The following Fedora 22 Security updates need testing:
Age URL
35
https://admin.fedoraproject.org/updates/FEDORA-2015-2638/echoping-6.1-0.1...
14
https://admin.fedoraproject.org/updates/FEDORA-2015-4212/powerpc-utils-py...
6
https://admin.fedoraproject.org/updates/FEDORA-2015-4727/qt5-qtwebkit-5.4...
6
https://admin.fedoraproject.org/updates/FEDORA-2015-4531/quassel-0.11.0-2...
6
https://admin.fedoraproject.org/updates/FEDORA-2015-4639/python-dulwich-0...
6
https://admin.fedoraproject.org/updates/FEDORA-2015-4685/qtwebkit-2.3.4-6...
6
https://admin.fedoraproject.org/updates/FEDORA-2015-4726/opensaml-java-xm...
6
https://admin.fedoraproject.org/updates/FEDORA-2015-4504/python-django-1....
6
https://admin.fedoraproject.org/updates/FEDORA-2015-4553/libzip-0.11.2-5....
4
https://admin.fedoraproject.org/updates/FEDORA-2015-4821/lasso-2.4.1-3.fc22
3
https://admin.fedoraproject.org/updates/FEDORA-2015-5022/drupal7-webform-...
1
https://admin.fedoraproject.org/updates/FEDORA-2015-5199/libtasn1-4.4-1.fc22
0
https://admin.fedoraproject.org/updates/FEDORA-2015-5333/mailman-2.1.20-1...
0
https://admin.fedoraproject.org/updates/FEDORA-2015-5279/strongswan-5.3.0...
0
https://admin.fedoraproject.org/updates/FEDORA-2015-5308/mingw-gnutls-3.3...
0
https://admin.fedoraproject.org/updates/FEDORA-2015-5295/xen-4.5.0-7.fc22
0
https://admin.fedoraproject.org/updates/FEDORA-2015-5430/jffi-1.2.7-5.fc2...
The following Fedora 22 Critical Path updates have yet to be approved:
Age URL
12
https://admin.fedoraproject.org/updates/FEDORA-2015-4309/perl-Glib-1.310-...
12
https://admin.fedoraproject.org/updates/FEDORA-2015-4239/perl-Carp-1.36-1...
12
https://admin.fedoraproject.org/updates/FEDORA-2015-4217/perl-Compress-Ra...
11
https://admin.fedoraproject.org/updates/FEDORA-2015-4388/livecd-tools-22....
3
https://admin.fedoraproject.org/updates/FEDORA-2015-4969/lorax-22.8-1.fc22
1
https://admin.fedoraproject.org/updates/FEDORA-2015-5131/gnutls-3.3.14-1....
1
https://admin.fedoraproject.org/updates/FEDORA-2015-5083/chkconfig-1.4-1....
1
https://admin.fedoraproject.org/updates/FEDORA-2015-5199/libtasn1-4.4-1.fc22
1
https://admin.fedoraproject.org/updates/FEDORA-2015-5077/ModemManager-1.4...
0
https://admin.fedoraproject.org/updates/FEDORA-2015-5418/gmp-6.0.0-9.fc22
0
https://admin.fedoraproject.org/updates/FEDORA-2015-5309/gdm-3.16.0.1-2.fc22
0
https://admin.fedoraproject.org/updates/FEDORA-2015-5310/bluez-5.29-2.fc22
0
https://admin.fedoraproject.org/updates/FEDORA-2015-5259/ca-certificates-...
0
https://admin.fedoraproject.org/updates/FEDORA-2015-5323/libidn-1.29-3.fc22
0
https://admin.fedoraproject.org/updates/FEDORA-2015-5273/authconfig-6.2.1...
The following builds have been pushed to Fedora 22 updates-testing
ahven-2.4-3.fc22
antimicro-2.13-1.fc22
authconfig-6.2.10-6.fc22
caml-crush-1.0.4-6.fc22
certmonger-0.77.1-1.fc22
datovka-4.2.1-1.fc22
dock-1.1.2-1.fc22
dos2unix-7.2.1-1.fc22
eclipse-4.4.2-4.fc22
eclipse-ecf-3.9.3-1.fc22
efl-1.13.1-7.fc22
expendable-0.0.10-2.fc22
gfal2-python-1.7.1-1.fc22
ghc-7.8.4-43.fc22
ghc-rpm-macros-1.4.14-1.fc22
ghc-srpm-macros-1.4.1-1.fc22
gmp-6.0.0-9.fc22
gofed-0.0.1-0.1.git62b0051.fc22
ibus-1.5.10-2.fc22
jenkins-1.606-1.fc22
jenkins-executable-war-1.29-4.fc22
jffi-1.2.7-5.fc22
kimchi-1.4.1-1.fc22
libixion-0.9.0-2.fc22
libsidplayfp-1.7.1-1.fc22
libteam-1.17-1.fc22
mdds-0.12.0-2.fc22
openclipart-2.0-3.fc22
openscap-1.2.2-1.fc22
perl-Dist-Zilla-Plugin-Test-Compile-2.052-1.fc22
perl-MouseX-Getopt-0.36-1.fc22
perl-mixin-0.07-1.fc22
phodav-2.0-1.fc22
plasma-desktop-5.2.2-4.fc22
poedit-1.7.5-2.fc22
qt5-qtbase-5.4.1-7.fc22
quota-4.02-2.fc22
seren-0.0.21-1.fc22
spice-gtk-0.28-2.fc22
tuned-2.4.1-4.fc22
Details about builds:
================================================================================
ahven-2.4-3.fc22 (FEDORA-2015-5425)
A unit testing framework for Ada 95
--------------------------------------------------------------------------------
Update Information:
new package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1064564 - Review Request: ahven – a unit testing framework for Ada 95
https://bugzilla.redhat.com/show_bug.cgi?id=1064564
--------------------------------------------------------------------------------
================================================================================
antimicro-2.13-1.fc22 (FEDORA-2015-5428)
Graphical program used to map keyboard buttons and mouse controls to a gamepad
--------------------------------------------------------------------------------
Update Information:
