The following Fedora 22 Security updates need testing: Age URL 326 https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878 echoping-6.1-0.beta.r434svn.1.fc22 275 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185 ceph-deploy-1.5.25-1.fc22 208 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781 python-kdcproxy-0.3.2-1.fc22 162 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22 156 https://bodhi.fedoraproject.org/updates/FEDORA-2015-05490fc42d squid-3.4.13-3.fc22 150 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf openstack-swift-2.2.0-6.fc22 120 https://bodhi.fedoraproject.org/updates/FEDORA-2015-0552500cd7 python-pygments-2.0.2-3.fc22 120 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d miniupnpc-1.9-6.fc22 102 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 102 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 84 https://bodhi.fedoraproject.org/updates/FEDORA-2015-3a5cebb105 ImageMagick-6.9.2.7-1.fc22 69 https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22 43 https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0 thttpd-2.25b-37.fc22 31 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c57c232c0 xulrunner-44.0-1.fc22 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-560802e52b xdelta-3.0.7-7.fc22 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0609474cf6 389-ds-base-1.3.4.8-1.fc22 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5cb344dd7e community-mysql-5.6.29-1.fc22 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e21be93421 gummi-0.6.6-1.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-868c170507 mariadb-10.0.23-1.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-24d134e494 mingw-nsis-2.50-1.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b20c4ec9d pcs-0.9.149-2.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7942ee2cc5 libssh2-1.5.0-2.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-dc9e8da03c libssh-0.7.3-1.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-266406ab92 drupal6-6.38-1.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-45d4920315 drupal7-7.43-1.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ffffab2aa9 libmodbus-3.0.6-1.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f8121efdac xen-4.5.2-8.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a5ac00e07c kernel-4.4.3-200.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b19c75d748 tomcat-7.0.68-2.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f5af8e27ce pcre-8.38-3.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-338a7e9925 graphite2-1.3.6-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ff39572e31 exiv2-0.24-5.fc22 The following Fedora 22 Critical Path updates have yet to be approved: Age URL 201 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22 120 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f libgphoto2-2.5.8-1.fc22 116 https://bodhi.fedoraproject.org/updates/FEDORA-2015-48f718ed1b vim-7.4.909-1.fc22 102 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 102 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 56 https://bodhi.fedoraproject.org/updates/FEDORA-2016-46b611abb8 httpd-2.4.18-1.fc22 31 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c57c232c0 xulrunner-44.0-1.fc22 26 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d3fce30d64 mobile-broadband-provider-info-1.20151214-1.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2e3261008b htdig-3.2.0-0.21.b6.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bdc07e5732 kde-runtime-15.12.2-1.fc22 kdelibs-4.14.17-1.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d25f4327b1 kdepim-4.14.10-10.fc22 kdepim-runtime-4.14.10-6.fc22 kdepimlibs-4.14.10-8.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c865c44c3d breeze-icon-theme-5.19.0-1.fc22 extra-cmake-modules-5.19.0-1.fc22 kf5-5.19.0-1.fc22 kf5-attica-5.19.0-1.fc22 kf5-baloo-5.19.0-1.fc22 kf5-bluez-qt-5.19.0-1.fc22 kf5-frameworkintegration-5.19.0-1.fc22 kf5-kactivities-5.19.0-1.fc22 kf5-kapidox-5.19.0-1.fc22 kf5-karchive-5.19.0-1.fc22 kf5-kauth-5.19.0-1.fc22 kf5-kbookmarks-5.19.0-1.fc22 kf5-kcmutils-5.19.0-1.fc22 kf5-kcodecs-5.19.0-1.fc22 kf5-kcompletion-5.19.0-1.fc22 kf5-kconfig-5.19.0-1.fc22 kf5-kconfigwidgets-5.19.0-1.fc22 kf5-kcoreaddons-5.19.0-1.fc22 kf5-kcrash-5.19.0-1.fc22 kf5-kdbusaddons-5.19.0-1.fc22 kf5-kdeclarative-5.19.0-2.fc22 kf5-kded-5.19.0-1.fc22 kf5-kdelibs4support-5.19.0-1.fc22 kf5-kdesignerplugin-5.19.0-1.fc22 kf5-kdesu-5.19.0-1.fc22 kf5-kdewebkit-5.19.0-1.fc22 kf5-kdnssd-5.19.0-1.fc22 kf5-kdoctools-5.19.0-1.fc22 kf5-kemoticons-5.19.0-1.fc22 kf5-kfilemetadata-5.19.0-1.fc22 kf5-kglobalaccel-5.19.0-1.fc22 kf5-kguiaddons-5.19.0-1.fc22 kf5-khtml -5.19.0- 1.fc22 kf5-ki18n-5.19.0-1.fc22 kf5-kiconthemes-5.19.0-1.fc22 kf5-kidletime-5.19.0-1.fc22 kf5-kimageformats-5.19.0-1.fc22 kf5-kinit-5.19.0-1.fc22 kf5-kio-5.19.0-1.fc22 kf5-kitemmodels-5.19.0-1.fc22 