The following Fedora 22 Security updates need testing:
Age URL
289
https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878
echoping-6.1-0.beta.r434svn.1.fc22
238
https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185
ceph-deploy-1.5.25-1.fc22
170
https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781
python-kdcproxy-0.3.2-1.fc22
125
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22
118
https://bodhi.fedoraproject.org/updates/FEDORA-2015-05490fc42d
squid-3.4.13-3.fc22
113
https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf
openstack-swift-2.2.0-6.fc22
82
https://bodhi.fedoraproject.org/updates/FEDORA-2015-0552500cd7
python-pygments-2.0.2-3.fc22
82
https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d
miniupnpc-1.9-6.fc22
65
https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4
libpng-1.6.16-4.fc22
65
https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6
libpng-1.6.16-5.fc22
58
https://bodhi.fedoraproject.org/updates/FEDORA-2015-8413bdd343 abrt-2.6.1-7.fc22
47
https://bodhi.fedoraproject.org/updates/FEDORA-2015-3a5cebb105
ImageMagick-6.9.2.7-1.fc22
47
https://bodhi.fedoraproject.org/updates/FEDORA-2015-39522bb8c9
php-PHPMailer-5.2.14-1.fc22
37
https://bodhi.fedoraproject.org/updates/FEDORA-2015-6efa349a85
subversion-1.8.15-1.fc22
32
https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22
11
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4ca904238f
perl-PathTools-3.47-312.fc22
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-adb533a418 dhcp-4.3.2-7.fc22
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2dcc094217
golang-1.5.3-1.fc22
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6aa4dd4f3a
mod_nss-1.0.11-6.fc22
6
https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0
thttpd-2.25b-37.fc22
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-215b507409 cgit-0.12-1.fc22
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2e89eba0c1
gsi-openssh-6.9p1-7.fc22
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f71868ce66
kernel-4.3.3-200.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d132dbb529
webkitgtk4-2.10.4-1.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-fb2597f4eb
moodle-2.8.10-1.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e1784417af xen-4.5.2-7.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1ab53bf440
bind-9.10.3-8.P3.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1323b9078a
bind99-9.9.8-2.P3.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3ea667977a
java-1.8.0-openjdk-1.8.0.71-1.b15.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-34bc10a2c8
ntp-4.2.6p5-36.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6f783d1768
chrony-2.1.1-2.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-275e9ff483 qemu-2.3.1-11.fc22
The following Fedora 22 Critical Path updates have yet to be approved:
Age URL
164
https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22
150
https://bodhi.fedoraproject.org/updates/FEDORA-2015-14218 xulrunner-40.0-1.fc22
82
https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f
libgphoto2-2.5.8-1.fc22
79
https://bodhi.fedoraproject.org/updates/FEDORA-2015-48f718ed1b vim-7.4.909-1.fc22
76
https://bodhi.fedoraproject.org/updates/FEDORA-2015-069fea7e6b
livecd-tools-22.3-1.fc22
65
https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6
libpng-1.6.16-5.fc22
65
https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4
libpng-1.6.16-4.fc22
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-46b611abb8
httpd-2.4.18-1.fc22
14
https://bodhi.fedoraproject.org/updates/FEDORA-2016-91d16b7dc4
krb5-1.13.2-11.fc22
14
https://bodhi.fedoraproject.org/updates/FEDORA-2016-46c1b30b79
librsvg2-2.40.13-1.fc22
14
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7365dd5df4
systemd-219-27.fc22
14
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d77e88459e
breeze-icon-theme-5.18.0-1.fc22 extra-cmake-modules-5.18.0-1.fc22 kf5-5.18.0-1.fc22
kf5-attica-5.18.0-1.fc22 kf5-baloo-5.18.0-1.fc22 kf5-bluez-qt-5.18.0-1.fc22
kf5-frameworkintegration-5.18.0-1.fc22 kf5-kactivities-5.18.0-1.fc22
kf5-kapidox-5.18.0-1.fc22 kf5-karchive-5.18.0-1.fc22 kf5-kauth-5.18.0-1.fc22
kf5-kbookmarks-5.18.0-1.fc22 kf5-kcmutils-5.18.0-1.fc22 kf5-kcodecs-5.18.0-1.fc22
kf5-kcompletion-5.18.0-1.fc22 kf5-kconfig-5.18.0-1.fc22 kf5-kconfigwidgets-5.18.0-1.fc22
kf5-kcoreaddons-5.18.0-1.fc22 kf5-kcrash-5.18.0-1.fc22 kf5-kdbusaddons-5.18.0-1.fc22
kf5-kdeclarative-5.18.0-1.fc22 kf5-kded-5.18.0-1.fc22 kf5-kdelibs4support-5.18.0-1.fc22
kf5-kdesignerplugin-5.18.0-1.fc22 kf5-kdesu-5.18.0-1.fc22 kf5-kdewebkit-5.18.0-1.fc22
kf5-kdnssd-5.18.0-1.fc22 kf5-kdoctools-5.18.0-1.fc22 kf5-kemoticons-5.18.0-1.fc22
kf5-kfilemetadata-5.18.0-1.fc22 kf5-kglobalaccel-5.18.0-1.fc22
kf5-kguiaddons-5.18.0-1.fc22 kf5-khtml
-5.18.0-
1.fc22 kf5-ki18n-5.18.0-1.fc22 kf5-kiconthemes-5.18.0-1.fc22 kf5-kidletime-5.18.0-1.fc22
kf5-kimageformats-5.18.0-1.fc22 kf5-kinit-5.18.0-1.fc22 kf5-kio-5.18.0-1.fc22
kf5-kitemmodels-5.18.0-1.fc22 kf5-kitemviews-5.18.0-1.fc22 kf5-kjobwidgets-5.18.0-1.fc22
kf5-kjs-5.18.0-1.fc22 kf5-kjsembed-5.18.0-1.fc22 kf5-kmediaplayer-5.18.0-1.fc22
kf5-knewstuff-5.18.0-1.fc22 kf5-knotifications-5.18.0-1.fc22
kf5-knotifyconfig-5.18.0-1.fc22 kf5-kpackage-5.18.0-1.fc22 kf5-kparts-5.18.0-1.fc22
kf5-kpeople-5.18.0-1.fc22 kf5-kplotting-5.18.0-1.fc22 kf5-kpty-5.18.0-1.fc22
