The following Fedora 20 Security updates need testing:
Age URL
69
https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20
49
https://admin.fedoraproject.org/updates/FEDORA-2014-6551/chicken-4.8.0.6-...
47
https://admin.fedoraproject.org/updates/FEDORA-2014-6615/drupal7-views-3....
21
https://admin.fedoraproject.org/updates/FEDORA-2014-5497/openstack-keysto...
20
https://admin.fedoraproject.org/updates/FEDORA-2014-7523/readline-6.2-10....
18
https://admin.fedoraproject.org/updates/FEDORA-2014-7551/asterisk-11.10.2...
18
https://admin.fedoraproject.org/updates/FEDORA-2014-7577/claws-mail-3.10....
18
https://admin.fedoraproject.org/updates/FEDORA-2014-7613/perl-Email-Addre...
15
https://admin.fedoraproject.org/updates/FEDORA-2014-7697/dpkg-1.16.15-1.fc20
9
https://admin.fedoraproject.org/updates/FEDORA-2014-7896/zarafa-7.1.10-1....
9
https://admin.fedoraproject.org/updates/FEDORA-2014-7936/python3-3.3.2-16...
8
https://admin.fedoraproject.org/updates/FEDORA-2014-7954/openstack-nova-2...
6
https://admin.fedoraproject.org/updates/FEDORA-2014-8032/ansible-1.6.6-1....
6
https://admin.fedoraproject.org/updates/FEDORA-2014-8021/docker-io-1.0.0-...
5
https://admin.fedoraproject.org/updates/FEDORA-2014-7657/couchdb-1.6.0-6....
4
https://admin.fedoraproject.org/updates/FEDORA-2014-8098/pnp4nagios-0.6.2...
4
https://admin.fedoraproject.org/updates/FEDORA-2014-8099/lz4-r119-1.fc20
0
https://admin.fedoraproject.org/updates/FEDORA-2014-8189/krb5-1.11.5-8.fc20
0
https://admin.fedoraproject.org/updates/FEDORA-2014-8227/ocsinventory-2.0...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-8208/libXfont-1.4.8-1...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-8065/rubygem-activere...
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
12
https://admin.fedoraproject.org/updates/FEDORA-2014-7789/libndp-1.3-1.fc20
10
https://admin.fedoraproject.org/updates/FEDORA-2014-7857/python-mako-1.0....
10
https://admin.fedoraproject.org/updates/FEDORA-2014-7868/gnome-shell-3.10...
8
https://admin.fedoraproject.org/updates/FEDORA-2014-7968/perl-Pod-Usage-1...
4
https://admin.fedoraproject.org/updates/FEDORA-2014-8109/libfm-1.2.1-1.fc...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-8208/libXfont-1.4.8-1...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-8185/fontconfig-2.11....
0
https://admin.fedoraproject.org/updates/FEDORA-2014-8189/krb5-1.11.5-8.fc20
0
https://admin.fedoraproject.org/updates/FEDORA-2014-8186/xorg-x11-drv-qxl...
The following builds have been pushed to Fedora 20 updates-testing
alglib-3.8.2-5.fc20
conky-1.9.0-8.20140617gitab826d.fc20
freight-0.3.5-4.fc20
hornetq-2.4.1-3.fc20
libXfont-1.4.8-1.fc20
lmiwbem-0.2.0-6.fc20
nx-libs-3.5.0.27-1.fc20
ocsinventory-2.0.5-8.fc20
perl-IO-Socket-IP-0.30-2.fc20
perl-Module-Package-Au-2-1.fc20
perl-SOCKS-0.03-1.fc20
php-horde-Horde-Compress-Fast-1.0.3-1.fc20
php-horde-Horde-Imap-Client-2.23.2-1.fc20
php-horde-Horde-Mime-2.4.3-1.fc20
python-django-pyscss-1.0.1-2.fc20
python-tox-1.7.1-1.fc20
qpid-proton-0.7-3.fc20
rubygem-activerecord-4.0.0-4.fc20
se-sandbox-runner-1.6.12-1.fc20
x11trace-1.3.1-7.fc20
Details about builds:
================================================================================
alglib-3.8.2-5.fc20 (FEDORA-2014-8219)
A numerical analysis and data processing library
--------------------------------------------------------------------------------
Update Information:
Disable builds for non x86 and non arm architectures, since upstream does not support
them.
