The following Fedora 22 Security updates need testing: Age URL 402 https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878 echoping-6.1-0.beta.r434svn.1.fc22 351 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185 ceph-deploy-1.5.25-1.fc22 284 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781 python-kdcproxy-0.3.2-1.fc22 238 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22 227 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf openstack-swift-2.2.0-6.fc22 196 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d miniupnpc-1.9-6.fc22 179 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 179 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 146 https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22 119 https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0 thttpd-2.25b-37.fc22 96 https://bodhi.fedoraproject.org/updates/FEDORA-2016-560802e52b xdelta-3.0.7-7.fc22 84 https://bodhi.fedoraproject.org/updates/FEDORA-2016-24d134e494 mingw-nsis-2.50-1.fc22 72 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3cbe9ad765 python-pygments-2.1.3-1.fc22 33 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc poppler-0.30.0-4.fc22 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-927aade89c rpm-4.12.0.1-17.fc22 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3e64b32a91 dhcp-4.3.2-8.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b4212484d5 imlib2-1.4.9-1.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f2a1389f3e pgpdump-0.31-1.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-01198b9f9d cacti-0.8.8h-1.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69a74ceff openvpn-2.3.11-1.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a3298e39f7 qemu-2.3.1-14.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-73a5867050 squid-3.5.10-4.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e97a850183 wordpress-4.5.2-1.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4ad874e6c2 php-symfony-2.7.13-1.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-19c34099d3 libarchive-3.1.2-14.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-28a56c76c1 libksba-1.3.4-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cafcf15357 websvn-2.3.3-13.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a54261a145 xen-4.5.3-4.fc22 The following Fedora 22 Critical Path updates have yet to be approved: Age URL 278 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22 196 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f libgphoto2-2.5.8-1.fc22 179 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 179 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 102 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d3fce30d64 mobile-broadband-provider-info-1.20151214-1.fc22 73 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4d5434d82f parted-3.2-16.fc22 61 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d4e6e32c1c upower-0.99.3-2.fc22 33 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc poppler-0.30.0-4.fc22 29 https://bodhi.fedoraproject.org/updates/FEDORA-2016-027faabac4 libreport-2.6.4-2.fc22 abrt-2.6.1-11.fc22 28 https://bodhi.fedoraproject.org/updates/FEDORA-2016-af1f30412b pygtk2-2.24.0-14.fc22 24 https://bodhi.fedoraproject.org/updates/FEDORA-2016-83b47a28ce wavpack-4.80.0-1.fc22 24 https://bodhi.fedoraproject.org/updates/FEDORA-2016-41df7ccbc8 lldpad-1.0.1-4.git036e314.fc22 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-927aade89c rpm-4.12.0.1-17.fc22 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3e64b32a91 dhcp-4.3.2-8.fc22 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e99389f35d openssh-6.9p1-12.fc22 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-828f77de70 samba-4.2.12-0.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b4212484d5 imlib2-1.4.9-1.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-19c34099d3 libarchive-3.1.2-14.fc22 The following builds have been pushed to Fedora 22 updates-testing Lmod-6.3.4-1.fc22 cdbs-0.4.131-1.fc22 getmail-4.49.0-1.fc22 ginac-1.6.7-1.fc22 gsi-openssh-6.9p1-9.fc22 mycli-1.7.0-1.fc22 nfoview-1.19-1.fc22 perl-HTML-StripScripts-1.06-1.fc22 postgresql-9.4.8-1.fc22 pyparsing-2.1.3-1.fc22 qt-virt-manager-0.27.50-3.fc22 recoll-1.21.7-1.fc22 skylable-sx-2.1-1.fc22 sssd-1.13.4-3.fc22 websvn-2.3.3-13.fc22 xen-4.5.3-4.fc22 Details about builds: ================================================================================ Lmod-6.3.4-1.fc22 (FEDORA-2016-e764240abe) Environmental Modules System in Lua -------------------------------------------------------------------------------- Update Information: Update to 6.3.4 (fixes bug #1334529) ---- Update to 6.3.1 - protects it from user changes to LUA_PATH and LUA_CPATH by using these values at configuration time. - Fixed bug with Capital Letters in a version string. - Do not overwrite MODULEPATH (bug #1326075) -------------------------------------------------------------------------------- ================================================================================ cdbs-0.4.131-1.fc22 (FEDORA-2016-9afdecb011) Common build system for Debian packages -------------------------------------------------------------------------------- Update Information: Update to version 0.4.131, see http://ftp- master.metadata.debian.org/changelogs//main/c/cdbs/cdbs_0.4.131_changelog for details. -------------------------------------------------------------------------------- ================================================================================ getmail-4.49.0-1.fc22 (FEDORA-2016-68ff4137d7) POP3, IMAP4 and SDPS mail retriever with Maildir delivery -------------------------------------------------------------------------------- Update Information: Update to 4.49.0 release -------------------------------------------------------------------------------- ================================================================================ ginac-1.6.7-1.fc22 (FEDORA-2016-b4e9a3932d) C++ library for symbolic calculations -------------------------------------------------------------------------------- Update Information: Bugfix update. -------------------------------------------------------------------------------- ================================================================================ gsi-openssh-6.9p1-9.fc22 (FEDORA-2016-9f00a91ed8) An implementation of the SSH protocol with GSI authentication -------------------------------------------------------------------------------- Update Information: Sync with openssh -------------------------------------------------------------------------------- ================================================================================ mycli-1.7.0-1.fc22 (FEDORA-2016-6ef8a3b62f) Interactive CLI for MySQL Database with auto-completion and syntax highlighting -------------------------------------------------------------------------------- Update