The following Fedora 22 Security updates need testing: Age URL 160 https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878 echoping-6.1-0.beta.r434svn.1.fc22 109 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9110 fossil-1.33-1.fc22 109 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185 ceph-deploy-1.5.25-1.fc22 78 https://bodhi.fedoraproject.org/updates/FEDORA-2015-10944 openhpi-3.4.0-2.fc22 65 https://bodhi.fedoraproject.org/updates/FEDORA-2015-11473 squid-3.4.13-2.fc22 42 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781 python-kdcproxy-0.3.2-1.fc22 28 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13616 mod_nss-1.0.11-4.fc22 27 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13823 python-django-1.8.4-1.fc22 26 https://bodhi.fedoraproject.org/updates/conntrack-tools-1.4.2-9.fc22 conntrack-tools-1.4.2-9.fc22 26 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13945 wireshark-1.12.7-2.fc22 21 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14199 sblim-sfcb-1.4.9-2.fc22 21 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14212 ntp-4.2.6p5-33.fc22 13 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14848 libwmf-0.2.8.4-46.fc22 13 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14851 libvdpau-1.1.1-1.fc22 13 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14902 ipython-2.4.1-8.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14952 pdns-3.4.6-1.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14958 bind99-9.9.7-7.P3.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14983 pcs-0.9.139-7.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15001 rolekit-0.3.2-2.fc22 9 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15275 php-pecl-zip-1.12.5-1.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15292 ipsilon-1.1.0-1.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15364 qemu-2.3.1-3.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15589 jakarta-commons-httpclient-3.1-23.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15619 golang-1.5.1-0.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15676 icedtea-web-1.6.1-1.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15767 bugzilla-4.4.10-1.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15831 seamonkey-2.35-1.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15858 unzip-6.0-22.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15907 groovy-2.4.0-2.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15928 openjpeg2-2.1.0-6.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15936 libvpx-1.3.0-7.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15944 xen-4.5.1-8.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15981 wordpress-4.3.1-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16023 xpra-0.15.6-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16034 php-ZendFramework2-2.4.8-1.fc22 The following Fedora 22 Critical Path updates have yet to be approved: Age URL 106 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9342 perl-Curses-1.32-1.fc22 35 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22 28 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13652 hwdata-0.281-1.fc22 28 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13646 libreport-2.6.2-2.fc22,abrt-2.6.1-3.fc22,gnome-abrt-1.2.0-4.fc22 27 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13833 gvfs-1.24.2-1.fc22 26 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13954 xfdesktop-4.12.3-2.fc22 26 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13801 tigervnc-1.5.0-2.fc22 26 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13797 fontconfig-2.11.94-4.fc22 26 https://bodhi.fedoraproject.org/updates/freetype-2.5.5-2.fc22 freetype-2.5.5-2.fc22 21 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14218 xulrunner-40.0-1.fc22 19 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14450 pyparted-3.10.7-1.fc22 19 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14403 libreport-2.6.2-3.fc22 abrt-2.6.1-4.fc22 15 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14533 parted-3.2-10.fc22 13 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14913 gdb-7.9.1-18.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15102 device-mapper-multipath-0.4.9-73.fc22.1 12 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15089 linux-firmware-20150904-56.git6ebf5d57.fc22 9 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15260 python-pycurl-7.19.5.1-2.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15356 cryptsetup-1.6.8-2.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15301 evolution-3.16.5-3.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-10143 NetworkManager-1.0.6-4.fc22 NetworkManager-openswan-1.0.6-2.fc22 NetworkManager-openvpn-1.0.6-3.fc22 NetworkManager-vpnc-1.0.6-3.fc22 network-manager-applet-1.0.6-2.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15516 perl-HTTP-Message-6.11-1.