The following Fedora 20 Security updates need testing: Age URL 138 https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc2... 90 https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionpack... 66 https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.f... 66 https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.2-1... 61 https://admin.fedoraproject.org/updates/FEDORA-2014-17153/httpd-2.4.10-2.fc2... 58 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.2... 55 https://admin.fedoraproject.org/updates/FEDORA-2014-17559/mapserver-6.2.2-1.... 52 https://admin.fedoraproject.org/updates/FEDORA-2014-17641/dokuwiki-0-0.23.20... 36 https://admin.fedoraproject.org/updates/FEDORA-2015-0577/strongswan-5.2.2-1.... 34 https://admin.fedoraproject.org/updates/FEDORA-2015-0633/chicken-4.9.0.1-3.f... 32 https://admin.fedoraproject.org/updates/FEDORA-2015-0773/arc-5.21p-5.fc20 28 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.3... 27 https://admin.fedoraproject.org/updates/FEDORA-2015-1007/dump-0.4-0.24.b44.f... 15 https://admin.fedoraproject.org/updates/FEDORA-2015-1165/patch-2.7.4-1.fc20 13 https://admin.fedoraproject.org/updates/FEDORA-2015-1648/lcms-1.19-13.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2015-1790/fcgi-2.4.0-26.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2015-1871/qpid-cpp-0.30-8.fc2... 3 https://admin.fedoraproject.org/updates/FEDORA-2015-1993/unzip-6.0-17.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2060/dbus-1.6.30-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-1936/drupal6-views-2.18-... 2 https://admin.fedoraproject.org/updates/FEDORA-2015-2104/drupal7-views-3.10-... 2 https://admin.fedoraproject.org/updates/FEDORA-2015-2090/apache-poi-3.10.1-2... 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2216/freetype-2.5.0-9.fc... 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2134/librsvg2-2.40.7-1.f... 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2152/cups-1.7.5-12.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2223/libhtp-0.5.6-3.fc20
The following Fedora 20 Critical Path updates have yet to be approved: Age URL 28 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.3... 13 https://admin.fedoraproject.org/updates/FEDORA-2015-1635/highlight-3.21-1.fc... 13 https://admin.fedoraproject.org/updates/FEDORA-2015-1648/lcms-1.19-13.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2015-1822/libbluray-0.7.0-1.f... 9 https://admin.fedoraproject.org/updates/FEDORA-2015-1846/libdvdread-5.0.2-1.... 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1901/ibus-1.5.9-10.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2034/perl-5.18.4-292.fc2... 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2046/linux-firmware-2015... 3 https://admin.fedoraproject.org/updates/FEDORA-2015-1998/perl-Socket-2.018-1... 3 https://admin.fedoraproject.org/updates/FEDORA-2015-1993/unzip-6.0-17.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-2060/dbus-1.6.30-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2216/freetype-2.5.0-9.fc... 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2134/librsvg2-2.40.7-1.f... 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2152/cups-1.7.5-12.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2191/abrt-2.2.2-2.fc20,l... 0 https://admin.fedoraproject.org/updates/FEDORA-2015-2121/perl-Pod-Usage-1.65...
The following builds have been pushed to Fedora 20 updates-testing
bugwarrior-1.1.1-1.fc20 freetype-2.5.0-9.fc20 globus-ftp-client-8.19-1.fc20 globus-xio-5.7-1.fc20 haproxy-1.5.11-3.fc20 ldns-1.6.17-9.fc20 libhtp-0.5.6-3.fc20 profile-sync-daemon-5.68-1.fc20 python-taskw-1.0.3-1.fc20 reposurgeon-3.19-1.fc20 task-2.4.1-1.fc20 tellico-2.3.10-1.fc20
Details about builds:
================================================================================ bugwarrior-1.1.1-1.fc20 (FEDORA-2015-2215) Sync github, bitbucket, and trac issues with taskwarrior -------------------------------------------------------------------------------- Update Information:
Typofixes. Compatibility with task-2.4.1. -------------------------------------------------------------------------------- ChangeLog:
* Tue Feb 17 2015 Ralph Bean rbean@redhat.com - 1.1.1-1 - new version * Tue Feb 17 2015 Ralph Bean rbean@redhat.com - 1.1.0-1 - new version - new bugwarrior-uda command --------------------------------------------------------------------------------
================================================================================ freetype-2.5.0-9.fc20 (FEDORA-2015-2216) A free and portable font rendering engine -------------------------------------------------------------------------------- Update Information:
This update fixes several security issues.
