The following Fedora 20 Security updates need testing:
Age URL
147
https://admin.fedoraproject.org/updates/FEDORA-2014-15988/fail2ban-0.9.1-...
127
https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-...
82
https://admin.fedoraproject.org/updates/FEDORA-2015-1718/389-admin-1.1.38...
80
https://admin.fedoraproject.org/updates/FEDORA-2015-1790/fcgi-2.4.0-26.fc20
65
https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-...
50
https://admin.fedoraproject.org/updates/FEDORA-2015-3417/389-ds-base-1.3....
45
https://admin.fedoraproject.org/updates/FEDORA-2015-3738/ImageMagick-6.8....
32
https://admin.fedoraproject.org/updates/FEDORA-2015-4672/quassel-0.11.0-2...
25
https://admin.fedoraproject.org/updates/FEDORA-2015-5398/thunderbird-31.6...
18
https://admin.fedoraproject.org/updates/FEDORA-2015-5910/netcf-0.2.8-1.fc20
17
https://admin.fedoraproject.org/updates/FEDORA-2015-5972/yourls-1.7-3.201...
17
https://admin.fedoraproject.org/updates/FEDORA-2015-5970/asterisk-11.17.1...
17
https://admin.fedoraproject.org/updates/FEDORA-2015-5978/krb5-1.11.5-20.fc20
10
https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6....
6
https://admin.fedoraproject.org/updates/FEDORA-2015-6428/prosody-0.9.8-1....
6
https://admin.fedoraproject.org/updates/FEDORA-2015-6417/dpkg-1.16.16-1.fc20
6
https://admin.fedoraproject.org/updates/FEDORA-2015-6505/mksh-50f-1.fc20
6
https://admin.fedoraproject.org/updates/FEDORA-2015-6517/ax25-tools-0.0.1...
5
https://admin.fedoraproject.org/updates/FEDORA-2015-6621/xulrunner-37.0.2...
5
https://admin.fedoraproject.org/updates/FEDORA-2015-6583/xen-4.3.4-3.fc20
5
https://admin.fedoraproject.org/updates/FEDORA-2015-6573/qt3-3.3.8b-63.fc20
3
https://admin.fedoraproject.org/updates/FEDORA-2015-6401/proftpd-1.3.4e-3...
3
https://admin.fedoraproject.org/updates/FEDORA-2015-6815/ikiwiki-3.201503...
2
https://admin.fedoraproject.org/updates/FEDORA-2015-6908/v8-3.14.5.10-18....
2
https://admin.fedoraproject.org/updates/FEDORA-2015-6933/testdisk-7.0-2.fc20
2
https://admin.fedoraproject.org/updates/FEDORA-2015-6862/springframework-...
2
https://admin.fedoraproject.org/updates/FEDORA-2015-6891/async-http-clien...
2
https://admin.fedoraproject.org/updates/FEDORA-2015-6952/wpa_supplicant-2...
0
https://admin.fedoraproject.org/updates/FEDORA-2015-7057/pdns-3.3.1-3.fc20
0
https://admin.fedoraproject.org/updates/FEDORA-2015-7079/pdns-recursor-3....
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
65
https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-...
10
https://admin.fedoraproject.org/updates/FEDORA-2015-6317/python-slip-0.6....
10
https://admin.fedoraproject.org/updates/FEDORA-2015-6333/linux-firmware-2...
10
https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6....
6
https://admin.fedoraproject.org/updates/FEDORA-2015-6418/lua-socket-3.0-0...
5
https://admin.fedoraproject.org/updates/FEDORA-2015-6586/crda-1.1.3_2015....
5
https://admin.fedoraproject.org/updates/FEDORA-2015-6627/mobile-broadband...
5
https://admin.fedoraproject.org/updates/FEDORA-2015-6621/xulrunner-37.0.2...
2
https://admin.fedoraproject.org/updates/FEDORA-2015-6912/grantlee-0.5.1-1...
2
https://admin.fedoraproject.org/updates/FEDORA-2015-6928/pcre-8.33-10.fc20
2
https://admin.fedoraproject.org/updates/FEDORA-2015-6952/wpa_supplicant-2...