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15610 hunspell-1.3.3-5.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15564 enca-1.16-1.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15553 policycoreutils-2.3-18.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15660 krb5-1.13.2-6.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15904 NetworkManager-1.0.6-5.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15897 libgdata-0.17.3-1.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15888 PackageKit-1.0.9-1.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15884 libgusb-0.2.7-1.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15883 libassuan-2.3.0-1.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15879 texinfo-5.2-9.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15864 kernel-4.1.7-200.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15858 unzip-6.0-22.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15841 kde-runtime-15.08.1-1.fc22 kdelibs-4.14.12-1.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15810 attr-2.4.47-10.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15803 gnutls-3.3.18-1.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15793 perl-5.20.3-327.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15936 libvpx-1.3.0-7.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15896 gnome-online-accounts-3.16.4.1-1.fc22 The following builds have been pushed to Fedora 22 updates-testing admeshgui-1.0.1-1.fc22 caja-extensions-1.10.1-1.fc22 cinnamon-desktop-2.6.5-5.fc22 dar-2.4.18-1.fc22 dnf-plugin-system-upgrade-0.4.1-1.fc22 fedora-arm-installer-1.99.5-1.fc22 flpsed-0.7.3-2.fc22 glpi-0.85.5-1.fc22 gnome-online-accounts-3.16.4.1-1.fc22 golang-github-AdRoll-goamz-0-0.1.gitf8c4952.fc22 golang-github-Azure-azure-sdk-for-go-1.2-0.1.git97d9593.fc22 golang-github-denverdino-aliyungo-0-0.1.git0e0f322.fc22 golang-github-go-fsnotify-fsnotify-1.2.0-0.1.git96c060f.fc22 golang-github-gorilla-handlers-0-0.1.git60c7bfd.fc22 golang-github-ncw-swift-0-0.1.git22c8fa9.fc22 golang-github-noahdesu-go-ceph-0.3.0-0.1.gitb15639c.fc22 golang-github-stevvooe-resumable-0-0.1.git51ad441.fc22 gpaste-3.16.3-1.fc22 kchildlock-0.91.1-1.fc22 kde-workspace-4.11.22-2.fc22 konsole5-15.08.1-1.fc22 libsearpc-3.0-5.fc22 libvpx-1.3.0-7.fc22 liquibase-3.4.1-1.fc22 mate-themes-1.10.5-1.fc22 openjpeg2-2.1.0-6.fc22 perl-Encode-2.77-1.fc22 perl-TeX-Encode-1.3-2.fc22 php-ZendFramework2-2.4.8-1.fc22 polymake-2.13-23.git20141013.fc22 polymake-2.13-24.git20141013.fc22 python-cairosvg-1.0.16-2.fc22 python-requests-2.7.0-4.fc22 reposurgeon-3.29-1.fc22 rubygem-locale-2.1.2-1.fc22 task-2.5.0-0.1.beta1.fc22 texstudio-2.10.0-1.fc22 uboot-tools-2015.07-5.fc22 woffTools-0.1-0.10.684svn.fc22 wordpress-4.3.1-1.fc22 xen-4.5.1-8.fc22 xpra-0.15.6-1.fc22 Details about builds: ================================================================================ admeshgui-1.0.1-1.fc22 (FEDORA-2015-16037) STL viewer and manipulation tool -------------------------------------------------------------------------------- Update Information: STL viewer and manipulation tool -------------------------------------------------------------------------------- References: [ 1 ] Bug #1224397 - Review Request: admeshgui - STL viewer and manipulation tool https://bugzilla.redhat.com/show_bug.cgi?id=1224397 -------------------------------------------------------------------------------- ================================================================================ caja-extensions-1.10.1-1.fc22 (FEDORA-2015-15967) Set of extensions for caja file manager -------------------------------------------------------------------------------- Update Information: caja-extensions-1.10.1-1.fc21 - update to 1.10.1 release caja- extensions-1.10.1-1.fc22 - update to 1.10.1 release caja- extensions-1.10.1-1.el7 - update to 1.10.1 release caja- extensions-1.10.1-1.fc23 - update to 1.10.1 release - enable gajim sendto plugin -------------------------------------------------------------------------------- ================================================================================ cinnamon-desktop-2.6.5-5.fc22 (FEDORA-2015-16045) Shared code among cinnamon-session, nemo, etc -------------------------------------------------------------------------------- Update Information: cinnamon-desktop-2.6.5-5.fc23 - fix warning message when background is xml file cinnamon-desktop-2.6.5-5.fc22 - fix warning message when background is xml file cinnamon-desktop-2.6.5-5.fc21 - fix warning message when background is xml file -------------------------------------------------------------------------------- ================================================================================ dar-2.4.18-1.fc22 (FEDORA-2015-15954) Software for making/restoring incremental CD/DVD backups -------------------------------------------------------------------------------- Update Information: New upstream version dar-2.4.18-1.fc23 - New upstream version dar-2.4.18-1.el7 - new upstream version dar-2.4.18-1.el6 - new upstream version dar-2.4.18-1.el5 - new upstream version dar-2.4.18-1.fc22 - New upstream version dar-2.4.18-1.fc21 - new upstream version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1258281 - dar-2.4.