-------------------------------------------------------------------------------- ChangeLog:
* Tue Feb 17 2015 Marek Kasik mkasik@redhat.com - 2.5.0-9 - Fixes CVE-2014-9656 - Check `p' before `num_glyphs'. - Fixes CVE-2014-9657 - Check minimum size of `record_size'. - Fixes CVE-2014-9658 - Use correct value for minimum table length test. - Fixes CVE-2014-9675 - New macro that checks one character more than `strncmp'. - Fixes CVE-2014-9660 - Check `_BDF_GLYPH_BITS'. - Fixes CVE-2014-9661 - Initialize `face->ttf_size'. - Always set `face->ttf_size' directly. - Exclusively use the `truetype' font driver for loading the font contained in the `sfnts' array. - Fixes CVE-2014-9662 - Handle return values of point allocation routines. - Fixes CVE-2014-9663 - Fix order of validity tests. - Fixes CVE-2014-9664 - Add another boundary testing. - Fix boundary testing. - Fixes CVE-2014-9666 - Protect against addition and multiplication overflow. - Fixes CVE-2014-9667 - Protect against addition overflow. - Fixes CVE-2014-9669 - Protect against overflow in additions and multiplications. - Fixes CVE-2014-9670 - Add sanity checks for row and column values. - Fixes CVE-2014-9671 - Check `size' and `offset' values. - Fixes CVE-2014-9672 - Prevent a buffer overrun caused by a font including too many (> 63) strings to store names[] table. - Fixes CVE-2014-9673 - Fix integer overflow by a broken POST table in resource-fork. - Fixes CVE-2014-9674 - Fix integer overflow by a broken POST table in resource-fork. - Additional overflow check in the summation of POST fragment lengths. - Resolves: #1191099, #1191191, #1191193 * Wed Dec 17 2014 Marek Kasik mkasik@redhat.com - 2.5.0-8 - Fix of URL of the bug #1172634 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1191192 - CVE-2014-9675 freetype: bypass the ASLR protection mechanism via a crafted BDF font https://bugzilla.redhat.com/show_bug.cgi?id=1191192 [ 2 ] Bug #1191078 - CVE-2014-9656 freetype: integer overflow in the tt_sbit_decoder_load_image function in sfnt/ttsbit.c https://bugzilla.redhat.com/show_bug.cgi?id=1191078 [ 3 ] Bug #1191079 - CVE-2014-9657 freetype: DoS in the tt_face_load_hdmx function in truetype/ttpload.c https://bugzilla.redhat.com/show_bug.cgi?id=1191079 [ 4 ] Bug #1191080 - CVE-2014-9658 freetype: DoS in the tt_face_load_kern function in sfnt/ttkern.c https://bugzilla.redhat.com/show_bug.cgi?id=1191080 [ 5 ] Bug #1191081 - CVE-2014-9659 freetype: stack-based buffer overflow in cff/cf2intrp.c in the CFF CharString interpreter https://bugzilla.redhat.com/show_bug.cgi?id=1191081 [ 6 ] Bug #1191082 - CVE-2014-9660 freetype: NULL pointer dereference in the _bdf_parse_glyphs function in bdf/bdflib.c https://bugzilla.redhat.com/show_bug.cgi?id=1191082 [ 7 ] Bug #1191083 - CVE-2014-9661 freetype: use-after-free in type42/t42parse.c https://bugzilla.redhat.com/show_bug.cgi?id=1191083 [ 8 ] Bug #1191084 - CVE-2014-9662 freetype: heap-based buffer overflow in cff/cf2ft.c https://bugzilla.redhat.com/show_bug.cgi?id=1191084 [ 9 ] Bug #1191085 - CVE-2014-9663 freetype: out-of-bounds read in the tt_cmap4_validate function in sfnt/ttcmap.c https://bugzilla.redhat.com/show_bug.cgi?id=1191085 [ 10 ] Bug #1191086 - CVE-2014-9664 freetype: out-of-bounds read via a crafted Type42 font https://bugzilla.redhat.com/show_bug.cgi?id=1191086 [ 11 ] Bug #1191087 - CVE-2014-9665 freetype: integer overflow and heap-based buffer overflow in the Load_SBit_Png function in sfnt/pngshim.c https://bugzilla.redhat.com/show_bug.cgi?id=1191087 [ 12 ] Bug #1191089 - CVE-2014-9666 freetype: integer overflow and out-of-bounds read in the tt_sbit_decoder_init function in sfnt/ttsbit.c https://bugzilla.redhat.com/show_bug.cgi?id=1191089 [ 13 ] Bug #1191090 - CVE-2014-9667 freetype: integer overflow and out-of-bounds read in sfnt/ttload.c https://bugzilla.redhat.com/show_bug.cgi?id=1191090 [ 14 ] Bug #1191091 - CVE-2014-9668 freetype: integer overflow and heap-based buffer overflow in the woff_open_font function in sfnt/sfobjs.c https://bugzilla.redhat.com/show_bug.cgi?id=1191091 [ 15 ] Bug #1191092 - CVE-2014-9669 freetype: Multiple integer overflows in sfnt/ttcmap.c https://bugzilla.redhat.com/show_bug.cgi?id=1191092 [ 16 ] Bug #1191093 - CVE-2014-9670 freetype: Multiple integer signedness errors in the pcf_get_encodings function inpcf/pcfread.c https://bugzilla.redhat.com/show_bug.cgi?id=1191093 [ 17 ] Bug #1191190 - CVE-2014-9674 freetype: integer overflow and heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c https://bugzilla.redhat.com/show_bug.cgi?id=1191190 --------------------------------------------------------------------------------
