The following Fedora 22 Security updates need testing: Age URL 64 https://admin.fedoraproject.org/updates/FEDORA-2015-5878/echoping-6.1-0.beta.r434svn.1.fc22 63 https://admin.fedoraproject.org/updates/FEDORA-2015-5948/asterisk-13.3.2-1.fc22 42 https://admin.fedoraproject.org/updates/FEDORA-2015-7329/drupal7-views-3.11-1.fc22 41 https://admin.fedoraproject.org/updates/FEDORA-2015-7383/python-keystonemiddleware-1.3.1-1.fc22 29 https://admin.fedoraproject.org/updates/FEDORA-2015-8196/rawstudio-2.1-0.1.20150511git983bda1.fc22 13 https://admin.fedoraproject.org/updates/FEDORA-2015-9110/fossil-1.33-1.fc22 13 https://admin.fedoraproject.org/updates/FEDORA-2015-9185/ceph-deploy-1.5.25-1.fc22 7 https://admin.fedoraproject.org/updates/FEDORA-2015-9456/xen-4.5.0-10.fc22 7 https://admin.fedoraproject.org/updates/FEDORA-2015-9498/redis-2.8.21-1.fc22 3 https://admin.fedoraproject.org/updates/FEDORA-2015-9663/libwmf-0.2.8.4-43.fc22 2 https://admin.fedoraproject.org/updates/FEDORA-2015-5279/strongswan-5.3.2-1.fc22 2 https://admin.fedoraproject.org/updates/FEDORA-2015-9726/cups-2.0.3-1.fc22 2 https://admin.fedoraproject.org/updates/FEDORA-2015-9692/squid-3.4.13-1.fc22 2 https://admin.fedoraproject.org/updates/FEDORA-2015-9712/kernel-4.0.5-300.fc22 0 https://admin.fedoraproject.org/updates/FEDORA-2015-9895/xorg-x11-server-1.17.1-15.fc22 0 https://admin.fedoraproject.org/updates/FEDORA-2015-9857/elfutils-0.162-1.fc22 0 https://admin.fedoraproject.org/updates/FEDORA-2015-9886/gnome-abrt-1.2.0-1.fc22,abrt-2.6.0-1.fc22,libreport-2.6.0-1.fc22,satyr-0.18-1.fc22 The following Fedora 22 Critical Path updates have yet to be approved: Age URL 13 https://admin.fedoraproject.org/updates/FEDORA-2015-9196/sendmail-8.15.1-5.fc22 13 https://admin.fedoraproject.org/updates/FEDORA-2015-9066/lorax-22.12-1.fc22 10 https://admin.fedoraproject.org/updates/FEDORA-2015-9342/perl-Curses-1.32-1.fc22 2 https://admin.fedoraproject.org/updates/FEDORA-2015-9721/wpa_supplicant-2.4-2.fc22 2 https://admin.fedoraproject.org/updates/FEDORA-2015-9711/sane-backends-1.0.24-14.fc22 2 https://admin.fedoraproject.org/updates/FEDORA-2015-9694/livecd-tools-22.2-1.fc22 1 https://admin.fedoraproject.org/updates/FEDORA-2015-9807/libfm-1.2.3-9.D20150607gite1de98ccba.fc22 1 https://admin.fedoraproject.org/updates/FEDORA-2015-9754/perl-Encode-Locale-1.05-1.fc22 0 https://admin.fedoraproject.org/updates/FEDORA-2015-9872/kdepim-runtime-4.14.9-1.fc22,kdepim-4.14.9-1.fc22 0 https://admin.fedoraproject.org/updates/FEDORA-2015-9895/xorg-x11-server-1.17.1-15.fc22 0 https://admin.fedoraproject.org/updates/FEDORA-2015-9857/elfutils-0.162-1.fc22 0 https://admin.fedoraproject.org/updates/FEDORA-2015-9886/gnome-abrt-1.2.0-1.fc22,abrt-2.6.0-1.fc22,libreport-2.6.0-1.fc22,satyr-0.18-1.fc22 The following builds have been pushed to Fedora 22 updates-testing 389-admin-1.1.42-1.fc22 389-ds-console-1.2.12-1.fc22 RBTools-0.7.4-1.fc22 abrt-2.6.0-1.fc22 ardour2-2.8.16-14.fc22 blueman-2.0-7.fc22 bundling-detection-java-0.1-0.4.20150611git.fc22 cinnamon-2.6.7-3.fc22 cups-filters-1.0.69-1.fc22 davix-0.4.1-3.fc22 elfutils-0.162-1.fc22 evemu-2.1.0-2.fc22 findbugs-3.0.1-2.fc22 findbugs-bcel-6.0-0.3.20140707svn1547656.fc22 fldigi-3.22.10-1.fc22 freecad-0.15-5.fc22 gimagereader-3.1.1-1.fc22 gnome-abrt-1.2.0-1.fc22 gnome-contacts-3.16.2-3.fc22 golang-github-docker-libcontainer-2.1.1-0.1.gitc964368.fc22 golang-googlecode-net-0-0.21.git7dbad50.fc22 icecat-31.7.0-2.fc22 idm-console-framework-1.1.14-2.fc22 java-1.8.0-openjdk-1.8.0.45-40.b14.fc22 kdepim-4.14.9-1.fc22 kdepim-runtime-4.14.9-1.fc22 libfreehand-0.1.1-1.fc22 libreport-2.6.0-1.fc22 mate-icon-theme-faenza-1.10.0-1.fc22 mate-themes-extras-3.16.3-1.fc22 mom-0.4.5-2.fc22 nemo-2.6.5-2.fc22 nodejs-dezalgo-1.0.2-1.fc22 perl-Crypt-URandom-0.36-1.fc22 perl-DBIx-RunSQL-0.13-1.fc22 perl-DateTime-Format-Epoch-0.16-1.fc22 perl-Imager-1.003-1.fc22 perl-Lingua-EN-Tagger-0.25-1.fc22 php-5.6.10-1.fc22 python-BTrees-4.1.4-1.fc22 python-django-sekizai-0.8.1-2.fc22 python-django-tagging-0.3.6-1.fc22 python-persistent-4.1.1-1.fc22 python-requests-kerberos-0.7.0-2.fc22 python-rhsm-1.15.1-1.fc22 python-sep-0.4.0-1.fc22 python-transaction-1.4.4-1.fc22 rendercheck-1.5-1.fc22 satyr-0.18-1.fc22 sniproxy-0.3.6-2.fc22 subscription-manager-1.15.1-1.fc22 unboundid-ldapsdk-3.0.0-1.fc22 xorg-x11-server-1.17.1-15.fc22 Details about builds: ================================================================================ 389-admin-1.1.42-1.fc22 (FEDORA-2015-9863) 389 Administration Server (admin) -------------------------------------------------------------------------------- Update Information: bump version to 1.1.42 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2015 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.1.42-1 - bump version to 1.1.42 - Ticket 47548 - register-ds-admin - silent file incorrectly processed - Ticket 47493 - Configuration Tab does not work with FIPS mode enabled - Ticket 48186 - register-ds-admin.pl script prints clear text password in the terminal - Ticket 47548 - register-ds-admin.pl fails to set local bind DN and password - Ticket 47467 - Improve Add CRL/CKL dialog and errors - Ticket 48171 - remove-ds-admin.pl removes files in the rpm - Ticket 48153 - [adminserver] support NSS 3.18 -------------------------------------------------------------------------------- ================================================================================ 389-ds-console-1.2.12-1.fc22 (FEDORA-2015-9838) 389 Directory Server Management Console -------------------------------------------------------------------------------- Update Information: Release 1.2.12 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2015 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.2.12-1 - Release 1.2.12 - Ticket 48139 - drop support for legacy replication * Wed Mar 18 2015 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.2.11-1 - Release 1.2.11 - Ticket 48130 - Add "+all" and "-TLS_RSA_WITH_AES_128_GCM_SHA256" to Console Cipher Preference for TLS -------------------------------------------------------------------------------- ================================================================================ RBTools-0.7.4-1.fc22 (FEDORA-2015-9884) Tools for use with ReviewBoard -------------------------------------------------------------------------------- Update Information: Update to latest upstream 0.7.4 https://www.reviewboard.org/docs/releasenotes/rbtools/0.7.4/ https://www.reviewboard.org/docs/releasenotes/rbtools/0.7.3/ https://www.reviewboard.org/docs/releasenotes/rbtools/0.7.3/ -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Stephen Gallagher <sgallagh@xxxxxxxxxx> 0.7.4-1 - New upstream release 0.7.4 - https://www.reviewboard.org/docs/releasenotes/rbtools/0.7.4/ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1225179 - rbt post + git-svn: CRITICAL: object of type 'NoneType' has no len(). https://bugzilla.redhat.com/show_bug.cgi?id=1225179 -------------------------------------------------------------------------------- ================================================================================ abrt-2.6.0-1.fc22 (FEDORA-2015-9886) Automatic bug detection and reporting tool -------------------------------------------------------------------------------- Update Information: Security fixes for: * CVE-2015-3315 * CVE-2015-3142 * CVE-2015-1869 * CVE-2015-1870 * CVE-2015-3151 * CVE-2015-3150 * CVE-2015-3159 abrt: - Move the default dump location from /var/tmp/abrt to /var/spool/abrt - Use root for owner of all dump directories - Stop reading hs_error.log from /tmp - Don not save the system logs by default - Don not save dmesg if kernel.dmesg_restrict=1 libreport: - Harden the code against directory traversal, symbolic and hard link attacks - Fix a bug causing that the first value of AlwaysExcludedElements was ignored - Fix missing icon for the "Stop" button icon name - Improve development documentation - Translations updates gnome-abrt: - Enabled the Details also for the System problems - Do not crash in the testing of availabitlity of XServer - Fix 'Open problem's data directory' - Quit Application on Ctrl+Q - Translation updates satyr: - New kernel taint flags - More secure core stacktraces from core hook -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2015 Jakub Filak <jfilak@xxxxxxxxxx> 2.6.0-1 - move the default dump location to /var/spool/abrt from /var/tmp/abrt - hooks: use root for owner of all dump directories - ccpp: do not unlink failed and big user cores - ccpp: don't save the system logs by default - ccpp: stop reading hs_error.log from /tmp - ccpp: emulate selinux for creation of compat cores - koops: don't save dmesg if kernel.dmesg_restrict=1 - dbus: validate passed arguments - turn off exploring crashed process's root directories - abrt-python: bug fixes and improvements - fixes for CVE-2015-3315, CVE-2015-3142, CVE-2015-1869, CVE-2015-1870 - fixes for CVE-2015-3147, CVE-2015-3151, CVE-2015-3150, CVE-2015-3159 - spec: add abrt-dbus to Rs of abrt-python and abrt-cli - spec: restart abrt-dbus in posttrans -------------------------------------------------------------------------------- References: [ 1 ] Bug #1216975 - CVE-2015-3159 abrt: missing process environment sanitizaton in abrt-action-install-debuginfo-to-abrt-cache [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1216975 [ 2 ] Bug #1214609 - CVE-2015-3150 abrt: abrt-dbus does not guard against crafted problem directory path arguments [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1214609 [ 3 ] Bug #1214452 - CVE-2015-3151 abrt: directory traversals in several D-Bus methods implemented by abrt-dbus [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1214452 [ 4 ] Bug #1212871 - CVE-2015-1870 abrt: default abrt event scripts lead to information disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212871 [ 5 ] Bug #1212865 - CVE-2015-1869 abrt: default event scripts follow symbolic links [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212865 [ 6 ] Bug #1212821 - CVE-2015-3142 abrt: abrt-hook-ccpp writes core dumps to existing files owned by others [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212821 [ 7 ] Bug #1218239 - CVE-2015-3315 abrt: Various race-conditions and symlink issues found in abrt [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1218239 [ 8 ] Bug #1128400 - ABRT does not honor dmesg_restrict https://bugzilla.redhat.com/show_bug.cgi?id=1128400 -------------------------------------------------------------------------------- ================================================================================ ardour2-2.8.16-14.fc22 (FEDORA-2015-9911) Digital Audio Workstation -------------------------------------------------------------------------------- Update Information: This update breaks an obsoleting loop between this package and the one it replaced, "ardour". -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Nils Philippsen <nils@xxxxxxxxxx> 2.8.16-14 - make release higher than ardour to break obsoletes loop (#1230469) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1230469 - Ardour in -testing repo causes obsolete update loop. https://bugzilla.redhat.com/show_bug.cgi?id=1230469 -------------------------------------------------------------------------------- ================================================================================ blueman-2.0-7.fc22 (FEDORA-2015-9852) GTK+ Bluetooth Manager -------------------------------------------------------------------------------- Update Information: - remove appindicator support -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.0-7 - remove appindicator support -------------------------------------------------------------------------------- ================================================================================ bundling-detection-java-0.1-0.4.20150611git.fc22 (FEDORA-2015-9849) Bundling detection tool for Java -------------------------------------------------------------------------------- Update Information: This package contains bundling detection tool for Java -------------------------------------------------------------------------------- References: [ 1 ] Bug #1228024 - Review Request: bundling-detection-java - Bundling detection tool for Java https://bugzilla.redhat.com/show_bug.cgi?id=1228024 -------------------------------------------------------------------------------- ================================================================================ cinnamon-2.6.7-3.fc22 (FEDORA-2015-9912) Window management and application launching for GNOME -------------------------------------------------------------------------------- Update Information: - fix extension list for 64bit - tweak override schema -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.6.7-3 - tweak override schema -------------------------------------------------------------------------------- ================================================================================ cups-filters-1.0.69-1.fc22 (FEDORA-2015-9834) OpenPrinting CUPS filters and backends -------------------------------------------------------------------------------- Update Information: New upstream bug-fix release. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Jiri Popelka <jpopelka@xxxxxxxxxx> - 1.0.69-1 - 1.0.69 * Tue Apr 14 2015 Jiri Popelka <jpopelka@xxxxxxxxxx> - 1.0.68-1 - 1.0.68 * Wed Mar 11 2015 Jiri Popelka <jpopelka@xxxxxxxxxx> - 1.0.67-1 - 1.0.67 -------------------------------------------------------------------------------- ================================================================================ davix-0.4.1-3.fc22 (FEDORA-2015-9855) Toolkit for Http-based file management -------------------------------------------------------------------------------- Update Information: Update to version 0.4.1, see release-note for details -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2015 Adrien Devresse <adevress at cern.ch> - 0.4.1-3 - Update to version 0.4.1, see release-note for details * Thu Apr 16 2015 Alejandro Alvarez Ayllon <aalvarez at cern.ch> - 0.4.0-5 - Recompile for another Rawhide C+++ ABI change * Tue Mar 3 2015 Adrien Devresse <adevress at cern.ch> - 0.4.0-4 - Recompile for Rawhide C++ ABI change -------------------------------------------------------------------------------- ================================================================================ elfutils-0.162-1.fc22 (FEDORA-2015-9857) A collection of utilities and DSOs to handle compiled objects -------------------------------------------------------------------------------- Update Information: Update to 0.162. Hardening fixes. Updated