The following Fedora 22 Security updates need testing: Age URL 320 https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878 echoping-6.1-0.beta.r434svn.1.fc22 269 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185 ceph-deploy-1.5.25-1.fc22 201 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781 python-kdcproxy-0.3.2-1.fc22 156 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22 149 https://bodhi.fedoraproject.org/updates/FEDORA-2015-05490fc42d squid-3.4.13-3.fc22 144 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf openstack-swift-2.2.0-6.fc22 113 https://bodhi.fedoraproject.org/updates/FEDORA-2015-0552500cd7 python-pygments-2.0.2-3.fc22 113 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d miniupnpc-1.9-6.fc22 96 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 96 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 78 https://bodhi.fedoraproject.org/updates/FEDORA-2015-3a5cebb105 ImageMagick-6.9.2.7-1.fc22 68 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6efa349a85 subversion-1.8.15-1.fc22 63 https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22 37 https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0 thttpd-2.25b-37.fc22 31 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1323b9078a bind99-9.9.8-2.P3.fc22 25 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c57c232c0 xulrunner-44.0-1.fc22 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-560802e52b xdelta-3.0.7-7.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3a2606f993 rubygem-rails-html-sanitizer-1.0.1-2.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cb30088b06 rubygem-activesupport-4.2.0-4.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fa0dec2360 rubygem-actionview-4.2.0-3.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-94e71ee673 rubygem-activemodel-4.2.0-2.fc22 rubygem-actionpack-4.2.0-3.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-73fe05d878 rubygem-activerecord-4.2.0-2.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0609474cf6 389-ds-base-1.3.4.8-1.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5cb344dd7e community-mysql-5.6.29-1.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e21be93421 gummi-0.6.6-1.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-868c170507 mariadb-10.0.23-1.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1c08d77b96 qt-creator-3.6.0-6.fc22 qca-2.1.1-4.fc22 code-editor-2.8.1-13.fc22 monotone-1.1-13.fc22 botan-1.10.12-1.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c97f297cd6 hamster-time-tracker-2.0-0.3.rc1.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-be042f7e6f qemu-2.3.1-12.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a25ee90150 graphite2-1.3.5-1.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-24d134e494 mingw-nsis-2.50-1.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-962c0d156d libreoffice-4.4.7.2-3.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6a006e78d9 thunderbird-38.6.0-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b20c4ec9d pcs-0.9.149-2.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e7162262b0 kernel-4.3.6-201.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7942ee2cc5 libssh2-1.5.0-2.fc22 The following Fedora 22 Critical Path updates have yet to be approved: Age URL 195 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22 113 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f libgphoto2-2.5.8-1.fc22 110 https://bodhi.fedoraproject.org/updates/FEDORA-2015-48f718ed1b vim-7.4.909-1.fc22 96 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 96 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 50 https://bodhi.fedoraproject.org/updates/FEDORA-2016-46b611abb8 httpd-2.4.18-1.fc22 25 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c57c232c0 xulrunner-44.0-1.fc22 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d3fce30d64 mobile-broadband-provider-info-1.20151214-1.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1ec4dabbd5 pcre-8.38-2.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0a3cd0a405 enca-1.18-1.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2e3261008b htdig-3.2.0-0.21.b6.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-72a831c739 libical-1.0.1-3.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bdc07e5732 kde-runtime-15.12.2-1.fc22 kdelibs-4.14.17-1.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d25f4327b1 kdepim-4.14.10-10.fc22 kdepim-runtime-4.14.10-6.fc22 kdepimlibs-4.14.10-8.