new upstream release v2.13 (#1204553)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 1 2015 Jeff Backus <jeff.backus(a)gmail.com> - 2.13-1
- new upstream release v2.13 (#1204553)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1204553 - antimicro-2.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1204553
--------------------------------------------------------------------------------
================================================================================
authconfig-6.2.10-6.fc22 (FEDORA-2015-5273)
Command line tool for setting up authentication from network services
--------------------------------------------------------------------------------
Update Information:
Update with one minor bug fix and one enhancement.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 1 2015 Tomáš Mráz <tmraz(a)redhat.com> - 6.2.10-6
- fix regression from the python 3 compat patch
* Tue Mar 31 2015 Tomáš Mráz <tmraz(a)redhat.com> - 6.2.10-5
- set default tls_cacertdir when no ldap.conf is present
* Fri Mar 27 2015 Tomáš Mráz <tmraz(a)redhat.com> - 6.2.10-4
- make the cacertdir setup more sane (#1203024)
- support sssd prompting non-local users for password (#1195817)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1203024 - authconfig will not create /etc/openldap/cacerts
https://bugzilla.redhat.com/show_bug.cgi?id=1203024
[ 2 ] Bug #1195817 - Let SSSD prompt non-local users for passwords
https://bugzilla.redhat.com/show_bug.cgi?id=1195817
--------------------------------------------------------------------------------
================================================================================
caml-crush-1.0.4-6.fc22 (FEDORA-2015-5417)
PKCS#11 filtering proxy
--------------------------------------------------------------------------------
Update Information:
New package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1200389 - Review Request: caml-crush - PKCS#11 filtering proxy
https://bugzilla.redhat.com/show_bug.cgi?id=1200389
--------------------------------------------------------------------------------
================================================================================
certmonger-0.77.1-1.fc22 (FEDORA-2015-5403)
Certificate status monitor and PKI enrollment client
--------------------------------------------------------------------------------
Update Information:
This update adds a few new features:
* It adds initial support for using SCEP to communicate with CAs. The service will need
to be told about such CAs using either getcert's "add-scep-ca" or
"add-ca" commands.
* getcert's "request" command can now be passed a ChallengePassword value to
include in signing requests using the new -L and -l flags.
* getcert's "list" command now displays the contents of an issued
certificate's enrollment certificate type extension.
Additionally, it fixes some bugs:
* ipa-getcert no longer crashes when it's unable to reach a server and attempts to
select an alternate server using DNS service discovery.
* getcert's "list" command correctly displays the pre- and post-save
commands associated with a certificate again.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 27 2015 Nalin Dahyabhai <nalin(a)redhat.com> 0.77.1-1
- update to 0.77
- add initial, still rough, SCEP support (#1140241,#1161768)
- add an scep-submit helper to handle part of it
- getcert: add add-ca/add-scep-ca/modify-ca/remove-ca commands
- getcert: add -l, -L flags to request/resubmit/start-tracking commands
to provide a way to set a ChallengePassword in signing requests
- lay some groundwork for rekeying support
- bundled dogtag enrollment helpers now output debugging info to stderr (#)
- ipa-getcert: fix a crash when using DNS discovery to locate servers (#39)
- getcert: fix displaying of pre-request pre-/post-save commands (#1178190,
- use Zanata for translations
- getcert list: list the certificate's profile name, if it contains one
--------------------------------------------------------------------------------
================================================================================
datovka-4.2.1-1.fc22 (FEDORA-2015-5424)
A free graphical interface for Czech Databox (Datové schránky)
--------------------------------------------------------------------------------
Update Information:
New upstream release:
- fix: duplicate messages shown in the list
New upstream release:
- feature: implemented message search dialogue
- feature: multiple messages selection
- feature: password expiration notification
- various fixes and improvements
This is an update fixing license tag to be "GPLv3+ with exceptions".
