The following Fedora 22 Security updates need testing: Age URL 304 https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878 echoping-6.1-0.beta.r434svn.1.fc22 253 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185 ceph-deploy-1.5.25-1.fc22 186 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781 python-kdcproxy-0.3.2-1.fc22 140 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22 134 https://bodhi.fedoraproject.org/updates/FEDORA-2015-05490fc42d squid-3.4.13-3.fc22 129 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf openstack-swift-2.2.0-6.fc22 98 https://bodhi.fedoraproject.org/updates/FEDORA-2015-0552500cd7 python-pygments-2.0.2-3.fc22 98 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d miniupnpc-1.9-6.fc22 80 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 80 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 62 https://bodhi.fedoraproject.org/updates/FEDORA-2015-3a5cebb105 ImageMagick-6.9.2.7-1.fc22 62 https://bodhi.fedoraproject.org/updates/FEDORA-2015-39522bb8c9 php-PHPMailer-5.2.14-1.fc22 52 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6efa349a85 subversion-1.8.15-1.fc22 47 https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22 21 https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0 thttpd-2.25b-37.fc22 15 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1323b9078a bind99-9.9.8-2.P3.fc22 15 https://bodhi.fedoraproject.org/updates/FEDORA-2016-34bc10a2c8 ntp-4.2.6p5-36.fc22 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3c0b37e056 imlib2-1.4.7-1.fc22 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-54dcc5d1bf 389-ds-base-1.3.4.7-1.fc22 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7b9a2fe987 ecryptfs-utils-109-1.fc22 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c57c232c0 xulrunner-44.0-1.fc22 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-35492207cb krb5-1.13.2-13.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b211281b8e claws-mail-3.13.2-1.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-143a48536c webkitgtk4-2.10.7-1.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3441e9da2f nodejs-is-my-json-valid-2.12.4-1.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-52b294538d python-pymongo-2.5.2-8.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9d0a25ea07 wordpress-4.4.2-1.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1bc6ca8445 php-5.6.18-1.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3cc13611f4 asterisk-13.7.1-1.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3e92171283 python-pillow-2.8.2-3.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5a141de5d9 mingw-curl-7.47.0-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-43735c33a7 mingw-libpng-1.6.21-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a9ee80b01d mingw-libxml2-2.9.3-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f59a8ff5d0 mingw-pcre-8.38-1.fc22 The following Fedora 22 Critical Path updates have yet to be approved: Age URL 179 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22 98 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f libgphoto2-2.5.8-1.fc22 94 https://bodhi.fedoraproject.org/updates/FEDORA-2015-48f718ed1b vim-7.4.909-1.fc22 80 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 80 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 34 https://bodhi.fedoraproject.org/updates/FEDORA-2016-46b611abb8 httpd-2.4.18-1.fc22 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-825869e1a4 selinux-policy-3.13.1-128.25.fc22 15 https://bodhi.fedoraproject.org/updates/FEDORA-2016-196966efc2 spatialite-tools-4.2.0-19.fc22 sqlite-3.10.2-1.fc22 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3c0b37e056 imlib2-1.4.7-1.fc22 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b8e5e8781 dnsmasq-2.75-3.fc22 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6427e041df libgdata-0.17.4-2.fc22 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-35492207cb krb5-1.13.2-13.fc22 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c57c232c0 xulrunner-44.0-1.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-21424484be pixman-0.34.0-1.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-16a5625f33 kernel-4.3.5-200.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9e8671afca gammaray-2.4.0-1.fc22 qt-4.8.7-4.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d5fbc3b7eb gnutls-3.3.21-1.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d3fce30d64 mobile-broadband-provider-info-1.20151214-1.