Initial package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1109490 - Review Request: alglib - A numerical analysis and data processing
library
https://bugzilla.redhat.com/show_bug.cgi?id=1109490
--------------------------------------------------------------------------------
================================================================================
conky-1.9.0-8.20140617gitab826d.fc20 (FEDORA-2014-8212)
A system monitor for X
--------------------------------------------------------------------------------
Update Information:
This update fixes crash with lua scripts.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 9 2014 Miroslav Lichvar <mlichvar(a)redhat.com> -
1.9.0-8.20140617gitab826d.fc20
- build with lua-5.1 (#1117120)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1117120 - [abrt] conky: luaH_getstr(): conky killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1117120
--------------------------------------------------------------------------------
================================================================================
freight-0.3.5-4.fc20 (FEDORA-2014-8217)
A modern take on the Debian archive
--------------------------------------------------------------------------------
Update Information:
New package for easy management of Debian archives
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1115049 - Review Request: freight - A modern take on the Debian archive
https://bugzilla.redhat.com/show_bug.cgi?id=1115049
--------------------------------------------------------------------------------
================================================================================
hornetq-2.4.1-3.fc20 (FEDORA-2014-8231)
High performance messaging system
--------------------------------------------------------------------------------
Update Information:
Adds missing jars that are required by WildFly.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.4.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri Mar 28 2014 Michael Simacek <msimacek(a)redhat.com> - 2.4.1-2
- Use Requires: java-headless rebuild (#1067528)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1116959 - Wildfly do not install in Fedora 20 PPC64
https://bugzilla.redhat.com/show_bug.cgi?id=1116959
--------------------------------------------------------------------------------
================================================================================
libXfont-1.4.8-1.fc20 (FEDORA-2014-8208)
X.Org X11 libXfont runtime library
--------------------------------------------------------------------------------
Update Information:
- libXfont 1.4.8 (rhbz#1100441)
- Fixes: CVE-2014-0209, CVE-2014-0210, CVE-2014-0211 (rhbz#1097397)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 9 2014 Hans de Goede <hdegoede(a)redhat.com> - 1.4.8-1
- libXfont 1.4.8 (rhbz#1100441)
- Fixes: CVE-2014-0209, CVE-2014-0210, CVE-2014-0211 (rhbz#1097397)
* Mon Jun 9 2014 Adam Jackson <ajax(a)redhat.com> 1.4.7-2
- Fix FTBFS against new fontproto
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.4.7-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1096593 - CVE-2014-0209 libXfont: integer overflow of allocations in font
metadata file parsing
https://bugzilla.redhat.com/show_bug.cgi?id=1096593
[ 2 ] Bug #1096597 - CVE-2014-0210 libXfont: unvalidated length fields when parsing xfs
protocol replies
https://bugzilla.redhat.com/show_bug.cgi?id=1096597
[ 3 ] Bug #1096601 - CVE-2014-0211 libXfont: integer overflows calculating memory needs
for xfs replies
https://bugzilla.redhat.com/show_bug.cgi?id=1096601
--------------------------------------------------------------------------------
================================================================================
lmiwbem-0.2.0-6.fc20 (FEDORA-2014-8216)
Python WBEM Client
--------------------------------------------------------------------------------
Update Information:
fix deadlocks related to Python's GIL
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 9 2014 Peter Hatina <phatina(a)redhat.com> - 0.2.0-6
- fix deadlocks related to Python's GIL
--------------------------------------------------------------------------------
================================================================================
nx-libs-3.5.0.27-1.fc20 (FEDORA-2014-8215)
NX X11 protocol compression libraries
--------------------------------------------------------------------------------
Update Information:
Update to 3.5.0.27:
- Add kernel socket namespace support. Fixes failing nxproxy/nxagent execution on systems
where pam_namespace.so is in use.
- Fix xkeyboard-2.6 incompatibility issues. (Maybe not all of them, so please report
back...).