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 2 2015 Jan Vcelak <jvcelak(a)fedoraproject.org> 4.2.1-1
- New upstream release:
+ fix: duplicate messages shown in the list
* Tue Mar 31 2015 Jan Vcelak <jvcelak(a)fedoraproject.org> 4.2.0-1
- New upstream release:
+ feature: implemented message search dialogue
+ feature: multiple messages selection
+ feature: password expiration notification
+ various fixes and improvements
* Wed Mar 25 2015 Jaroslav Škarvada <jskarvad(a)redhat.com> - 4.1.2-2
- Fixed license tag to be "GPLv3+ with exceptions"
Resolves: rhbz#1202797
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1202797 - License should be "GPLv3+ with exception"
https://bugzilla.redhat.com/show_bug.cgi?id=1202797
--------------------------------------------------------------------------------
================================================================================
dock-1.1.2-1.fc22 (FEDORA-2015-5408)
Improved builder for Docker images
--------------------------------------------------------------------------------
Update Information:
new upstream release 1.1.2
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 2 2015 Martin Milata <mmilata(a)redhat.com> - 1.1.2-1
- new upstream release 1.1.2
* Thu Mar 19 2015 Jiri Popelka <jpopelka(a)redhat.com> - 1.1.1-2
- separate executable for python 3
* Tue Mar 17 2015 Tomas Tomecek <ttomecek(a)redhat.com> - 1.1.1-1
- new upstream release 1.1.1
--------------------------------------------------------------------------------
================================================================================
dos2unix-7.2.1-1.fc22 (FEDORA-2015-5413)
Text file format converters
--------------------------------------------------------------------------------
Update Information:
Latest upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 2 2015 Tim Waugh <twaugh(a)redhat.com> 7.2.1-1
- 7.2.1.
--------------------------------------------------------------------------------
================================================================================
eclipse-4.4.2-4.fc22 (FEDORA-2015-5412)
An open, extensible IDE
--------------------------------------------------------------------------------
Update Information:
Updates ECF to the latest point release and fixes a SWT crash involving Webkit or DnD.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 1 2015 Mat Booth <mat.booth(a)redhat.com> - 1:4.4.2-4
- Fix webkit/dnd crash, ebz#463615
* Tue Mar 31 2015 Mat Booth <mat.booth(a)redhat.com> - 1:4.4.2-3
- Rebuild for new eclipse-ecf
--------------------------------------------------------------------------------
================================================================================
eclipse-ecf-3.9.3-1.fc22 (FEDORA-2015-5412)
Eclipse Communication Framework (ECF) Eclipse plug-in
--------------------------------------------------------------------------------
Update Information:
Updates ECF to the latest point release and fixes a SWT crash involving Webkit or DnD.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 31 2015 Mat Booth <mat.booth(a)redhat.com> - 3.9.3-1
- Update to latest upstream release
* Tue Mar 31 2015 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.9.2-4
- Rebuild for httpcomponents-client-4.4.1 update
* Thu Mar 19 2015 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 3.9.2-3
- Rebuild for httpcomponents-core-4.4.1 update
--------------------------------------------------------------------------------
================================================================================
efl-1.13.1-7.fc22 (FEDORA-2015-5423)
Collection of Enlightenment libraries
--------------------------------------------------------------------------------
Update Information:
efl - Collection of Enlightenment libraries
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1175952 - Review Request: efl - Collection of Enlightenment libraries
https://bugzilla.redhat.com/show_bug.cgi?id=1175952
--------------------------------------------------------------------------------
================================================================================
expendable-0.0.10-2.fc22 (FEDORA-2015-5312)
Home finances modeling program
--------------------------------------------------------------------------------
Update Information:
New upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 2 2015 Tim Waugh <twaugh(a)redhat.com> - 0.0.10-2
- Don't exit with traceback when location not mounted.
* Tue Mar 31 2015 Tim Waugh <twaugh(a)redhat.com> - 0.0.10-1
- 0.0.10.
--------------------------------------------------------------------------------
================================================================================
gfal2-python-1.7.1-1.fc22 (FEDORA-2015-5429)
Python bindings for gfal 2
--------------------------------------------------------------------------------
Update Information:
Update for upstream release 1.7.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 2 2015 Alejandro Alvarez <aalvarez at cern.ch> - 1.7.1-1
- Update for release 1.7.1
--------------------------------------------------------------------------------
================================================================================
ghc-7.8.4-43.fc22 (FEDORA-2015-5414)
Glasgow Haskell Compiler
--------------------------------------------------------------------------------
Update Information:
- ghc: aarch64 bootstrap
- ghc-srpm-macros: ghci not available on aarch64- introduce
- ghc-rpm-macros: use explicit --enable-shared (for arm64); add ghc-obsoletes dummy
subpackage for obsoleting deprecated packages: ForSyDe, parameterized-data, type-level,
cgi
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2015 Jens Petersen <petersen(a)redhat.com> - 7.8.4-43
- aarch64 production build
* Mon Mar 23 2015 Jens Petersen <petersen(a)redhat.com> - 7.8.4-42.2
- aarch64 bootstrap build
- must use "make -j16" for Intel arches to preserve ABI hashes
(-j12 changed array's hash on i686)
* Wed Mar 18 2015 Jens Petersen <petersen(a)redhat.com> - 7.8.4-42.1
- fix build.mk BuildFlavour setup
- improve the smp make setup with build_minimum_smp
- bootstrap for aarch64 without ghci (#1195231)
- disable ld hardening for F23 on 64bit and armv7hl
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1195231 - ghc-7.8.4 build fails to complete on aarch64
https://bugzilla.redhat.com/show_bug.cgi?id=1195231
[ 2 ] Bug #1203951 - [aarch64] no ghci since ghc is built with DYNAMIC_GHC_PROGRAMS=NO
https://bugzilla.redhat.com/show_bug.cgi?id=1203951
--------------------------------------------------------------------------------
================================================================================
ghc-rpm-macros-1.4.14-1.fc22 (FEDORA-2015-5414)
RPM macros for building packages for GHC
--------------------------------------------------------------------------------
Update Information:
- ghc: aarch64 bootstrap
- ghc-srpm-macros: ghci not available on aarch64- introduce
- ghc-rpm-macros: use explicit --enable-shared (for arm64); add ghc-obsoletes dummy
subpackage for obsoleting deprecated packages: ForSyDe, parameterized-data, type-level,
cgi
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 2 2015 Jens Petersen <petersen(a)redhat.com> - 1.4.14-1
- add explicit --enable-shared again for arm64
* Mon Mar 23 2015 Jens Petersen <petersen(a)redhat.com> - 1.4.13-1
- fix ghc-deps.sh for ghc builds:
- use .a files again instead of .conf for devel deps
- extract pkg-ver from library filename rather than directory
(should also work for 7.10)
- introduce ghc_pkgdocdir since no _pkgdocdir in RHEL 7 and earlier
* Sat Mar 7 2015 Jens Petersen <petersen(a)fedoraproject.org> - 1.4.12-1
- allow overriding ghc- prefix with ghc_name (for ghc784 etc)
* Fri Mar 6 2015 Jens Petersen <petersen(a)redhat.com> - 1.4.11-2
- add ghc-obsoletes dummy subpackage for obsoleting deprecated packages
- initially: ForSyDe, parameterized-data, type-level, and cgi for F22
* Mon Mar 2 2015 Jens Petersen <petersen(a)redhat.com> - 1.4.11-1
- fix ghc-deps.sh to handle meta-packages
- configure --disable-shared if ghc_without_shared
* Fri Feb 27 2015 Jens Petersen <petersen(a)fedoraproject.org> - 1.4.10-1
- have to turn off hardening in cabal_configure: set _hardened_ldflags to nil
* Fri Feb 27 2015 Jens Petersen <petersen(a)fedoraproject.org> - 1.4.9-1
- turn off _hardened_build for libraries since it breaks linking
<
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-...
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1195231 - ghc-7.8.4 build fails to complete on aarch64
https://bugzilla.redhat.com/show_bug.cgi?id=1195231
[ 2 ] Bug #1203951 - [aarch64] no ghci since ghc is built with DYNAMIC_GHC_PROGRAMS=NO
https://bugzilla.redhat.com/show_bug.cgi?id=1203951
--------------------------------------------------------------------------------
================================================================================
ghc-srpm-macros-1.4.1-1.fc22 (FEDORA-2015-5414)
RPM macros for building Haskell source packages
--------------------------------------------------------------------------------
Update Information:
- ghc: aarch64 bootstrap
- ghc-srpm-macros: ghci not available on aarch64- introduce
- ghc-rpm-macros: use explicit --enable-shared (for arm64); add ghc-obsoletes dummy
subpackage for obsoleting deprecated packages: ForSyDe, parameterized-data, type-level,
cgi
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 19 2015 Jens Petersen <petersen(a)fedoraproject.org> - 1.4.1-1
- disable ghci on aarch64 due to dynlinked runtime problems (see #1195231)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1195231 - ghc-7.8.4 build fails to complete on aarch64
https://bugzilla.redhat.com/show_bug.cgi?id=1195231
[ 2 ] Bug #1203951 - [aarch64] no ghci since ghc is built with DYNAMIC_GHC_PROGRAMS=NO
https://bugzilla.redhat.com/show_bug.cgi?id=1203951
--------------------------------------------------------------------------------
================================================================================
gmp-6.0.0-9.fc22 (FEDORA-2015-5418)
A GNU arbitrary precision library
--------------------------------------------------------------------------------
Update Information:
bug965318 - improve debuginfo of assembler sources
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 2 2015 Frantisek Kluknavsky <fkluknav(a)redhat.com> - 1:6.0.0-9
- bug965318 - improve debuginfo of assembler sources
--------------------------------------------------------------------------------
================================================================================
gofed-0.0.1-0.1.git62b0051.fc22 (FEDORA-2015-5420)
Tool for development of golang devel packages
--------------------------------------------------------------------------------
Update Information:
Update to version 0.0.1
Initial commit for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1204614 - Review Request: gofed - Tool for development of golang devel
packages
https://bugzilla.redhat.com/show_bug.cgi?id=1204614
--------------------------------------------------------------------------------
================================================================================
ibus-1.5.10-2.fc22 (FEDORA-2015-5404)
Intelligent Input Bus for Linux OS
--------------------------------------------------------------------------------
Update Information:
Added Swedish svdvorak.
I18N engine longnames and descriptions on ibus-setup.
Moved PropertyPanel at bottom right in F22 KDE5.
Drew gray color on Handle PropertyPanel.
Enabled ibus engine full path icon in F22 KDE5.