kf5-kross-5.18.0-1.fc22 kf5-krunner-5.18.0-1.fc22 kf5-kservice-5.18.0-1.fc22
kf5-ktexteditor-5.18.0-1.fc22 kf5-ktextwidgets-5.18.0-1.fc22
kf5-kunitconversion-5.18.0-1.fc22 kf5-kwallet-5.18.0-2.fc22
kf5-kwidgetsaddons-5.18.0-1.fc22 kf5-kwindowsystem-5.18.0-1.fc22 kf5-kxmlgui-5.18.0-1.fc22
kf5-kxmlrpcclient-5.18.0-1.fc22 kf5-modemmanager-qt-5.18.0-1.fc22
kf5-networkmanager-qt-5.18.0-2.fc22 kf5-plasma-5.18.0-1.fc22 kf5-solid-5.18.
0-1.fc22
kf5-sonnet-5.18.0-1.fc22 kf5-threadweaver-5.18.0-1.fc22 oxygen-icon-theme-5.18.0-1.fc22
11
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e01d1ad05e gtk3-3.16.7-2.fc22
11
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4ca904238f
perl-PathTools-3.47-312.fc22
11
https://bodhi.fedoraproject.org/updates/FEDORA-2016-971135608b bash-4.3.42-3.fc22
11
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f276883189
gnutls-3.3.20-1.fc22
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-adb533a418 dhcp-4.3.2-7.fc22
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-825869e1a4
selinux-policy-3.13.1-128.25.fc22
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f71868ce66
kernel-4.3.3-200.fc22
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7b20d976a1
hwdata-0.285-2.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1ab53bf440
bind-9.10.3-8.P3.fc22
The following builds have been pushed to Fedora 22 updates-testing
awscli-1.9.21-1.fc22
bind-9.10.3-8.P3.fc22
bind99-9.9.8-2.P3.fc22
chrony-2.1.1-2.fc22
compat-libuv010-0.10.34-4.fc22
cptutils-1.62-1.fc22
docker-1.9.1-4.git64eb95e.fc22
eclipse-4.5.1-7.fc22
enlightenment-0.20.3-1.fc22
freedv-1.1-4.fc22
golang-github-hashicorp-errwrap-0-0.1.git7554cd9.fc22
golang-github-hashicorp-go-cleanhttp-0-0.1.git5df5ddc.fc22
golang-github-hashicorp-go-immutable-radix-0-0.1.gitaca1bd0.fc22
greenisland-0.7.1-1.fc22
haproxy-1.5.15-2.fc22
hawaii-shell-0.6.0-2.fc22
hawaii-workspace-0.5.0-2.fc22
java-1.8.0-openjdk-1.8.0.71-1.b15.fc22
kgpg-15.12.1-1.fc22
libhawaii-0.6.0-1.fc22
libnatpmp-20150609-1.fc22
libvirt-1.2.13.2-2.fc22
lifeograph-1.3.0-1.fc22
mksh-52b-1.fc22
moodle-2.8.10-1.fc22
mozilla-requestpolicy-1.0-0.13.20160102gitc27c1f.fc22
ntp-4.2.6p5-36.fc22
openscap-daemon-0.1.1-4.fc22
osbs-client-0.16-1.fc22
perl-Module-CoreList-5.20160120-1.fc22
php-SymfonyCmfRouting-1.3.0-4.fc22
php-interfasys-lognormalizer-1.0-1.fc22
php-league-flysystem-1.0.16-1.fc22
php-mcnetic-zipstreamer-0.7-1.fc22
php-mtdowling-jmespath-php-2.3.0-1.fc22
php-nette-bootstrap-2.3.4-1.fc22
php-owncloud-tarstreamer-0.1-0.1.beta3.fc22
php-scssphp-0.4.0-1.fc22
python-botocore-1.3.21-1.fc22
python-inifile-0.3-2.fc22
python-polib-1.0.7-2.fc22
qbittorrent-3.3.3-1.fc22
qemu-2.3.1-11.fc22
qtlockedfile-2.4-20.20150629git5a07df5.fc22
qtsingleapplication-2.6.1-26.fc22
s3cmd-1.6.1-1.fc22
sssd-1.13.3-3.fc22
terminology-0.9.1-3.fc22
transmission-2.84-10.fc22
unbound-1.5.7-2.fc22
webkitgtk4-2.10.4-1.fc22
xen-4.5.2-7.fc22
Details about builds:
================================================================================
awscli-1.9.21-1.fc22 (FEDORA-2016-ceb9329741)
Universal Command Line Environment for AWS
--------------------------------------------------------------------------------
Update Information:
Small update from upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1297989 - awscli-1.9.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1297989
[ 2 ] Bug #1298925 - python-botocore-1.3.21 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1298925
--------------------------------------------------------------------------------
================================================================================
bind-9.10.3-8.P3.fc22 (FEDORA-2016-1ab53bf440)
The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
--------------------------------------------------------------------------------
Update Information:
Update to the latest upstream version due to security fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1300051 - CVE-2015-8704 CVE-2015-8705 bind: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1300051
--------------------------------------------------------------------------------
================================================================================
bind99-9.9.8-2.P3.fc22 (FEDORA-2016-1323b9078a)
The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) libraries
--------------------------------------------------------------------------------
Update Information:
Update to the latest upstream version due to security fix
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1300052 - CVE-2015-8704 bind99: bind: specific APL data could trigger an
INSIST in apl_42.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1300052
--------------------------------------------------------------------------------
================================================================================
chrony-2.1.1-2.fc22 (FEDORA-2016-6f783d1768)
An NTP client/server
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-1567
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1297472 - CVE-2016-1567 chrony: missing key check allows impersonation
between authenticated peers (VU#357792)
https://bugzilla.redhat.com/show_bug.cgi?id=1297472
--------------------------------------------------------------------------------
================================================================================
compat-libuv010-0.10.34-4.fc22 (FEDORA-2016-f76c1d0536)