================================================================================ globus-ftp-client-8.19-1.fc20 (FEDORA-2015-2218) Globus Toolkit - GridFTP Client Library -------------------------------------------------------------------------------- Update Information:
Fix for GGUS 105158 and 109576. -------------------------------------------------------------------------------- ChangeLog:
* Tue Feb 17 2015 Mattias Ellert mattias.ellert@fysast.uu.se - 8.19-1 - GT6 update (GGUS 105158 and 109576) --------------------------------------------------------------------------------
================================================================================ globus-xio-5.7-1.fc20 (FEDORA-2015-2218) Globus Toolkit - Globus XIO Framework -------------------------------------------------------------------------------- Update Information:
Fix for GGUS 105158 and 109576. -------------------------------------------------------------------------------- ChangeLog:
* Tue Feb 17 2015 Mattias Ellert mattias.ellert@fysast.uu.se - 5.7-1 - GT6 update (Prefer IPv6 address) --------------------------------------------------------------------------------
================================================================================ haproxy-1.5.11-3.fc20 (FEDORA-2015-2236) HAProxy reverse proxy for high availability environments -------------------------------------------------------------------------------- Update Information:
- Add sysconfig file to allow for setting extra options/ - Add tcp-ut bind option to set TCP_USER_TIMEOUT -------------------------------------------------------------------------------- ChangeLog:
* Wed Feb 11 2015 Ryan O'Hara rohara@redhat.com - 1.5.11-3 - Add sysconfig file * Tue Feb 10 2015 Ryan O'Hara rohara@redhat.com - 1.5.11-2 - Add tcp-ut bind option to set TCP_USER_TIMEOUT (#1190783) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1188029 - haproxy-1.5.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1188029 --------------------------------------------------------------------------------
================================================================================ ldns-1.6.17-9.fc20 (FEDORA-2015-2227) Low-level DNS(SEC) library with API -------------------------------------------------------------------------------- Update Information:
Fix ldns-config -------------------------------------------------------------------------------- ChangeLog:
* Mon Feb 16 2015 Paul Wouters pwouters@redhat.com - 1.6.17-9 - bump evr * Tue Sep 30 2014 Paul Wouters pwouters@redhat.com - 1.6.17-8 - Fix ldns-config (rhbz#1147972) [Florian Lehner] -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1147972 - ldns-config is broken because of syntax errors https://bugzilla.redhat.com/show_bug.cgi?id=1147972 --------------------------------------------------------------------------------
================================================================================ libhtp-0.5.6-3.fc20 (FEDORA-2015-2223) Security-aware parser for the HTTP protocol and the related bits and pieces -------------------------------------------------------------------------------- Update Information:
Backport an upstream patch to fix a security issue. -------------------------------------------------------------------------------- ChangeLog:
* Tue Feb 17 2015 Mathieu Bridon bochecha@daitauha.fr - 0.5.6-3 - Backport an upstream patch to fix a security issue https://bugzilla.redhat.com/show_bug.cgi?id=1190866 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1190864 - libhtp: denial of service under memory stress https://bugzilla.redhat.com/show_bug.cgi?id=1190864 --------------------------------------------------------------------------------
================================================================================ profile-sync-daemon-5.68-1.fc20 (FEDORA-2015-2226) Offload browser profiles to RAM for speed a wear reduction -------------------------------------------------------------------------------- Update Information:
Update to 5.68 -------------------------------------------------------------------------------- ChangeLog:
* Tue Feb 17 2015 Christopher Meng rpm@cicku.me - 5.68-1 - Update to 5.68 --------------------------------------------------------------------------------
================================================================================ python-taskw-1.0.3-1.fc20 (FEDORA-2015-2212) Python bindings for your taskwarrior database -------------------------------------------------------------------------------- Update Information:
Convert .is: filters to == so url matching works. Better support for multiple taskwarrior versions. -------------------------------------------------------------------------------- ChangeLog:
* Tue Feb 17 2015 Ralph Bean rbean@redhat.com - 1.0.3-1 - new version * Wed Feb 11 2015 Ralph Bean rbean@redhat.com - 1.0.2-1 - new version * Wed Feb 11 2015 Ralph Bean rbean@redhat.com - 1.0.0-1 - new version --------------------------------------------------------------------------------
================================================================================ reposurgeon-3.19-1.fc20 (FEDORA-2015-2235) SCM Repository Manipulation Tool -------------------------------------------------------------------------------- Update Information:
== 3.19 == * Minor bugfix for handling of indexed action stamps.
== 3.18 == * The graft command now has a --prune option like unite.
== 3.17 == * Export support for SRC and RCS. * Bug fix for automated preservation under hg. * Bug fix for reparenting and checkout of commits with inline data.
== 3.16 == * Import support for SRC.
== 3.15 == * New 'add' command to insert new fileops in commits.
== 3.14 == * Assignments are preserved across squashes (including deletions). * Name lookups are, after the first one, significantly faster.
== 3.13 == * Read/write support for the Fossil system. * Fixes for timezone handling. -------------------------------------------------------------------------------- ChangeLog:
* Thu Jan 22 2015 Christopher Meng rpm@cicku.me - 3.19-1 - Update to 3.19 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1166407 - reposurgeon-3.19 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166407 --------------------------------------------------------------------------------
================================================================================ task-2.4.1-1.fc20 (FEDORA-2015-2232) A command-line to do list manager -------------------------------------------------------------------------------- Update Information:
Latest upstream. Move shell completion pieces to the right places. -------------------------------------------------------------------------------- ChangeLog:
* Sun Feb 15 2015 Ralph Bean rbean@redhat.com - 2.4.1-1 - Latest upstream. - Removed obsoleted task-faq and task-tutorial man pages. - Use CMAKE_BUILD_TYPE=release for a faster binary (at upstream's request). * Mon Feb 9 2015 Ralph Bean rbean@redhat.com - 2.3.0-3 - Move shell completion pieces to the right place. * Mon Aug 18 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.3.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1190545 - zsh completion not installed properly https://bugzilla.redhat.com/show_bug.cgi?id=1190545 --------------------------------------------------------------------------------
================================================================================ tellico-2.3.10-1.fc20 (FEDORA-2015-2229) A collection manager -------------------------------------------------------------------------------- Update Information:
Update to latest stable release: * Updated Discogs fetcher to new API (Bug kde#342827). * Updated Moviemeter fetcher to new API. * Added filter rules for Greater than and Less than numbers. * Updated BoardGameGeek fetcher to new API. * Added capability to import a BoardGameGeek collection. * Added a data source for Mathematical Reviews. * Fixed crashing bug with some ISBNdb results (Bug kde#339063). * Updated Producer results for IMDb and TheMovieDB fetchers (Bug kde#336765). * Fixed bug with Allocine API search using punctuation (Bug kde#337432). * Fixed bug with importing Goodreads collection. -------------------------------------------------------------------------------- ChangeLog:
* Tue Feb 17 2015 José Matos jamatos@fedoraproject.org - 2.3.10-1 - update to 2.3.10 - x-tellico.desktop is gone -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1193435 - tellico-2.3.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1193435 --------------------------------------------------------------------------------