eu-addr2line utility. Various bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Mark Wielaard <mjw@xxxxxxxxxx> - 0.162-1 - Update to 0.162 (#1170810, #1139815, #1129756, #1020842) - Include elfutils/known-dwarf.h - Drop BuildRequires glibc-headers (#1230468) - Removed integrated upstream patches: - elfutils-0.161-aarch64relro.patch - elfutils-0.161-copyreloc.patch - elfutils-0.161-addralign.patch - elfutils-0.161-ar-long-name.patch - elfutils-0.161-formref-type.patch * Sat May 2 2015 Kalev Lember <kalevlember@xxxxxxxxx> - 0.161-8 - Rebuilt for GCC 5 C++11 ABI change * Mon Mar 23 2015 Mark Wielaard <mjw@xxxxxxxxxx> - 0.161-7 - Add elfutils-0.161-aarch64relro.patch (#1201778) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1170810 - Fuzzing elfutils -- various badness https://bugzilla.redhat.com/show_bug.cgi?id=1170810 [ 2 ] Bug #1139815 - Ukrainian translation update https://bugzilla.redhat.com/show_bug.cgi?id=1139815 [ 3 ] Bug #1129756 - Unwinding core fails in vDSO frame when elf_begin is called with ELF_C_READ https://bugzilla.redhat.com/show_bug.cgi?id=1129756 [ 4 ] Bug #1020842 - libelf: segment fault on x86-64 while file's bss offset have a large number https://bugzilla.redhat.com/show_bug.cgi?id=1020842 [ 5 ] Bug #1230468 - BuildRequires on glibc-devel not glibc-headers. https://bugzilla.redhat.com/show_bug.cgi?id=1230468 -------------------------------------------------------------------------------- ================================================================================ evemu-2.1.0-2.fc22 (FEDORA-2015-9835) Event Device Query and Emulation Program -------------------------------------------------------------------------------- Update Information: Apply 2 upstream patches: handle holes in the input node list, and add uname to the header comment -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Benjamin Tissoires <benjamin.tissoires@xxxxxxxxxx> 2.1.0-2 - Apply 2 upstream patches: handle holes in the input node list, add uname to the header comment -------------------------------------------------------------------------------- ================================================================================ findbugs-3.0.1-2.fc22 (FEDORA-2015-9907) Find bugs in Java code -------------------------------------------------------------------------------- Update Information: Fix POM problems with findbugs & findbugs-bcel * Remove AppleJavaExtensions dependency from findbugs POM * Use POM from Maven Central for findbugs-bcel -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Richard Fearn <richardfearn@xxxxxxxxx> - 3.0.1-2 - Remove com.apple:AppleJavaExtensions dependency from POM (bug #1195809) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1230833 - Use old pom file https://bugzilla.redhat.com/show_bug.cgi?id=1230833 [ 2 ] Bug #1195809 - unavailable dependency com.apple:AppleJavaExtensions https://bugzilla.redhat.com/show_bug.cgi?id=1195809 -------------------------------------------------------------------------------- ================================================================================ findbugs-bcel-6.0-0.3.20140707svn1547656.fc22 (FEDORA-2015-9907) Byte Code Engineering Library for FindBugs -------------------------------------------------------------------------------- Update Information: Fix POM problems with findbugs & findbugs-bcel * Remove AppleJavaExtensions dependency from findbugs POM * Use POM from Maven Central for findbugs-bcel -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Richard Fearn <richardfearn@xxxxxxxxx> - 6.0-0.3.20140707svn1547656 - Use POM from Maven Central; add alias for backward compatibility (bug #1230833) - (Thanks to gil cattaneo!) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1230833 - Use old pom file https://bugzilla.redhat.com/show_bug.cgi?id=1230833 [ 2 ] Bug #1195809 - unavailable dependency com.apple:AppleJavaExtensions https://bugzilla.redhat.com/show_bug.cgi?id=1195809 -------------------------------------------------------------------------------- ================================================================================ fldigi-3.22.10-1.fc22 (FEDORA-2015-9896) Digital modem program for Linux -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 1 2015 Richard Shaw <hobbes1069@xxxxxxxxx> - 3.22.10-1 - Update to latest upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1227125 - fldigi-3.22.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1227125 -------------------------------------------------------------------------------- ================================================================================ freecad-0.15-5.fc22 (FEDORA-2015-9917) A general purpose 3D CAD modeler -------------------------------------------------------------------------------- Update Information: Fix version reporting in the About dialog (BZ#1192841). -------------------------------------------------------------------------------- ChangeLog: * Thu May 28 2015 Richard Shaw <hobbes1069@xxxxxxxxx> - 0.15-5 - Fix version reporting in the About dialog (BZ#1192841). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1192841 - version info missing in about dialog https://bugzilla.redhat.com/show_bug.cgi?id=1192841 -------------------------------------------------------------------------------- ================================================================================ gimagereader-3.1.1-1.fc22 (FEDORA-2015-9848) A front-end to tesseract-ocr -------------------------------------------------------------------------------- Update Information: Update to version 3.1.1, see https://github.com/manisandro/gImageReader/releases/tag/v3.1.1 for details. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Sandro Mani <manisandro@xxxxxxxxx> - 3.1.1-1 - Update to 3.1.1 -------------------------------------------------------------------------------- ================================================================================ gnome-abrt-1.2.0-1.fc22 (FEDORA-2015-9886) A utility for viewing problems that have occurred with the system -------------------------------------------------------------------------------- Update Information: Security fixes for: * CVE-2015-3315 * CVE-2015-3142 * CVE-2015-1869 * CVE-2015-1870 * CVE-2015-3151 * CVE-2015-3150 * CVE-2015-3159 abrt: - Move the default dump location from /var/tmp/abrt to /var/spool/abrt - Use root for owner of all dump directories - Stop reading hs_error.log from /tmp - Don not save the system logs by default - Don not save dmesg if kernel.dmesg_restrict=1 libreport: - Harden the code against directory traversal, symbolic and hard link attacks - Fix a bug causing that the first value of AlwaysExcludedElements was ignored - Fix missing icon for the "Stop" button icon name - Improve development documentation - Translations updates gnome-abrt: - Enabled the Details also for the System problems - Do not crash in the testing of availabitlity of XServer - Fix 'Open problem's data directory' - Quit Application on Ctrl+Q - Translation updates satyr: - New kernel taint flags - More secure core stacktraces from core hook -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2015 Jakub Filak <jfilak@xxxxxxxxxx> 1.2.0-1 - Enabled the Details also for the System problems - Do not crash in the testing of availabitlity of XServer - Remove a debug print