Updated translations.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 2 2015 Takao Fujiwara <tfujiwar(a)redhat.com> - 1.5.10-2
- Updated ibus-HEAD.patch from upstream
Added Swedish svdvorak
I18N engine longnames and descriptions on ibus-setup
Moved PropertyPanel at bottom right in KDE5
Drew gray color on Handle PropertyPanel
Enabled ibus engine full path icon in KDE5
Updated translations
--------------------------------------------------------------------------------
================================================================================
jenkins-1.606-1.fc22 (FEDORA-2015-5430)
An extendable open source continuous integration server
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2015-1806, CVE-2015-1807, CVE-2015-1813, CVE-2015-1812,
CVE-2015-1810, CVE-2015-1808, CVE-2015-1809, CVE-2015-1814, CVE-2015-1811
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 26 2015 Michal Srb <msrb(a)redhat.com> - 1.606-1
- Update to upstream release 1.606
- Resolves: CVE-2015-1806
- Resolves: CVE-2015-1807
- Resolves: CVE-2015-1813
- Resolves: CVE-2015-1812
- Resolves: CVE-2015-1810
- Resolves: CVE-2015-1808
- Resolves: CVE-2015-1809
- Resolves: CVE-2015-1814
- Resolves: CVE-2015-1811
* Fri Mar 13 2015 Michal Srb <msrb(a)redhat.com> - 1.598-9
- Add BR: springframework-instrument
* Thu Mar 12 2015 Michal Srb <msrb(a)redhat.com> - 1.598-8
- Fix jstl dep
* Thu Mar 12 2015 Michal Srb <msrb(a)redhat.com> - 1.598-7
- Fix init script
* Thu Mar 12 2015 Michal Srb <msrb(a)redhat.com> - 1.598-6
- Switch to unpacked executable-war
* Wed Mar 11 2015 Michal Srb <msrb(a)redhat.com> - 1.598-5
- Sanitize R
* Tue Mar 10 2015 Michal Srb <msrb(a)redhat.com> - 1.598-4
- Add missing R: springframework-instrument
* Fri Mar 6 2015 Michal Srb <msrb(a)redhat.com> - 1.598-3
- Migrate to tomcat-taglibs-standard
* Thu Feb 26 2015 Michal Srb <msrb(a)redhat.com> - 1.598-2
- Add missing BR: mvn(org.slf4j:slf4j-jdk14)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1205615 - CVE-2015-1812 CVE-2015-1813 jenkins: Reflective XSS vulnerability
(SECURITY-171, SECURITY-177)
https://bugzilla.redhat.com/show_bug.cgi?id=1205615
[ 2 ] Bug #1205620 - CVE-2015-1806 jenkins: Combination filter Groovy script unsecured
(SECURITY-125)
https://bugzilla.redhat.com/show_bug.cgi?id=1205620
[ 3 ] Bug #1205623 - CVE-2015-1808 jenkins: update center metadata retrieval DoS attack
(SECURITY-163)
https://bugzilla.redhat.com/show_bug.cgi?id=1205623
[ 4 ] Bug #1205627 - CVE-2015-1810 jenkins: HudsonPrivateSecurityRealm allows creation
of reserved names (SECURITY-166)
https://bugzilla.redhat.com/show_bug.cgi?id=1205627
[ 5 ] Bug #1205616 - CVE-2015-1814 jenkins: forced API token change (SECURITY-180)
https://bugzilla.redhat.com/show_bug.cgi?id=1205616
[ 6 ] Bug #1205622 - CVE-2015-1807 jenkins: directory traversal from artifacts via
symlink (SECURITY-162)
https://bugzilla.redhat.com/show_bug.cgi?id=1205622
[ 7 ] Bug #1205625 - CVE-2015-1809 jenkins: external entity injection via XPath
(SECURITY-165)
https://bugzilla.redhat.com/show_bug.cgi?id=1205625
[ 8 ] Bug #1205632 - CVE-2015-1811 jenkins: External entity processing in XML can reveal
sensitive local files (SECURITY-167)
https://bugzilla.redhat.com/show_bug.cgi?id=1205632
--------------------------------------------------------------------------------
================================================================================
jenkins-executable-war-1.29-4.fc22 (FEDORA-2015-5430)
Jenkins Executable War
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2015-1806, CVE-2015-1807, CVE-2015-1813, CVE-2015-1812,
CVE-2015-1810, CVE-2015-1808, CVE-2015-1809, CVE-2015-1814, CVE-2015-1811
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 12 2015 Michal Srb <msrb(a)redhat.com> - 1.29-4
- Introduce webroot subpackage
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1205615 - CVE-2015-1812 CVE-2015-1813 jenkins: Reflective XSS vulnerability
(SECURITY-171, SECURITY-177)
https://bugzilla.redhat.com/show_bug.cgi?id=1205615
[ 2 ] Bug #1205620 - CVE-2015-1806 jenkins: Combination filter Groovy script unsecured
(SECURITY-125)
https://bugzilla.redhat.com/show_bug.cgi?id=1205620
[ 3 ] Bug #1205623 - CVE-2015-1808 jenkins: update center metadata retrieval DoS attack
(SECURITY-163)
https://bugzilla.redhat.com/show_bug.cgi?id=1205623
[ 4 ] Bug #1205627 - CVE-2015-1810 jenkins: HudsonPrivateSecurityRealm allows creation
of reserved names (SECURITY-166)
https://bugzilla.redhat.com/show_bug.cgi?id=1205627
[ 5 ] Bug #1205616 - CVE-2015-1814 jenkins: forced API token change (SECURITY-180)
https://bugzilla.redhat.com/show_bug.cgi?id=1205616
[ 6 ] Bug #1205622 - CVE-2015-1807 jenkins: directory traversal from artifacts via
symlink (SECURITY-162)
https://bugzilla.redhat.com/show_bug.cgi?id=1205622
[ 7 ] Bug #1205625 - CVE-2015-1809 jenkins: external entity injection via XPath
(SECURITY-165)
https://bugzilla.redhat.com/show_bug.cgi?id=1205625
[ 8 ] Bug #1205632 - CVE-2015-1811 jenkins: External entity processing in XML can reveal
sensitive local files (SECURITY-167)
https://bugzilla.redhat.com/show_bug.cgi?id=1205632
--------------------------------------------------------------------------------
================================================================================
jffi-1.2.7-5.fc22 (FEDORA-2015-5430)
Java Foreign Function Interface
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2015-1806, CVE-2015-1807, CVE-2015-1813, CVE-2015-1812,
CVE-2015-1810, CVE-2015-1808, CVE-2015-1809, CVE-2015-1814, CVE-2015-1811
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 20 2015 Michal Srb <msrb(a)redhat.com> - 1.2.7-5
- Install version-less symlink for .so file
* Fri Feb 20 2015 Michal Srb <msrb(a)redhat.com> - 1.2.7-4
- Fix rpmlint warnings
* Fri Feb 20 2015 Michal Srb <msrb(a)redhat.com> - 1.2.7-3