Information: Update to latest upstream release mycli 1.7.0. -------------------------------------------------------------------------------- ================================================================================ nfoview-1.19-1.fc22 (FEDORA-2016-001771b3fe) A viewer for NFO files -------------------------------------------------------------------------------- Update Information: Update to new upstream version 1.19 (rhbz#1336067) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1336067 - nfoview-1.19 is available https://bugzilla.redhat.com/show_bug.cgi?id=1336067 -------------------------------------------------------------------------------- ================================================================================ perl-HTML-StripScripts-1.06-1.fc22 (FEDORA-2016-1db824c834) Strip scripting constructs out of HTML -------------------------------------------------------------------------------- Update Information: Various bugfixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1335524 - perl-HTML-StripScripts-1.06 is available https://bugzilla.redhat.com/show_bug.cgi?id=1335524 -------------------------------------------------------------------------------- ================================================================================ postgresql-9.4.8-1.fc22 (FEDORA-2016-bf149ccca1) PostgreSQL client programs -------------------------------------------------------------------------------- Update Information: update to 9.4.8 per release notes http://www.postgresql.org/docs/9.4/static/release-9-4-8.html -------------------------------------------------------------------------------- ================================================================================ pyparsing-2.1.3-1.fc22 (FEDORA-2016-617dfb8947) Python package with an object-oriented approach to text processing -------------------------------------------------------------------------------- Update Information: Update to the latest stable release. This is a minor update to fix some bugs that were found after 2.1.1 release and since 2.1.2 fixes were incomplete. The list of changes since 2.1.1 is: * Fixed catastrophic regex backtracking in implementation of the quoted string expressions (`dblQuotedString`, `sglQuotedString`, and `quotedString`); * Fixed bug in `_trim_arity` when pyparsing code is included in a `PyInstaller`. ---- Update to latest stable release with the following list of changes: - Fixed bug in `ParseResults.toDict()`, in which `dict` values were always converted to dicts, even if they were just unkeyed lists of tokens. - Fixed bug in `SkipTo` when using `failOn`. - Fixed bug in `Each` introduced in 2.1.0. - Removed use of `functools.partial` in `replaceWith`, as this creates an ambiguous signature for the generated parse action, which fails in PyPy. - Added support for assigning to `ParseResults` using slices. - Added default behavior to `QuotedString` to convert embedded '\t', '\n', etc. characters to their whitespace counterparts. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1335135 - pyparsing-2.1.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1335135 [ 2 ] Bug #1320353 - pyparsing-2.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1320353 -------------------------------------------------------------------------------- ================================================================================ qt-virt-manager-0.27.50-3.fc22 (FEDORA-2016-4474f116cc) Qt Virtual Machine Manager -------------------------------------------------------------------------------- Update Information: version 0.27.50 - - Qt5 only -------------------------------------------------------------------------------- ================================================================================ recoll-1.21.7-1.fc22 (FEDORA-2016-04b9478b2b) Desktop full text search tool with Qt GUI -------------------------------------------------------------------------------- Update Information: Update to latest upstream release to fix a crash in the graphical interface. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1334284 - [abrt] recoll: QObject::disconnect(): recoll killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1334284 -------------------------------------------------------------------------------- ================================================================================ skylable-sx-2.1-1.fc22 (FEDORA-2016-d5d56669fb) A reliable and scalable storage cluster -------------------------------------------------------------------------------- Update Information: new upstream release SX 2.1 -------------------------------------------------------------------------------- ================================================================================ sssd-1.13.4-3.fc22 (FEDORA-2016-36ff26d87c) System Security Services Daemon -------------------------------------------------------------------------------- Update Information: Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV -------------------------------------------------------------------------------- References: [ 1 ] Bug #1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1335639 -------------------------------------------------------------------------------- ================================================================================ websvn-2.3.3-13.fc22 (FEDORA-2016-cafcf15357) Online subversion repository browser -------------------------------------------------------------------------------- Update Information: Fix for CVE-2016-1236. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1333681 - CVE-2016-1236 websvn: XSS vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1333681 -------------------------------------------------------------------------------- ================================================================================ xen-4.5.3-4.fc22 (FEDORA-2016-a54261a145) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: create link to /usr/bin/qemu-system-i386 from /usr/lib/xen/bin for back compatibility and for virt-manager, cleaner fix for XSA-179 on qemu-xen- traditional ---- qemu-kvm: Integer overflow in SDL when creating too wide screen QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks [XSA-179, CVE-2016-3710, CVE-2016-3712] -------------------------------------------------------------------------------- References: [ 1 ] Bug #1318727 - qemu-kvm: Integer overflow in SDL when creating too wide screen https://bugzilla.redhat.com/show_bug.cgi?id=1318727 [ 2 ] Bug #1331401 - CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module https://bugzilla.redhat.com/show_bug.cgi?id=1331401 [ 3 ] Bug #1318712 - CVE-2016-3712 qemu-kvm: Out-of-bounds read when creating weird vga screen surface https://bugzilla.redhat.com/show_bug.cgi?id=1318712 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
