The following Fedora 20 Security updates need testing: Age URL 170 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.2... 125 https://admin.fedoraproject.org/updates/FEDORA-2015-1718/389-admin-1.1.38-1.... 108 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.3... 93 https://admin.fedoraproject.org/updates/FEDORA-2015-3417/389-ds-base-1.3.2.2... 89 https://admin.fedoraproject.org/updates/FEDORA-2015-3738/ImageMagick-6.8.6.3... 75 https://admin.fedoraproject.org/updates/FEDORA-2015-4672/quassel-0.11.0-2.fc... 60 https://admin.fedoraproject.org/updates/FEDORA-2015-5970/asterisk-11.17.1-1.... 60 https://admin.fedoraproject.org/updates/FEDORA-2015-5978/krb5-1.11.5-20.fc20 53 https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6.fc2... 41 https://admin.fedoraproject.org/updates/FEDORA-2015-7231/libarchive-3.1.2-8.... 40 https://admin.fedoraproject.org/updates/FEDORA-2015-7302/drupal7-views-3.11-... 27 https://admin.fedoraproject.org/updates/FEDORA-2015-8159/rawstudio-2.1-0.1.2... 19 https://admin.fedoraproject.org/updates/FEDORA-2015-8142/cabal-install-1.16.... 19 https://admin.fedoraproject.org/updates/FEDORA-2015-8727/fail2ban-0.9.2-1.fc... 15 https://admin.fedoraproject.org/updates/FEDORA-2015-8777/ntfs-3g-2015.3.14-2... 15 https://admin.fedoraproject.org/updates/FEDORA-2015-8782/fuse-2.9.4-1.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2015-9163/fossil-1.33-1.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2015-9161/nss-util-3.19.1-1.0... 5 https://admin.fedoraproject.org/updates/FEDORA-2015-9388/libreswan-3.13-1.fc... 5 https://admin.fedoraproject.org/updates/FEDORA-2015-9371/openssl-1.0.1e-43.f... 4 https://admin.fedoraproject.org/updates/FEDORA-2015-9527/armacycles-ad-0.2.8... 4 https://admin.fedoraproject.org/updates/FEDORA-2015-9500/xen-4.3.4-5.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-9604/python-django14-1.4... 3 https://admin.fedoraproject.org/updates/FEDORA-2015-9625/mbedtls-1.3.11-1.fc... 1 https://admin.fedoraproject.org/updates/FEDORA-2015-9649/libwmf-0.2.8.4-43.f... 0 https://admin.fedoraproject.org/updates/FEDORA-2015-5375/strongswan-5.3.2-1.... 0 https://admin.fedoraproject.org/updates/FEDORA-2015-9703/squid-3.3.14-1.fc20
The following Fedora 20 Critical Path updates have yet to be approved: Age URL 108 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.3... 13 https://admin.fedoraproject.org/updates/FEDORA-2015-8614/gnome-documents-3.1... 11 https://admin.fedoraproject.org/updates/FEDORA-2015-9131/cdrkit-1.1.11-23.fc... 5 https://admin.fedoraproject.org/updates/FEDORA-2015-9379/perl-Getopt-Long-2.... 5 https://admin.fedoraproject.org/updates/FEDORA-2015-9371/openssl-1.0.1e-43.f... 4 https://admin.fedoraproject.org/updates/FEDORA-2015-9452/gnupg2-2.0.28-1.fc2... 1 https://admin.fedoraproject.org/updates/FEDORA-2015-8911/kdelibs-4.14.9-2.fc...