Platform layer for node.js - compatibility library for nodejs 0.10.x
--------------------------------------------------------------------------------
Update Information:
Fix typo in pkg-config file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1300061 - compat-libuv010.pc contains an error in Cflags property
https://bugzilla.redhat.com/show_bug.cgi?id=1300061
--------------------------------------------------------------------------------
================================================================================
cptutils-1.62-1.fc22 (FEDORA-2016-f8a3edb437)
Utilities to manipulate and translate color gradients
--------------------------------------------------------------------------------
Update Information:
- added the cptpg program - removed border from svg previews ---- - Fix for
UCS-2 to UTF-8 conversion of Japanese names titles in pssvg ---- - added
svga colour support to svgx - use of uninitialised value bug in ggr.c fixed,
many thanks to David Binderman for spotting this.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1300104 - cptutils-1.62 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1300104
[ 2 ] Bug #1293506 - cptutils-1.61 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1293506
[ 3 ] Bug #1292642 - cptutils-1.60 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1292642
--------------------------------------------------------------------------------
================================================================================
docker-1.9.1-4.git64eb95e.fc22 (FEDORA-2016-29e6508bbf)
Automates deployment of containerized applications
--------------------------------------------------------------------------------
Update Information:
built docker @projectatomic/fedora-1.9 commit#2f940c1
--------------------------------------------------------------------------------
================================================================================
eclipse-4.5.1-7.fc22 (FEDORA-2016-cbb77ab56f)
An open, extensible IDE
--------------------------------------------------------------------------------
Update Information:
* CPU consumption of Eclipse should now be ~1% when idle, as opposed to 60-80%.
It should be the same as when Eclipse is minimized. * Egit repository view
should not have a white background around links when no repositories exist. *
Entries in quick-outline view (ctrl + o) should be readable without having to
hover over them
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1269892 - [eclipse] text and icons are partially rendered on top of a white
background.
https://bugzilla.redhat.com/show_bug.cgi?id=1269892
[ 2 ] Bug #1294697 - Eclipse consumes entire CPU as long as the window is open
https://bugzilla.redhat.com/show_bug.cgi?id=1294697
--------------------------------------------------------------------------------
================================================================================
enlightenment-0.20.3-1.fc22 (FEDORA-2016-8486ee61a5)
Enlightenment window manager
--------------------------------------------------------------------------------
Update Information:
- update to 0.20.3
--------------------------------------------------------------------------------
================================================================================
freedv-1.1-4.fc22 (FEDORA-2016-86353fa95c)
FreeDV Digital Voice
--------------------------------------------------------------------------------
Update Information:
Initial package release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1278638 - Review Request: freedv - FreeDV Digital Voice
https://bugzilla.redhat.com/show_bug.cgi?id=1278638
--------------------------------------------------------------------------------
================================================================================
golang-github-hashicorp-errwrap-0-0.1.git7554cd9.fc22 (FEDORA-2016-48005d9fb9)
Errwrap is a Go (golang) library for wrapping and querying errors
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
================================================================================
golang-github-hashicorp-go-cleanhttp-0-0.1.git5df5ddc.fc22 (FEDORA-2016-0c9675622e)
Functions for accessing "clean" Go http.Client values
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
================================================================================
golang-github-hashicorp-go-immutable-radix-0-0.1.gitaca1bd0.fc22
(FEDORA-2016-c5308a36b5)
An immutable radix tree implementation in Golang
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
================================================================================
greenisland-0.7.1-1.fc22 (FEDORA-2016-642a855f16)
QtQuick-based Wayland compositor in library form
--------------------------------------------------------------------------------
Update Information:
Hawaii update
--------------------------------------------------------------------------------
================================================================================
haproxy-1.5.15-2.fc22 (FEDORA-2016-8d0347edcd)
HAProxy reverse proxy for high availability environments
--------------------------------------------------------------------------------
Update Information:
Extend default max hostname length to 64 and beyond
--------------------------------------------------------------------------------
================================================================================
hawaii-shell-0.6.0-2.fc22 (FEDORA-2016-642a855f16)
Hawaii shell for desktop, netbook and tablet
--------------------------------------------------------------------------------
Update Information:
Hawaii update
--------------------------------------------------------------------------------
================================================================================
hawaii-workspace-0.5.0-2.fc22 (FEDORA-2016-c3843ae2a1)
Hawaii workspace, applications and plugins
--------------------------------------------------------------------------------
Update Information:
New hawaii-workspace package
--------------------------------------------------------------------------------
================================================================================
java-1.8.0-openjdk-1.8.0.71-1.b15.fc22 (FEDORA-2016-3ea667977a)
OpenJDK Runtime Environment
--------------------------------------------------------------------------------
Update Information:
security update to CPU 19.1.2016 to u71b15
--------------------------------------------------------------------------------
================================================================================
kgpg-15.12.1-1.fc22 (FEDORA-2016-0140c00e39)
Manage GPG encryption keys
--------------------------------------------------------------------------------
Update Information:
Latest stable/bugfix upstream release as part of
https://www.kde.org/announcements/announce-applications-15.12.1.php
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1285296 - update-desktop-database reports error about kgpg desktop file
https://bugzilla.redhat.com/show_bug.cgi?id=1285296
--------------------------------------------------------------------------------
================================================================================
libhawaii-0.6.0-1.fc22 (FEDORA-2016-642a855f16)
Core share library for Hawaii desktop suite
--------------------------------------------------------------------------------
Update Information:
Hawaii update
--------------------------------------------------------------------------------
================================================================================
libnatpmp-20150609-1.fc22 (FEDORA-2016-663165e811)
Library of The NAT Port Mapping Protocol (NAT-PMP)
--------------------------------------------------------------------------------
Update Information:
Update libnatpmp to support unbundling it from transmission. Patch transmission
gtk interface glitch.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1288861 - Transmission interface glitch
https://bugzilla.redhat.com/show_bug.cgi?id=1288861
[ 2 ] Bug #1264292 - Unbundle libnatpmp
https://bugzilla.redhat.com/show_bug.cgi?id=1264292
[ 3 ] Bug #1229934 - libnatpmp-20150609 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1229934
--------------------------------------------------------------------------------
================================================================================
libvirt-1.2.13.2-2.fc22 (FEDORA-2016-9508f1538a)
Library providing a simple virtualization API
--------------------------------------------------------------------------------
Update Information:
* Fix XML validation with qemu commandline passthrough (bz #1292131) * Fix crash
in libvirt_leasehelper (bz #1202350) * Generate consistent systemtap tapsets
regardless of host arch (bz #1173641) * Fix qemu:///session error 'Transport
endpoint is not connected' (bz #1271183) * Fix parallel VM start/top svirt
errors on kernel/initrd (bz #1269975)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1292131 - Validation of XML with QEMU command line fails
https://bugzilla.redhat.com/show_bug.cgi?id=1292131
--------------------------------------------------------------------------------
================================================================================
lifeograph-1.3.0-1.fc22 (FEDORA-2016-6e87465a40)
A diary program
--------------------------------------------------------------------------------
Update Information:
Update to new release 1.3.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1298699 - update to 1.3.0
https://bugzilla.redhat.com/show_bug.cgi?id=1298699
--------------------------------------------------------------------------------
================================================================================
mksh-52b-1.fc22 (FEDORA-2016-f483ef5e9a)
MirBSD enhanced version of the Korn Shell
--------------------------------------------------------------------------------
Update Information:
mksh R52b ========= R52b is a strongly recommended bugfix-only release: *
Recognise ksh93 compiled scripts and LZIP compressed files as binary (i.e. to
not run as mksh plaintext script) * Document that we will implement locale
tracking later * Add EEXIST to failback strerror(3) * Make set -C; :>foo race-
free * Don���t use unset in portable build script * Plug warning on
GNU/kFreeBSD, GNU/Hurd * Document read -a resets the integer base * Fix
manpage: time is not a builtin but a reserved word * Make exit (and return) eat
-1 * parse ���$( (( ��� ) ��� ) ��� )��� correctly (LP#1532621), Jan Palus * reduce
memory footprint by free(3)ing more aggressively * fix buffer overrun
(LP#1533394), bugreport by izabera * correctly handle nested ADELIM parsing
(LP#1453827), Teckids * permit ���read -A/-a arr[idx]��� as long as only one
