The following Fedora 22 Security updates need testing: Age URL 387 https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878 echoping-6.1-0.beta.r434svn.1.fc22 336 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185 ceph-deploy-1.5.25-1.fc22 269 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781 python-kdcproxy-0.3.2-1.fc22 223 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22 211 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf openstack-swift-2.2.0-6.fc22 181 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d miniupnpc-1.9-6.fc22 163 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 163 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 145 https://bodhi.fedoraproject.org/updates/FEDORA-2015-3a5cebb105 ImageMagick-6.9.2.7-1.fc22 130 https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22 104 https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0 thttpd-2.25b-37.fc22 80 https://bodhi.fedoraproject.org/updates/FEDORA-2016-560802e52b xdelta-3.0.7-7.fc22 69 https://bodhi.fedoraproject.org/updates/FEDORA-2016-24d134e494 mingw-nsis-2.50-1.fc22 61 https://bodhi.fedoraproject.org/updates/FEDORA-2016-338a7e9925 graphite2-1.3.6-1.fc22 56 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3cbe9ad765 python-pygments-2.1.3-1.fc22 52 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7b40eb9e29 libecap-1.0.0-1.fc22 squid-3.5.10-1.fc22 25 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d4b68e412 imlib2-1.4.8-1.fc22 23 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d19ed2f80d squid-3.5.10-2.fc22 17 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc poppler-0.30.0-4.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-373c063e79 kernel-4.4.8-200.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5a9313e4b4 perl-5.20.3-330.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1bad2b755 thunderbird-45.0-2.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1aaf308de4 community-mysql-5.6.30-1.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4a5ce6a6c0 cacti-0.8.8g-1.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-927aade89c rpm-4.12.0.1-17.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6fd7a31d36 pgpdump-0.30-1.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e205218629 php-5.6.21-1.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7d6cbcadca gd-2.1.1-3.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9851b69dbb openvas-cli-1.4.4-1.fc22 openvas-gsa-6.0.10-3.fc22 openvas-libraries-8.0.7-2.fc22 openvas-manager-6.0.8-2.fc22 openvas-scanner-5.0.5-3.fc22 The following Fedora 22 Critical Path updates have yet to be approved: Age URL 262 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22 181 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f libgphoto2-2.5.8-1.fc22 163 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 163 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 87 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d3fce30d64 mobile-broadband-provider-info-1.20151214-1.fc22 69 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ce419c9cab selinux-policy-3.13.1-128.28.fc22 58 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4d5434d82f parted-3.2-16.fc22 45 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d4e6e32c1c upower-0.99.3-2.fc22 25 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d4b68e412 imlib2-1.4.8-1.fc22 21 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1576899f4e gnome-settings-daemon-3.16.5-1.fc22 17 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc poppler-0.30.0-4.fc22 17 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a18dc43d88 control-center-3.16.4-1.fc22 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-027faabac4 libreport-2.6.4-2.fc22 abrt-2.6.1-11.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-af1f30412b pygtk2-2.24.0-14.fc22 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-695843b69a hwdata-0.288-1.fc22 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1122e53c5a expat-2.1.1-1.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-89e3334638 gnome-shell-3.16.4-2.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5a9313e4b4 perl-5.20.3-330.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-83b47a28ce wavpack-4.80.0-1.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-373c063e79 kernel-4.4.8-200.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-41df7ccbc8 lldpad-1.0.1-4.git036e314.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-476f32d4ec evolution-ews-3.16.5-2.fc22 libsoup-2.50.0-2.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1bad2b755 thunderbird-45.0-2.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-927aade89c rpm-4.12.0.1-17.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7d6cbcadca gd-2.1.1-3.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cc848e483a xulrunner-44.0-6.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ad6926a3c8 firefox-46.0-5.fc22 The following builds have been pushed to Fedora 22 updates-testing composer-1.0.3-1.fc22 gimpfx-foundry-2.6.1-5.fc22 openvas-cli-1.4.4-1.fc22 openvas-gsa-6.0.10-3.fc22 openvas-libraries-8.0.7-2.fc22 openvas-manager-6.0.8-2.fc22 openvas-scanner-5.0.5-3.fc22 re2-20160401-2.fc22 uget-2.0.7-2.respin2.fc22 Details about builds: ================================================================================ composer-1.0.3-1.fc22 (FEDORA-2016-20e049d6fd) Dependency Manager for PHP -------------------------------------------------------------------------------- Update Information: **Version 1.0.3** - 2016-04-29 * Security: Fixed possible command injection from the env vars into our sudo detection * Fixed interactive authentication with gitlab * Fixed class name replacement in plugins * Fixed classmap generation mistakenly detecting anonymous classes * Fixed auto-detection of stability flags in complex constraints like `2.0-dev || ^1.5` * Fixed content- length handling when redirecting to very small responses ---- **Version 1.0.2** * Fixed regression in 1.0.1 on systems with mbstring.func_overload enabled * Fixed regression in 1.0.1 that made dev packages update