- Install *.so file to %{_libdir}/%{name}/
* Tue Feb 17 2015 Michal Srb <msrb(a)redhat.com> - 1.2.7-2
- Build jffi-native
- Introduce javadoc subpackage
* Fri Dec 5 2014 Mo Morsi <mmorsi(a)redhat.com> - 1.2.7-1
- Update to JFFI 1.2.7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1205615 - CVE-2015-1812 CVE-2015-1813 jenkins: Reflective XSS vulnerability
(SECURITY-171, SECURITY-177)
https://bugzilla.redhat.com/show_bug.cgi?id=1205615
[ 2 ] Bug #1205620 - CVE-2015-1806 jenkins: Combination filter Groovy script unsecured
(SECURITY-125)
https://bugzilla.redhat.com/show_bug.cgi?id=1205620
[ 3 ] Bug #1205623 - CVE-2015-1808 jenkins: update center metadata retrieval DoS attack
(SECURITY-163)
https://bugzilla.redhat.com/show_bug.cgi?id=1205623
[ 4 ] Bug #1205627 - CVE-2015-1810 jenkins: HudsonPrivateSecurityRealm allows creation
of reserved names (SECURITY-166)
https://bugzilla.redhat.com/show_bug.cgi?id=1205627
[ 5 ] Bug #1205616 - CVE-2015-1814 jenkins: forced API token change (SECURITY-180)
https://bugzilla.redhat.com/show_bug.cgi?id=1205616
[ 6 ] Bug #1205622 - CVE-2015-1807 jenkins: directory traversal from artifacts via
symlink (SECURITY-162)
https://bugzilla.redhat.com/show_bug.cgi?id=1205622
[ 7 ] Bug #1205625 - CVE-2015-1809 jenkins: external entity injection via XPath
(SECURITY-165)
https://bugzilla.redhat.com/show_bug.cgi?id=1205625
[ 8 ] Bug #1205632 - CVE-2015-1811 jenkins: External entity processing in XML can reveal
sensitive local files (SECURITY-167)
https://bugzilla.redhat.com/show_bug.cgi?id=1205632
--------------------------------------------------------------------------------
================================================================================
kimchi-1.4.1-1.fc22 (FEDORA-2015-5422)
An HTML5-based KVM graphical interface
--------------------------------------------------------------------------------
Update Information:
kimchi package introduction, which is a HTML5 based KVM GUI.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1126990 - Review Request: kimchi - SImple KVM virtualization management
https://bugzilla.redhat.com/show_bug.cgi?id=1126990
--------------------------------------------------------------------------------
================================================================================
libixion-0.9.0-2.fc22 (FEDORA-2015-5434)
A general purpose formula parser & interpreter library
--------------------------------------------------------------------------------
Update Information:
fix python bindings on i386
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 5 2015 David Tardon <dtardon(a)redhat.com> - 0.9.0-2
- fix python bindings on i386
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1208412 - python test fails on big endian arches
https://bugzilla.redhat.com/show_bug.cgi?id=1208412
--------------------------------------------------------------------------------
================================================================================
libsidplayfp-1.7.1-1.fc22 (FEDORA-2015-5409)
SID chip music module playing library
--------------------------------------------------------------------------------
Update Information:
- New upstream bugfix release 1.7.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 2 2015 Hans de Goede <hdegoede(a)redhat.com> - 1.7.1-1
- New upstream release 1.7.1 (rhbz#1207460)
* Fri Feb 20 2015 Michael Schwendt <mschwendt(a)fedoraproject.org> - 1.7.0-2
- Rebuild for GCC 5 C++ ABI changes.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1207460 - libsidplayfp-1.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1207460
--------------------------------------------------------------------------------
================================================================================
libteam-1.17-1.fc22 (FEDORA-2015-5419)
Library for controlling team network device
--------------------------------------------------------------------------------
Update Information:
- 1.17 release
- update copyright dates
- man: teamdctl: add entry for item set of debug_level
- teamd: lw: nsna_ping: fix na rx handling
- teamd: lw: arp_ping: fix arp rx handling
- libteam: ifinfo: fix rtnl dellink handling
- 1.16 release
- teamd: events: update ctx->hwaddr_len before calling hwaddr_changed handlers
- teamd: do not change ctx->hwaddr pointer
- teamd: lacp: change port mac address when team mac address is changed
- teamdctl: show port link down count in state output
- teamd: lw: count how many times has been the port down
- init unitialized value to 0/NULL to silence gcc warnings instead of x=x
- libteamdctl: rename recvmsg variable to recv_message
- teamd: check retval of malloc in lw_tipc_link_state_change
- teamd: fix potential memory leak in __set_sockaddr error path
- libteamdctl: fix typo in warning message in cli_zmq_recv
- libteam: check phys_port_id_len in update_phys_port_id
- teamnl: fix potential memory leak in run_cmd_getoptionckaddr error path
libteamdctl: fix typo in warning message in cli_zmq_recv
libteam: check phys_port_id_len in update_phys_port_id
teamnl: fix potential memory leak in run_cmd_getoption
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 2 2015 Jiri Pirko <jpirko(a)redhat.com> - 1.17-1
- 1.17 release
- update copyright dates
- man: teamdctl: add entry for item set of debug_level
- teamd: lw: nsna_ping: fix na rx handling
- teamd: lw: arp_ping: fix arp rx handling
- libteam: ifinfo: fix rtnl dellink handling
* Tue Mar 24 2015 Jiri Pirko <jpirko(a)redhat.com> - 1.16-1
- 1.16 release
- teamd: events: update ctx->hwaddr_len before calling hwaddr_changed handlers
- teamd: do not change ctx->hwaddr pointer
- teamd: lacp: change port mac address when team mac address is changed
- teamdctl: show port link down count in state output
- teamd: lw: count how many times has been the port down
