The following Fedora 22 Security updates need testing: Age URL 414 https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878 echoping-6.1-0.beta.r434svn.1.fc22 363 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185 ceph-deploy-1.5.25-1.fc22 296 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781 python-kdcproxy-0.3.2-1.fc22 250 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22 239 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf openstack-swift-2.2.0-6.fc22 208 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d miniupnpc-1.9-6.fc22 190 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 190 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 157 https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22 131 https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0 thttpd-2.25b-37.fc22 107 https://bodhi.fedoraproject.org/updates/FEDORA-2016-560802e52b xdelta-3.0.7-7.fc22 96 https://bodhi.fedoraproject.org/updates/FEDORA-2016-24d134e494 mingw-nsis-2.50-1.fc22 84 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3cbe9ad765 python-pygments-2.1.3-1.fc22 44 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc poppler-0.30.0-4.fc22 15 https://bodhi.fedoraproject.org/updates/FEDORA-2016-73a5867050 squid-3.5.10-4.fc22 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-19c34099d3 libarchive-3.1.2-14.fc22 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f3262abda6 dosfstools-3.0.27-2.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5bd283c48b bugzilla-4.4.12-1.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8fd9019541 xen-4.5.3-5.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a302f49f6d thunderbird-45.1.0-2.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-33ad3f97d4 openslp-2.0.0-6.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2363b37a98 kernel-4.4.11-200.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f5107c318e webkitgtk4-2.12.3-1.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-65f1ffdc0c php-5.6.22-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d3a56228f5 qemu-2.3.1-15.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cd05bd994a phpMyAdmin-4.6.2-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-80078b50d7 libusbmuxd-1.0.10-5.fc22 libimobiledevice-1.2.0-7.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e4c559515c roundcubemail-1.2.0-1.fc22 The following Fedora 22 Critical Path updates have yet to be approved: Age URL 289 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22 208 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f libgphoto2-2.5.8-1.fc22 190 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 190 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 114 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d3fce30d64 mobile-broadband-provider-info-1.20151214-1.fc22 85 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4d5434d82f parted-3.2-16.fc22 72 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d4e6e32c1c upower-0.99.3-2.fc22 44 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc poppler-0.30.0-4.fc22 41 https://bodhi.fedoraproject.org/updates/FEDORA-2016-027faabac4 libreport-2.6.4-2.fc22 abrt-2.6.1-11.fc22 39 https://bodhi.fedoraproject.org/updates/FEDORA-2016-af1f30412b pygtk2-2.24.0-14.fc22 36 https://bodhi.fedoraproject.org/updates/FEDORA-2016-41df7ccbc8 lldpad-1.0.1-4.git036e314.fc22 23 https://bodhi.fedoraproject.org/updates/FEDORA-2016-828f77de70 samba-4.2.12-0.fc22 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-19c34099d3 libarchive-3.1.2-14.fc22 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f3262abda6 dosfstools-3.0.27-2.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a302f49f6d thunderbird-45.1.0-2.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8ec2270aae libbluray-0.9.3-1.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-494ae26ab2 hwdata-0.289-1.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-33ad3f97d4 openslp-2.0.0-6.fc22 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2363b37a98 kernel-4.4.11-200.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-80078b50d7 libusbmuxd-1.0.10-5.fc22 libimobiledevice-1.2.0-7.fc22 The following builds have been pushed to Fedora 22 updates-testing R-Rcpp-0.12.5-1.fc22 ccsm-0.8.12.4-1.fc22 cherrytree-0.37.0-1.fc22 dkms-2.2.0.3-34.git.9e0394d.fc22 emerald-themes-0.8.12.1-1.fc22 globus-xio-udt-driver-1.21-1.fc22 libimobiledevice-1.2.0-7.fc22 libusbmuxd-1.0.10-5.fc22 phpMyAdmin-4.6.2-1.fc22 qemu-2.3.1-15.fc22 roundcubemail-1.2.0-1.fc22 salt-2015.5.10-1.fc22 tunir-0.15.3-1.fc22 Details about builds: ================================================================================ R-Rcpp-0.12.5-1.fc22 (FEDORA-2016-35e7ded333) Seamless R and C++ Integration -------------------------------------------------------------------------------- Update Information: https://cran.r-project.org/web/packages/Rcpp/news.html -------------------------------------------------------------------------------- ================================================================================ ccsm-0.8.12.4-1.fc22 (FEDORA-2016-792ed60c43) Plugin and configuration tool - Compiz Fusion Project -------------------------------------------------------------------------------- Update Information: ccsm update to 0.8.12.4 release emerald-themes update to 0.8.12.1 release obsolete emerald-themes-extra themes are moved to main package -------------------------------------------------------------------------------- ================================================================================ cherrytree-0.37.0-1.fc22 (FEDORA-2016-4061e48abb) Hierarchical note taking application -------------------------------------------------------------------------------- Update Information: update cherrytree to 0.37.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1340299 - cherrytree-0.37.