- Fix PPC64 support. (Thanks to Mihai Moldovan for digging into this!!!)
- New option: -state <statefile>. More accurately detect the current session state
via an external status file. This is part of the bugfix for X2Go BTS issue #302.
- Allow clipboard={none,client,server,both} as NX option.
- Plus some minor issues
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 7 2014 Orion Poplawski <orion(a)cora.nwra.com> - 3.5.0.27-1
- Update to 3.5.0.27
- Drop aarch64 patch applied upstream
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
3.5.0.24-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 7 2014 Orion Poplawski <orion(a)cora.nwra.com> - 3.5.0.24-2
- Add patch for aarch64 support attempt
* Wed May 7 2014 Orion Poplawski <orion(a)cora.nwra.com> - 3.5.0.24-1
- Update to 3.5.0.24
- Drop format patch applied upstream
* Tue May 6 2014 Orion Poplawski <orion(a)cora.nwra.com> - 3.5.0.23-1
- Update to 3.5.0.23
- Drop ppc64 and imake patches applied upstream
* Fri Jan 24 2014 Orion Poplawski <orion(a)cora.nwra.com> - 3.5.0.22-3
- Add patch to fix imake build
- Add patch to fix -Werror=format-security build
* Fri Jan 24 2014 Orion Poplawski <orion(a)cora.nwra.com> - 3.5.0.22-2
- Set compile flags properly on arm and ppc64
- Add patch to fix ppc64 build
--------------------------------------------------------------------------------
================================================================================
ocsinventory-2.0.5-8.fc20 (FEDORA-2014-8227)
Open Computer and Software Inventory Next Generation
--------------------------------------------------------------------------------
Update Information:
Upstream XSS security fix for CVE-2014-4722
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 9 2014 Remi Collet <remi(a)fedoraproject.org> - 2.0.5-8
- XSS security fix for CVE-2014-4722
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1117205 - CVE-2014-4722 ocsinventory: multiple stored XSS vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=1117205
--------------------------------------------------------------------------------
================================================================================
perl-IO-Socket-IP-0.30-2.fc20 (FEDORA-2014-8225)
Drop-in replacement for IO::Socket::INET supporting both IPv4 and IPv6
--------------------------------------------------------------------------------
Update Information:
The 0.30-2 release fixes multihoming, especially with IO::Socket::SSL, really.
This release fixes connect to multihomed peer in case IO::Socket::IP is sub-classed.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 9 2014 Petr Pisar <ppisar(a)redhat.com> - 0.30-2
- Fix multihomed SSL (bug #1116600)
* Mon Jul 7 2014 Petr Pisar <ppisar(a)redhat.com> - 0.30-1
- 0.30 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1116600 - perl-IO-Socket-IP-0.30 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1116600
--------------------------------------------------------------------------------
================================================================================
perl-Module-Package-Au-2-1.fc20 (FEDORA-2014-8206)
Reusable Module::Install bits
--------------------------------------------------------------------------------
Update Information:
New package: Reusable Module::Install bits
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #886192 - Review Request: perl-Module-Package-Au - Reusable Module::Install
bits
https://bugzilla.redhat.com/show_bug.cgi?id=886192
--------------------------------------------------------------------------------
================================================================================
perl-SOCKS-0.03-1.fc20 (FEDORA-2014-8220)
SOCKS Perl module
--------------------------------------------------------------------------------
Update Information:
Initial release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1115846 - Review Request: perl-SOCKS - SOCKS Perl module
https://bugzilla.redhat.com/show_bug.cgi?id=1115846
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Compress-Fast-1.0.3-1.fc20 (FEDORA-2014-8230)
Fast Compression Library
--------------------------------------------------------------------------------
Update Information:
Horde_Compress_Fast 1.0.3
* [mms] Relax overly strict string type checking when compressing/decompressing.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 9 2014 Remi Collet <remi(a)fedoraproject.org> - 1.0.3-1
- Update to 1.0.3
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Imap-Client-2.23.2-1.fc20 (FEDORA-2014-8214)
Horde IMAP abstraction interface
--------------------------------------------------------------------------------
Update Information:
Horde_Imap_Client 2.23.2
* [mms] Determination of approximate part size should be done at IMAP level, not within
Horde_Mime_Part.