0
https://admin.fedoraproject.org/updates/FEDORA-2015-7065/ibus-1.5.10-3.fc20
The following builds have been pushed to Fedora 20 updates-testing
canl-c++-1.1.0-4.fc20
gitolite3-3.6.3-1.fc20
golang-github-emicklei-go-restful-1.1.3-0.2.git03f8ad5.fc20
golang-github-fsouza-go-dockerclient-0.2.1-5.git0dfe1f1.fc20
ibus-1.5.10-3.fc20
kubernetes-0.15.0-8.fc20
libtifiles2-1.1.6-4.fc20
nx-libs-3.5.0.31-1.fc20
pdns-3.3.1-3.fc20
pdns-recursor-3.7.2-1.fc20
python-virtualenvwrapper-4.5.0-1.fc20
skrooge-1.11.0-1.fc20.1
stunnel-5.15-1.fc20
supybot-fedora-0.3.2-1.fc20
x2goserver-4.0.1.19-3.fc20
xpra-0.14.21-5.fc20
yadifa-2.0.6-1.fc20
Details about builds:
================================================================================
canl-c++-1.1.0-4.fc20 (FEDORA-2015-7019)
EMI Common Authentication library - bindings for C++
--------------------------------------------------------------------------------
Update Information:
New License Packaging Guidelines
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 27 2015 Mattias Ellert <mattias.ellert(a)fysast.uu.se> - 1.1.0-4
- Rebuilt for gcc C++ ABI change (rawhide)
- Implement updated license packaging guidelines
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.1.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.1.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
gitolite3-3.6.3-1.fc20 (FEDORA-2015-7049)
Highly flexible server for git directory version tracker
--------------------------------------------------------------------------------
Update Information:
2015-04-26 v3.6.3 allow limited use of 'git config' using the new
'config'
command
accept openssh 6.8's new fingerprint output format
(finally!) allow limited symlinks within ~/repositories;
see commit 8e36230 for details
perms command now lists available roles
minor backward compat breakage: 'perms -l repo' no longer
works; see 'perms -h' for new usage
allow gitolite-shell to be used as $SHELL (experts only;
no support, no docs; see commit 9cd1e37 for details)
help with 'git push --signed' using a post-receive hook to
adopt push certs into 'refs/push-certs'; for details see
contrib/hooks/repo-specific/save-push-signatures
new 'transparent proxy' feature for git repos; see
src/lib/Gitolite/Triggers/TProxy.pm for details
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 26 2015 Jon Ciesla <limburgher(a)gmail.com> - 1:3.6.3-1
- Latest upstream.
--------------------------------------------------------------------------------
================================================================================
golang-github-emicklei-go-restful-1.1.3-0.2.git03f8ad5.fc20 (FEDORA-2015-7038)
Package for building REST-style Web Services using Google Go
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 03f8ad5589baf3c67a448fd9354da27419db712d
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 27 2015 jchaloup <jchaloup(a)redhat.com> - 1.1.3-0.2.git03f8ad5
- Bump to upstream 03f8ad5589baf3c67a448fd9354da27419db712d
resolves: #1215626
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1215626 - Tracker for golang-github-emicklei-go-restful
https://bugzilla.redhat.com/show_bug.cgi?id=1215626
--------------------------------------------------------------------------------
================================================================================
golang-github-fsouza-go-dockerclient-0.2.1-5.git0dfe1f1.fc20 (FEDORA-2015-7014)
Client for the Docker remote API
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 0dfe1f16045e9e460430ee10ec1dea8d86c9bd9f
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 27 2015 jchaloup <jchaloup(a)redhat.com> - 0.2.1-5.git0dfe1f1
- Bump to upstream 0dfe1f16045e9e460430ee10ec1dea8d86c9bd9f
resolves: #1215656
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1215656 - Tracker for golang-github-fsouza-go-dockerclient
https://bugzilla.redhat.com/show_bug.cgi?id=1215656
--------------------------------------------------------------------------------
================================================================================
ibus-1.5.10-3.fc20 (FEDORA-2015-7065)
Intelligent Input Bus for Linux OS
--------------------------------------------------------------------------------
Update Information:
Fixed to show keyboard shortcuts on ibus-setup
Fixed to enable input method engines on gtk3 applications in gnome wayland.
Added Swedish svdvorak.
I18N engine longnames and descriptions on ibus-setup.
Moved PropertyPanel at bottom right in F22 KDE5.
Drew gray color on Handle PropertyPanel.
Enabled ibus engine full path icon in F22 KDE5.
Updated translations.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 24 2015 Takao Fujiwara <tfujiwar(a)redhat.com> - 1.5.10-3
- Updated ibus-HEAD.patch from upstream
Fixed to show shortcuts on ibus-setup.
Bug 1214271 Fixed to enable IME with GTK3 applications in wayland.