The following builds have been pushed to Fedora 20 updates-testing
gecode-4.4.0-1.fc20 golang-googlecode-goauth2-0-0.8.hgb5adcc2.fc20 lziprecover-1.17-1.fc20 openvpn-2.3.7-1.fc20 python-num2words-0.5.2-6.fc20 salt-2015.5.2-3.fc20 sane-backends-1.0.24-14.fc20 squid-3.3.14-1.fc20 strongswan-5.3.2-1.fc20 whois-5.2.9-1.fc20
Details about builds:
================================================================================ gecode-4.4.0-1.fc20 (FEDORA-2015-9740) Generic constraint development environment -------------------------------------------------------------------------------- Update Information:
Update to gecode 4.4.0. -------------------------------------------------------------------------------- ChangeLog:
* Sat May 2 2015 Kalev Lember kalevlember@gmail.com - 4.3.3-3 - Rebuilt for GCC 5 C++11 ABI change * Mon Jan 26 2015 Petr Machata pmachata@redhat.com - 4.3.3-2 - Rebuild for boost 1.57.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1228815 - upgrade gecode to 4.4.0 https://bugzilla.redhat.com/show_bug.cgi?id=1228815 --------------------------------------------------------------------------------
================================================================================ golang-googlecode-goauth2-0-0.8.hgb5adcc2.fc20 (FEDORA-2015-9743) OAuth 2.0 for Go clients -------------------------------------------------------------------------------- Update Information:
Add missing Provides Bump to upstream b5adcc2dcdf009d0391547edc6ecbaff889f5bb9 -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 9 2015 jchaloup jchaloup@redhat.com - 0-0.8.hgb5adcc2 - Add missing Provides related: #1227273 * Tue Jun 2 2015 jchaloup jchaloup@redhat.com - 0-0.7.hgb5adcc2 - Bump to upstream b5adcc2dcdf009d0391547edc6ecbaff889f5bb9 resolves: #1227273 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1227273 - Tracker for golang-googlecode-goauth2 https://bugzilla.redhat.com/show_bug.cgi?id=1227273 --------------------------------------------------------------------------------
================================================================================ lziprecover-1.17-1.fc20 (FEDORA-2015-9701) Data recovery tool and decompressor for files in the lzip compressed format -------------------------------------------------------------------------------- Update Information:
2015-05-28 Antonio Diaz Diaz antonio@gnu.org
* Version 1.17 released. * New block selection algorithm makes merge up to 100 times faster. * repair.cc: Repair time has been reduced by 15%. * Added new option '-y, --debug-delay'. * Added new option '-z, --debug-repair'. * Makefile.in: Added new targets 'install*-compress'. * testsuite/unzcrash.cc: Moved to top directory. * lziprecover.texi: Added chapter 'File names'.
2014-08-29 Antonio Diaz Diaz antonio@gnu.org
* Version 1.16 released. * New class LZ_mtester makes repair up to 10 times faster. * main.cc (close_and_set_permissions): Behave like 'cp -p'. * lziprecover.texinfo: Renamed to lziprecover.texi. * License changed to GPL version 2 or later.
-------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 9 2015 Jon Ciesla limburgher@gmail.com - 1.17-1 - 1.17, BZ 1228902. * Sat May 2 2015 Kalev Lember kalevlember@gmail.com - 1.15-4 - Rebuilt for GCC 5 C++11 ABI change * Sun Aug 17 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.15-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.15-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1228902 - lziprecover-1.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1228902 --------------------------------------------------------------------------------
================================================================================ openvpn-2.3.7-1.fc20 (FEDORA-2015-9737) A full-featured SSL VPN solution -------------------------------------------------------------------------------- Update Information:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23 -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 9 2015 Jon Ciesla limburgher@gmail.com 2.3.7-1 - 2.3.7, BZ 1229504. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1229504 - openvpn-2.3.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1229504 --------------------------------------------------------------------------------
================================================================================ python-num2words-0.5.2-6.fc20 (FEDORA-2015-9698) Python 2 modules to convert numbers to words -------------------------------------------------------------------------------- Update Information:
Initial importing of #1223623 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1223623 - Review Request: python-num2words - Modules to convert numbers to words https://bugzilla.redhat.com/show_bug.cgi?id=1223623 --------------------------------------------------------------------------------
================================================================================ salt-2015.5.2-3.fc20 (FEDORA-2015-9729) A parallel remote execution system -------------------------------------------------------------------------------- Update Information:
Mark salt-ssh roster as a config file to prevent replacement Update to bugfix release 2015.5.2 Add missing dependency on which (RH #1226636) -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 4 2015 Erik Johnson erik@saltstack.com - 2015.5.2-3 - Mark salt-ssh roster as a config file to prevent replacement * Thu Jun 4 2015 Erik Johnson erik@saltstack.com - 2015.5.2-2 - Update skipped tests * Thu Jun 4 2015 Erik Johnson erik@saltstack.com - 2015.5.2-1 - Update to bugfix release 2015.5.2 * Mon Jun 1 2015 Erik Johnson erik@saltstack.com - 2015.5.1-2 - Add missing dependency on which (RH #1226636) * Wed May 27 2015 Erik Johnson erik@saltstack.com - 2015.5.1-1 - Update to bugfix release 2015.5.1 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1226636 - salt-minion-2015.5.0 needs package 'which' installed https://bugzilla.redhat.com/show_bug.cgi?id=1226636 --------------------------------------------------------------------------------
================================================================================ sane-backends-1.0.24-14.fc20 (FEDORA-2015-9747) Scanner access software -------------------------------------------------------------------------------- Update Information:
This update backports fixes for devices connected via USB3. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 9 2015 Nils Philippsen nils@redhat.com - 1.0.24-14 - reformat and rename snprintf-cleanroom patch - backport USB3 xhci patch from upstream master (#1228954) * Mon Jun 8 2015 Nils Philippsen nils@redhat.com - 1.0.24-14 - apply format-security patch, drop format-security2 patch * Tue Jan 20 2015 Peter Robinson pbrobinson@fedoraproject.org 1.0.24-13 - Rebuild (libgphoto2) * Mon Aug 18 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.0.24-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 8 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.0.24-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu May 29 2014 Tom Callaway spot@fedoraproject.org - 1.0.24-10 - update lib/snprintf.c to resolve license issue (#1102520) * Mon Apr 14 2014 Jaromir Capik jcapik@redhat.com - 1.0.24-9 - Fixing format-security flaws * Wed Dec 4 2013 Nils Philippsen nils@redhat.com - 1.0.24-8 - use string literals as format strings (#1037316) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1228954 - SnapScan 1212u: scanning is broken with I/O error. https://bugzilla.redhat.com/show_bug.cgi?id=1228954 --------------------------------------------------------------------------------
================================================================================ squid-3.3.14-1.fc20 (FEDORA-2015-9703) The Squid proxy caching server -------------------------------------------------------------------------------- Update Information:
Updated to version 3.3.14, which fixes CVE-2015-3455 -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 4 2015 Luboš Uhliarik luhliari@redhat.com - 7:3.3.14-1 - Updated to upstream version 3.3.14 - Fixed: CVE-2015-3455 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1218118 - CVE-2015-3455 squid: incorrect X509 server certificate validation (SQUID-2015:1) https://bugzilla.redhat.com/show_bug.cgi?id=1218118 --------------------------------------------------------------------------------
================================================================================ strongswan-5.3.2-1.fc20 (FEDORA-2015-5375) An OpenSource IPsec-based VPN and TNC solution -------------------------------------------------------------------------------- Update Information:
New upstream release 5.3.2. Fixes CVE-2014-9221 and CVE-2015-3991. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 9 2015 Pavel Šimerda psimerda@redhat.com - new version 5.3.2 * Fri Jun 5 2015 Pavel Šimerda psimerda@redhat.com - new version 5.3.1 * Tue Mar 31 2015 Pavel Šimerda psimerda@redhat.com - new version 5.3.0 * Fri Feb 20 2015 Avesh Agarwal avagarwa@redhat.com - 5.2.2-2 - Fixes strongswan swanctl service issue rhbz#1193106 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1228819 - CVE-2015-3991 strongswan: incorrect payload processing for different IKE versions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1228819 --------------------------------------------------------------------------------
================================================================================ whois-5.2.9-1.fc20 (FEDORA-2015-9695) Improved WHOIS client -------------------------------------------------------------------------------- Update Information:
This release updates client identifier. It adds records for new generic TLDs azure., bbva., bible., fyi., homedepot., jll., mba., men., montblanc., sandvik., sandvikcoromant., ski., sncf., thd., walter., xbox., and 餐厅. It updates records for cr., and bn. TLDs. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 9 2015 Petr Pisar ppisar@redhat.com - 5.2.9-1 - 5.2.9 bump -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1229339 - whois-5.2.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1229339 --------------------------------------------------------------------------------