element is read; fix corruption of array indic��s with this construct
(LP#1533396), izabera * Sanitise OS-provided signal number in even more places
* As requested by J��rg, be clear manpage advice is for mksh * Revert (as it was
a regression) POSIX bugfix from R52/2005 related to accent gravis-style command
substitution until POSIX decides either way * Handle export et al. after
command (Austin#351) * Catch EPIPE in built-in cat and return as SIGPIPE
(LP#1532621) * Fix errno in print/echo builtin; optimise that and unbksl *
Update documentation, point out POSIX violation (Austin#1015)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1300482 - mksh-52b is available
https://bugzilla.redhat.com/show_bug.cgi?id=1300482
--------------------------------------------------------------------------------
================================================================================
moodle-2.8.10-1.fc22 (FEDORA-2016-fb2597f4eb)
A Course Management System
--------------------------------------------------------------------------------
Update Information:
Security update.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1299363 - CVE-2016-0724 moodle: two enrolment-related web services don't
check course visibility [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1299363
[ 2 ] Bug #1299355 - CVE-2016-0725 moodle: XSS vulnerability in course management search
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1299355
--------------------------------------------------------------------------------
================================================================================
mozilla-requestpolicy-1.0-0.13.20160102gitc27c1f.fc22 (FEDORA-2016-0d45603429)
Firefox and Seamonkey extension that gives you control over cross-site requests
--------------------------------------------------------------------------------
Update Information:
- Update to v1.0.beta11pre4
--------------------------------------------------------------------------------
================================================================================
ntp-4.2.6p5-36.fc22 (FEDORA-2016-34bc10a2c8)
The NTP daemon and utilities
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2015-7974, CVE-2015-8138, CVE-2015-7977, CVE-2015-7978,
CVE-2015-7979, CVE-2015-8158 ---- Security fix for CVE-2015-7704,
CVE-2015-5300, CVE-2015-7692, CVE-2015-7871, CVE-2015-7702, CVE-2015-7691,
CVE-2015-7852, CVE-2015-7701
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1297471 - CVE-2015-7974 ntp: missing key check allows impersonation between
authenticated peers (VU#357792)
https://bugzilla.redhat.com/show_bug.cgi?id=1297471
[ 2 ] Bug #1299442 - CVE-2015-8138 ntp: missing check for zero originate timestamp
https://bugzilla.redhat.com/show_bug.cgi?id=1299442
[ 3 ] Bug #1300269 - CVE-2015-7977 ntp: restriction list NULL pointer dereference
https://bugzilla.redhat.com/show_bug.cgi?id=1300269
[ 4 ] Bug #1300270 - CVE-2015-7978 ntp: stack exhaustion in recursive traversal of
restriction list
https://bugzilla.redhat.com/show_bug.cgi?id=1300270
[ 5 ] Bug #1300271 - CVE-2015-7979 ntp: off-path denial of service on authenticated
broadcast mode
https://bugzilla.redhat.com/show_bug.cgi?id=1300271
[ 6 ] Bug #1300273 - CVE-2015-8158 ntp: potential infinite loop in ntpq
https://bugzilla.redhat.com/show_bug.cgi?id=1300273
[ 7 ] Bug #1274254 - CVE-2015-7691 CVE-2015-7692 CVE-2015-7702 ntp: incomplete checks in
ntp_crypto.c
https://bugzilla.redhat.com/show_bug.cgi?id=1274254
[ 8 ] Bug #1274255 - CVE-2015-7701 ntp: slow memory leak in CRYPTO_ASSOC
https://bugzilla.redhat.com/show_bug.cgi?id=1274255
[ 9 ] Bug #1274261 - CVE-2015-7852 ntp: ntpq atoascii memory corruption vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1274261
[ 10 ] Bug #1274265 - CVE-2015-7871 ntp: crypto-NAK symmetric association authentication
bypass vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1274265
[ 11 ] Bug #1271070 - CVE-2015-7704 ntp: disabling synchronization via crafted KoD
packet
https://bugzilla.redhat.com/show_bug.cgi?id=1271070
[ 12 ] Bug #1271076 - CVE-2015-5300 ntp: MITM attacker can force ntpd to make a step
larger than the panic threshold
https://bugzilla.redhat.com/show_bug.cgi?id=1271076
--------------------------------------------------------------------------------
================================================================================
openscap-daemon-0.1.1-4.fc22 (FEDORA-2016-76ec2d15d3)
Manages continuous SCAP scans of your infrastructure
--------------------------------------------------------------------------------
Update Information:
Add dependency on python requests
--------------------------------------------------------------------------------
================================================================================
osbs-client-0.16-1.fc22 (FEDORA-2016-3bfbcfc368)
Python command line client for OpenShift Build Service
--------------------------------------------------------------------------------
Update Information:
New upstream release 0.16.
--------------------------------------------------------------------------------
================================================================================
perl-Module-CoreList-5.20160120-1.fc22 (FEDORA-2016-b56d2e02e0)
What modules are shipped with versions of perl
--------------------------------------------------------------------------------
Update Information:
This release brings data for perl 5.23.7.
--------------------------------------------------------------------------------
================================================================================
php-SymfonyCmfRouting-1.3.0-4.fc22 (FEDORA-2016-32f58dd564)
Extends the Symfony2 routing component for dynamic routes and chaining
--------------------------------------------------------------------------------
Update Information:
- `php-composer(*)` virtual provide dependencies instead of direct package names
- Dropped max version build dependencies - Increased Symfony min version from
2.2 to 2.3.31/2.7.3 for autoloaders - Added
"`php-{COMPOSER_VENDOR}-{COMPOSER_PROJECT}`"
("`php-symfony-cmf-routing`")
virtual provide - Suggest `php-composer(symfony/event-dispatcher)` instead of
require - Added autoloader
--------------------------------------------------------------------------------
================================================================================
php-interfasys-lognormalizer-1.0-1.fc22 (FEDORA-2016-5c10d2f4ec)
Parses variables and converts them to string
--------------------------------------------------------------------------------
Update Information:
Parses variables and converts them to string so that they can be logged. Based
on the Monolog formatter/normalizer. Autoloader:
/usr/share/php/InterfaSys/LogNormalizer/autoload.php
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1298649 - Review Request: php-interfasys-lognormalizer - Parses variables and
converts them to string
https://bugzilla.redhat.com/show_bug.cgi?id=1298649
--------------------------------------------------------------------------------
================================================================================
php-league-flysystem-1.0.16-1.fc22 (FEDORA-2016-c219e07232)
Filesystem abstraction: Many filesystems, one API
--------------------------------------------------------------------------------
Update Information:
Flysystem is a filesystem abstraction which allows you to easily swap out a
local filesystem for a remote one. Autoloader:
/usr/share/php/League/Flysystem/autoload.php
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1298475 - Review Request: php-league-flysystem - Filesystem abstraction: Many
filesystems, one API
https://bugzilla.redhat.com/show_bug.cgi?id=1298475
--------------------------------------------------------------------------------
================================================================================
php-mcnetic-zipstreamer-0.7-1.fc22 (FEDORA-2016-76e744099f)
Stream zip files without i/o overhead
--------------------------------------------------------------------------------
Update Information:
Simple Class to create zip files on the fly and stream directly to the HTTP
client as the content is added (without using temporary files). Autoloader:
/usr/share/php/ZipStreamer/autoload.php
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1296901 - Review Request: php-mcnetic-zipstreamer - Stream zip files without
i/o overhead
https://bugzilla.redhat.com/show_bug.cgi?id=1296901
--------------------------------------------------------------------------------
================================================================================
php-mtdowling-jmespath-php-2.3.0-1.fc22 (FEDORA-2016-92e4a4ef2f)
Declaratively specify how to extract elements from a JSON document
--------------------------------------------------------------------------------
Update Information:
## 2.3.0 - 2016-01-05 * Added support for
[
JEP-9](https://github.com/jmespath/jmespath.site/blob/master/docs/proposals
/improved-filters.rst), including unary filter expressions, and `&&` filter
expressions. * Fixed various parsing issues, including not removing escaped
single quotes from raw string literals. * Added support for the `map`
function. * Fixed several issues with code generation.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1295982 - php-mtdowling-jmespath-php-2.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1295982
--------------------------------------------------------------------------------
================================================================================
php-nette-bootstrap-2.3.4-1.fc22 (FEDORA-2016-8f693bcc36)
Nette Bootstrap
--------------------------------------------------------------------------------
Update Information:
Loads Nette Framework and all libraries. Class Configurator creates so called
DI container and handles application initialization. To use this library, you
just have to add, in your project: require_once
'/usr/share/php/Nette/Bootstrap/autoload.php';
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1277476 - Review Request: php-nette-bootstrap - Nette Bootstrap
https://bugzilla.redhat.com/show_bug.cgi?id=1277476
--------------------------------------------------------------------------------
================================================================================
php-owncloud-tarstreamer-0.1-0.1.beta3.fc22 (FEDORA-2016-2e3081dd3c)
Streaming dynamic tar files
--------------------------------------------------------------------------------
Update Information:
A library for dynamically streaming dynamic tar files without the need to have
the complete file stored on the server. Autoloader:
/usr/share/php/ownCloud/TarStreamer/autoload.php
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1296939 - Review Request: php-owncloud-tarstreamer - Streaming dynamic tar
files
https://bugzilla.redhat.com/show_bug.cgi?id=1296939
--------------------------------------------------------------------------------
================================================================================
php-scssphp-0.4.0-1.fc22 (FEDORA-2016-e421be8db0)
A compiler for SCSS written in PHP
--------------------------------------------------------------------------------
Update Information:
### v0.4.0 #### Breaking Changes: - Parser: remove deprecated `show()` and
`to()` methods - Parser, Compiler: convert stdClass to Block, Node, and
OutputBlock abstractions - Compiler: 2nd argument passed to user registered
functions now receive kwargs instead of a Compiler instance #### Enhancements:
- New control directives: `@break`, `@continue`, and naked `@return` - New
operator: `<=>` (spaceship) operator #### Compatibility Fixes: - Compiler:
`index()` - coerce first argument to list - Compiler/Parser: fix `@media` nested
in mixin - Compiler: output literal string instead of division-by-zero exception
- Compiler: `str-slice()` - handle negative index - Compiler: pass kwargs to
built-ins and user registered functions ### v0.3.3 #### Enhancements: -
Compiler: add `getVariables()` and `addFeature()` API methods ####
Compatibility: - Compiler: can pass negative indices to `nth()` and `set-nth()`
- Compiler: can pass map as args to mixin expecting varargs - Compiler: add
coerceList(map) - Compiler: improve `@at-root` support - Nested formatter:
suppress empty blocks #### Internals: - Parser, Compiler: refactoring
sourceParser to sourceIndex to facilitate future caching of parse tree
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1274939 - php-scssphp-0.6.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1274939
--------------------------------------------------------------------------------
================================================================================
python-botocore-1.3.21-1.fc22 (FEDORA-2016-ceb9329741)
Low-level, data-driven core of boto 3