* Thu Apr 2 2015 Takao Fujiwara <tfujiwar(a)redhat.com> - 1.5.10-2
- Updated ibus-HEAD.patch from upstream
Added Swedish svdvorak
I18N engine longnames and descriptions on ibus-setup
Moved PropertyPanel at bottom right in KDE5
Drew gray color on Handle PropertyPanel
Enabled ibus engine full path icon in KDE5
Updated translations
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1213284 - ibus-setup does not show keyboard shortcuts on the selection
dialog
https://bugzilla.redhat.com/show_bug.cgi?id=1213284
[ 2 ] Bug #1214271 - ibus-wayland works quite wrong
https://bugzilla.redhat.com/show_bug.cgi?id=1214271
--------------------------------------------------------------------------------
================================================================================
kubernetes-0.15.0-8.fc20 (FEDORA-2015-7008)
Container cluster management
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 051dd96c542799dfab39184d2a7c8bacf9e88d85
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 27 2015 jchaloup <jchaloup(a)redhat.com> - 0.15.0-8
- Bump to upstream 051dd96c542799dfab39184d2a7c8bacf9e88d85
related: #1211266
* Fri Apr 24 2015 jchaloup <jchaloup(a)redhat.com> - 0.15.0-7
- Bump to upstream 9f753c2592481a226d72cea91648db8fb97f0da8
related: #1211266
* Thu Apr 23 2015 jchaloup <jchaloup(a)redhat.com> - 0.15.0-6
- Bump to upstream cf824ae5e07965ba0b4b15ee88e08e2679f36978
related: #1211266
* Tue Apr 21 2015 jchaloup <jchaloup(a)redhat.com> - 0.15.0-5
- Bump to upstream 21788d8e6606038a0a465c97f5240b4e66970fbb
related: #1211266
* Mon Apr 20 2015 jchaloup <jchaloup(a)redhat.com> - 0.15.0-4
- Bump to upstream eb1ea269954da2ce557f3305fa88d42e3ade7975
related: #1211266
* Fri Apr 17 2015 jchaloup <jchaloup(a)redhat.com> - 0.15.0-3
- Obsolete cadvisor as it is integrated in kubelet
related: #1211266
* Wed Apr 15 2015 jchaloup <jchaloup(a)redhat.com> - 0.15.0-0.2.git0ea87e4
- Bump to upstream 0ea87e486407298dc1e3126c47f4076b9022fb09
related: #1211266
* Tue Apr 14 2015 jchaloup <jchaloup(a)redhat.com> - 0.15.0-0.1.gitd02139d
- Bump to upstream d02139d2b454ecc5730cc535d415c1963a7fb2aa
related: #1211266
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1211266 - Tracking bugzilla for kubernetes updates
https://bugzilla.redhat.com/show_bug.cgi?id=1211266
--------------------------------------------------------------------------------
================================================================================
libtifiles2-1.1.6-4.fc20 (FEDORA-2015-7001)
Texas Instruments calculator files library
--------------------------------------------------------------------------------
Update Information:
Texas Instruments calculator files library
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1186497 - Review Request: libtifiles2 - Texas Instruments calculator files
library
https://bugzilla.redhat.com/show_bug.cgi?id=1186497
--------------------------------------------------------------------------------
================================================================================
nx-libs-3.5.0.31-1.fc20 (FEDORA-2015-7029)
NX X11 protocol compression libraries
--------------------------------------------------------------------------------
Update Information:
- Install applications symlink by default so that "Published Applications" is
populated (bug #1215474)
- Update to nx-libs 3.5.0.31 (mostly OSX and other non-Fedora changes)
- Have x2goagent own /etc/x2go to ensure proper cleanup
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 27 2015 Orion Poplawski <orion(a)cora.nwra.com> - 3.5.0.31-1
- Update to 3.5.0.31
- Own /etc/x2go to ensure proper cleanup
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1215474 - X2Go "Published Applications" list is empty
https://bugzilla.redhat.com/show_bug.cgi?id=1215474
--------------------------------------------------------------------------------
================================================================================
pdns-3.3.1-3.fc20 (FEDORA-2015-7057)
A modern, advanced and high performance authoritative-only nameserver
--------------------------------------------------------------------------------
Update Information:
- CVE-2015-1868
External References:
https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 27 2015 Morten Stevens <mstevens(a)imt-systems.com> - 3.3.1-3
- CVE-2015-1868
- Run the unit tests during check
- Remove polarssl-devel as build dependency
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1213377 - CVE-2015-1868 pdns: Label decompression bug in PowerDNS can cause
crashes on specific platforms
https://bugzilla.redhat.com/show_bug.cgi?id=1213377
--------------------------------------------------------------------------------
================================================================================
pdns-recursor-3.7.2-1.fc20 (FEDORA-2015-7079)
Modern, advanced and high performance recursing/non authoritative name server
--------------------------------------------------------------------------------
Update Information:
- Update to 3.7.2
- CVE-2015-1868
External References:
https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 27 2015 Morten Stevens <mstevens(a)imt-systems.com> - 3.7.2-1
- Update to 3.7.2
- CVE-2015-1868
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1213377 - CVE-2015-1868 pdns: Label decompression bug in PowerDNS can cause
crashes on specific platforms
https://bugzilla.redhat.com/show_bug.cgi?id=1213377
--------------------------------------------------------------------------------
================================================================================
python-virtualenvwrapper-4.5.0-1.fc20 (FEDORA-2015-7037)
Enhancements to virtualenv
--------------------------------------------------------------------------------
Update Information:
Latest usptream. Use virtualenvwrapper_lazy.sh by default.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 27 2015 Ralph Bean <rbean(a)redhat.com> - 4.5.0-1
- new version
* Mon Apr 27 2015 Ralph Bean <rbean(a)redhat.com> - 4.3.2-2
- Use virtualenvwrapper_lazy.sh by default, fixing #1213121.