introduced with port to Python3 - Fix 'Open problem's data directory' - Quit Application on Ctrl+Q - Translation updates - Resolves: #1211759 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1216975 - CVE-2015-3159 abrt: missing process environment sanitizaton in abrt-action-install-debuginfo-to-abrt-cache [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1216975 [ 2 ] Bug #1214609 - CVE-2015-3150 abrt: abrt-dbus does not guard against crafted problem directory path arguments [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1214609 [ 3 ] Bug #1214452 - CVE-2015-3151 abrt: directory traversals in several D-Bus methods implemented by abrt-dbus [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1214452 [ 4 ] Bug #1212871 - CVE-2015-1870 abrt: default abrt event scripts lead to information disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212871 [ 5 ] Bug #1212865 - CVE-2015-1869 abrt: default event scripts follow symbolic links [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212865 [ 6 ] Bug #1212821 - CVE-2015-3142 abrt: abrt-hook-ccpp writes core dumps to existing files owned by others [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212821 [ 7 ] Bug #1218239 - CVE-2015-3315 abrt: Various race-conditions and symlink issues found in abrt [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1218239 [ 8 ] Bug #1128400 - ABRT does not honor dmesg_restrict https://bugzilla.redhat.com/show_bug.cgi?id=1128400 -------------------------------------------------------------------------------- ================================================================================ gnome-contacts-3.16.2-3.fc22 (FEDORA-2015-9901) Contacts manager for GNOME -------------------------------------------------------------------------------- Update Information: This update fixes a frequent crash of the gnome-contacts search provider. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Matthias Clasen <mclasen@xxxxxxxxxx> - 3.16.2-3 - Fix crashes in the search provider (#1199712) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1199712 - [abrt] gnome-contacts: _gtk_settings_get_style_cascade(): gnome-contacts-search-provider killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1199712 -------------------------------------------------------------------------------- ================================================================================ golang-github-docker-libcontainer-2.1.1-0.1.gitc964368.fc22 (FEDORA-2015-9856) Configuration options for containers -------------------------------------------------------------------------------- Update Information: Update to 2.1.1 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 jchaloup <jchaloup@xxxxxxxxxx> - 2.1.1-0.1.gitc964368 - Update to 2.1.1 Ppolish spec file Use license macro for LICENSE Remove runtime dependency on golang resolves: #1230658 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1230658 - Tracker for golang-github-docker-libcontainer https://bugzilla.redhat.com/show_bug.cgi?id=1230658 -------------------------------------------------------------------------------- ================================================================================ golang-googlecode-net-0-0.21.git7dbad50.fc22 (FEDORA-2015-9916) Supplementary Go networking libraries -------------------------------------------------------------------------------- Update Information: Bump to 7dbad50ab5b31073856416cdcfeb2796d682f844 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 jchaloup <jchaloup@xxxxxxxxxx> - 0-0.21.git7dbad50 - Bump to 7dbad50ab5b31073856416cdcfeb2796d682f844 resolves: #1230677 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1230677 - Tracker for golang-googlecode-net https://bugzilla.redhat.com/show_bug.cgi?id=1230677 -------------------------------------------------------------------------------- ================================================================================ icecat-31.7.0-2.fc22 (FEDORA-2015-9900) GNU version of Firefox browser -------------------------------------------------------------------------------- Update Information: - **Update to 31.7.0** - **Make sure locale works for langpacks** - **Set default bookmarks** - **Made appdata file** - **devel package obsoleted** -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2015 Antonio Trande <sagitterATfedoraproject.org> - 31.7.0-2 - Unpacked files found * Mon Jun 8 2015 Antonio Trande <sagitterATfedoraproject.org> - 31.7.0-1 - Update to 31.7.0 - Make sure locale works for langpacks - Set default bookmarks - Made appdata file - devel package obsoleted -------------------------------------------------------------------------------- ================================================================================ idm-console-framework-1.1.14-2.fc22 (FEDORA-2015-9861) Identity Management Console Framework -------------------------------------------------------------------------------- Update Information: release 1.1.14 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2015 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.1.14-1 - Bump version to 1.1.14 - Ticket 48187 - Adding an OU from console is throwing missing attribute aliasedObjectName error - Ticket 47946 - Fix regression with original patch - Ticket 47946 - Need to revise console aci syntax checking - Ticket 97 - 389-console should provide usage options, help, and man pages - Ticket 48134 - Directory Server Admin Console: plaintext password logged in debug mode - Ticket 48130 - Add "+all" and "-TLS_RSA_WITH_AES_128_GCM_SHA256" to Console Cipher Preference for TLS -------------------------------------------------------------------------------- ================================================================================ java-1.8.0-openjdk-1.8.0.45-40.b14.fc22 (FEDORA-2015-9853) OpenJDK Runtime Environment -------------------------------------------------------------------------------- Update Information: added requires lksctp-tools for headless subpackage to make sun.nio.ch.sctp work, added pacth to build on kernel 4.x added fix to RHBZ#1213280 -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 5 2015 Jiri Vanek <jvanek@xxxxxxxxxx> - 1:1.8.0.45-40.b14 - added requires lksctp-tools for headless subpackage to make sun.nio.ch.sctp work - added patch506 rhbz1213280-b51c6914f297.patch - allow build on Linux 4.x kernel (sync from master) -------------------------------------------------------------------------------- ================================================================================ kdepim-4.14.9-1.fc22 (FEDORA-2015-9872) KDE PIM (Personal Information Manager) applications -------------------------------------------------------------------------------- Update Information: New stable/bugfix kdepim LTS release, see also https://www.kde.org/announcements/announce-applications-15.04.2.php -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 7:4.14.9-1 - 4.14.9 * Thu May 21 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 7:4.14.8-2 - kleopatra: Requires: dirmngr * Fri May 15 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 7:4.14.8-1 - 4.14.8 -------------------------------------------------------------------------------- ================================================================================ kdepim-runtime-4.14.9-1.fc22 (FEDORA-2015-9872) KDE PIM Runtime Environment -------------------------------------------------------------------------------- Update Information: New stable/bugfix kdepim LTS release, see also https://www.kde.org/announcements/announce-applications-15.04.2.php -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 1:4.14.9-1 - 4.14.9 * Fri May 15 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 1:4.14.8-1 - 4.14.8 -------------------------------------------------------------------------------- ================================================================================ libfreehand-0.1.1-1.fc22 (FEDORA-2015-9905) A library for import of Macromedia/Adobe FreeHand documents -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 David Tardon <dtardon@xxxxxxxxxx> - 0.1.1-1 - new upstream release * Sat May 2 2015 Kalev Lember <kalevlember@xxxxxxxxx> - 0.1.0-4 - Rebuilt for GCC 5 C++11 ABI change -------------------------------------------------------------------------------- ================================================================================ libreport-2.6.0-1.fc22 (FEDORA-2015-9886) Generic library for reporting various problems -------------------------------------------------------------------------------- Update Information: Security fixes for: * CVE-2015-3315 * CVE-2015-3142 * CVE-2015-1869 * CVE-2015-1870 * CVE-2015-3151 * CVE-2015-3150 * CVE-2015-3159 abrt: - Move the default dump location from /var/tmp/abrt to /var/spool/abrt - Use root for owner of all dump directories - Stop reading hs_error.log from /tmp - Don not save the system logs by default - Don not save dmesg if kernel.dmesg_restrict=1 libreport: - Harden the code against directory traversal, symbolic and hard link attacks - Fix a bug causing that the first value of AlwaysExcludedElements was ignored - Fix missing icon for the "Stop" button icon name - Improve development documentation - Translations updates gnome-abrt: - Enabled the Details also for the System problems - Do not crash in the testing of availabitlity of XServer - Fix 'Open problem's data directory' - Quit Application on Ctrl+Q - Translation updates satyr: - New kernel taint flags - More secure core stacktraces from core hook -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2015 Jakub Filak <jfilak@xxxxxxxxxx> 2.6.0-1 - harden the code against directory traversal, symbolic and hard link attacks - fix a bug causing that the first value of AlwaysExcludedElements was ignored - fix missing icon for the "Stop" button icon name - switch the default dump dir mode to 0640 - fix races in dump directory handling code - improve development documentation - translations updates -------------------------------------------------------------------------------- References: [ 1 ] Bug #1216975 - CVE-2015-3159 abrt: missing process environment sanitizaton in abrt-action-install-debuginfo-to-abrt-cache [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1216975 [ 2 ] Bug #1214609 - CVE-2015-3150 abrt: abrt-dbus does not guard against crafted problem directory path arguments [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1214609 [ 3 ] Bug #1214452 - CVE-2015-3151 abrt: directory traversals in several D-Bus methods implemented by abrt-dbus [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1214452 [ 4 ] Bug #1212871 - CVE-2015-1870 abrt: default abrt event scripts lead to information disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212871 [ 5 ] Bug #1212865 - CVE-2015-1869 abrt: default event scripts follow symbolic links [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212865 [ 6 ] Bug #1212821 - CVE-2015-3142 abrt: abrt-hook-ccpp writes core dumps to existing files owned by others [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212821 [ 7 ] Bug #1218239 - CVE-2015-3315 abrt: Various race-conditions and symlink issues found in abrt [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1218239 [ 8 ] Bug #1128400 - ABRT does not honor dmesg_restrict https://bugzilla.redhat.com/show_bug.cgi?id=1128400 -------------------------------------------------------------------------------- ================================================================================ mate-icon-theme-faenza-1.10.0-1.fc22 (FEDORA-2015-9854) Extra set of icon themes for MATE Desktop -------------------------------------------------------------------------------- Update Information: - update to 1.10.0 release -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.10.0.1 - update to 1.10.0 release -------------------------------------------------------------------------------- ================================================================================ mate-themes-extras-3.16.3-1.fc22 (FEDORA-2015-9880) Extra gtk-2/3 themes for gtk based desktops -------------------------------------------------------------------------------- Update Information: - update to 3.16.3 release -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 3.16.3.1 - update to 3.16.3 release -------------------------------------------------------------------------------- ================================================================================ mom-0.4.5-2.fc22 (FEDORA-2015-9899) Dynamically manage system resources on virtualization hosts -------------------------------------------------------------------------------- Update Information: - New hypervisor interface for VDSM over XML-RPC - Support for mom's RPC over unix socket - Better reporting of syntax and semantic errors in policy files Upgrade to 0.4.4 Upgrade to 0.4.4 Upgrade to 0.4.4 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Martin Sivak <msivak@xxxxxxxxxx> - 0.4.5-2 - Fix systemd dependencies for install scripts * Thu Jun 11 2015 Martin Sivak <msivak@xxxxxxxxxx> - 0.4.5-1 - Upgrade to 0.4.5 * Fri May 15 2015 Adam Litke <alitke@xxxxxxxxxx> - 0.4.4-1 - Upgrade to 0.4.4 -------------------------------------------------------------------------------- ================================================================================ nemo-2.6.5-2.fc22 (FEDORA-2015-9912) File manager for Cinnamon -------------------------------------------------------------------------------- Update Information: - fix extension list for 64bit - tweak override schema -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.6.5-2 - fix extension list for 64bit - add patch for preferences -------------------------------------------------------------------------------- ================================================================================ nodejs-dezalgo-1.0.2-1.fc22 (FEDORA-2015-9860) Contain async insanity so that the dark pony lord doesn't eat souls -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1221183 - Review request: nodejs-dezalgo - Contain async insanity so that the dark pony lord doesn't eat souls https://bugzilla.redhat.com/show_bug.cgi?id=1221183 -------------------------------------------------------------------------------- ================================================================================ perl-Crypt-URandom-0.36-1.fc22 (FEDORA-2015-9851) Non-blocking randomness for Perl -------------------------------------------------------------------------------- Update Information: This releases fixes initialization around fork calls. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Petr Pisar <ppisar@xxxxxxxxxx> - 0.36-1 - 0.36 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1230543 - perl-Crypt-URandom-0.36 is available https://bugzilla.redhat.com/show_bug.cgi?id=1230543 -------------------------------------------------------------------------------- ================================================================================ perl-DBIx-RunSQL-0.13-1.fc22 (FEDORA-2015-9904) Run SQL commands from a file -------------------------------------------------------------------------------- Update Information: Update to 0.13 release -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Denis Fateyev <denis@xxxxxxxxxxx> - 0.13-1 - Update to 0.13 release * Mon Jun 8 2015 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.12-3 - Perl 5.22 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1230570 - Upgrade perl-DBIx-RunSQL to 0.13 https://bugzilla.redhat.com/show_bug.cgi?id=1230570 -------------------------------------------------------------------------------- ================================================================================ perl-DateTime-Format-Epoch-0.16-1.fc22 (FEDORA-2015-9913) Convert DateTimes to/from epoch seconds -------------------------------------------------------------------------------- Update Information: A new version of DateTime::Format::Epoch is available. This release fixes problems with GMP library. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Petr Šabata <contyk@xxxxxxxxxx> - 0.16-1 - 0.16 bump * Sat Jun 6 2015 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.13-10 - Perl 5.22 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1230559 - perl-DateTime-Format-Epoch-0.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1230559 -------------------------------------------------------------------------------- ================================================================================ perl-Imager-1.003-1.fc22 (FEDORA-2015-9875) Perl extension for Generating 24 bit Images -------------------------------------------------------------------------------- Update Information: A new version of Imager is available. This release brings various performance enhancements. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Petr Šabata <contyk@xxxxxxxxxx> - 1.003-1 - 1.003 bump, performance enhancements * Sat Jun 6 2015 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.001-2 - Perl 5.22 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1230610 - perl-Imager-1.003 is available https://bugzilla.redhat.com/show_bug.cgi?id=1230610 -------------------------------------------------------------------------------- ================================================================================ perl-Lingua-EN-Tagger-0.25-1.fc22 (FEDORA-2015-9859) Part-of-speech tagger for English natural language processing -------------------------------------------------------------------------------- Update Information: Fixed a floating point number regular expression. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Petr Šabata <contyk@xxxxxxxxxx> - 0.25-1 - 0.25 bugfix bump * Sat Jun 6 2015 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.24-2 - Perl 5.22 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1230629 - perl-Lingua-EN-Tagger-0.25 is available https://bugzilla.redhat.com/show_bug.cgi?id=1230629 -------------------------------------------------------------------------------- ================================================================================ php-5.6.10-1.fc22 (FEDORA-2015-9864) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: 11 Jun 2015, **PHP 5.6.10** **Core:** * Fixed bug #66048 (temp. directory is cached during multiple requests). (Julien) * Fixed bug #69566 (Conditional jump or move depends on uninitialised value in extension trait). (jbboehr at gmail dot com) * Fixed bug #69599 (Strange generator+exception+variadic crash). (Nikita) * Fixed bug #69628 (complex GLOB_BRACE fails on Windows). (Christoph M. Becker) * Fixed POST data processing slowdown due to small input buffer size on Windows. (Jorge Oliveira, Anatol) * Fixed bug #69646 (OS command injection vulnerability in escapeshellarg). (Anatol Belski) * Fixed bug #69719 (Incorrect handling of paths with NULs). (Stas) **FTP;** * Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (Max Spelsberg) **GD:** * Fixed bug #69479 (GD fails to build with newer libvpx). (Remi) **Iconv:** * Fixed bug #48147 (iconv with //IGNORE cuts the string). (Stas) **Mail:** * Fixed bug #68776 (mail() does not have mail header injection prevention for additional headers). (Yasuo) **MCrypt:** * Added file descriptor caching to mcrypt_create_iv() (Leigh) **Opcache** * Fixed bug #69549 (Memory leak with opcache.optimization_level=0xFFFFFFFF). (Laruence, Dmitry) **Phar:** * Fixed bug #69680 (phar symlink in binary directory broken). (Matteo Bernardini, Remi) **Postgres:** * Fixed bug #69667 (segfault in php_pgsql_meta_data). (Remi) -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.6.10-1 - Update to 5.6.10 http://www.php.net/releases/5_6_10.php - add explicit spec license (implicit by FPCA) - opcache is now 7.0.6-dev -------------------------------------------------------------------------------- ================================================================================ python-BTrees-4.1.4-1.fc22 (FEDORA-2015-9902) Scalable persistent object containers -------------------------------------------------------------------------------- Update Information: The change to python-persistent was to fix the manifest and remove some stray files that were inadvertently included in the previous release. The change to python-BTrees is to ensure that pure-Python Bucket and Set objects have a human readable __repr__ like the C versions. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 8 2015 Jerry James <loganjerry@xxxxxxxxx> - 4.1.4-1 - New upstream version -------------------------------------------------------------------------------- ================================================================================ python-django-sekizai-0.8.1-2.fc22 (FEDORA-2015-9865) Django Template Blocks with extra functionality -------------------------------------------------------------------------------- Update Information: use importlib from python-libs instead of deprecated django.utils.importlib -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Jakub Dorňák <jdornak@xxxxxxxxxx> - 0.8.1-2 - use importlib from python-libs instead of deprecated django.utils.importlib Resolves: #1230700 * Tue Jun 9 2015 Jakub Dorňák <jdornak@xxxxxxxxxx> - 0.8.1-1 - Update to 0.8.1, django 1.8 compatibility -------------------------------------------------------------------------------- References: [ 1 ] Bug #1230700 - RemovedInDjango19Warning: django.utils.importlib will be removed https://bugzilla.redhat.com/show_bug.cgi?id=1230700 -------------------------------------------------------------------------------- ================================================================================ python-django-tagging-0.3.6-1.fc22 (FEDORA-2015-9868) A generic tagging application for Django projects -------------------------------------------------------------------------------- Update Information: rebase to version 0.3.6 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Jakub Dorňák <jdornak@xxxxxxxxxx> - 0.3.6-1 - rebase to version 0.3.