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c865c44c3d breeze-icon-theme-5.19.0-1.fc22 extra-cmake-modules-5.19.0-1.fc22 kf5-5.19.0-1.fc22 kf5-attica-5.19.0-1.fc22 kf5-baloo-5.19.0-1.fc22 kf5-bluez-qt-5.19.0-1.fc22 kf5-frameworkintegration-5.19.0-1.fc22 kf5-kactivities-5.19.0-1.fc22 kf5-kapidox-5.19.0-1.fc22 kf5-karchive-5.19.0-1.fc22 kf5-kauth-5.19.0-1.fc22 kf5-kbookmarks-5.19.0-1.fc22 kf5-kcmutils-5.19.0-1.fc22 kf5-kcodecs-5.19.0-1.fc22 kf5-kcompletion-5.19.0-1.fc22 kf5-kconfig-5.19.0-1.fc22 kf5-kconfigwidgets-5.19.0-1.fc22 kf5-kcoreaddons-5.19.0-1.fc22 kf5-kcrash-5.19.0-1.fc22 kf5-kdbusaddons-5.19.0-1.fc22 kf5-kdeclarative-5.19.0-2.fc22 kf5-kded-5.19.0-1.fc22 kf5-kdelibs4support-5.19.0-1.fc22 kf5-kdesignerplugin-5.19.0-1.fc22 kf5-kdesu-5.19.0-1.fc22 kf5-kdewebkit-5.19.0-1.fc22 kf5-kdnssd-5.19.0-1.fc22 kf5-kdoctools-5.19.0-1.fc22 kf5-kemoticons-5.19.0-1.fc22 kf5-kfilemetadata-5.19.0-1.fc22 kf5-kglobalaccel-5.19.0-1.fc22 kf5-kguiaddons-5.19.0-1.fc22 kf5-khtml -5.19.0- 1.fc22 kf5-ki18n-5.19.0-1.fc22 kf5-kiconthemes-5.19.0-1.fc22 kf5-kidletime-5.19.0-1.fc22 kf5-kimageformats-5.19.0-1.fc22 kf5-kinit-5.19.0-1.fc22 kf5-kio-5.19.0-1.fc22 kf5-kitemmodels-5.19.0-1.fc22 kf5-kitemviews-5.19.0-1.fc22 kf5-kjobwidgets-5.19.0-1.fc22 kf5-kjs-5.19.0-1.fc22 kf5-kjsembed-5.19.0-1.fc22 kf5-kmediaplayer-5.19.0-1.fc22 kf5-knewstuff-5.19.0-1.fc22 kf5-knotifications-5.19.0-1.fc22 kf5-knotifyconfig-5.19.0-1.fc22 kf5-kpackage-5.19.0-1.fc22 kf5-kparts-5.19.0-1.fc22 kf5-kpeople-5.19.0-1.fc22 kf5-kplotting-5.19.0-1.fc22 kf5-kpty-5.19.0-1.fc22 kf5-kross-5.19.0-1.fc22 kf5-krunner-5.19.0-1.fc22 kf5-kservice-5.19.0-1.fc22 kf5-ktexteditor-5.19.0-1.fc22 kf5-ktextwidgets-5.19.0-1.fc22 kf5-kunitconversion-5.19.0-1.fc22 kf5-kwallet-5.19.0-1.fc22 kf5-kwidgetsaddons-5.19.0-1.fc22 kf5-kwindowsystem-5.19.0-1.fc22 kf5-kxmlgui-5.19.0-1.fc22 kf5-kxmlrpcclient-5.19.0-1.fc22 kf5-modemmanager-qt-5.19.0-1.fc22 kf5-networkmanager-qt-5.19.0-1.fc22 kf5-plasma-5.19.0-2.fc22 kf5-solid-5.19. 0-1.fc22 kf5-sonnet-5.19.0-1.fc22 kf5-threadweaver-5.19.0-1.fc22 oxygen-icon-theme-5.19.0-3.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5ec3bf7e66 glibc-2.21-12.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ed3e59d122 gnutls-3.3.21-2.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6a006e78d9 thunderbird-38.6.0-1.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c4618aa80c hwdata-0.286-1.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ce419c9cab selinux-policy-3.13.1-128.28.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0ac4553914 gvfs-1.24.3-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7942ee2cc5 libssh2-1.5.0-2.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e7162262b0 kernel-4.3.6-201.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-636c7a6056 gamin-0.1.10-22.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-68edd6f2d9 gnupg2-2.1.11-1.fc22 The following builds have been pushed to Fedora 22 updates-testing ardour4-4.7.0-1.fc22 cherrytree-0.36.5-1.fc22 gamin-0.1.10-22.fc22 gdouros-avdira-fonts-6.31-1.fc22 gitolite3-3.6.5-2.fc22 gvfs-1.24.3-1.fc22 kernel-4.3.6-201.fc22 libssh2-1.5.0-2.fc22 libusbx-1.0.21-0.1.git448584a.fc22 mock-1.2.15-1.fc22 pam_yubico-2.21-1.fc22 pcs-0.9.149-2.fc22 php-pdepend-PHP-Depend-2.2.3-1.fc22 pki-core-10.2.6-11.fc22 pngquant-2.6.0-1.fc22 qutebrowser-0.5.1-1.fc22 sipp-3.5.0-3.fc22 wine-1.9.4-1.fc22 wxGTK3-3.0.2-14.fc22 Details about builds: ================================================================================ ardour4-4.7.0-1.fc22 (FEDORA-2016-8467972595) Digital Audio Workstation -------------------------------------------------------------------------------- Update Information: New upstream bugfix and enhancement release. For details refer to the [upstream release announcement](https://community.ardour.org/node/13365). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1289349 - ardour4 startup script needs nm command from binutils https://bugzilla.redhat.com/show_bug.cgi?id=1289349 -------------------------------------------------------------------------------- ================================================================================ cherrytree-0.36.5-1.fc22 (FEDORA-2016-9a6e5a136e) Hierarchical note taking application -------------------------------------------------------------------------------- Update Information: update to 0.36.5 ---- Update to 0.36.4 ---- update to cherrytree 0.36.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1309140 - cherrytree-0.36.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1309140 [ 2 ] Bug #1160249 - cherrytree-0.36.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1160249 [ 3 ] Bug #1301941 - cherrytree-0.36.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1301941 -------------------------------------------------------------------------------- ================================================================================ gamin-0.1.10-22.fc22 (FEDORA-2016-636c7a6056) Library providing the FAM File Alteration Monitor API -------------------------------------------------------------------------------- Update Information: Pull in slightly different upstream fix to avoid a possible deadlock condition. -------------------------------------------------------------------------------- References: [ 1 ] Bug #917848 - gam_server deadlocks, leading to all KDE applications hanging https://bugzilla.redhat.com/show_bug.cgi?id=917848 -------------------------------------------------------------------------------- ================================================================================ gdouros-avdira-fonts-6.31-1.fc22 (FEDORA-2016-d981c6d9b2) A font based on elements created by Demetrios Damilas (late 15th