kf5-kitemviews-5.19.0-1.fc22 kf5-kjobwidgets-5.19.0-1.fc22 kf5-kjs-5.19.0-1.fc22 kf5-kjsembed-5.19.0-1.fc22 kf5-kmediaplayer-5.19.0-1.fc22 kf5-knewstuff-5.19.0-1.fc22 kf5-knotifications-5.19.0-1.fc22 kf5-knotifyconfig-5.19.0-1.fc22 kf5-kpackage-5.19.0-1.fc22 kf5-kparts-5.19.0-1.fc22 kf5-kpeople-5.19.0-1.fc22 kf5-kplotting-5.19.0-1.fc22 kf5-kpty-5.19.0-1.fc22 kf5-kross-5.19.0-1.fc22 kf5-krunner-5.19.0-1.fc22 kf5-kservice-5.19.0-1.fc22 kf5-ktexteditor-5.19.0-1.fc22 kf5-ktextwidgets-5.19.0-1.fc22 kf5-kunitconversion-5.19.0-1.fc22 kf5-kwallet-5.19.0-1.fc22 kf5-kwidgetsaddons-5.19.0-1.fc22 kf5-kwindowsystem-5.19.0-1.fc22 kf5-kxmlgui-5.19.0-1.fc22 kf5-kxmlrpcclient-5.19.0-1.fc22 kf5-modemmanager-qt-5.19.0-1.fc22 kf5-networkmanager-qt-5.19.0-1.fc22 kf5-plasma-5.19.0-2.fc22 kf5-solid-5.19. 0-1.fc22 kf5-sonnet-5.19.0-1.fc22 kf5-threadweaver-5.19.0-1.fc22 oxygen-icon-theme-5.19.0-3.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ce419c9cab selinux-policy-3.13.1-128.28.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0ac4553914 gvfs-1.24.3-1.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7942ee2cc5 libssh2-1.5.0-2.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-636c7a6056 gamin-0.1.10-22.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-dc9e8da03c libssh-0.7.3-1.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a5317e8cfe thunderbird-38.6.0-3.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b37af739e7 spatialite-tools-4.2.0-20.fc22 sqlite-3.11.0-2.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a5ac00e07c kernel-4.4.3-200.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ff39572e31 exiv2-0.24-5.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b03252507 rpm-4.12.0.1-16.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f5af8e27ce pcre-8.38-3.fc22 The following builds have been pushed to Fedora 22 updates-testing 3dprinter-udev-rules-0.1-1.fc22 bugyou_plugins-0.1-1.fc22 cherrytree-0.36.6-1.fc22 djview4-4.10.6-1.fc22 exiv2-0.24-5.fc22 gkrellm-2.3.6-0.1.rc1.git20160226.fc22 gkrellm-sun-1.0.0-20.fc22 graphite2-1.3.6-1.fc22 lilypond-2.19.37-1.fc22 lilypond-doc-2.19.37-1.fc22 nacl-arm-newlib-2.1.0-3.git373135e.fc22 oz-0.15.0-1.fc22 pcre-8.38-3.fc22 perl-App-a2p-1.007-6.fc22 python-behave-1.2.5-9.fc22 python-zanata2fedmsg-0.2-1.fc22 rpm-4.12.0.1-16.fc22 transmission-2.90-1.fc22 yad-0.34.2-1.fc22 Details about builds: ================================================================================ 3dprinter-udev-rules-0.1-1.fc22 (FEDORA-2016-86837fdc16) Rules for udev to give regular users access to operate 3D printers -------------------------------------------------------------------------------- Update Information: Rules for udev to give regular users access to operate 3D printers -------------------------------------------------------------------------------- References: [ 1 ] Bug #1312296 - Review Request: 3dprinter-udev-rules - Rules for udev to give regular users access to operate 3D printers https://bugzilla.redhat.com/show_bug.cgi?id=1312296 -------------------------------------------------------------------------------- ================================================================================ bugyou_plugins-0.1-1.fc22 (FEDORA-2016-2780aa93c2) Plugins for Bugyou -------------------------------------------------------------------------------- Update Information: Initial packaging. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1309782 - Review Request: bugyou_plugins - Plugins and Services for Bugyou https://bugzilla.redhat.com/show_bug.cgi?id=1309782 -------------------------------------------------------------------------------- ================================================================================ cherrytree-0.36.6-1.fc22 (FEDORA-2016-c2f25dd8f3) Hierarchical note taking application -------------------------------------------------------------------------------- Update Information: update to cherrytree-0.36.6 ---- update to 0.36.5 ---- Update to 0.36.4 ---- update to cherrytree 0.36.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1311778 - cherrytree-0.36.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1311778 [ 2 ] Bug #1309140 - cherrytree-0.36.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1309140 [ 3 ] Bug #1160249 - cherrytree-0.36.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1160249 [ 4 ] Bug #1301941 - cherrytree-0.36.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1301941 -------------------------------------------------------------------------------- ================================================================================ djview4-4.10.6-1.fc22 (FEDORA-2016-d3ad2dd8b9) DjVu viewer -------------------------------------------------------------------------------- Update Information: Update to latest upstream release djview 4.10.6. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1312984 - djview4-4.10.