The following Fedora 22 Security updates need testing: Age URL 397 https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878 echoping-6.1-0.beta.r434svn.1.fc22 346 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185 ceph-deploy-1.5.25-1.fc22 278 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781 python-kdcproxy-0.3.2-1.fc22 233 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22 221 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf openstack-swift-2.2.0-6.fc22 190 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d miniupnpc-1.9-6.fc22 173 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 173 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 154 https://bodhi.fedoraproject.org/updates/FEDORA-2015-3a5cebb105 ImageMagick-6.9.2.7-1.fc22 140 https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22 114 https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0 thttpd-2.25b-37.fc22 90 https://bodhi.fedoraproject.org/updates/FEDORA-2016-560802e52b xdelta-3.0.7-7.fc22 79 https://bodhi.fedoraproject.org/updates/FEDORA-2016-24d134e494 mingw-nsis-2.50-1.fc22 66 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3cbe9ad765 python-pygments-2.1.3-1.fc22 27 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc poppler-0.30.0-4.fc22 16 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1aaf308de4 community-mysql-5.6.30-1.fc22 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-927aade89c rpm-4.12.0.1-17.fc22 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e205218629 php-5.6.21-1.fc22 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7d6cbcadca gd-2.1.1-3.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe0d8f126a botan-1.10.13-1.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3e64b32a91 dhcp-4.3.2-8.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-377b1a015c owncloud-8.2.4-1.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d708261ce2 jackson-dataformat-xml-2.5.0-3.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b4212484d5 imlib2-1.4.9-1.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d049ad1118 ioprocess-0.15.1-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f2a1389f3e pgpdump-0.31-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a159c484e4 kernel-4.4.9-200.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3f597b76b8 xen-4.5.3-3.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-01198b9f9d cacti-0.8.8h-1.fc22 The following Fedora 22 Critical Path updates have yet to be approved: Age URL 272 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22 190 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f libgphoto2-2.5.8-1.fc22 173 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 173 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 96 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d3fce30d64 mobile-broadband-provider-info-1.20151214-1.fc22 67 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4d5434d82f parted-3.2-16.fc22 55 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d4e6e32c1c upower-0.99.3-2.fc22 27 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc poppler-0.30.0-4.fc22 24 https://bodhi.fedoraproject.org/updates/FEDORA-2016-027faabac4 libreport-2.6.4-2.fc22 abrt-2.6.1-11.fc22 22 https://bodhi.fedoraproject.org/updates/FEDORA-2016-af1f30412b pygtk2-2.24.0-14.fc22 18 https://bodhi.fedoraproject.org/updates/FEDORA-2016-83b47a28ce wavpack-4.80.0-1.fc22 18 https://bodhi.fedoraproject.org/updates/FEDORA-2016-41df7ccbc8 lldpad-1.0.1-4.git036e314.fc22 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-927aade89c rpm-4.12.0.1-17.fc22 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7d6cbcadca gd-2.1.1-3.fc22 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cc848e483a xulrunner-44.0-6.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3e64b32a91 dhcp-4.3.2-8.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e99389f35d openssh-6.9p1-12.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-828f77de70 samba-4.2.12-0.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b4212484d5 imlib2-1.4.9-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a159c484e4 kernel-4.4.9-200.fc22 The following builds have been pushed to Fedora 22 updates-testing R-multcomp-1.4.5-2.fc22 ansible-inventory-grapher-2.1.0-2.fc22 atril-1.12.2-3.fc22 cacti-0.8.8h-1.fc22 check_postgres-2.22.0-1.fc22 dpm-contrib-admintools-0.2.2-1.fc22 fllog-1.2.3-1.fc22 geomorph-0.62-1.fc22 help2man-1.47.4-1.fc22 kernel-4.4.9-200.fc22 mingw-gtk2-2.24.30-1.fc22 nudoku-0.2.4-2.fc22 perl-Module-CoreList-5.20160507-1.fc22 perl-Params-Validate-1.24-1.fc22 perl-RPC-XML-0.80-1.fc22 pgpdump-0.31-1.fc22 pngquant-2.7.0-1.fc22 pyparsing-2.1.1-1.fc22 python-pysocks-1.5.6-3.fc22 xen-4.5.3-3.fc22 Details about builds: ================================================================================ R-multcomp-1.4.5-2.fc22 (FEDORA-2016-7109316b26) Simultaneous inference for general linear hypotheses R Package -------------------------------------------------------------------------------- Update Information: Update to latest stable release. The following fixes are included: * fix bug in linfct specified as a character (aka expression). Coefficients of main effects may have been incorrect in the presence of interaction terms; * make cftest() a little more flexible with parm and test arguments. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1300121 - R-multcomp-1.4-5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1300121 -------------------------------------------------------------------------------- ================================================================================ ansible-inventory-grapher-2.1.0-2.fc22 (FEDORA-2016-7d01e09b22) Creates graphs representing ansible inventory -------------------------------------------------------------------------------- Update Information: Use github source that provided license and test files ---- Update to 2.1.0 -------------------------------------------------------------------------------- ================================================================================ atril-1.12.2-3.fc22 (FEDORA-2016-e2dd43cc56) Document viewer -------------------------------------------------------------------------------- Update Information: - revert fix for rhbz (#1303999), which introduced regressions - use right dependencies for dvi backend, fix libjpeg dependency -------------------------------------------------------------------------------- References: [ 1 ] Bug #1333811 - [abrt] atril: ev_web_view_disconnect_handlers(): atril killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1333811 -------------------------------------------------------------------------------- ================================================================================ cacti-0.8.8h-1.fc22 (FEDORA-2016-01198b9f9d) An rrd based graphing tool -------------------------------------------------------------------------------- Update Information: - Update to 0.8.8h - CVE-2016-3659 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1334330 - cacti-0.8.8h is available https://bugzilla.redhat.com/show_bug.cgi?id=1334330 -------------------------------------------------------------------------------- ================================================================================ check_postgres-2.22.0-1.fc22 (FEDORA-2016-fc6c9cb3ad) PostgreSQL monitoring script -------------------------------------------------------------------------------- Update Information: Update to 2.22.0 -------------------------------------------------------------------------------- ================================================================================ dpm-contrib-admintools-0.2.2-1.fc22 (FEDORA-2016-ca98fd696c) DPM administration toolkit (contrib from GridPP) -------------------------------------------------------------------------------- Update Information: - new upstream release -------------------------------------------------------------------------------- ================================================================================ fllog-1.2.3-1.fc22 (FEDORA-2016-4615adbb43) Amateur Radio Log Program -------------------------------------------------------------------------------- Update Information: Corrects table display issue when number of log entries occupy less than height of the table. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1309836 - fllog-1.2.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1309836 -------------------------------------------------------------------------------- ================================================================================ geomorph-0.62-1.fc22 (FEDORA-2016-9940240ebb) A height field editor for Linux -------------------------------------------------------------------------------- Update Information: New upstream version ---- Fix Gdk-ERROR: The program 'geomorph' received an X Window System error. -------------------------------------------------------------------------------- ================================================================================ help2man-1.47.4-1.fc22 (FEDORA-2016-cbf01ef798) Create simple man pages from --help output -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1334338 - help2man-1.47.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1334338 -------------------------------------------------------------------------------- ================================================================================ kernel-4.4.9-200.fc22 (FEDORA-2016-a159c484e4) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 4.4.9 update contains an number of important fixes across the tree -------------------------------------------------------------------------------- References: [ 1 ] Bug #1333712 - kernel: Slave being first propagated copy causes oops in propagate_mnt https://bugzilla.redhat.com/show_bug.cgi?id=1333712 [ 2 ] Bug #1333309 - CVE-2016-4485 kernel: Information leak in llc module https://bugzilla.redhat.com/show_bug.cgi?id=1333309 [ 3 ] Bug #1333316 - CVE-2016-4486 kernel: Information leak in rtnetlink https://bugzilla.redhat.com/show_bug.cgi?id=1333316 [ 4 ] Bug #1332931 - CVE-2016-4482 kernel: information leak in devio.c https://bugzilla.redhat.com/show_bug.cgi?id=1332931 -------------------------------------------------------------------------------- ================================================================================ mingw-gtk2-2.24.30-1.fc22 (FEDORA-2016-bb4cbb6b1a) MinGW Windows Gtk2 library -------------------------------------------------------------------------------- Update Information: MinGW cross compiled gtk+ 2.24.30 release. -------------------------------------------------------------------------------- ================================================================================ nudoku-0.2.4-2.fc22 (FEDORA-2016-beaf1b0a49) Ncurses based Sudoku game -------------------------------------------------------------------------------- Update Information: Add nudoku to repositories -------------------------------------------------------------------------------- References: [ 1 ] Bug #1315486 - Review Request: nudoku - Ncurses based sudoku game https://bugzilla.redhat.com/show_bug.cgi?id=1315486 -------------------------------------------------------------------------------- ================================================================================ perl-Module-CoreList-5.20160507-1.fc22 (FEDORA-2016-2cad151020) What modules are shipped with versions of perl -------------------------------------------------------------------------------- Update Information: This release fixes a warning about too deep recursion. It also provides data for perl 5.24.0 and 5.25.0. ---- This release brings data for perl 5.22.2. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1334542 - perl-Module-CoreList-5.20160507 is available https://bugzilla.redhat.com/show_bug.cgi?id=1334542 [ 2 ] Bug #1331902 - perl-Module-CoreList-5.20160429 is available https://bugzilla.redhat.com/show_bug.cgi?id=1331902 -------------------------------------------------------------------------------- ================================================================================ perl-Params-Validate-1.24-1.fc22 (FEDORA-2016-475b157231) Params-Validate Perl module -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1334352 - perl-Params-Validate-1.24 is available https://bugzilla.redhat.com/show_bug.cgi?id=1334352 -------------------------------------------------------------------------------- ================================================================================ perl-RPC-XML-0.80-1.fc22 (FEDORA-2016-de6e64b9cc) Set of classes for core data, message and XML handling -------------------------------------------------------------------------------- Update Information: This release fixes a leak with Expat parser, it avoids deprecated IO::Socket::INET option, it fixes processing elements with numeric names. It also makes tests more portable. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1334357 - perl-RPC-XML-0.80 is available https://bugzilla.redhat.com/show_bug.cgi?id=1334357 -------------------------------------------------------------------------------- ================================================================================ pgpdump-0.31-1.fc22 (FEDORA-2016-f2a1389f3e) PGP packet visualizer -------------------------------------------------------------------------------- Update Information: fix possible buffer overflow -------------------------------------------------------------------------------- References: [ 1 ] Bug #1334350 - pgpdump-0.31 is available https://bugzilla.redhat.com/show_bug.cgi?id=1334350 -------------------------------------------------------------------------------- ================================================================================ pngquant-2.7.0-1.fc22 (FEDORA-2016-b7c56c0638) PNG quantization tool for reducing image file size -------------------------------------------------------------------------------- Update Information: Update to 2.7.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1334353 - pngquant-2.7.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1334353 -------------------------------------------------------------------------------- ================================================================================ pyparsing-2.1.1-1.fc22 (FEDORA-2016-72e3f66f56) Python package with an object-oriented approach to text processing -------------------------------------------------------------------------------- Update Information: Update to latest stable release with the following list of changes: - Fixed bug in `ParseResults.toDict()`, in which `dict` values were always converted to dicts, even if they were just unkeyed lists of tokens. - Fixed bug in `SkipTo` when using `failOn`. - Fixed bug in `Each` introduced in 2.1.0. - Removed use of `functools.partial` in `replaceWith`, as this creates an ambiguous signature for the generated parse action, which fails in PyPy. - Added support for assigning to `ParseResults` using slices. - Added default behavior to `QuotedString` to convert embedded '\t', '\n', etc. characters to their whitespace counterparts. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1320353 - pyparsing-2.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1320353 -------------------------------------------------------------------------------- ================================================================================ python-pysocks-1.5.6-3.fc22 (FEDORA-2016-e27b942ad0) A Python SOCKS client module -------------------------------------------------------------------------------- Update Information: Fix typo in explicit Conflicts with python-SocksiPy. -------------------------------------------------------------------------------- ================================================================================ xen-4.5.3-3.fc22 (FEDORA-2016-3f597b76b8) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: qemu-kvm: Integer overflow in SDL when creating too wide screen QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks [XSA-179, CVE-2016-3710, CVE-2016-3712] -------------------------------------------------------------------------------- References: [ 1 ] Bug #1318727 - qemu-kvm: Integer overflow in SDL when creating too wide screen https://bugzilla.redhat.com/show_bug.cgi?id=1318727 [ 2 ] Bug #1331401 - CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module https://bugzilla.redhat.com/show_bug.cgi?id=1331401 [ 3 ] Bug #1318712 - CVE-2016-3712 qemu-kvm: Out-of-bounds read when creating weird vga screen surface https://bugzilla.redhat.com/show_bug.cgi?id=1318712 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx