The following Fedora 22 Security updates need testing:
Age URL
393
https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878
echoping-6.1-0.beta.r434svn.1.fc22
342
https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185
ceph-deploy-1.5.25-1.fc22
274
https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781
python-kdcproxy-0.3.2-1.fc22
229
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22
217
https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf
openstack-swift-2.2.0-6.fc22
186
https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d
miniupnpc-1.9-6.fc22
169
https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4
libpng-1.6.16-4.fc22
169
https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6
libpng-1.6.16-5.fc22
150
https://bodhi.fedoraproject.org/updates/FEDORA-2015-3a5cebb105
ImageMagick-6.9.2.7-1.fc22
136
https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22
110
https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0
thttpd-2.25b-37.fc22
86
https://bodhi.fedoraproject.org/updates/FEDORA-2016-560802e52b
xdelta-3.0.7-7.fc22
75
https://bodhi.fedoraproject.org/updates/FEDORA-2016-24d134e494
mingw-nsis-2.50-1.fc22
66
https://bodhi.fedoraproject.org/updates/FEDORA-2016-338a7e9925
graphite2-1.3.6-1.fc22
62
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3cbe9ad765
python-pygments-2.1.3-1.fc22
23
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc
poppler-0.30.0-4.fc22
12
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1bad2b755
thunderbird-45.0-2.fc22
12
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1aaf308de4
community-mysql-5.6.30-1.fc22
10
https://bodhi.fedoraproject.org/updates/FEDORA-2016-927aade89c
rpm-4.12.0.1-17.fc22
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6fd7a31d36
pgpdump-0.30-1.fc22
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e205218629 php-5.6.21-1.fc22
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7d6cbcadca gd-2.1.1-3.fc22
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-9851b69dbb
openvas-cli-1.4.4-1.fc22 openvas-gsa-6.0.10-3.fc22 openvas-libraries-8.0.7-2.fc22
openvas-manager-6.0.8-2.fc22 openvas-scanner-5.0.5-3.fc22
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe0d8f126a
botan-1.10.13-1.fc22
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-777d838c1b
ntp-4.2.6p5-40.fc22
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3e64b32a91 dhcp-4.3.2-8.fc22
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1e39d934ed
openssl-1.0.1k-15.fc22
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e2acbd739f
firefox-46.0.1-1.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-655d81aa89
squid-3.5.10-3.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d708261ce2
jackson-dataformat-xml-2.5.0-3.fc22
The following Fedora 22 Critical Path updates have yet to be approved:
Age URL
268
https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22
186
https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f
libgphoto2-2.5.8-1.fc22
169
https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6
libpng-1.6.16-5.fc22
169
https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4
libpng-1.6.16-4.fc22
92
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d3fce30d64
mobile-broadband-provider-info-1.20151214-1.fc22
75
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ce419c9cab
selinux-policy-3.13.1-128.28.fc22
64
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4d5434d82f parted-3.2-16.fc22
51
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d4e6e32c1c
upower-0.99.3-2.fc22
23
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a028331ebc
poppler-0.30.0-4.fc22
20
https://bodhi.fedoraproject.org/updates/FEDORA-2016-027faabac4
libreport-2.6.4-2.fc22 abrt-2.6.1-11.fc22
18
https://bodhi.fedoraproject.org/updates/FEDORA-2016-af1f30412b
pygtk2-2.24.0-14.fc22
14
https://bodhi.fedoraproject.org/updates/FEDORA-2016-83b47a28ce
wavpack-4.80.0-1.fc22
14
https://bodhi.fedoraproject.org/updates/FEDORA-2016-41df7ccbc8
lldpad-1.0.1-4.git036e314.fc22
12
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1bad2b755
thunderbird-45.0-2.fc22
10
https://bodhi.fedoraproject.org/updates/FEDORA-2016-927aade89c
rpm-4.12.0.1-17.fc22
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7d6cbcadca gd-2.1.1-3.fc22
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-cc848e483a
xulrunner-44.0-6.fc22
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3e64b32a91 dhcp-4.3.2-8.fc22
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e99389f35d
openssh-6.9p1-12.fc22
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e2acbd739f
firefox-46.0.1-1.fc22
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1e39d934ed
openssl-1.0.1k-15.fc22
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-828f77de70
samba-4.2.12-0.fc22
The following builds have been pushed to Fedora 22 updates-testing
apper-0.9.2-6.fc22
cjdns-17.3-13.fc22
copr-keygen-1.66-1.fc22
copr-selinux-1.40-1.fc22
fontawesome-fonts-4.6.2-1.fc22
ibus-chewing-1.5.0-1.fc22
jackson-dataformat-xml-2.5.0-3.fc22
libmediainfo-0.7.85-1.fc22
libreswan-3.17-2.fc22
mediainfo-0.7.85-1.fc22
openchange-2.2-12.fc22
perl-Inline-Struct-0.23-1.fc22
perl-Tree-Simple-1.28-1.fc22
pidgin-sipe-1.21.0-2.fc22
python-gnupg-0.3.8-2.fc22
python-multi_key_dict-2.0.3-1.fc22
python-osrf-pycommon-0.1.2-1.fc22
rubygem-font-awesome-rails-4.6.2.0-1.fc22
scap-security-guide-0.1.29-1.fc22
squid-3.5.10-3.fc22
Details about builds:
================================================================================