* Wed Feb 18 2015 Ralph Bean <rbean(a)redhat.com> - 4.3.2-1
- new version
--------------------------------------------------------------------------------
================================================================================
skrooge-1.11.0-1.fc20.1 (FEDORA-2015-7075)
Personal finances manager
--------------------------------------------------------------------------------
Update Information:
New Package upstream stable 1.11.0
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 26 2015 Siddharth Sharma <siddharth.kde(a)gmail.com> - 1.11.0-1.1
- New Package upstream stable 1.11.0
* Fri Jan 23 2015 maverick <siddharth.kde(a)gmail.com> - 1.10.92-1.1
- New Package Upstream unstable 10.0.92
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1196923 - skrooge-1.11.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1196923
--------------------------------------------------------------------------------
================================================================================
stunnel-5.15-1.fc20 (FEDORA-2015-7035)
An SSL-encrypting socket wrapper
--------------------------------------------------------------------------------
Update Information:
New upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 27 2015 Avesh Agarwal <avagarwa(a)redhat.com> - 5.15-1
- New upstream release 5.15.
- 1155977: Fixed upstream too so removed the associated patch
- Updates other patches too.
* Mon Mar 30 2015 Avesh Agarwal <avagarwa(a)redhat.com> - 5.14-1
- New upstream release 5.14.
* Sun Mar 29 2015 Avesh Agarwal <avagarwa(a)redhat.com> - 5.13-1
- New upstream release 5.13.
* Sat Mar 28 2015 Avesh Agarwal <avagarwa(a)redhat.com> - 5.12-1
- New upstream release 5.12.
* Fri Mar 27 2015 Avesh Agarwal <avagarwa(a)redhat.com> - 5.11-1
- New upstream release 5.11.
* Wed Jan 28 2015 Avesh Agarwal <avagarwa(a)redhat.com> - 5.10-1
- New upstream release 5.10.
--------------------------------------------------------------------------------
================================================================================
supybot-fedora-0.3.2-1.fc20 (FEDORA-2015-7000)
Plugin for Supybot to interact with Fedora services
--------------------------------------------------------------------------------
Update Information:
Nag people about naked pings. Adjust karma responses in channel.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 27 2015 Ralph Bean <rbean(a)redhat.com> - 0.3.2-1
- new version
--------------------------------------------------------------------------------
================================================================================
x2goserver-4.0.1.19-3.fc20 (FEDORA-2015-7029)
X2Go Server
--------------------------------------------------------------------------------
Update Information:
- Install applications symlink by default so that "Published Applications" is
populated (bug #1215474)
- Update to nx-libs 3.5.0.31 (mostly OSX and other non-Fedora changes)
- Have x2goagent own /etc/x2go to ensure proper cleanup
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 26 2015 Orion Poplawski <orion(a)cora.nwra.com> - 4.0.1.19-3
- Install applications symlink by default so that "Published
Applications" is populated (bug #1215474)
* Wed Mar 18 2015 Orion Poplawski <orion(a)cora.nwra.com> - 4.0.1.19-2
- Provide x2goserver-extensions for upstream compatibility
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1215474 - X2Go "Published Applications" list is empty
https://bugzilla.redhat.com/show_bug.cgi?id=1215474
--------------------------------------------------------------------------------
================================================================================
xpra-0.14.21-5.fc20 (FEDORA-2015-7025)
Remote display server for applications and desktops
--------------------------------------------------------------------------------
Update Information:
Add patch to remove reference to the xorg void driver in xorg.conf (BZ #1215527)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1215527 - Drop usage of xorg-x11-drv-void in xpra's xorg.conf
https://bugzilla.redhat.com/show_bug.cgi?id=1215527
--------------------------------------------------------------------------------
================================================================================
yadifa-2.0.6-1.fc20 (FEDORA-2015-7040)
Lightweight authoritative Name Server with DNSSEC capabilities
--------------------------------------------------------------------------------
Update Information:
Update to 2.0.6 release
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 26 2015 Denis Fateyev <denis(a)fateyev.com> - 2.0.6-1
- Update to 2.0.6 release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1215611 - yadifa: 2.0.6 release available
https://bugzilla.redhat.com/show_bug.cgi?id=1215611
--------------------------------------------------------------------------------