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1258281 -------------------------------------------------------------------------------- ================================================================================ dnf-plugin-system-upgrade-0.4.1-1.fc22 (FEDORA-2015-15942) System Upgrade plugin for DNF -------------------------------------------------------------------------------- Update Information: This is the first release of the `dnf system-upgrade` plugin, which replaces `fedup`. ---- What's changed since version 0.4.0: * Fixed `dnf system- upgrade clean` * Added man page `dnf.plugin.system-upgrade(8)` * Silenced duplicate DNF output during upgrade * Package now conflicts with old versions of PackageKit that don't let other programs do offline updates -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262145 - 'dnf system-upgrade clean' and 'dnf clean packages' does not clean downloaded system upgrade packages https://bugzilla.redhat.com/show_bug.cgi?id=1262145 [ 2 ] Bug #1260164 - Fix default Requires: to its python3 subpackage https://bugzilla.redhat.com/show_bug.cgi?id=1260164 [ 3 ] Bug #1259937 - dnf-plugin-system-upgrade should have explicit conflicts with older PackageKit https://bugzilla.redhat.com/show_bug.cgi?id=1259937 -------------------------------------------------------------------------------- ================================================================================ fedora-arm-installer-1.99.5-1.fc22 (FEDORA-2015-16035) Writes binary image files to any specified block device -------------------------------------------------------------------------------- Update Information: Update to 2015.07 GA release for Fedora 22. Adds numerous fixes as well as support for new devices -------------------------------------------------------------------------------- ================================================================================ flpsed-0.7.3-2.fc22 (FEDORA-2015-15959) WYSIWYG pseudo PostScript editor -------------------------------------------------------------------------------- Update Information: flpsed-0.7.3-2.fc21 - fix copying file path flpsed-0.7.3-2.fc22 - fix copying file path flpsed-0.7.3-2.fc23 - fix license COPYING file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1247059 - Packaging issues https://bugzilla.redhat.com/show_bug.cgi?id=1247059 -------------------------------------------------------------------------------- ================================================================================ glpi-0.85.5-1.fc22 (FEDORA-2015-16011) Free IT asset management software -------------------------------------------------------------------------------- Update Information: **GLPI version 0.85.5** From upstream [changelog](https://github.com/glpi- project/glpi/issues?q=milestone:0.85.5): * Missing project in total spent on budget bug * Fix queuemail is case MySQL server in not in same timezone as glpi * Notes are not deleted on item purge * Tickets/Pbs : wrong display of column 'Associated item types' when plugin * Dozens of sql errors at profile creation * Error PHP when adding a contract to an item, and contract is already linked to this item * Pb with massive action 'Remove a contract' on an asset * Error with Contract, massive action 'Remove item', 'Remove all at once' * Project task template * Collector : blacklisted email address generates php errors * Mailcollector if multi "To" in header * URL in notification for reservation * Values not corrects in glpi_events * In 'project tasks' tab of a project, type (of task) doesn't take into account available translations * In Setup > General, tab Assets, autom update elts related to computers : some fields are inverted * 0.85 and above : Child Entities, tab Notifications, pb with field 'Enable notifs by default' Packaging changes: - update to 0.85.5 - use system ircmaxell/password-compat - switch from eZ component to Zeta component -------------------------------------------------------------------------------- ================================================================================ gnome-online-accounts-3.16.4.1-1.fc22 (FEDORA-2015-15896) Single sign-on framework for GNOME -------------------------------------------------------------------------------- Update Information: # Bugs fixed: * 752939 Several leak fixes * 754142 icons: Provide HiDpi variants # Updated translations: * Portuguese -------------------------------------------------------------------------------- ================================================================================ golang-github-AdRoll-goamz-0-0.1.gitf8c4952.fc22 (FEDORA-2015-15992) Fork of