apper-0.9.2-6.fc22 (FEDORA-2016-bfc2b5b058)
KDE interface for PackageKit
--------------------------------------------------------------------------------
Update Information:
Hard-code style (plastique/oxygen) to workaround UI glitches
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1209017 - 0.9.1 Apper overlapping messages while downloading
https://bugzilla.redhat.com/show_bug.cgi?id=1209017
--------------------------------------------------------------------------------
================================================================================
cjdns-17.3-13.fc22 (FEDORA-2016-f182c4ac33)
The privacy-friendly network without borders
--------------------------------------------------------------------------------
Update Information:
man page for cjdnslog, fix running Fedora as well as OpenVZ.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1330212 - cjdns fails to create tun device at boot
https://bugzilla.redhat.com/show_bug.cgi?id=1330212
--------------------------------------------------------------------------------
================================================================================
copr-keygen-1.66-1.fc22 (FEDORA-2016-2e5461e184)
Part of Copr build system. Aux service that generate keys for signd
--------------------------------------------------------------------------------
Update Information:
* PyPI builds improvement * improvement to group projects
--------------------------------------------------------------------------------
================================================================================
copr-selinux-1.40-1.fc22 (FEDORA-2016-2e5461e184)
SELinux module for COPR
--------------------------------------------------------------------------------
Update Information:
* PyPI builds improvement * improvement to group projects
--------------------------------------------------------------------------------
================================================================================
fontawesome-fonts-4.6.2-1.fc22 (FEDORA-2016-927aa701af)
Iconic font set
--------------------------------------------------------------------------------
Update Information:
Update to 4.6.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1333213 - fontawesome-fonts-v4.6.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1333213
--------------------------------------------------------------------------------
================================================================================
ibus-chewing-1.5.0-1.fc22 (FEDORA-2016-04a89aeaf3)
The Chewing engine for IBus input platform
--------------------------------------------------------------------------------
Update Information:
- Enhancement: * New option: "Clean pre-edit buffer when focus out" - Fix:
*
Fixed the issues found in static checks * Fixed Bug 1182813 ibus-chewing
crashes gedit in search box while window out of focus a.k.a GitHub issue #28
* Fixed GitHub issue #37 Cannot use cmake out of source build Cannot use cmake
out of source build * Fixed GitHub issue #47 CHEWING_DATADIR CMake variable
name mismatch * Fixed GitHub issue #61 GConf2 should be removed from INSTALL
document * Fixed GitHub issue #64 systray should be able to show the
Chinese/English mode * Fixed GitHub issue #68 CPU usage very high when switch
to Chewing Engine * Fixed Bug 1177198 - [abrt] ibus-chewing:
XGetKeyboardControl(): ibus-engine-chewing killed by SIGSEGV * Fixed Bug
1319403 - [RFE] ibus-chewing: New option: Caps Lock behavior a.k.a. GitHub
issue #66 * Fixed Bug 1330194 - Ctrl-c failed to output as Ctrl-c a.k.a.
GitHub issue #69 * Pull Request #67 Fix property "easy-symbol-input" is
covered by "shift-toggle-chinese" Thanks southernbear for providing this
fix.
--------------------------------------------------------------------------------
================================================================================
jackson-dataformat-xml-2.5.0-3.fc22 (FEDORA-2016-d708261ce2)
XML data binding extension for Jackson
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-3720
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1328427 - CVE-2016-3720 jackson-dataformat-xml: XmlMapper is vulnerable to
XXE attack
https://bugzilla.redhat.com/show_bug.cgi?id=1328427
--------------------------------------------------------------------------------
================================================================================
libmediainfo-0.7.85-1.fc22 (FEDORA-2016-700aeb28bb)
Library for supplies technical and tag information about a video or audio file
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.85.
--------------------------------------------------------------------------------
================================================================================
libreswan-3.17-2.fc22 (FEDORA-2016-ff3cc6b272)
IPsec implementation with IKEv1 and IKEv2 keying protocols
--------------------------------------------------------------------------------
Update Information:
Resolves: rhbz#1324956 prelink is gone, /etc/prelink.conf.d/* is no longer used
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1324956 - prelink is gone, /etc/prelink.conf.d/* is no longer used
https://bugzilla.redhat.com/show_bug.cgi?id=1324956
--------------------------------------------------------------------------------
================================================================================
mediainfo-0.7.85-1.fc22 (FEDORA-2016-700aeb28bb)
Supplies technical and tag information about a video or audio file (CLI)
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.85.