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7902115967 linux-firmware-20160204-61.git91d5dd13.fc22 The following builds have been pushed to Fedora 22 updates-testing caja-1.12.2-3.fc22 cdsclient-3.81-1.fc22 etherape-0.9.14-1.fc22 freeciv-2.5.3-1.fc22 gnome-chemistry-utils-0.14.10-11.fc22 gnumeric-1.12.27-1.fc22 goffice-0.10.27-1.fc22 hylafax+-5.5.8-1.fc22 mate-themes-3.16.0-1.fc22 memkind-0.3.0-5.fc22 mingw-curl-7.47.0-1.fc22 mingw-libpng-1.6.21-1.fc22 mingw-libxml2-2.9.3-1.fc22 mingw-pcre-8.38-1.fc22 mintmenu-5.6.5-3.fc22 nex-20151213-1.fc22 perl-Path-Tiny-0.076-1.fc22 python-astropy-helpers-1.1.1-1.fc22 python-pika-0.10.0-3.fc22 simdock-1.4-0.20160207git.fc22 usbguard-0.4-4.fc22 Details about builds: ================================================================================ caja-1.12.2-3.fc22 (FEDORA-2016-a12ed630fa) File manager for MATE -------------------------------------------------------------------------------- Update Information: - try fix rhbz (#1291540) -------------------------------------------------------------------------------- ================================================================================ cdsclient-3.81-1.fc22 (FEDORA-2016-82827bcc59) Tools to query databases at CDS -------------------------------------------------------------------------------- Update Information: Upgrade to 3.81 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1304909 - cdsclient-3.81 is available https://bugzilla.redhat.com/show_bug.cgi?id=1304909 -------------------------------------------------------------------------------- ================================================================================ etherape-0.9.14-1.fc22 (FEDORA-2016-4b656e1eaa) Graphical network monitor for Unix -------------------------------------------------------------------------------- Update Information: Latest upstream. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1305314 - etherape-0.9.14 is available https://bugzilla.redhat.com/show_bug.cgi?id=1305314 -------------------------------------------------------------------------------- ================================================================================ freeciv-2.5.3-1.fc22 (FEDORA-2016-7d946d3147) A multi-player strategy game -------------------------------------------------------------------------------- Update Information: Latest upstream. -------------------------------------------------------------------------------- ================================================================================ gnome-chemistry-utils-0.14.10-11.fc22 (FEDORA-2016-8cb8ec7c6f) A set of chemical utilities -------------------------------------------------------------------------------- Update Information: This is an update to the latest upstream releases of gnumeric and goffice: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.27.html ---- This update fixes a crash in gchemtable -------------------------------------------------------------------------------- References: [ 1 ] Bug #1302135 - [abrt] gchemtable: gcu::Dialog::SetRealName(): gchemtable-0.14 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1302135 -------------------------------------------------------------------------------- ================================================================================ gnumeric-1.12.27-1.fc22 (FEDORA-2016-8cb8ec7c6f) Spreadsheet program for GNOME -------------------------------------------------------------------------------- Update Information: This is an update to the latest upstream releases of gnumeric and goffice: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.27.html ---- This update fixes a crash in gchemtable -------------------------------------------------------------------------------- References: [ 1 ] Bug #1302135 - [abrt] gchemtable: gcu::Dialog::SetRealName(): gchemtable-0.14 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1302135 -------------------------------------------------------------------------------- ================================================================================ goffice-0.10.27-1.fc22 (FEDORA-2016-8cb8ec7c6f) G Office support libraries -------------------------------------------------------------------------------- Update Information: This is an update to the latest upstream releases of gnumeric and goffice: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.27.html ---- This update fixes a crash in gchemtable -------------------------------------------------------------------------------- References: [ 1 ] Bug #1302135 - [abrt] gchemtable: gcu::Dialog::SetRealName(): gchemtable-0.14 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1302135 -------------------------------------------------------------------------------- ================================================================================ hylafax+-5.5.8-1.fc22 (FEDORA-2016-289c939bb8) An enterprise-strength fax server -------------------------------------------------------------------------------- Update Information: Update to 5.5.8. -------------------------------------------------------------------------------- ================================================================================ mate-themes-3.16.0-1.fc22 (FEDORA-2016-cd1614bf3f) MATE Desktop themes -------------------------------------------------------------------------------- Update Information: use gtk+3 version schema -------------------------------------------------------------------------------- ================================================================================ memkind-0.3.0-5.fc22 (FEDORA-2016-5d051ab43b) User Extensible Heap Manager -------------------------------------------------------------------------------- Update Information: Fix rpmlint error dir-or-file-in-var-run