the GOAMZ with additional functionality with DynamoDB -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262714 - Review Request: golang-github-AdRoll-goamz - Fork of the GOAMZ with additional functionality with DynamoDB https://bugzilla.redhat.com/show_bug.cgi?id=1262714 -------------------------------------------------------------------------------- ================================================================================ golang-github-Azure-azure-sdk-for-go-1.2-0.1.git97d9593.fc22 (FEDORA-2015-15991) Microsoft Azure SDK for Go -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262716 - Review Request: golang-github-Azure-azure-sdk-for-go - Microsoft Azure SDK for Go https://bugzilla.redhat.com/show_bug.cgi?id=1262716 -------------------------------------------------------------------------------- ================================================================================ golang-github-denverdino-aliyungo-0-0.1.git0e0f322.fc22 (FEDORA-2015-16003) Go SDK for Aliyun Services -------------------------------------------------------------------------------- Update Information: needed by docker/distribution -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262704 - Review Request: golang-github-denverdino-aliyungo - Go SDK for Aliyun Services https://bugzilla.redhat.com/show_bug.cgi?id=1262704 -------------------------------------------------------------------------------- ================================================================================ golang-github-go-fsnotify-fsnotify-1.2.0-0.1.git96c060f.fc22 (FEDORA-2015-15978) File system notifications for Go -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262426 - Review Request: golang-github-go-fsnotify-fsnotify - File system notifications for Go https://bugzilla.redhat.com/show_bug.cgi?id=1262426 -------------------------------------------------------------------------------- ================================================================================ golang-github-gorilla-handlers-0-0.1.git60c7bfd.fc22 (FEDORA-2015-16000) A collection of useful handlers for Go's net/http package -------------------------------------------------------------------------------- Update Information: needed by docker/distribution -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262705 - Review Request: golang-github-gorilla-handlers - A collection of useful handlers for Go's net/http package https://bugzilla.redhat.com/show_bug.cgi?id=1262705 -------------------------------------------------------------------------------- ================================================================================ golang-github-ncw-swift-0-0.1.git22c8fa9.fc22 (FEDORA-2015-15996) Go language interface to Swift -------------------------------------------------------------------------------- Update Information: needed by docker/distribution -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262710 - Review Request: golang-github-ncw-swift - Go language interface to Swift https://bugzilla.redhat.com/show_bug.cgi?id=1262710 -------------------------------------------------------------------------------- ================================================================================ golang-github-noahdesu-go-ceph-0.3.0-0.1.gitb15639c.fc22 (FEDORA-2015-15990) Go bindings for RADOS, RBD, and CephFS -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262711 - Review Request: golang-github-noahdesu-go-ceph - Go bindings for RADOS, RBD, and CephFS https://bugzilla.redhat.com/show_bug.cgi?id=1262711 -------------------------------------------------------------------------------- ================================================================================ golang-github-stevvooe-resumable-0-0.1.git51ad441.fc22 (FEDORA-2015-16007) Subset of the Go `crypto` Package with a Resumable Hash Interface -------------------------------------------------------------------------------- Update Information: needed by docker/distribution -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262709 - Review Request: golang-github-stevvooe-resumable - Subset of the Go `crypto` Package with a Resumable Hash Interface https://bugzilla.redhat.com/show_bug.cgi?id=1262709 -------------------------------------------------------------------------------- ================================================================================ gpaste-3.16.3-1.fc22 (FEDORA-2015-16013) Clipboard management system -------------------------------------------------------------------------------- Update Information: * various gnome-shell extension fixes * prevent potential crash from external library users -------------------------------------------------------------------------------- References: [ 1 ] Bug #1260322 - gpaste-v3.16.