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1230666 - RemovedInDjango19Warning: django.contrib.contenttypes.generic is deprecated and will be removed https://bugzilla.redhat.com/show_bug.cgi?id=1230666 -------------------------------------------------------------------------------- ================================================================================ python-persistent-4.1.1-1.fc22 (FEDORA-2015-9902) Translucent persistent python objects -------------------------------------------------------------------------------- Update Information: The change to python-persistent was to fix the manifest and remove some stray files that were inadvertently included in the previous release. The change to python-BTrees is to ensure that pure-Python Bucket and Set objects have a human readable __repr__ like the C versions. -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 5 2015 Jerry James <loganjerry@xxxxxxxxx> - 4.1.1-1 - New upstream version -------------------------------------------------------------------------------- ================================================================================ python-requests-kerberos-0.7.0-2.fc22 (FEDORA-2015-9866) A Kerberos authentication handler for python-requests -------------------------------------------------------------------------------- Update Information: Updated to 0.7.0 bug fix release. Relaxed version in kerberos module requirement, to work with python-kerberos 1.1. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Dan Callaghan <dcallagh@xxxxxxxxxx> - 0.7.0-2 - relaxed version in kerberos module requirement, to work with python-kerberos 1.1 (#1215565) * Tue May 5 2015 Fedora Release Monitoring <release-monitoring@xxxxxxxxxxxxxxxxx> - 0.7.0-1 - Update to 0.7.0 (#1164464) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1164464 - python-requests-kerberos-0.7.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1164464 [ 2 ] Bug #1215565 - Python-requests-kerberos requires non-existent python-kerberos in version 1.1.1 https://bugzilla.redhat.com/show_bug.cgi?id=1215565 -------------------------------------------------------------------------------- ================================================================================ python-rhsm-1.15.1-1.fc22 (FEDORA-2015-9862) A Python library to communicate with a Red Hat Unified Entitlement Platform -------------------------------------------------------------------------------- Update Information: * Fixes various grammar issues * Now performed with a hardened build * Fixes issue with proxy use in the GUI -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Alex Wood <awood@xxxxxxxxxx> 1.15.1-1 - Move Python.h include to be first include (alikins@xxxxxxxxxx) - 1092564: Provide LDFLAGS to setup.py to enable hardened build. (awood@xxxxxxxxxx) - Bump version to 1.15 (wpoteat@xxxxxxxxxx) - Do not process proxy environment variables if host is in no_proxy (martin.matuska@xxxxxxxxxxxxxxx) * Tue Jun 2 2015 William Poteat <wpoteat@xxxxxxxxxx> 1.14.3-1 - 1225600: Default config entry needs to include the substitution string (wpoteat@xxxxxxxxxx) - Add F22 to Fedora branches. (awood@xxxxxxxxxx) -------------------------------------------------------------------------------- ================================================================================ python-sep-0.4.0-1.fc22 (FEDORA-2015-9888) Astronomical source extraction and photometry in Python -------------------------------------------------------------------------------- Update Information: See http://sep.readthedocs.org/en/v0.4.x/ for details -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 8 2015 Sergio Pascual <sergio.pasra@xxxxxxxxx> - 0.4.0-1 - New upstream (0.4.0) -------------------------------------------------------------------------------- ================================================================================ python-transaction-1.4.4-1.fc22 (FEDORA-2015-9858) Transaction management for Python -------------------------------------------------------------------------------- Update Information: 1.4.4 (2015-05-19) * Use the standard valuerefs() method rather than relying on implementation details of WeakValueDictionary in WeakSet. * Add support for PyPy3. * Require 100% branch coverage (in addition to 100% statement coverage). -------------------------------------------------------------------------------- ChangeLog: * Wed May 20 2015 Ralph Bean <rbean@xxxxxxxxxx> - 1.4.4-1 - new version -------------------------------------------------------------------------------- ================================================================================ rendercheck-1.5-1.fc22 (FEDORA-2015-9842) Tool to verify correct operation of the XRENDER extension -------------------------------------------------------------------------------- Update Information: upstream rendercheck 1.5 release -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Dave Airlie <airlied@xxxxxxxxxx> 1.5-1 - upstream rendercheck 1.5 release -------------------------------------------------------------------------------- ================================================================================ satyr-0.18-1.fc22 (FEDORA-2015-9886) Tools to create anonymous, machine-friendly problem reports -------------------------------------------------------------------------------- Update Information: Security fixes for: * CVE-2015-3315 * CVE-2015-3142 * CVE-2015-1869 * CVE-2015-1870 * CVE-2015-3151 * CVE-2015-3150 * CVE-2015-3159 abrt: - Move the default dump location from /var/tmp/abrt to /var/spool/abrt - Use root for owner of all dump directories - Stop reading hs_error.log from /tmp - Don not save the system logs by default - Don not save dmesg if kernel.dmesg_restrict=1 libreport: - Harden the code against directory traversal, symbolic and hard link attacks - Fix a bug causing that the first value of AlwaysExcludedElements was ignored - Fix missing icon for the "Stop" button icon name - Improve development documentation - Translations updates gnome-abrt: - Enabled the Details also for the System problems - Do not crash in the testing of availabitlity of XServer - Fix 'Open problem's data directory' - Quit Application on Ctrl+Q - Translation updates satyr: - New kernel taint flags - More secure core stacktraces from core hook -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2015 Martin Milata <mmilata@xxxxxxxxxx> - 0.18-1 - New upstream version - Remove function fingerprinting - New kernel taint flags - Normalization tweaks - More secure core stacktraces from core hook * Sat May 2 2015 Kalev Lember <kalevlember@xxxxxxxxx> - 0.16-3 - Rebuilt for GCC 5 C++11 ABI change * Sat Feb 21 2015 Till Maas <opensource@xxxxxxxxx> - 0.16-2 - Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code -------------------------------------------------------------------------------- References: [ 1 ] Bug #1216975 - CVE-2015-3159 abrt: missing process environment sanitizaton in abrt-action-install-debuginfo-to-abrt-cache [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1216975 [ 2 ] Bug #1214609 - CVE-2015-3150 abrt: abrt-dbus does not guard against crafted problem directory path arguments [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1214609 [ 3 ] Bug #1214452 - CVE-2015-3151 abrt: directory traversals in several D-Bus methods implemented by abrt-dbus [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1214452 [ 4 ] Bug #1212871 - CVE-2015-1870 abrt: default abrt event scripts lead to information disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212871 [ 5 ] Bug #1212865 - CVE-2015-1869 abrt: default event scripts follow symbolic links [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212865 [ 6 ] Bug #1212821 - CVE-2015-3142 abrt: abrt-hook-ccpp writes core dumps to existing files owned by others [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1212821 [ 7 ] Bug #1218239 - CVE-2015-3315 abrt: Various race-conditions and symlink issues found in abrt [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1218239 [ 8 ] Bug #1128400 - ABRT does not honor dmesg_restrict https://bugzilla.redhat.com/show_bug.cgi?id=1128400 -------------------------------------------------------------------------------- ================================================================================ sniproxy-0.3.6-2.fc22 (FEDORA-2015-9883) Transparent TLS proxy -------------------------------------------------------------------------------- Update Information: Server no longer starts as forking -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> - 0.3.6-2 - Server no longer starts as forking * Thu Mar 12 2015 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> - 0.3.6-1 - New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1202298 - Switch systemd unit file to use non-forking type https://bugzilla.redhat.com/show_bug.cgi?id=1202298 -------------------------------------------------------------------------------- ================================================================================ subscription-manager-1.15.1-1.fc22 (FEDORA-2015-9862) Tools and libraries for subscription and repository management -------------------------------------------------------------------------------- Update Information: * Fixes various grammar issues * Now performed with a hardened build * Fixes issue with proxy use in the GUI -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Alex Wood <awood@xxxxxxxxxx> 1.15.1-1 - Don't try to set file attrs on symlinks in spec (alikins@xxxxxxxxxx) - 1228807: Make disabling proxy via gui apply (alikins@xxxxxxxxxx) - Use find_lang --with-gnome for the gnome help (alikins@xxxxxxxxxx) - Cast return daemon() to void to quiet warnings. (alikins@xxxxxxxxxx) - Make the 'compile-po' step in the build quiet. (alikins@xxxxxxxxxx) - Make desktop-file-validate warnings. (alikins@xxxxxxxxxx) - rpm spec file reorg (alikins@xxxxxxxxxx) - 1224806: Prevent yum blocking on rhsm locks (alikins@xxxxxxxxxx) - 1092564: Add LDFLAGS to makefile so RPM can modify them. (awood@xxxxxxxxxx) - Update registergui.py (wpoteat@xxxxxxxxxx) - Bump version to 1.15 (wpoteat@xxxxxxxxxx) - Remove spurious debug logging about content labels (alikins@xxxxxxxxxx) - Revert "1189953: Replaced usage of "startup" with "start-up"" (crog@xxxxxxxxxx) - Revert "1149098: Removed uses of the non-word "unregister"" (crog@xxxxxxxxxx) - Revert "1189937: Added hypens to instances of the non-word "wildcard"" (crog@xxxxxxxxxx) - Revert "1200507: Hyphenated uses of the non-word "plugin."" (crog@xxxxxxxxxx) - 1225435: Use LC_ALL instead of LANG for lscpu. (alikins@xxxxxxxxxx) - Remove mutable default args in stubs (alikins@xxxxxxxxxx) - Add notes about how register/firstboot interact. (alikins@xxxxxxxxxx) - 1189953: Replaced usage of "startup" with "start-up" (crog@xxxxxxxxxx) - 1194453: Fixed typos and grammar issues in the rhsmcertd man page (crog@xxxxxxxxxx) - 1192646: Fixed typos and grammar issues in the RHSM conf man page (crog@xxxxxxxxxx) - 1192574: Fixed typos and grammar issues in subman GUI man page (crog@xxxxxxxxxx) - 1192120: Fixed typos and grammar issues in subman man page (crog@xxxxxxxxxx) - 1192094: Fixed erroneous usage of "servicelevel" for the subman command (crog@xxxxxxxxxx) - 1194468: Fixed typos and grammar in rhsm-debug man page (crog@xxxxxxxxxx) - 1193991: Fixed typos and header for RCT man page. (crog@xxxxxxxxxx) - 1200507: Hyphenated uses of the non-word "plugin." (crog@xxxxxxxxxx) - 1189946: Removed extraneous hyphens from instances of "pre-configure" (crog@xxxxxxxxxx) - 1189937: Added hypens to instances of the non-word "wildcard" (crog@xxxxxxxxxx) - 1149098: Removed uses of the non-word "unregister" (crog@xxxxxxxxxx) - 1189880: Removed the non-word "unentitle" from error messages (crog@xxxxxxxxxx) * Tue Jun 2 2015 William Poteat <wpoteat@xxxxxxxxxx> 1.14.9-1 - 1223038: Fix API used by openshift clients. (alikins@xxxxxxxxxx) - 1195824: Latest strings from zanata (alikins@xxxxxxxxxx) * Tue May 26 2015 William Poteat <wpoteat@xxxxxxxxxx> 1.14.8-1 - 1223860: Revert to default value on remove command (wpoteat@xxxxxxxxxx) - translation sync from zanata (alikins@xxxxxxxxxx) - 1223852: fix 'Deletedfd' string in repo report (alikins@xxxxxxxxxx) - Remove gnome-python2-canvas,gnome-python2 deps (alikins@xxxxxxxxxx) * Tue May 19 2015 William Poteat <wpoteat@xxxxxxxxxx> 1.14.7-1 - 1220287: Proxy Save accel fix with latest strings. (alikins@xxxxxxxxxx) - 1212515: Print error message for missing systemid file. (awood@xxxxxxxxxx) - Added missing option to the migration manual page (crog@xxxxxxxxxx) - Specified error codes on system_exit in rhn-migrate-classic-to-rhsm (crog@xxxxxxxxxx) - Updated the manual pages for the attach command (crog@xxxxxxxxxx) - Remove locale based DatePicker tests. (alikins@xxxxxxxxxx) - Make rhsm-debug test cases clean up better. (alikins@xxxxxxxxxx) -------------------------------------------------------------------------------- ================================================================================ unboundid-ldapsdk-3.0.0-1.fc22 (FEDORA-2015-9915) UnboundID LDAP SDK for Java -------------------------------------------------------------------------------- Update Information: UnboundID LDAP SDK for Java 3.0.0 includes several bug fixes and enhancements keeping backward compatibility. You can read more about the changes in this version at https://github.com/UnboundID/ldapsdk/releases/tag/3.0.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 11 2015 Sandro Bonazzola <sbonazzo@xxxxxxxxxx> - 3.0.0-1 - Rebased on upstream 3.0.0 - Resolves: BZ#1230454 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1230454 - unboundid-ldapsdk-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1230454 -------------------------------------------------------------------------------- ================================================================================ xorg-x11-server-1.17.1-15.fc22 (FEDORA-2015-9895) X.Org X11 X server -------------------------------------------------------------------------------- Update Information: (CVE-2015-3164) Due to an omission in authentication setup, the XWayland server would start up in non-authenticating mode, meaning that any client with access to the server's UNIX socket was able to connect to the server and use it as a regular client. http://lists.freedesktop.org/archives/wayland-devel/2015-June/022548.html -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 10 2015 Ray Strode <rstrode@xxxxxxxxxx> 1.17.1-15 - CVE-2015-3164 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
