The following Fedora 22 Security updates need testing: Age URL 393 https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878 echoping-6.1-0.beta.r434svn.1.fc22 342 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185 ceph-deploy-1.5.25-1.fc22 274 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781 python-kdcproxy-0.3.2-1.fc22 229 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22 217 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf openstack-swift-2.2.0-6.fc22 186 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d miniupnpc-1.9-6.fc22 169 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 169 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 150 https://bodhi.fedoraproject.org/updates/FEDORA-2015-3a5cebb105 ImageMagick-6.9.2.7-1.fc22 136 https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22 110 https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0 thttpd-2.25b-37.fc22 86 https://bodhi.fedoraproject.org/updates/FEDORA-2016-560802e52b xdelta-3.0.7-7.fc22 75 https://bodhi.fedoraproject.org/updates/FEDORA-2016-24d134e494 mingw-nsis-2.50-1.fc22 66 https://bodhi.fedoraproject.org/updates/FEDORA-2016-338a7e9925 graphite2-1.3.6-1.fc22 62 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3cbe9ad765 python-pygments-2.1.3-1.fc22 23 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc poppler-0.30.0-4.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1bad2b755 thunderbird-45.0-2.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1aaf308de4 community-mysql-5.6.30-1.fc22 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-927aade89c rpm-4.12.0.1-17.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6fd7a31d36 pgpdump-0.30-1.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e205218629 php-5.6.21-1.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7d6cbcadca gd-2.1.1-3.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9851b69dbb openvas-cli-1.4.4-1.fc22 openvas-gsa-6.0.10-3.fc22 openvas-libraries-8.0.7-2.fc22 openvas-manager-6.0.8-2.fc22 openvas-scanner-5.0.5-3.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe0d8f126a botan-1.10.13-1.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-777d838c1b ntp-4.2.6p5-40.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3e64b32a91 dhcp-4.3.2-8.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1e39d934ed openssl-1.0.1k-15.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e2acbd739f firefox-46.0.1-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-655d81aa89 squid-3.5.10-3.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d708261ce2 jackson-dataformat-xml-2.5.0-3.fc22 The following Fedora 22 Critical Path updates have yet to be approved: Age URL 268 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22 186 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f libgphoto2-2.5.8-1.fc22 169 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 169 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 92 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d3fce30d64 mobile-broadband-provider-info-1.20151214-1.fc22 75 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ce419c9cab selinux-policy-3.13.1-128.28.fc22 64 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4d5434d82f parted-3.2-16.fc22 51 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d4e6e32c1c upower-0.99.3-2.fc22 23 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc poppler-0.30.0-4.fc22 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-027faabac4 libreport-2.6.4-2.fc22 abrt-2.6.1-11.fc22 18 https://bodhi.fedoraproject.org/updates/FEDORA-2016-af1f30412b pygtk2-2.24.0-14.fc22 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-83b47a28ce wavpack-4.80.0-1.fc22 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-41df7ccbc8 lldpad-1.0.1-4.git036e314.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1bad2b755 thunderbird-45.0-2.fc22 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-927aade89c rpm-4.12.0.1-17.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7d6cbcadca gd-2.1.1-3.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cc848e483a xulrunner-44.0-6.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3e64b32a91 dhcp-4.3.2-8.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e99389f35d openssh-6.9p1-12.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e2acbd739f firefox-46.0.1-1.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1e39d934ed openssl-1.0.1k-15.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-828f77de70 samba-4.2.12-0.fc22 The following builds have been pushed to Fedora 22 updates-testing apper-0.9.2-6.fc22 cjdns-17.3-13.fc22 copr-keygen-1.66-1.fc22 copr-selinux-1.40-1.fc22 fontawesome-fonts-4.6.2-1.fc22 ibus-chewing-1.5.0-1.fc22 jackson-dataformat-xml-2.5.0-3.fc22 libmediainfo-0.7.85-1.fc22 libreswan-3.17-2.fc22 mediainfo-0.7.85-1.fc22 openchange-2.2-12.fc22 perl-Inline-Struct-0.23-1.fc22 perl-Tree-Simple-1.28-1.fc22 pidgin-sipe-1.21.0-2.fc22 python-gnupg-0.3.8-2.fc22 python-multi_key_dict-2.0.3-1.fc22 python-osrf-pycommon-0.1.2-1.fc22 rubygem-font-awesome-rails-4.6.2.0-1.fc22 scap-security-guide-0.1.29-1.fc22 squid-3.5.10-3.fc22 Details about builds: ================================================================================ apper-0.9.2-6.fc22 (FEDORA-2016-bfc2b5b058) KDE interface for PackageKit -------------------------------------------------------------------------------- Update Information: Hard-code style (plastique/oxygen) to workaround UI glitches -------------------------------------------------------------------------------- References: [ 1 ] Bug #1209017 - 0.9.1 Apper overlapping messages while downloading https://bugzilla.redhat.com/show_bug.cgi?id=1209017 -------------------------------------------------------------------------------- ================================================================================ cjdns-17.3-13.fc22 (FEDORA-2016-f182c4ac33) The privacy-friendly network without borders -------------------------------------------------------------------------------- Update Information: man page for cjdnslog, fix running Fedora as well as OpenVZ. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1330212 - cjdns fails to create tun device at boot https://bugzilla.redhat.com/show_bug.cgi?id=1330212 -------------------------------------------------------------------------------- ================================================================================ copr-keygen-1.66-1.fc22 (FEDORA-2016-2e5461e184) Part of Copr build system. Aux service that generate keys for signd -------------------------------------------------------------------------------- Update Information: * PyPI builds improvement * improvement to group projects -------------------------------------------------------------------------------- ================================================================================ copr-selinux-1.40-1.fc22 (FEDORA-2016-2e5461e184) SELinux module for COPR -------------------------------------------------------------------------------- Update Information: * PyPI builds improvement * improvement to group projects -------------------------------------------------------------------------------- ================================================================================ fontawesome-fonts-4.6.2-1.fc22 (FEDORA-2016-927aa701af) Iconic font set -------------------------------------------------------------------------------- Update Information: Update to 4.6.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1333213 - fontawesome-fonts-v4.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1333213 -------------------------------------------------------------------------------- ================================================================================ ibus-chewing-1.5.0-1.fc22 (FEDORA-2016-04a89aeaf3) The Chewing engine for IBus input platform -------------------------------------------------------------------------------- Update Information: - Enhancement: * New option: "Clean pre-edit buffer when focus out" - Fix: * Fixed the issues found in static checks * Fixed Bug 1182813 ibus-chewing crashes gedit in search box while window out of focus a.k.a GitHub issue #28 * Fixed GitHub issue #37 Cannot use cmake out of source build Cannot use cmake out of source build * Fixed GitHub issue #47 CHEWING_DATADIR CMake variable name mismatch * Fixed GitHub issue #61 GConf2 should be removed from INSTALL document * Fixed GitHub issue #64 systray should be able to show the Chinese/English mode * Fixed GitHub issue #68 CPU usage very high when switch to Chewing Engine * Fixed Bug 1177198 - [abrt] ibus-chewing: XGetKeyboardControl(): ibus-engine-chewing killed by SIGSEGV * Fixed Bug 1319403 - [RFE] ibus-chewing: New option: Caps Lock behavior a.k.a. GitHub issue #66 * Fixed Bug 1330194 - Ctrl-c failed to output as Ctrl-c a.k.a. GitHub issue #69 * Pull Request #67 Fix property "easy-symbol-input" is covered by "shift-toggle-chinese" Thanks southernbear for providing this fix. -------------------------------------------------------------------------------- ================================================================================ jackson-dataformat-xml-2.5.0-3.fc22 (FEDORA-2016-d708261ce2) XML data binding extension for Jackson -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-3720 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1328427 - CVE-2016-3720 jackson-dataformat-xml: XmlMapper is vulnerable to XXE attack https://bugzilla.redhat.com/show_bug.cgi?id=1328427 -------------------------------------------------------------------------------- ================================================================================ libmediainfo-0.7.85-1.fc22 (FEDORA-2016-700aeb28bb) Library for supplies technical and tag information about a video or audio file -------------------------------------------------------------------------------- Update Information: Update to 0.7.85. -------------------------------------------------------------------------------- ================================================================================ libreswan-3.17-2.fc22 (FEDORA-2016-ff3cc6b272) IPsec implementation with IKEv1 and IKEv2 keying protocols -------------------------------------------------------------------------------- Update Information: Resolves: rhbz#1324956 prelink is gone, /etc/prelink.conf.d/* is no longer used -------------------------------------------------------------------------------- References: [ 1 ] Bug #1324956 - prelink is gone, /etc/prelink.conf.d/* is no longer used https://bugzilla.redhat.com/show_bug.cgi?id=1324956 -------------------------------------------------------------------------------- ================================================================================ mediainfo-0.7.85-1.fc22 (FEDORA-2016-700aeb28bb) Supplies technical and tag information about a video or audio file (CLI) -------------------------------------------------------------------------------- Update Information: Update to 0.7.85. -------------------------------------------------------------------------------- ================================================================================ openchange-2.2-12.fc22 (FEDORA-2016-2bd0b999e5) Provides access to Microsoft Exchange servers using native protocols -------------------------------------------------------------------------------- Update Information: Rebuild against