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1260322 -------------------------------------------------------------------------------- ================================================================================ kchildlock-0.91.1-1.fc22 (FEDORA-2015-16020) KDE Parental Control Application -------------------------------------------------------------------------------- Update Information: kchildlock-0.91.1-1.fc21 - Update to 0.91.1 kchildlock-0.91.1-1.fc22 - Update to 0.91.1 kchildlock-0.91.1-1.fc23 - Update to 0.91.1 -------------------------------------------------------------------------------- ================================================================================ kde-workspace-4.11.22-2.fc22 (FEDORA-2015-15953) KDE Workspace -------------------------------------------------------------------------------- Update Information: Provide a new ksystraycmd package. -------------------------------------------------------------------------------- ================================================================================ konsole5-15.08.1-1.fc22 (FEDORA-2015-16040) KDE Terminal emulator -------------------------------------------------------------------------------- Update Information: Latest release as part of https://www.kde.org/announcements/announce- applications-15.08.1.php konsole5-15.08.1-1.fc22 - 15.08.1 -------------------------------------------------------------------------------- ================================================================================ libsearpc-3.0-5.fc22 (FEDORA-2015-15948) A simple and easy-to-use C language RPC framework -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1129224 - Review Request: libsearpc - A simple and easy-to-use C language RPC framework https://bugzilla.redhat.com/show_bug.cgi?id=1129224 -------------------------------------------------------------------------------- ================================================================================ libvpx-1.3.0-7.fc22 (FEDORA-2015-15936) VP8 Video Codec SDK -------------------------------------------------------------------------------- Update Information: libvpx-1.3.0-7.fc21 - set --size-limit=16384x16384 to fix CVE-2015-1258 libvpx-1.3.0-7.fc22 - set --size-limit=16384x16384 to fix CVE-2015-1258 libvpx-1.4.0-5.fc23 - set --size-limit=16384x16384 to avoid CVE-2015-1258 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1223266 - CVE-2015-1258 chromium-browser: Negative-size parameter in Libvpx. https://bugzilla.redhat.com/show_bug.cgi?id=1223266 -------------------------------------------------------------------------------- ================================================================================ liquibase-3.4.1-1.fc22 (FEDORA-2015-15931) Database Refactoring Tool -------------------------------------------------------------------------------- Update Information: Update to 3.4.1. This release is primarily bug fixes. See http://www.liquibase.org/2015/07/liquibase-3-4-1-released.html for details. -------------------------------------------------------------------------------- ================================================================================ mate-themes-1.10.5-1.fc22 (FEDORA-2015-15969) MATE Desktop themes -------------------------------------------------------------------------------- Update Information: mate-themes-1.10.5-1.fc21 - update to 1.10.5 release mate- themes-1.10.5-1.fc22 - update to 1.10.5 release mate-themes-1.10.5-1.fc23 - update to 1.10.5 release -------------------------------------------------------------------------------- ================================================================================ openjpeg2-2.1.0-6.fc22 (FEDORA-2015-15928) C-Library for JPEG 2000 -------------------------------------------------------------------------------- Update Information: Security fix for use after free vulnerability -------------------------------------------------------------------------------- References: [ 1 ] Bug #1263359 - openjpeg: Use-after-free vulnerability in opj_j2k_write_mco https://bugzilla.redhat.com/show_bug.cgi?id=1263359 -------------------------------------------------------------------------------- ================================================================================ perl-Encode-2.77-1.fc22 (FEDORA-2015-16030) Character encodings in Perl -------------------------------------------------------------------------------- Update Information: This release accepts UTF-16 encoding identifier and defaults to big endian variant as dictated by Unicode 8. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1263486 - perl-Encode-2.77 is available https://bugzilla.redhat.com/show_bug.cgi?id=1263486 -------------------------------------------------------------------------------- ================================================================================ perl-TeX-Encode-1.3-2.fc22 (FEDORA-2015-15939) Encoding to LaTeX escapes -------------------------------------------------------------------------------- Update Information: New package: perl-TeX-Encode -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262872 - Review Request: perl-TeX-Encode - Encoding to LaTeX escapes https://bugzilla.redhat.com/show_bug.cgi?id=1262872 -------------------------------------------------------------------------------- ================================================================================ php-ZendFramework2-2.4.8-1.fc22 (FEDORA-2015-16034) Zend Framework 2 -------------------------------------------------------------------------------- Update Information: **Zend Framework 2.4.8** **Security Update** * **ZF2015-07**: The filesystem storage adapter of Zend\Cache was creating directories with a liberal umask that could lead to local arbitrary code execution and/or local privilege escalation. This release contains a patch that ensures the directories are created using permissions of 0775 and files using 0664 (essentially umask 0002). **Bug fixed** from upstream [Changelog](http://framework.zend.com/changelog/2.4.8) * validate against DateTimeImmutable instead of DateTimeInterface * treat 0.0 as non-empty, restoring pre-2.4 behavior * deprecate "magic" logic for auto- attaching NonEmpty validators in favor of explicit attachment * ensure fallback values work as per pre-2.4 behavior * update the InputFilterInterface::add() docblock to match implementations * Fix how missing optoinal fields are validated to match pre 2.4.0 behavior * deprecate AllowEmpty and ContinueIfEmpty annotations, per zend-inputfilter#26 * fix typos in aria attribute names of AbstractHelper * fixes the ContentType header to properly handle encoded parameter values * fixes the Sender header to allow mailbox addresses without TLDs * fixes parsing of messages that contain an initial blank line before headers * fixes the SetCookie header to allow multiline values (as they are always encoded * fixes DefaultRenderingStrategy errors due to controllers returning non-view model results -------------------------------------------------------------------------------- ================================================================================ polymake-2.13-23.git20141013.fc22 (FEDORA-2015-15980) Algorithms on convex polytopes and polyhedra -------------------------------------------------------------------------------- Update Information: Rebuild against Perl 5.20.3 -------------------------------------------------------------------------------- ================================================================================ polymake-2.13-24.git20141013.fc22 (FEDORA-2015-16018) Algorithms on convex polytopes and polyhedra -------------------------------------------------------------------------------- Update Information: Rebuild against Perl 5.20.3 with Singular support -------------------------------------------------------------------------------- ================================================================================ python-cairosvg-1.0.16-2.fc22 (FEDORA-2015-16042) A Simple SVG Converter for Cairo -------------------------------------------------------------------------------- Update Information: Fix the name of the python3 subpackage. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1263793 - python3-CairoSVG is named oddly https://bugzilla.redhat.com/show_bug.cgi?id=1263793 -------------------------------------------------------------------------------- ================================================================================ python-requests-2.7.0-4.fc22 (FEDORA-2015-15950) HTTP library, written in Python, for human beings -------------------------------------------------------------------------------- Update Information: Provide python2-requests. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1241671 - python-requests: missing provides for python2-requests https://bugzilla.redhat.com/show_bug.cgi?id=1241671 -------------------------------------------------------------------------------- ================================================================================ reposurgeon-3.29-1.fc22 (FEDORA-2015-16010) SCM Repository Manipulation Tool -------------------------------------------------------------------------------- Update Information: # 3.29: 2015-09-02 * Now included: git aliases that allow git to work with action stamps. * **The new `repomapper` tool helps prepare contributor maps.** * Use of branchify/branchify_map is now less likely to produce invalid resets. * `branchify_map` has been changed to handle subdirectories better. `branchify_map reset` actually works now. * Prevent a crash on empty SVN comments produced by dumpfiltering. * `assign` command with no selection set or arguments lists assignments. * New `--user-ignores` option on Subversion reads passes through .gitignores. * `repotool initialize` now generates an easier-to-read conversion makefile (Fedora: Used to be conversion.mk in /usr/share/doc/reposurgeon). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1259536 - reposurgeon-3.29 is available https://bugzilla.redhat.com/show_bug.cgi?id=1259536 -------------------------------------------------------------------------------- ================================================================================ rubygem-locale-2.1.2-1.fc22 (FEDORA-2015-15962) Pure ruby library which provides basic APIs for localization -------------------------------------------------------------------------------- Update Information: New version 2.1.2 is released. -------------------------------------------------------------------------------- ================================================================================ task-2.5.0-0.1.beta1.fc22 (FEDORA-2015-15961) Taskwarrior - a command-line TODO list manager -------------------------------------------------------------------------------- Update Information: Beta release from upstream. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1213196 - task-2.5.0.beta1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1213196 -------------------------------------------------------------------------------- ================================================================================ texstudio-2.10.0-1.fc22 (FEDORA-2015-15997) A feature-rich editor for LaTeX documents -------------------------------------------------------------------------------- Update Information: - update to 2.10.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262987 - [PATCH] ARM build of 2.10.0 fails https://bugzilla.redhat.com/show_bug.cgi?id=1262987 -------------------------------------------------------------------------------- ================================================================================ uboot-tools-2015.07-5.fc22 (FEDORA-2015-16035) U-Boot utilities -------------------------------------------------------------------------------- Update Information: Update to 2015.07 GA release for Fedora 22. Adds numerous fixes as well as support for new devices -------------------------------------------------------------------------------- ================================================================================ woffTools-0.1-0.10.684svn.fc22 (FEDORA-2015-15985) Tool for manipulating and examining WOFF files -------------------------------------------------------------------------------- Update Information: Patch0 added, Release bumped -------------------------------------------------------------------------------- References: [ 1 ] Bug #1261384 - ImportError: No module named sstruct https://bugzilla.redhat.com/show_bug.cgi?id=1261384 -------------------------------------------------------------------------------- ================================================================================ wordpress-4.3.1-1.fc22 (FEDORA-2015-15981) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: **WordPress 4.3.1 Security and Maintenance Release** [Upstream announcement](https://wordpress.org/news/2015/09/wordpress-4-3-1/): WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation. * WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point. * A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team. * Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check Point. WordPress 4.3.1 also fixes twenty-six bugs. For more information, see the [release notes](https://codex.wordpress.org/Version_4.3.1) or consult the [list of changes](https://core.trac.wordpress.org/log/branches/4.3/?rev=34199&st op_rev=33647). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1263657 - CVE-2015-5714 CVE-2015-5715 wordpress: XSS and permission issue fixed in wordpress 4.3.1 https://bugzilla.redhat.com/show_bug.cgi?id=1263657 -------------------------------------------------------------------------------- ================================================================================ xen-4.5.1-8.fc22 (FEDORA-2015-15944) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: libxl fails to honour readonly flag on disks with qemu-xen [XSA-142 (possible fix)] ---- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] -------------------------------------------------------------------------------- References: [ 1 ] Bug #1248997 - CVE-2015-5166 Qemu: BlockBackend object use after free issue (XSA-139) https://bugzilla.redhat.com/show_bug.cgi?id=1248997 [ 2 ] Bug #1248760 - CVE-2015-5165 Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140) https://bugzilla.redhat.com/show_bug.cgi?id=1248760 -------------------------------------------------------------------------------- ================================================================================ xpra-0.15.6-1.fc22 (FEDORA-2015-16023) Remote display server for applications and desktops -------------------------------------------------------------------------------- Update Information: This update fixes a critical bug with the Xdummy setup which allows local users to access the virtual display used for the xpra sessions. xpra-0.15.6-1.fc21 - Update to 0.15.6 xpra-0.15.6-1.fc22 - Update to 0.15.6 xpra-0.15.6-1.fc23 - Update to 0.15.6 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