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1340299 -------------------------------------------------------------------------------- ================================================================================ dkms-2.2.0.3-34.git.9e0394d.fc22 (FEDORA-2016-e0d1aa6b1b) Dynamic Kernel Module Support Framework -------------------------------------------------------------------------------- Update Information: Multiprocessor build support and bugfixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1334103 - RFE: Use parallel build on multiprocessor systems https://bugzilla.redhat.com/show_bug.cgi?id=1334103 [ 2 ] Bug #912300 - DKMS do not preserve timestamps when copying source into build directory, this may cause some pkgs re-build failures or at least extra work. https://bugzilla.redhat.com/show_bug.cgi?id=912300 -------------------------------------------------------------------------------- ================================================================================ emerald-themes-0.8.12.1-1.fc22 (FEDORA-2016-792ed60c43) Themes for Emerald, a window decorator for Compiz Fusion -------------------------------------------------------------------------------- Update Information: ccsm update to 0.8.12.4 release emerald-themes update to 0.8.12.1 release obsolete emerald-themes-extra themes are moved to main package -------------------------------------------------------------------------------- ================================================================================ globus-xio-udt-driver-1.21-1.fc22 (FEDORA-2016-69c919421b) Globus Toolkit - Globus XIO UDT Driver -------------------------------------------------------------------------------- Update Information: Add GLOBUS_XIO_UDT_STUNSERVER environment variable override -------------------------------------------------------------------------------- ================================================================================ libimobiledevice-1.2.0-7.fc22 (FEDORA-2016-80078b50d7) Library for connecting to mobile devices -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-5104 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1339988 - CVE-2016-5104 libimobiledevice: Sockets listening on INADDR_ANY https://bugzilla.redhat.com/show_bug.cgi?id=1339988 -------------------------------------------------------------------------------- ================================================================================ libusbmuxd-1.0.10-5.fc22 (FEDORA-2016-80078b50d7) Client library USB multiplex daemon for Apple's iOS devices -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-5104 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1339988 - CVE-2016-5104 libimobiledevice: Sockets listening on INADDR_ANY https://bugzilla.redhat.com/show_bug.cgi?id=1339988 -------------------------------------------------------------------------------- ================================================================================ phpMyAdmin-4.6.2-1.fc22 (FEDORA-2016-cd05bd994a) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information: phpMyAdmin 4.6.2 (2016-05-25) ============================= - [security] User SQL queries can be revealed through URL GET parameters, see PMASA-2016-14 - [security] Self XSS vulneratbility, see PMASA-2016-16 - Use https for documentation links - Fix schema export with too many tables - Avoid parsing non JSON responses as JSON - Avoid using too log URLs when getting javascripts - Fixed setting mixed case languages - Avoid storing objects in session when debugging SQL - Fix cookie path on IIS - Fix occassional 200 errors on Windows - Fix locking issues when importing SQL - Avoid confusing warning when mysql extension is missing - Improve handling of logout - Safer handling of sessions during authentication - Fix server selection on main page - Avoid storing full error data in session - Fixed export of ARCHIVE tables with keys - Add session reload for config authentication - Do not fail on errors stored in session - Fix loading of APC based upload progress bar -------------------------------------------------------------------------------- References: [ 1 ] Bug #1340066 - phpMyAdmin: Multiple issues fixed in 4.6.2 and 4.4.15.6 (PMASA-2016-16,PMASA-2016-15,PMASA-2016-14) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1340066 [ 2 ] Bug #1339852 - phpMyAdmin-4.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1339852 -------------------------------------------------------------------------------- ================================================================================ qemu-2.3.1-15.fc22 (FEDORA-2016-d3a56228f5) QEMU is a FAST! processor emulator -------------------------------------------------------------------------------- Update Information: * CVE-2016-4020: memory leak in kvmvapic.c (bz #1326904) * CVE-2016-4439: scsi: esb: OOB write #1 (bz #1337503) * CVE-2016-4441: scsi: esb: OOB write #2 (bz #1337506) * Fix regression installing windows 7 with qxl/vga (bz #1339267) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1313686 - CVE-2016-4020 Qemu: i386: leakage of stack memory to guest in kvmvapic.c https://bugzilla.redhat.com/show_bug.cgi?id=1313686 [ 2 ] Bug #1337502 - CVE-2016-4439 Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write https://bugzilla.redhat.com/show_bug.cgi?id=1337502 [ 3 ] Bug #1337505 - CVE-2016-4441 Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in get_cmd https://bugzilla.redhat.com/show_bug.cgi?id=1337505 -------------------------------------------------------------------------------- ================================================================================ roundcubemail-1.2.0-1.fc22 (FEDORA-2016-e4c559515c) Round Cube Webmail is a browser-based multilingual IMAP client -------------------------------------------------------------------------------- Update Information: Upstream announcement: [Roundcube Webmail 1.2.0 released](https://roundcube.net/news/2016/05/22/roundcube- webmail-1.2.0-released) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1339654 - CVE-2016-5103 roundcube: XSS vulnerability in mail content page https://bugzilla.redhat.com/show_bug.cgi?id=1339654 -------------------------------------------------------------------------------- ================================================================================ salt-2015.5.10-1.fc22 (FEDORA-2016-1fdb5e296b) A parallel remote execution system -------------------------------------------------------------------------------- Update Information: Update to bugfix release 2015.5.10 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1156551 - [rfe] use dnf instead of yum https://bugzilla.redhat.com/show_bug.cgi?id=1156551 -------------------------------------------------------------------------------- ================================================================================ tunir-0.15.3-1.fc22 (FEDORA-2016-1cf1f5fa30) An ultra light testing system -------------------------------------------------------------------------------- Update Information: Updates to bugfix release 0.15.3 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