--------------------------------------------------------------------------------
Update Information:
Small update from upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1297989 - awscli-1.9.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1297989
[ 2 ] Bug #1298925 - python-botocore-1.3.21 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1298925
--------------------------------------------------------------------------------
================================================================================
python-inifile-0.3-2.fc22 (FEDORA-2016-98638e0778)
A small INI library for Python
--------------------------------------------------------------------------------
Update Information:
Library required for Lektor framework
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1299558 - Review Request: python-inifile - A small INI library for Python
https://bugzilla.redhat.com/show_bug.cgi?id=1299558
--------------------------------------------------------------------------------
================================================================================
python-polib-1.0.7-2.fc22 (FEDORA-2016-e0671def92)
A library to parse and manage gettext catalogs
--------------------------------------------------------------------------------
Update Information:
Upstream update to python-polib
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1287273 - please update to polib 1.0.7
https://bugzilla.redhat.com/show_bug.cgi?id=1287273
--------------------------------------------------------------------------------
================================================================================
qbittorrent-3.3.3-1.fc22 (FEDORA-2016-fbf8f77371)
A Bittorrent Client
--------------------------------------------------------------------------------
Update Information:
New version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1300126 - qbittorrent-3.3.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1300126
--------------------------------------------------------------------------------
================================================================================
qemu-2.3.1-11.fc22 (FEDORA-2016-275e9ff483)
QEMU is a FAST! processor emulator
--------------------------------------------------------------------------------
Update Information:
* CVE-2015-8567: net: vmxnet3: host memory leakage (bz #1289818) *
CVE-2016-1922: i386: avoid null pointer dereference (bz #1292766) *
CVE-2015-8613: buffer overflow in megasas_ctrl_get_info (bz #1284008) *
CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions (bz #1294787)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1284008 - CVE-2015-8613 Qemu: scsi: stack based buffer overflow in
megasas_ctrl_get_info
https://bugzilla.redhat.com/show_bug.cgi?id=1284008
[ 2 ] Bug #1289816 - CVE-2015-8568 CVE-2015-8567 Qemu: net: vmxnet3: host memory
leakage
https://bugzilla.redhat.com/show_bug.cgi?id=1289816
[ 3 ] Bug #1283934 - CVE-2016-1922 Qemu: i386: null pointer dereference in
vapic_write()
https://bugzilla.redhat.com/show_bug.cgi?id=1283934
[ 4 ] Bug #1264929 - CVE-2015-8743 Qemu: net: ne2000: OOB memory access in ioport r/w
functions
https://bugzilla.redhat.com/show_bug.cgi?id=1264929
--------------------------------------------------------------------------------
================================================================================
qtlockedfile-2.4-20.20150629git5a07df5.fc22 (FEDORA-2016-0c3d621ab5)
QFile extension with advisory locking functions
--------------------------------------------------------------------------------
Update Information:
Rebuild
--------------------------------------------------------------------------------
================================================================================
qtsingleapplication-2.6.1-26.fc22 (FEDORA-2016-4bcd22cf2b)
Qt library to start applications only once per user
--------------------------------------------------------------------------------
Update Information:
Rebuild
--------------------------------------------------------------------------------
================================================================================
s3cmd-1.6.1-1.fc22 (FEDORA-2016-5e72855b60)
Tool for accessing Amazon Simple Storage Service
--------------------------------------------------------------------------------
Update Information:
upstream 1.6.1
--------------------------------------------------------------------------------
================================================================================
sssd-1.13.3-3.fc22 (FEDORA-2016-dca09ef2d7)
System Security Services Daemon
--------------------------------------------------------------------------------
Update Information:
Resolves: rhbz#1256849 - SUDO: Support the IPA schema
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1256849 - SUDO: Support the IPA schema
https://bugzilla.redhat.com/show_bug.cgi?id=1256849
[ 2 ] Bug #850328 - Introduce new systemd-rpm macros in sssd spec file
https://bugzilla.redhat.com/show_bug.cgi?id=850328
[ 3 ] Bug #1266940 - sssd-client.i686 on x86_64 has unowned directories
https://bugzilla.redhat.com/show_bug.cgi?id=1266940
--------------------------------------------------------------------------------
================================================================================
terminology-0.9.1-3.fc22 (FEDORA-2016-c9bf76956f)
EFL based terminal emulator
--------------------------------------------------------------------------------
Update Information:
Rebuild with efl-1.16.1
--------------------------------------------------------------------------------
================================================================================
transmission-2.84-10.fc22 (FEDORA-2016-663165e811)
A lightweight GTK+ BitTorrent client
--------------------------------------------------------------------------------
Update Information:
Update libnatpmp to support unbundling it from transmission. Patch transmission
gtk interface glitch.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1288861 - Transmission interface glitch
https://bugzilla.redhat.com/show_bug.cgi?id=1288861
[ 2 ] Bug #1264292 - Unbundle libnatpmp
https://bugzilla.redhat.com/show_bug.cgi?id=1264292
[ 3 ] Bug #1229934 - libnatpmp-20150609 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1229934
--------------------------------------------------------------------------------
================================================================================
unbound-1.5.7-2.fc22 (FEDORA-2016-6cf11cb6b5)
Validating, recursive, and caching DNS(SEC) resolver
--------------------------------------------------------------------------------
Update Information:
One bug fixed
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1294339 - unbound-control-setup fails due to mistakenly escaping shell chars
https://bugzilla.redhat.com/show_bug.cgi?id=1294339
--------------------------------------------------------------------------------
================================================================================
webkitgtk4-2.10.4-1.fc22 (FEDORA-2016-d132dbb529)
GTK+ Web content engine library
--------------------------------------------------------------------------------
Update Information:
Update to 2.10.4. Major new features: * New HTTP disk cache for the Network
Process. * IndexedDB support. * New Web Inspector UI. * Automatic
ScreenServer inhibition when playing fullscreen videos. * Initial Editor API.