--------------------------------------------------------------------------------
================================================================================
openchange-2.2-12.fc22 (FEDORA-2016-2bd0b999e5)
Provides access to Microsoft Exchange servers using native protocols
--------------------------------------------------------------------------------
Update Information:
Rebuild against newer samba
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1333615 - Outdated dependency of openchange breaks (prevents) update of samba
4.2.11 packages
https://bugzilla.redhat.com/show_bug.cgi?id=1333615
--------------------------------------------------------------------------------
================================================================================
perl-Inline-Struct-0.23-1.fc22 (FEDORA-2016-24085a44d2)
Manipulate C structures directly from Perl
--------------------------------------------------------------------------------
Update Information:
This release makes tests more portable.
--------------------------------------------------------------------------------
================================================================================
perl-Tree-Simple-1.28-1.fc22 (FEDORA-2016-f8a9cd0f60)
Tree::Simple Perl module
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
================================================================================
pidgin-sipe-1.21.0-2.fc22 (FEDORA-2016-42b0719783)
Pidgin protocol plugin to connect to MS Office Communicator
--------------------------------------------------------------------------------
Update Information:
add patch to fix configure failure on F23+ x86_64 (bz #1333438)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1333438 - 1.21.0-1.fc23 lost ability to make calls and video
https://bugzilla.redhat.com/show_bug.cgi?id=1333438
--------------------------------------------------------------------------------
================================================================================
python-gnupg-0.3.8-2.fc22 (FEDORA-2016-3ea7044142)
A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
--------------------------------------------------------------------------------
Update Information:
Fix provides and obsoletes ---- Version 0.3.8. This update also introduce the
python3- package for the releases that support it.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1305346 - python-gnupg 0.3.8 has been released
https://bugzilla.redhat.com/show_bug.cgi?id=1305346
[ 2 ] Bug #1332704 - python2-gnupg does not seem to provide python-gnupg
https://bugzilla.redhat.com/show_bug.cgi?id=1332704
--------------------------------------------------------------------------------
================================================================================
python-multi_key_dict-2.0.3-1.fc22 (FEDORA-2016-0c5a770a45)
Multi-key dictionary implementation in Python
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1325452 - Review Request: python-multi_key_dict - Multi-key dictionary
implementation in Python
https://bugzilla.redhat.com/show_bug.cgi?id=1325452
--------------------------------------------------------------------------------
================================================================================
python-osrf-pycommon-0.1.2-1.fc22 (FEDORA-2016-050e8259b0)
Commonly needed Python modules used by software developed at OSRF
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1328350 - Review Request: python-osrf-pycommon - Commonly needed Python
modules used by software developed at OSRF
https://bugzilla.redhat.com/show_bug.cgi?id=1328350
--------------------------------------------------------------------------------
================================================================================
rubygem-font-awesome-rails-4.6.2.0-1.fc22 (FEDORA-2016-927aa701af)
An asset gemification of the font-awesome icon font library
--------------------------------------------------------------------------------
Update Information:
Update to 4.6.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1333213 - fontawesome-fonts-v4.6.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1333213
--------------------------------------------------------------------------------
================================================================================
scap-security-guide-0.1.29-1.fc22 (FEDORA-2016-bcb9f10316)
Security guidance and baselines in SCAP formats
--------------------------------------------------------------------------------
Update Information:
- Update to latest upstream SCAP-Security-Guide-0.1.29 release:
https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.29 - Do not
ship Firefox/DISCLAIMER documentation file since it has been removed in 0.1.29
upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1215277 - Doc locations incorrect in man page
https://bugzilla.redhat.com/show_bug.cgi?id=1215277
[ 2 ] Bug #1147277 - ntpd is not a default ntp client since fedora 16
https://bugzilla.redhat.com/show_bug.cgi?id=1147277
--------------------------------------------------------------------------------
================================================================================
squid-3.5.10-3.fc22 (FEDORA-2016-655d81aa89)
The Squid proxy caching server
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-4051, CVE-2016-4052, CVE-2016-4053, CVE-2016-4054
---- Security fix for CVE-2016-3947 and CVE-2016-3948
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1329136 - CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: multiple issues in
ESI processing
https://bugzilla.redhat.com/show_bug.cgi?id=1329136
[ 2 ] Bug #1329126 - CVE-2016-4051 squid: buffer overflow in cachemgr.cgi
https://bugzilla.redhat.com/show_bug.cgi?id=1329126
[ 3 ] Bug #1323594 - CVE-2016-3948 squid: denial of service issue in HTTP response
processing
https://bugzilla.redhat.com/show_bug.cgi?id=1323594
[ 4 ] Bug #1323590 - CVE-2016-3947 squid: buffer overrun in Squid proxy pinger
https://bugzilla.redhat.com/show_bug.cgi?id=1323590
--------------------------------------------------------------------------------