c.) -------------------------------------------------------------------------------- Update Information: First release -------------------------------------------------------------------------------- ================================================================================ gitolite3-3.6.5-2.fc22 (FEDORA-2016-c847dc7ca5) Highly flexible server for git directory version tracker -------------------------------------------------------------------------------- Update Information: Latest upstream. -------------------------------------------------------------------------------- ================================================================================ gvfs-1.24.3-1.fc22 (FEDORA-2016-0ac4553914) Backends for the gio framework in GLib -------------------------------------------------------------------------------- Update Information: Update to 1.24.3 -------------------------------------------------------------------------------- ================================================================================ kernel-4.3.6-201.fc22 (FEDORA-2016-e7162262b0) The Linux kernel -------------------------------------------------------------------------------- Update Information: Update to the latest upstream stable release, Linux v4.3.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1305803 - CVE-2016-0617 kernel: hugetlbfs: fix bugs in hugetlb_vmtruncate_list() https://bugzilla.redhat.com/show_bug.cgi?id=1305803 [ 2 ] Bug #1308444 - CVE-2016-2384 kernel: double-free in usb-audio triggered by invalid USB descriptor https://bugzilla.redhat.com/show_bug.cgi?id=1308444 [ 3 ] Bug #1308452 - CVE-2016-2383 kernel: incorrect branch fixups for eBPG allow arbitrary read https://bugzilla.redhat.com/show_bug.cgi?id=1308452 [ 4 ] Bug #1303532 - CVE-2015-8812 kernel: CXGB3: Logic bug in return code handling prematurely frees key structures causing Use after free or kernel panic. https://bugzilla.redhat.com/show_bug.cgi?id=1303532 -------------------------------------------------------------------------------- ================================================================================ libssh2-1.5.0-2.fc22 (FEDORA-2016-7942ee2cc5) A library implementing the SSH2 protocol -------------------------------------------------------------------------------- Update Information: During the SSHv2 handshake when libssh2 is to get a suitable value for 'group order' in the Diffle Hellman negotiation, it would pass in number of bytes to a function that expected number of bits. This would result in the library generating numbers using only an 8th the number of random bits than what were intended: 128 or 256 bits instead of 1023 or 2047 Using such drastically reduced amount of random bits for Diffie Hellman weakened the handshake security significantly. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2016-0787 to this issue. -------------------------------------------------------------------------------- ================================================================================ libusbx-1.0.21-0.1.git448584a.fc22 (FEDORA-2016-687b4b59d0) Library for accessing USB devices -------------------------------------------------------------------------------- Update Information: - Update to a pre 1.0.21 git snapshot to bring in libusb_interrupt_event_handler which chromium needs -------------------------------------------------------------------------------- References: [ 1 ] Bug #1270324 - Chromium needs libusb_interrupt_handle_event exposed https://bugzilla.redhat.com/show_bug.cgi?id=1270324 -------------------------------------------------------------------------------- ================================================================================ mock-1.2.15-1.fc22 (FEDORA-2016-0c713976fa) Builds packages inside chroots -------------------------------------------------------------------------------- Update Information: - ccache plugin disabled by default - F21 configs removed - F24 configs added - read user config from ~/.config/mock.cfg too -------------------------------------------------------------------------------- References: [ 1 ] Bug #1294979 - [abrt] mock: shutil.py:420:_rmtree_safe_fd:PermissionError: [Errno 13] Permission denied: 'nosync.so' https://bugzilla.redhat.com/show_bug.cgi?id=1294979 [ 2 ] Bug #1264215 - python-dnf-plugins-extras-local together with mock can be dangerous https://bugzilla.redhat.com/show_bug.cgi?id=1264215 [ 3 ] Bug #1285630 - typo in site-defaults.cfg https://bugzilla.redhat.com/show_bug.cgi?id=1285630 -------------------------------------------------------------------------------- ================================================================================ pam_yubico-2.21-1.fc22 (FEDORA-2016-0bff277a42) A Pluggable Authentication Module for yubikeys -------------------------------------------------------------------------------- Update Information: update to 2.21 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1265220 - pam_yubico-2.