscrip... for details. This update fixes licensecheck refusing to parse some text files such as C++ source files. Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscrip... for details. Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscrip... for details. -------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 3 2015 Sandro Mani manisandro@gmail.com - 2.15.8-1 - Update to 2.15.8 * Sat Aug 1 2015 Sandro Mani manisandro@gmail.com - 2.15.7-1 - Update to 2.15.7 * Sat Aug 1 2015 Sandro Mani manisandro@gmail.com - 2.15.6-2 - Fix licensecheck incorrectly detecting mime strings such as text/x-c++ as a binary file (#1249227) * Wed Jul 29 2015 Sandro Mani manisandro@gmail.com - 2.15.6-1 - Update to 2.15.6 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1249635 - CVE-2015-5704 devscripts: arbitrary shell command injection https://bugzilla.redhat.com/show_bug.cgi?id=1249635 [ 2 ] Bug #1249645 - CVE-2015-5705 devscripts: argument injection vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1249645 --------------------------------------------------------------------------------
================================================================================ globus-gass-cache-9.7-1.fc21 (FEDORA-2015-12718) Globus Toolkit - Globus Gass Cache -------------------------------------------------------------------------------- Update Information:
Globus Toolkit updates:
* globus-gass-cache 9.7 * globus-gram-job-manager 14.27 * globus-proxy-utils 6.13 * globus-simple-ca 4.22
Fixed issues:
* https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for globus-simple-ca * https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling causes crash * https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager cause crash
-------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 3 2015 Mattias Ellert mattias.ellert@fysast.uu.se - 9.7-1 - GT6 update: GT-618: GASS Cache error mishandling causes crash * Wed Jun 17 2015 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 9.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ globus-gram-job-manager-14.27-1.fc21 (FEDORA-2015-12718) Globus Toolkit - GRAM Jobmanager -------------------------------------------------------------------------------- Update Information:
Globus Toolkit updates:
* globus-gass-cache 9.7 * globus-gram-job-manager 14.27 * globus-proxy-utils 6.13 * globus-simple-ca 4.22
Fixed issues:
* https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for globus-simple-ca * https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling causes crash * https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager cause crash
-------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 3 2015 Mattias Ellert mattias.ellert@fysast.uu.se - 14.27-1 - GT6 update: GT-619: Uninitialized data in job manager cause crash --------------------------------------------------------------------------------
================================================================================ globus-proxy-utils-6.13-1.fc21 (FEDORA-2015-12718) Globus Toolkit - Globus GSI Proxy Utility Programs -------------------------------------------------------------------------------- Update Information:
Globus Toolkit updates:
* globus-gass-cache 9.7 * globus-gram-job-manager 14.27 * globus-proxy-utils 6.13 * globus-simple-ca 4.22
Fixed issues:
* https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for globus-simple-ca * https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling causes crash * https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager cause crash
-------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 3 2015 Mattias Ellert mattias.ellert@fysast.uu.se - 6.13-1 - GT6 update: Add explicit name comparison mode selection option --------------------------------------------------------------------------------
================================================================================ globus-simple-ca-4.22-1.fc21 (FEDORA-2015-12718) Globus Toolkit - Simple CA Utility -------------------------------------------------------------------------------- Update Information:
Globus Toolkit updates:
* globus-gass-cache 9.7 * globus-gram-job-manager 14.27 * globus-proxy-utils 6.13 * globus-simple-ca 4.22
Fixed issues:
* https://globus.atlassian.net/browse/GT-617: Use 4096-bit RSA key for globus-simple-ca * https://globus.atlassian.net/browse/GT-618: GASS Cache error mishandling causes crash * https://globus.atlassian.net/browse/GT-619: Uninitialized data in job manager cause crash
-------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 3 2015 Mattias Ellert mattias.ellert@fysast.uu.se - 4.22-1 - GT6 update: Use 4096-bit RSA key for globus-simple-ca * Wed Jun 17 2015 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 4.20-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ gnome-software-3.14.7-1.fc21 (FEDORA-2015-12695) A software center for GNOME -------------------------------------------------------------------------------- Update Information:
gnome-software 3.14.7 release.