to the latest reference even if not whitelisted in a partial update * Fixed init command ignoring the COMPOSER env var for choosing the json file name * Fixed error reporting bug when the dependency resolution fails * Fixed handling of $ sign in composer config command in some cases it could corrupt the json file ---- **Version 1.0.1** * Fixed URL updating when a package's URL changes, composer.lock now contains the right URL including correct reference * Fixed URL updating of the origin git remote as well for packages installed as git clone * Fixed binary .bat files generated from linux being incompatible with windows cmd * Fixed handling of paths with trailing slashes in path repository * Fixed create-project not using platform config when selecting a package * Fixed self- update not showing the channel it uses to perform the update * Fixed file downloads not failing loudly when the content does not match the Content-Length header * Fixed secure-http detecting some malformed URLs as insecure * Updated CA bundle Notice system CA is always preferred, bundled copy is only used as a last chance fallback. -------------------------------------------------------------------------------- ================================================================================ gimpfx-foundry-2.6.1-5.fc22 (FEDORA-2016-515d081638) Additional GIMP plugins -------------------------------------------------------------------------------- Update Information: gimpfx-foundry plugin for GIMP returns in the repository -------------------------------------------------------------------------------- References: [ 1 ] Bug #1327929 - Review Request: gimpfx-foundry - Additional plugins for GIMP https://bugzilla.redhat.com/show_bug.cgi?id=1327929 -------------------------------------------------------------------------------- ================================================================================ openvas-cli-1.4.4-1.fc22 (FEDORA-2016-9851b69dbb) Command-line tool to drive OpenVAS Manager -------------------------------------------------------------------------------- Update Information: Bump to latest upstream bugfix releases. Contains Security fix for CVE-2016-1926 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1300683 - CVE-2016-1926 openvas-gsa: XSS vulnerability due to improper handling of the parameters of get_aggregate command https://bugzilla.redhat.com/show_bug.cgi?id=1300683 -------------------------------------------------------------------------------- ================================================================================ openvas-gsa-6.0.10-3.fc22 (FEDORA-2016-9851b69dbb) Greenbone Security Assistant (GSA) is GUI to the OpenVAS -------------------------------------------------------------------------------- Update Information: Bump to latest upstream bugfix releases. Contains Security fix for CVE-2016-1926 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1300683 - CVE-2016-1926 openvas-gsa: XSS vulnerability due to improper handling of the parameters of get_aggregate command https://bugzilla.redhat.com/show_bug.cgi?id=1300683 -------------------------------------------------------------------------------- ================================================================================ openvas-libraries-8.0.7-2.fc22 (FEDORA-2016-9851b69dbb) Support libraries for Open Vulnerability Assessment (OpenVAS) Scanner -------------------------------------------------------------------------------- Update Information: Bump to latest upstream bugfix releases. Contains Security fix for CVE-2016-1926 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1300683 - CVE-2016-1926 openvas-gsa: XSS vulnerability due to improper handling of the parameters of get_aggregate command https://bugzilla.redhat.com/show_bug.cgi?id=1300683 -------------------------------------------------------------------------------- ================================================================================ openvas-manager-6.0.8-2.fc22 (FEDORA-2016-9851b69dbb) Manager Module for the Open Vulnerability Assessment System (OpenVAS) -------------------------------------------------------------------------------- Update Information: Bump to latest upstream bugfix releases. Contains Security fix for CVE-2016-1926 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1300683 - CVE-2016-1926 openvas-gsa: XSS vulnerability due to improper handling of the parameters of get_aggregate command https://bugzilla.redhat.com/show_bug.cgi?id=1300683 -------------------------------------------------------------------------------- ================================================================================ openvas-scanner-5.0.5-3.fc22 (FEDORA-2016-9851b69dbb) Open Vulnerability Assessment (OpenVAS) Scanner -------------------------------------------------------------------------------- Update Information: Bump to latest upstream bugfix releases. Contains Security fix for CVE-2016-1926 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1300683 - CVE-2016-1926 openvas-gsa: XSS vulnerability due to improper handling of the parameters of get_aggregate command https://bugzilla.redhat.com/show_bug.cgi?id=1300683 -------------------------------------------------------------------------------- ================================================================================ re2-20160401-2.fc22 (FEDORA-2016-c4c63ea52a) C++ fast alternative to backtracking RE engines -------------------------------------------------------------------------------- Update Information: Update to 20160401, primarily for chromium. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1307988 - re2: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1307988 -------------------------------------------------------------------------------- ================================================================================ uget-2.0.7-2.respin2.fc22 (FEDORA-2016-6b06532bb4) Download manager using GTK+ and libcurl -------------------------------------------------------------------------------- Update Information: New version 2.0.7-2 is released. -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