* Performance improvements. This update addresses the following
vulnerabilities: * CVE-2015-1122 * CVE-2015-1152 * CVE-2015-1155 *
CVE-2015-3660 * CVE-2015-3730 * CVE-2015-3738 * CVE-2015-3740 *
CVE-2015-3742 * CVE-2015-3744 * CVE-2015-3746 * CVE-2015-3750 *
CVE-2015-3751 * CVE-2015-3754 * CVE-2015-3755 * CVE-2015-5804 *
CVE-2015-5805 * CVE-2015-5807 * CVE-2015-5810 * CVE-2015-5813 *
CVE-2015-5814 * CVE-2015-5815 * CVE-2015-5817 * CVE-2015-5818 *
CVE-2015-5825 * CVE-2015-5827 * CVE-2015-5828 * CVE-2015-5929 *
CVE-2015-5930 * CVE-2015-5931 * CVE-2015-7002 * CVE-2015-7013 *
CVE-2015-7014 * CVE-2015-7048 * CVE-2015-7095 * CVE-2015-7097 *
CVE-2015-7099 * CVE-2015-7100 * CVE-2015-7102 * CVE-2015-7103 *
CVE-2015-7104 For further information on the new features, see the [Igalia blog
post](http://blogs.igalia.com/carlosgc/2015/09/21/webkitgtk-2-10/). For
information on the security vulnerabilities, refer to [WebKitGTK+ Security
Advisory
WSA-2015-0002](http://webkitgtk.org/security/WSA-2015-0002.html).
--------------------------------------------------------------------------------
================================================================================
xen-4.5.2-7.fc22 (FEDORA-2016-e1784417af)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
PV superpage functionality missing sanity checks [XSA-167, CVE-2016-1570] VMX:
intercept issue with INVLPG on non-canonical address [XSA-168, CVE-2016-1571]
Qemu: pci: null pointer dereference issue CVE-2015-7549 qemu: DoS by infinite
loop in ehci_advance_state CVE-2015-8558 qemu: Heap-based buffer overrun during
VM migration CVE-2015-8666 Qemu: net: vmxnet3: incorrect l2 header validation
leads to a crash via assert(2) call CVE-2015-8744 qemu: Support reading IMR
registers on bar0 CVE-2015-8745 Qemu: net: vmxnet3: host memory leakage
CVE-2015-8567 CVE-2015-8568 Qemu: net: ne2000: OOB memory access in ioport r/w
functions CVE-2015-8743
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1270871 - CVE-2015-8744 Qemu: net: vmxnet3: incorrect l2 header validation
leads to a crash via assert(2) call
https://bugzilla.redhat.com/show_bug.cgi?id=1270871
[ 2 ] Bug #1296539 - CVE-2016-1570 xen: PV superpage functionality missing sanity
checks
https://bugzilla.redhat.com/show_bug.cgi?id=1296539
[ 3 ] Bug #1296544 - CVE-2016-1571 xen: Intercept issue with INVLPG on non-canonical
address causing host to crash
https://bugzilla.redhat.com/show_bug.cgi?id=1296544
[ 4 ] Bug #1291137 - CVE-2015-7549 Qemu: pci: null pointer dereference issue
https://bugzilla.redhat.com/show_bug.cgi?id=1291137
[ 5 ] Bug #1277983 - CVE-2015-8558 Qemu: usb: infinite loop in ehci_advance_state
results in DoS
https://bugzilla.redhat.com/show_bug.cgi?id=1277983
[ 6 ] Bug #1283722 - CVE-2015-8666 Qemu: acpi: heap based buffer overrun during VM
migration
https://bugzilla.redhat.com/show_bug.cgi?id=1283722
[ 7 ] Bug #1270876 - CVE-2015-8745 Qemu: net: vmxnet3: reading IMR registers leads to a
crash via assert(2) call
https://bugzilla.redhat.com/show_bug.cgi?id=1270876
[ 8 ] Bug #1289816 - CVE-2015-8568 CVE-2015-8567 Qemu: net: vmxnet3: host memory
leakage
https://bugzilla.redhat.com/show_bug.cgi?id=1289816
[ 9 ] Bug #1264929 - CVE-2015-8743 Qemu: net: ne2000: OOB memory access in ioport r/w
functions
https://bugzilla.redhat.com/show_bug.cgi?id=1264929
--------------------------------------------------------------------------------