* [mms] Fix regression in handling invalid DateTime data due to a BC-incompatible change
in PHP.
Horde_Mime 2.4.3
* [mms] Fix determination of part size when the part contains explicit sizing
information.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 9 2014 Remi Collet <remi(a)fedoraproject.org> - 2.23.2-1
- Update to 2.23.2
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Mime-2.4.3-1.fc20 (FEDORA-2014-8214)
Horde MIME Library
--------------------------------------------------------------------------------
Update Information:
Horde_Imap_Client 2.23.2
* [mms] Determination of approximate part size should be done at IMAP level, not within
Horde_Mime_Part.
* [mms] Fix regression in handling invalid DateTime data due to a BC-incompatible change
in PHP.
Horde_Mime 2.4.3
* [mms] Fix determination of part size when the part contains explicit sizing
information.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 9 2014 Remi Collet <remi(a)fedoraproject.org> - 2.4.3-1
- Update to 2.4.3
--------------------------------------------------------------------------------
================================================================================
python-django-pyscss-1.0.1-2.fc20 (FEDORA-2014-8209)
Makes it easier to use PySCSS in Django
--------------------------------------------------------------------------------
Update Information:
Initial package import
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1117281 - Review Request: python-django-pyscss - Makes it easier to use
PySCSS in Django
https://bugzilla.redhat.com/show_bug.cgi?id=1117281
--------------------------------------------------------------------------------
================================================================================
python-tox-1.7.1-1.fc20 (FEDORA-2014-8222)
Virtualenv-based automation of test activities
--------------------------------------------------------------------------------
Update Information:
update to 1.7.1 (rhbz#111797)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 8 2014 Matthias Runge <mrunge(a)redhat.com> - 1.7.1-1
- update to 1.7.1 (rhbz#111797)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.6.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue Sep 24 2013 Matthias Runge <mrunge(a)redhat.com> - 1.6.1-1
- update to 1.6.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #111797 - Bad: 3CSOHO100B-TX network card not recognized
https://bugzilla.redhat.com/show_bug.cgi?id=111797
--------------------------------------------------------------------------------
================================================================================
qpid-proton-0.7-3.fc20 (FEDORA-2014-8226)
A high performance, lightweight messaging library
--------------------------------------------------------------------------------
Update Information:
Removed intra-package comments which cause error messages on package uninstall.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 8 2014 Darryl L. Pierce <dpierce(a)redhat.com> - 0.7-3
- Removed intra-package comments which cause error messages on package uninstall.
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.7-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rubygem-activerecord-4.0.0-4.fc20 (FEDORA-2014-8065)
Implements the ActiveRecord pattern for ORM
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2014-3483 rubygem-activerecord: SQL injection vulnerability in 'range'
quoting and its regression
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 9 2014 Josef Stribny <jstribny(a)redhat.com> - 1:4.0.0-4
- Fix CVE-2014-3483 regression
* Thu Jul 3 2014 Josef Stribny <jstribny(a)redhat.com> - 1:4.0.0-3
- Fix CVE-2014-3483
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1115777 - CVE-2014-3483 rubygem-activerecord: SQL injection vulnerability in
'range' quoting [fedora-20]
https://bugzilla.redhat.com/show_bug.cgi?id=1115777
--------------------------------------------------------------------------------
================================================================================
se-sandbox-runner-1.6.12-1.fc20 (FEDORA-2014-8210)
Qt wrapper for SELinux Sandbox
--------------------------------------------------------------------------------
Update Information:
fixed building a list of included path;
fixed setting a working directories
& their SELinux labels;
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 8 2014 Fl@sh <kaperang07(a)gmail.com> - 1.6.12-1
- version updated;
--------------------------------------------------------------------------------
================================================================================
x11trace-1.3.1-7.fc20 (FEDORA-2014-8228)
A program for X11 protocol tracing
--------------------------------------------------------------------------------
Update Information:
Package renamed from xtrace to avoid name conflict with glibc utility
--------------------------------------------------------------------------------