for /var/run/memkind -------------------------------------------------------------------------------- References: [ 1 ] Bug #1305359 - Fix rpmlint error dir-or-file-in-var-run for /var/run/memkind https://bugzilla.redhat.com/show_bug.cgi?id=1305359 -------------------------------------------------------------------------------- ================================================================================ mingw-curl-7.47.0-1.fc22 (FEDORA-2016-5a141de5d9) MinGW Windows port of curl and libcurl -------------------------------------------------------------------------------- Update Information: Update to 7.47.0 which fixes various CVE's -------------------------------------------------------------------------------- References: [ 1 ] Bug #1302264 - CVE-2016-0755 mingw-curl: curl: NTLM credentials not-checked for proxy connection re-use [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1302264 -------------------------------------------------------------------------------- ================================================================================ mingw-libpng-1.6.21-1.fc22 (FEDORA-2016-43735c33a7) MinGW Windows Libpng library -------------------------------------------------------------------------------- Update Information: Update to 1.6.21 which fixes various CVE's -------------------------------------------------------------------------------- References: [ 1 ] Bug #1281760 - CVE-2015-8126 mingw-libpng: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1281760 -------------------------------------------------------------------------------- ================================================================================ mingw-libxml2-2.9.3-1.fc22 (FEDORA-2016-a9ee80b01d) MinGW Windows libxml2 XML processing library -------------------------------------------------------------------------------- Update Information: Update to 2.9.3 which fixes various CVE's -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262853 - mingw-libxml2: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1262853 [ 2 ] Bug #1274225 - CVE-2015-7941 mingw-libxml2: libxml2: Out-of-bounds memory access [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1274225 [ 3 ] Bug #1276299 - CVE-2015-7942 mingw-libxml2: libxml2: heap-based buffer overflow in xmlParseConditionalSections() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1276299 [ 4 ] Bug #1277149 - CVE-2015-8035 mingw-libxml2: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1277149 [ 5 ] Bug #1281952 - mingw-libxml2: libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1281952 -------------------------------------------------------------------------------- ================================================================================ mingw-pcre-8.38-1.fc22 (FEDORA-2016-f59a8ff5d0) MinGW Windows pcre library -------------------------------------------------------------------------------- Update Information: Update to 8.38 and fix various CVE's -------------------------------------------------------------------------------- References: [ 1 ] Bug #1236660 - CVE-2015-3210 mingw-pcre: pcre: heap buffer overflow in pcre_compile2() / compile_regex() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1236660 [ 2 ] Bug #1237225 - CVE-2015-5073 mingw-pcre: pcre: heap buffer overflow in find_fixedlength() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1237225 [ 3 ] Bug #1249905 - mingw-pcre: php: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1249905 [ 4 ] Bug #1250947 - mingw-pcre: pcre: heap buffer overflow with a crafted regular expression [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1250947 [ 5 ] Bug #1256453 - mingw-pcre: pcre: Heap Overflow in compile_regex() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1256453 [ 6 ] Bug #1287616 - CVE-2015-8383 mingw-pcre: pcre: Buffer overflow caused by repeated conditional group [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287616 [ 7 ] Bug #1287626 - CVE-2015-8384 mingw-pcre: pcre: Buffer overflow caused by recursive back reference by name within certain group [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287626 [ 8 ] Bug #1287631 - CVE-2015-8385 mingw-pcre: pcre: Buffer overflow caused by forward reference by name to certain group [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287631 [ 9 ] Bug #1287640 - CVE-2015-8386 mingw-pcre: pcre: Buffer overflow caused by lookbehind assertion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287640 [ 10 ] Bug #1287648 - CVE-2015-8387 mingw-pcre: pcre: Integer overflow in subroutine calls [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287648 [ 11 ] Bug #1287656 - CVE-2015-8388 mingw-pcre: pcre: Buffer overflow caused by certain patterns with an unmatched closing parenthesis [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287656 [ 12 ] Bug #1287661 - CVE-2015-8389 mingw-pcre: pcre: Infinite recursion in JIT compiler when processing certain patterns [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287661 [ 13 ] Bug #1287668 - CVE-2015-8390 mingw-pcre: pcre: Reading from uninitialized memory when processing certain patterns [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287668 [ 14 ] Bug #1287673 - CVE-2015-8391 mingw-pcre: pcre: Some pathological patterns causes pcre_compile() to run for a very long time [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287673 [ 15 ] Bug #1287692 - CVE-2015-8392 mingw-pcre: pcre: Buffer overflow caused by certain patterns with duplicated named groups [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287692 [ 16 ] Bug #1287698 - CVE-2015-8393 mingw-pcre: pcre: Information leak when running pcgrep -q on crafted binary [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287698 [ 17 ] Bug #1287704 - CVE-2015-8394 mingw-pcre: pcre: Integer overflow caused by missing check for certain conditions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287704 [ 18 ] Bug #1287720 - CVE-2015-8395 mingw-pcre: pcre: Buffer overflow caused by certain references [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287720 -------------------------------------------------------------------------------- ================================================================================ mintmenu-5.6.5-3.fc22 (FEDORA-2016-bc4c4ecb1f) Advanced Menu for the MATE Desktop -------------------------------------------------------------------------------- Update Information: - fix rhbz (#1302737) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1302737 - [abrt] mintmenu: mintMenuConfig.py:393:getHeadingColor:TypeError: Gtk.ColorButton.get_color() takes exactly 1 argument (2 given) https://bugzilla.redhat.com/show_bug.cgi?id=1302737 -------------------------------------------------------------------------------- ================================================================================ nex-20151213-1.fc22 (FEDORA-2016-84a70612fe) A lexer generator for Go that is similar to Lex/Flex -------------------------------------------------------------------------------- Update Information: Update to 20151213 -------------------------------------------------------------------------------- ================================================================================ perl-Path-Tiny-0.076-1.fc22 (FEDORA-2016-b3e35eb5d4) File path utility -------------------------------------------------------------------------------- Update Information: This is a cumulative bugfix and enhancement release, the latest from upstream. There should be no backwards compatibility issues. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1305293 - perl-Path-Tiny: please update package in epel7, f22, f23 branches https://bugzilla.redhat.com/show_bug.cgi?id=1305293 -------------------------------------------------------------------------------- ================================================================================ python-astropy-helpers-1.1.1-1.fc22 (FEDORA-2016-4622161117) Utilities for building and installing Astropy and Astropy affiliated packages -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1297234 - Review Request: python-astropy-helpers - Utilities for building and installing Astropy and Astropy affiliated packages https://bugzilla.redhat.com/show_bug.cgi?id=1297234 -------------------------------------------------------------------------------- ================================================================================ python-pika-0.10.0-3.fc22 (FEDORA-2016-c6705ca3f2) AMQP 0-9-1 client library for Python -------------------------------------------------------------------------------- Update Information: Update to latest upstream stable release (0.10.0), add Python 3 subpackage -------------------------------------------------------------------------------- References: [ 1 ] Bug #1244505 - python-pika 0.10.0 is available (python 3.3+ support added!) https://bugzilla.redhat.com/show_bug.cgi?id=1244505 -------------------------------------------------------------------------------- ================================================================================ simdock-1.4-0.20160207git.fc22 (FEDORA-2016-c0be1ecb64) Fast and customizable dockbar -------------------------------------------------------------------------------- Update Information: Update to latest simdock sources from github. Seems to work fine under KDE and Openbox, -------------------------------------------------------------------------------- References: [ 1 ] Bug #1125872 - [abrt] simdock: handle_error(): simdock killed by SIGTRAP https://bugzilla.redhat.com/show_bug.cgi?id=1125872 [ 2 ] Bug #1018562 - [abrt] simdock-1.2.6-1.20130128git.fc19: main_arena: Process /usr/bin/simdock was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=1018562 -------------------------------------------------------------------------------- ================================================================================ usbguard-0.4-4.fc22 (FEDORA-2016-e1e0076908) A tool for implementing USB device usage policy -------------------------------------------------------------------------------- Update Information: * update to usbguard-0.4 * WARNING: incompatible changes, see the release notes at https://github.com/dkopecek/usbguard/releases/tag/v0.4 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