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1265220 -------------------------------------------------------------------------------- ================================================================================ pcs-0.9.149-2.fc22 (FEDORA-2016-3b20c4ec9d) Pacemaker Configuration System -------------------------------------------------------------------------------- Update Information: Added missing python-lxml dependency ---- * Re-synced to upstream sources * Security fix for CVE-2016-0720, CVE-2016-0721 * Rubygems built with RELRO * Spec file cleanup * Fixed multilib .pyc/.pyo issue -------------------------------------------------------------------------------- References: [ 1 ] Bug #1299615 - CVE-2016-0721 pcs: cookies are not invalidated upon logout https://bugzilla.redhat.com/show_bug.cgi?id=1299615 [ 2 ] Bug #1299614 - CVE-2016-0720 pcs: Cross-Site Request Forgery in web UI https://bugzilla.redhat.com/show_bug.cgi?id=1299614 -------------------------------------------------------------------------------- ================================================================================ php-pdepend-PHP-Depend-2.2.3-1.fc22 (FEDORA-2016-738e464d53) PHP_Depend design quality metrics for PHP package -------------------------------------------------------------------------------- Update Information: **pdepend-2.2.3** (2016/02/22) This release includes several pending pull requests from GitHub. Beside that this release adds support for complex expressions in property, constant and parameter declarations, introduced with PHP 5.6. - Fixed #226: Fixed division by zero issue. Fixed in commit #fb46614. - Fixed #227: Fix support to files filters. Fixed in commit #4e150db. - Fixed #230: Fix handling cygwin home folder location. Fixed in commit #126c38a. - Implemented #221: Add --quiet option. Implemented in commit #9a710f7. - Implemented #236: Switch to PSR-4 for autoloading Implemented in commit #57b54bd. - Implemented #238: Unexpected token errors for 5.6 "constant expression" initializers. Implemented in commit #0087c94. -------------------------------------------------------------------------------- ================================================================================ pki-core-10.2.6-11.fc22 (FEDORA-2016-40144ea6d6) Certificate System - PKI Core Components -------------------------------------------------------------------------------- Update Information: PKI TRAC Tickets #1714, 456, 1681, 1682, 2040 ---- PKI TRAC Ticket #1700,1702 -------------------------------------------------------------------------------- ================================================================================ pngquant-2.6.0-1.fc22 (FEDORA-2016-80df402c5b) PNG quantization tool for reducing image file size -------------------------------------------------------------------------------- Update Information: Update to 2.6.0 (#1310413) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1310413 - pngquant-2.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1310413 -------------------------------------------------------------------------------- ================================================================================ qutebrowser-0.5.1-1.fc22 (FEDORA-2016-2833a7301d) A keyboard-driven, vim-like browser based on PyQt5 and QtWebKit -------------------------------------------------------------------------------- Update Information: First update of the package. -------------------------------------------------------------------------------- ================================================================================ sipp-3.5.0-3.fc22 (FEDORA-2016-868982b551) SIP test tool / traffic generator -------------------------------------------------------------------------------- Update Information: - Fix qop parameter in auth Digest. ---- * Ver. 3.5.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1306382 - epel7 sipp-3.4.1 FTBFS on aarch64 https://bugzilla.redhat.com/show_bug.cgi?id=1306382 -------------------------------------------------------------------------------- ================================================================================ wine-1.9.4-1.fc22 (FEDORA-2016-a8efc87a9a) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information: Support for color glyphs and font fallbacks in DirectWrite. Improvements to the WebServices reader. Support for more formats in Direct3D 11. Simplified syntax and clean up of tests marked todo. Various bug fixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1310285 - wine-1.9.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1310285 -------------------------------------------------------------------------------- ================================================================================ wxGTK3-3.0.2-14.fc22 (FEDORA-2016-411d4e13ac) GTK port of the wxWidgets GUI library -------------------------------------------------------------------------------- Update Information: Removes python bytecode from devel file (fixes #1294712) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1294712 - conflict between wxGTK3-devel-3.0.2-11.fc23.i686.rpm and wxGTK3-devel-3.0.2-11.fc23.x86_64 https://bugzilla.redhat.com/show_bug.cgi?id=1294712 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