- init unitialized value to 0/NULL to silence gcc warnings instead of x=x
- libteamdctl: rename recvmsg variable to recv_message
- teamd: check retval of malloc in lw_tipc_link_state_change
- teamd: fix potential memory leak in __set_sockaddr error path
- libteamdctl: fix typo in warning message in cli_zmq_recv
- libteam: check phys_port_id_len in update_phys_port_id
- teamnl: fix potential memory leak in run_cmd_getoption
* Sat Feb 21 2015 Till Maas <opensource(a)till.name> - 1.15-2
- Rebuilt for Fedora 23 Change
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-...
--------------------------------------------------------------------------------
================================================================================
mdds-0.12.0-2.fc22 (FEDORA-2015-5431)
A collection of multi-dimensional data structures and indexing algorithms
--------------------------------------------------------------------------------
Update Information:
add missing includes
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 5 2015 David Tardon <dtardon(a)redhat.com> - 0.12.0-2
- add missing includes
--------------------------------------------------------------------------------
================================================================================
openclipart-2.0-3.fc22 (FEDORA-2015-5407)
Open Clip Art Library
--------------------------------------------------------------------------------
Update Information:
Remove non-free and legally problematic clipart.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 1 2015 Tom Callaway <spot(a)fedoraproject.org> - 2.0-3
- correct license tag
- clean source code to remove non-free and legally problematic files
- not an april fools joke
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1176831 - OpenClipart included non-free images
https://bugzilla.redhat.com/show_bug.cgi?id=1176831
--------------------------------------------------------------------------------
================================================================================
openscap-1.2.2-1.fc22 (FEDORA-2015-5427)
Set of open source libraries enabling integration of the SCAP line of standards
--------------------------------------------------------------------------------
Update Information:
upgrade to the latest upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 2 2015 Šimon Lukašík <slukasik(a)redhat.com> - 1.2.2-1
- upgrade to the latest upstream release
--------------------------------------------------------------------------------
================================================================================
perl-Dist-Zilla-Plugin-Test-Compile-2.052-1.fc22 (FEDORA-2015-5426)
Common tests to check syntax of your modules, only using core modules
--------------------------------------------------------------------------------
Update Information:
This is a Dist::Zilla plugin that runs at the gather files stage, providing a test file
(configurable, defaulting to t/00-compile.t).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1206222 - Review Request: perl-Dist-Zilla-Plugin-Test-Compile - Common tests
to check syntax of your modules, only using core modules
https://bugzilla.redhat.com/show_bug.cgi?id=1206222
--------------------------------------------------------------------------------
================================================================================
perl-MouseX-Getopt-0.36-1.fc22 (FEDORA-2015-5406)
Mouse role for processing command line options
--------------------------------------------------------------------------------
Update Information:
Current upstream maintenance release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 2 2015 Paul Howarth <paul(a)city-fan.org> - 0.36-1
- Update to 0.36
- Fix tests that follow GLD changes
(
https://github.com/gfx/mousex-getopt/pull/6)
- This release by GFUJI → update source URL and directory case
--------------------------------------------------------------------------------
================================================================================
perl-mixin-0.07-1.fc22 (FEDORA-2015-5411)
Mixin inheritance, an alternative to multiple inheritance
--------------------------------------------------------------------------------
Update Information:
Mixin inheritance is an alternative to the usual multiple-inheritance and solves the
problem of knowing which parent will be called. It also solves a number of tricky problems
like diamond inheritance.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1207704 - Review Request: perl-mixin - Mixin inheritance, an alternative to
multiple inheritance
https://bugzilla.redhat.com/show_bug.cgi?id=1207704
--------------------------------------------------------------------------------
================================================================================
phodav-2.0-1.fc22 (FEDORA-2015-5433)
A WebDAV server using libsoup
--------------------------------------------------------------------------------
Update Information:
Add upstream patch fixing an USB redirection crash
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 2 2015 Christophe Fergeau <cfergeau(a)redhat.com> 2.0-1
- Update to phodav 2.0
- Rename package from libphodav-1.0 to libphodav
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1182226 - [abrt] virt-manager:
spice_usb_device_manager_stop_event_listening(): python2.7 killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1182226
--------------------------------------------------------------------------------
================================================================================
plasma-desktop-5.2.2-4.fc22 (FEDORA-2015-5421)
Plasma Desktop shell
--------------------------------------------------------------------------------
Update Information:
Upstream fix for kfontinst service paths