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1312984 -------------------------------------------------------------------------------- ================================================================================ exiv2-0.24-5.fc22 (FEDORA-2016-ff39572e31) Exif and Iptc metadata manipulation library -------------------------------------------------------------------------------- Update Information: Avoid possible XML entity expansion security issue. -------------------------------------------------------------------------------- References: [ 1 ] Bug #888769 - exiv2: embedded copy of exempi should be compiled with BanAllEntityUsage https://bugzilla.redhat.com/show_bug.cgi?id=888769 -------------------------------------------------------------------------------- ================================================================================ gkrellm-2.3.6-0.1.rc1.git20160226.fc22 (FEDORA-2016-9be2619671) Multiple stacked system monitors in one process -------------------------------------------------------------------------------- Update Information: - Update to a gkrellm-2.3.6-rc git snapshot bringing in various fixes - Fix crash after sun-plugin has been disabled (rhbz#1231394) - Add appdata -------------------------------------------------------------------------------- References: [ 1 ] Bug #1231394 - [abrt] gkrellm: exit(): gkrellm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1231394 [ 2 ] Bug #1312561 - Review Request: gkrellm-sun - Sun clock plugin for GKrellM https://bugzilla.redhat.com/show_bug.cgi?id=1312561 -------------------------------------------------------------------------------- ================================================================================ gkrellm-sun-1.0.0-20.fc22 (FEDORA-2016-9be2619671) Sun clock plugin for GKrellM -------------------------------------------------------------------------------- Update Information: - Update to a gkrellm-2.3.6-rc git snapshot bringing in various fixes - Fix crash after sun-plugin has been disabled (rhbz#1231394) - Add appdata -------------------------------------------------------------------------------- References: [ 1 ] Bug #1231394 - [abrt] gkrellm: exit(): gkrellm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1231394 [ 2 ] Bug #1312561 - Review Request: gkrellm-sun - Sun clock plugin for GKrellM https://bugzilla.redhat.com/show_bug.cgi?id=1312561 -------------------------------------------------------------------------------- ================================================================================ graphite2-1.3.6-1.fc22 (FEDORA-2016-338a7e9925) Font rendering capabilities for complex non-Roman writing systems -------------------------------------------------------------------------------- Update Information: Unspecified security fixes ---- Security fix for CVE-2016-1521, CVE-2016-1522, CVE-2016-1523 and CVE-2016-1526 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1305806 - CVE-2016-1521 graphite2: Two out-of-bound read vulnerabilities triggered by crafted fonts [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1305806 [ 2 ] Bug #1308591 - CVE-2016-1526 graphite2: Out-of-bounds read vulnerability in TfUtil:LocaLookup [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1308591 [ 3 ] Bug #1305814 - CVE-2016-1523 graphite2: Heap-based buffer overflow in context item handling functionality [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1305814 [ 4 ] Bug #1305811 - CVE-2016-1522 graphite2: Null pointer dereference and out-of-bounds access vulnerabilities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1305811 -------------------------------------------------------------------------------- ================================================================================ lilypond-2.19.37-1.fc22 (FEDORA-2016-10d6919970) A typesetting system for music notation -------------------------------------------------------------------------------- Update Information: Latest upstream. -------------------------------------------------------------------------------- ================================================================================ lilypond-doc-2.19.37-1.fc22 (FEDORA-2016-10d6919970) HTML documentation for LilyPond -------------------------------------------------------------------------------- Update Information: Latest upstream. -------------------------------------------------------------------------------- ================================================================================ nacl-arm-newlib-2.1.0-3.git373135e.fc22 (FEDORA-2016-9a083ecdf1) C library intended for use on embedded systems -------------------------------------------------------------------------------- Update Information: New package: nacl-arm-newlib - C library intended for use on embedded systems -------------------------------------------------------------------------------- References: [ 1 ] Bug #1270375 - Review Request: nacl-arm-newlib - C library intended for use on embedded systems https://bugzilla.redhat.com/show_bug.cgi?id=1270375 -------------------------------------------------------------------------------- ================================================================================ oz-0.15.0-1.fc22 (FEDORA-2016-e75caf4cc8) Library and utilities for automated guest OS installs -------------------------------------------------------------------------------- Update Information: Release 0.15.0 -------------------------------------------------------------------------------- ================================================================================ pcre-8.38-3.fc22 (FEDORA-2016-f5af8e27ce) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release fixes a heap buffer overflow in handling of nested duplicate named groups with a nested back reference and a heap buffer overflow in pcretest causing infinite loop when matching globally with an ovector less than 2. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1295385 - CVE-2016-1283 pcre: heap buffer overflow in handling of duplicate named groups (8.39/14) https://bugzilla.redhat.com/show_bug.cgi?id=1295385 [ 2 ] Bug #1312782 - pcre: Heap buffer overflow in pcretest causing infinite loop https://bugzilla.redhat.com/show_bug.cgi?id=1312782 -------------------------------------------------------------------------------- ================================================================================ perl-App-a2p-1.007-6.fc22 (FEDORA-2016-f16cd55ca4) Awk to Perl translator -------------------------------------------------------------------------------- Update Information: This release fixes a buffer overflow when parsing long enough -n argument. -------------------------------------------------------------------------------- ================================================================================ python-behave-1.2.5-9.fc22 (FEDORA-2016-122393679c) Tools for the behavior-driven development, Python style -------------------------------------------------------------------------------- Update Information: Fixed managing python3 builds. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1216989 - Please upgrade to 1.2.5 in F21+ https://bugzilla.redhat.com/show_bug.cgi?id=1216989 [ 2 ] Bug #1276923 - provide Python3 version of the package https://bugzilla.redhat.com/show_bug.cgi?id=1276923 -------------------------------------------------------------------------------- ================================================================================ python-zanata2fedmsg-0.2-1.fc22 (FEDORA-2016-a0718ab4df) A web app bridging zanata webhooks to fedmsg -------------------------------------------------------------------------------- Update Information: Initial packaging. -------------------------------------------------------------------------------- ================================================================================ rpm-4.12.0.1-16.fc22 (FEDORA-2016-3b03252507) The RPM package management system -------------------------------------------------------------------------------- Update Information: - Remove size limit when expanding macros (#1303034) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1303034 - rpm macro expansion works incorrectly when looping over a long list using lua https://bugzilla.redhat.com/show_bug.cgi?id=1303034 -------------------------------------------------------------------------------- ================================================================================ transmission-2.90-1.fc22 (FEDORA-2016-ef7736419d) A lightweight GTK+ BitTorrent client -------------------------------------------------------------------------------- Update Information: Latest upstream. http://www.transmissionbt.com/ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1312701 - transmission-2.90 is available https://bugzilla.redhat.com/show_bug.cgi?id=1312701 -------------------------------------------------------------------------------- ================================================================================ yad-0.34.2-1.fc22 (FEDORA-2016-19f4c83647) Display graphical dialogs from shell scripts or command line -------------------------------------------------------------------------------- Update Information: update to 0.34.2 ---- update to yad-0.34.1 ---- update to 0.34.0 ---- Update to yad-0.33.1 ---- update to 0.33.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1312645 - yad-0.34.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1312645 [ 2 ] Bug #1310485 - yad-0.34.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1310485 [ 3 ] Bug #1297601 - yad-0.33.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1297601 [ 4 ] Bug #1296780 - yad-0.33.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1296780 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