newer samba -------------------------------------------------------------------------------- References: [ 1 ] Bug #1333615 - Outdated dependency of openchange breaks (prevents) update of samba 4.2.11 packages https://bugzilla.redhat.com/show_bug.cgi?id=1333615 -------------------------------------------------------------------------------- ================================================================================ perl-Inline-Struct-0.23-1.fc22 (FEDORA-2016-24085a44d2) Manipulate C structures directly from Perl -------------------------------------------------------------------------------- Update Information: This release makes tests more portable. -------------------------------------------------------------------------------- ================================================================================ perl-Tree-Simple-1.28-1.fc22 (FEDORA-2016-f8a9cd0f60) Tree::Simple Perl module -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ================================================================================ pidgin-sipe-1.21.0-2.fc22 (FEDORA-2016-42b0719783) Pidgin protocol plugin to connect to MS Office Communicator -------------------------------------------------------------------------------- Update Information: add patch to fix configure failure on F23+ x86_64 (bz #1333438) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1333438 - 1.21.0-1.fc23 lost ability to make calls and video https://bugzilla.redhat.com/show_bug.cgi?id=1333438 -------------------------------------------------------------------------------- ================================================================================ python-gnupg-0.3.8-2.fc22 (FEDORA-2016-3ea7044142) A wrapper for the Gnu Privacy Guard (GPG or GnuPG) -------------------------------------------------------------------------------- Update Information: Fix provides and obsoletes ---- Version 0.3.8. This update also introduce the python3- package for the releases that support it. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1305346 - python-gnupg 0.3.8 has been released https://bugzilla.redhat.com/show_bug.cgi?id=1305346 [ 2 ] Bug #1332704 - python2-gnupg does not seem to provide python-gnupg https://bugzilla.redhat.com/show_bug.cgi?id=1332704 -------------------------------------------------------------------------------- ================================================================================ python-multi_key_dict-2.0.3-1.fc22 (FEDORA-2016-0c5a770a45) Multi-key dictionary implementation in Python -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1325452 - Review Request: python-multi_key_dict - Multi-key dictionary implementation in Python https://bugzilla.redhat.com/show_bug.cgi?id=1325452 -------------------------------------------------------------------------------- ================================================================================ python-osrf-pycommon-0.1.2-1.fc22 (FEDORA-2016-050e8259b0) Commonly needed Python modules used by software developed at OSRF -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1328350 - Review Request: python-osrf-pycommon - Commonly needed Python modules used by software developed at OSRF https://bugzilla.redhat.com/show_bug.cgi?id=1328350 -------------------------------------------------------------------------------- ================================================================================ rubygem-font-awesome-rails-4.6.2.0-1.fc22 (FEDORA-2016-927aa701af) An asset gemification of the font-awesome icon font library -------------------------------------------------------------------------------- Update Information: Update to 4.6.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1333213 - fontawesome-fonts-v4.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1333213 -------------------------------------------------------------------------------- ================================================================================ scap-security-guide-0.1.29-1.fc22 (FEDORA-2016-bcb9f10316) Security guidance and baselines in SCAP formats -------------------------------------------------------------------------------- Update Information: - Update to latest upstream SCAP-Security-Guide-0.1.29 release: https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.29 - Do not ship Firefox/DISCLAIMER documentation file since it has been removed in 0.1.29 upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1215277 - Doc locations incorrect in man page https://bugzilla.redhat.com/show_bug.cgi?id=1215277 [ 2 ] Bug #1147277 - ntpd is not a default ntp client since fedora 16 https://bugzilla.redhat.com/show_bug.cgi?id=1147277 -------------------------------------------------------------------------------- ================================================================================ squid-3.5.10-3.fc22 (FEDORA-2016-655d81aa89) The Squid proxy caching server -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-4051, CVE-2016-4052, CVE-2016-4053, CVE-2016-4054 ---- Security fix for CVE-2016-3947 and CVE-2016-3948 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1329136 - CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: multiple issues in ESI processing https://bugzilla.redhat.com/show_bug.cgi?id=1329136 [ 2 ] Bug #1329126 - CVE-2016-4051 squid: buffer overflow in cachemgr.cgi https://bugzilla.redhat.com/show_bug.cgi?id=1329126 [ 3 ] Bug #1323594 - CVE-2016-3948 squid: denial of service issue in HTTP response processing https://bugzilla.redhat.com/show_bug.cgi?id=1323594 [ 4 ] Bug #1323590 - CVE-2016-3947 squid: buffer overrun in Squid proxy pinger https://bugzilla.redhat.com/show_bug.cgi?id=1323590 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