* Show installation progress when installing apps * Make sure apps that aren't installable are properly hidden in the category view -------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 3 2015 Kalev Lember klember@redhat.com - 3.14.7-1 - Update to 3.14.7 --------------------------------------------------------------------------------
================================================================================ libidn-1.32-1.fc21 (FEDORA-2015-12715) Internationalized Domain Name support library -------------------------------------------------------------------------------- Update Information:
This update fixes a crash with malformed UTF-8. -------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 3 2015 Miroslav Lichvar mlichvar@redhat.com - 1.32-1.fc21 - update to 1.32 --------------------------------------------------------------------------------
================================================================================ mintmenu-5.6.4-1.fc21 (FEDORA-2015-12704) Advanced Menu for the MATE Desktop -------------------------------------------------------------------------------- Update Information:
- update to 5.6.4 release -------------------------------------------------------------------------------- ChangeLog:
* Sun Aug 2 2015 Wolfgang Ulbrich chat-to-me@raveit.de - 5.6.4-1 - update to 5.6.4 release - adjust mintmenu_datadir.patch - adjust mintmenu_run-as-superuser.patch - install %{_datadir}/linuxmint/mintMenu/search_engines - adjust icon cache scriptlets - adjust panel icon * Wed Jun 17 2015 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 5.6.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ nbd-3.11-1.fc21 (FEDORA-2015-12703) Network Block Device user-space tools (TCP version) -------------------------------------------------------------------------------- Update Information:
* Fix unsafe signal handlers to avoid DoS attack [CVE-2015-0847]. -------------------------------------------------------------------------------- ChangeLog:
* Sat Jul 11 2015 Christopher Meng rpm@cicku.me - 3.11-1 - Update to 3.11 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1222027 - CVE-2015-0847 nbd: nbd-server denial of service due to unsafe signal handlers https://bugzilla.redhat.com/show_bug.cgi?id=1222027 --------------------------------------------------------------------------------
================================================================================ perl-Syntax-Highlight-Engine-Kate-0.10-1.fc21 (FEDORA-2015-12705) Port to Perl of the syntax highlight engine of the Kate text editor -------------------------------------------------------------------------------- Update Information:
This release improves documentation. -------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 3 2015 Petr Pisar ppisar@redhat.com - 0.10-1 - 0.10 bump -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1249360 - perl-Syntax-Highlight-Engine-Kate-0.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1249360 --------------------------------------------------------------------------------
================================================================================ perl-threads-lite-0.034-2.fc21 (FEDORA-2015-12717) Actor model threading for Perl -------------------------------------------------------------------------------- Update Information:
Disable tests on AArch64 platform as a workaround for relesed Fedoras. -------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 3 2015 Petr Pisar ppisar@redhat.com - 0.034-2 - Disable checks on aarch64 (bug #719874) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #719874 - perl-threads-lite keeps hanging during self checks https://bugzilla.redhat.com/show_bug.cgi?id=719874 --------------------------------------------------------------------------------
================================================================================ php-phpunit-PHP-CodeCoverage-2.2.1-1.fc21 (FEDORA-2015-12269) PHP code coverage information -------------------------------------------------------------------------------- Update Information:
**php-code-coverage 2.2.1** - 2015-08-02 * Bumped required version of sebastian/environment to 1.3.1 for #365
**php-code-coverage 2.2.0** - 2015-08-01 * Added a driver for PHPDBG (requires PHP 7) * Added PHP_CodeCoverage::setDisableIgnoredLines() to disable the ignoring of lines using annotations such as @codeCoverageIgnore
-------------------------------------------------------------------------------- ChangeLog:
* Sun Aug 2 2015 Remi Collet remi@fedoraproject.org - 2.2.1-1 - update to 2.2.1 (no change) - raise dependency on sebastian/environment ~1.3.1 --------------------------------------------------------------------------------
================================================================================ php-phpunit-environment-1.3.2-1.fc21 (FEDORA-2015-12269) Handle HHVM/PHP environments -------------------------------------------------------------------------------- Update Information:
**php-code-coverage 2.2.1** - 2015-08-02 * Bumped required version of sebastian/environment to 1.3.1 for #365
**php-code-coverage 2.2.0** - 2015-08-01 * Added a driver for PHPDBG (requires PHP 7) * Added PHP_CodeCoverage::setDisableIgnoredLines() to disable the ignoring of lines using annotations such as @codeCoverageIgnore
-------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 3 2015 Remi Collet remi@fedoraproject.org - 1.3.2-1 - update to 1.3.2 * Sun Jul 26 2015 Remi Collet remi@fedoraproject.org - 1.3.0-1 - update to 1.3.0 --------------------------------------------------------------------------------
================================================================================ publicsuffix-list-20150731-1.fc21 (FEDORA-2015-12706) Cross-vendor public domain suffix database -------------------------------------------------------------------------------- Update Information:
The latest revision - 20150731 -------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 3 2015 Yanko Kaneti yaneti@declera.com - 20150731-1 - The latest revision - 20150731 - Move to the new upstream filename. Install a compat symlink for now * Thu Jun 18 2015 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 20150506-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ rebase-helper-0.6.0-1.fc21 (FEDORA-2015-12711) The tool which helps you with rebase package -------------------------------------------------------------------------------- Update Information:
New upstream version 0.6.0 (#1249518) -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 31 2015 Petr Hracek phracek@redhat.com - 0.6.0-1 - New upstream version 0.6.0 (#1249518) * Thu Jun 18 2015 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.5.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1249518 - rebase-helper-0.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1249518 --------------------------------------------------------------------------------
================================================================================ xen-4.4.2-9.fc21 (FEDORA-2015-12714) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information:
QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) rebuild efi grub.cfg if it is present (#1239309), add gcc5 build fixes, one needed for the following patch, modify gnutls use in line with Fedora's crypto policies (#117935) -------------------------------------------------------------------------------- ChangeLog:
* Sun Aug 2 2015 Michael Young m.a.young@durham.ac.uk - 4.4.2-9 - QEMU heap overflow flaw while processing certain ATAPI commands. [XSA-138, CVE-2015-5154] (#1247142) * Sat Jul 25 2015 Michael Young m.a.young@durham.ac.uk - 4.4.2-8 - rebuild efi grub.cfg if it is present (#1239309) - add gcc5 build fixes from F22+ package, one needed for the following patch - modify gnutls use in line with Fedora's crypto policies (#1179352) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1243563 - CVE-2015-5154 qemu: ide: atapi: heap overflow during I/O buffer memory access https://bugzilla.redhat.com/show_bug.cgi?id=1243563 --------------------------------------------------------------------------------