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 2 2015 Daniel Vrátil <dvratil(a)redhat.com> 5.2.2-4
- fix fontinst service paths (rhbz#1208229)
* Mon Mar 30 2015 Rex Dieter <rdieter(a)fedoraproject.org> 5.2.2-3
- own /usr/share/plasma/shells/org.kde.plasma.desktop/updates
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1208229 - system-settings ==> Font : don't show preview of fonts
https://bugzilla.redhat.com/show_bug.cgi?id=1208229
--------------------------------------------------------------------------------
================================================================================
poedit-1.7.5-2.fc22 (FEDORA-2015-5405)
GUI editor for GNU gettext .po files
--------------------------------------------------------------------------------
Update Information:
Rebuilt for the latest versions of wxGTK3 and lucene++
New upstream package
New upstream version
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 2 2015 Mario Blättermann <mario.blaettermann(a)gmail.com> - 1.7.5-2
- Rebuilt for latest versions of wxGTK3 and lucene++
* Fri Mar 13 2015 Mario Blättermann <mario.blaettermann(a)gmail.com> - 1.7.5-1
- New upstream version
- Add screenshot URL to appdata file, thanks to Wolfgang Stöggl
- Updated German man page
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1202572 - [abrt] poedit: wxAbort(): poedit killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1202572
--------------------------------------------------------------------------------
================================================================================
qt5-qtbase-5.4.1-7.fc22 (FEDORA-2015-5410)
Qt5 - QtBase components
--------------------------------------------------------------------------------
Update Information:
Drop upstream Qt 5.5 XCB patches, the rebase is incomplete and does not work properly with
Qt 5.4
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 1 2015 Daniel Vrátil <dvratil(a)redhat.com> - 5.4.1-7
- drop 5.5 XCB patches, the rebase is incomplete and does not work properly with Qt 5.4
* Mon Mar 30 2015 Rex Dieter <rdieter(a)fedoraproject.org> 5.4.1-6
- Crash due to unsafe access to QTextLayout::lineCount (#1207279,QTBUG-43562)
* Mon Mar 30 2015 Rex Dieter <rdieter(a)fedoraproject.org> 5.4.1-5
- unable to use input methods in ibus-1.5.10 (#1203575)
* Wed Mar 25 2015 Daniel Vrátil <dvratil(a)redhat.com> - 5.4.1-4
- pull in set of upstream Qt 5.5 fixes and improvements for XCB screen handling rebased to
5.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1207930 - [abrt] plasma-workspace: KCrash::defaultCrashHandler(): krunner
killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1207930
--------------------------------------------------------------------------------
================================================================================
quota-4.02-2.fc22 (FEDORA-2015-5416)
System administration tools for monitoring users' disk usage
--------------------------------------------------------------------------------
Update Information:
This release adds rpc-rquotad.service file which was known as nfs-rquotad.service in
nfs-utils. Also the service configuration file is /etc/sysconfig/rpc-rquotad now.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 2 2015 Petr Pisar <ppisar(a)redhat.com> - 1:4.02-2
- Add rpc-rquotad.service file which was known as nfs-rquotad.service
in nfs-utils (bug #1206260)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1206260 - nfs-rquotad.service missing
https://bugzilla.redhat.com/show_bug.cgi?id=1206260
--------------------------------------------------------------------------------
================================================================================
seren-0.0.21-1.fc22 (FEDORA-2015-5432)
Simple VoIP program to create conferences from the terminal
--------------------------------------------------------------------------------
Update Information:
Version bump
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 2 2015 Francesco Frassinelli <fraph24(a)gmail.com> - 0.0.21-1
- Version bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1172654 - seren-0.0.21 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1172654
--------------------------------------------------------------------------------
================================================================================
spice-gtk-0.28-2.fc22 (FEDORA-2015-5433)
A GTK+ widget for SPICE clients
--------------------------------------------------------------------------------
Update Information:
Add upstream patch fixing an USB redirection crash
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 31 2015 Christophe Fergeau <cfergeau(a)redhat.com> 0.28-2
- Add upstream patch fixing an USB redirection crash
Resolves: rhbz#1182226
- Adjust build requires to new naming of phodav package
* Wed Mar 4 2015 Marc-André Lureau <marcandre.lureau(a)redhat.com> 0.28-1
- Update to spice-gtk v0.28
* Mon Feb 23 2015 Christophe Fergeau <cfergeau(a)redhat.com> 0.27-6
- Rebuild for phodav soname bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1182226 - [abrt] virt-manager:
spice_usb_device_manager_stop_event_listening(): python2.7 killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1182226
--------------------------------------------------------------------------------
================================================================================
tuned-2.4.1-4.fc22 (FEDORA-2015-5415)
A dynamic adaptive system tuning daemon
--------------------------------------------------------------------------------
Update Information:
This is an update fixingd bash completion.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 2 2015 Jaroslav Škarvada <jskarvad(a)redhat.com> - 2.4.1-4
- fixed bash completion
resolves: rhbz#1207668
--------------------------------------------------------------------------------