The following Fedora 23 Security updates need testing: Age URL 42 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12739 python-kdcproxy-0.3.2-1.fc23 26 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13824 python-django-1.8.4-1.fc23 25 https://bodhi.fedoraproject.org/updates/conntrack-tools-1.4.2-9.fc23 conntrack-tools-1.4.2-9.fc23 21 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14197 sblim-sfcb-1.4.9-4.fc23 21 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14213 ntp-4.2.6p5-33.fc23 13 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14900 ipython-3.2.1-2.fc23 12 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14951 pdns-3.4.6-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13919 ipsilon-1.0.0-5.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15291 ipsilon-1.1.0-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15273 php-pecl-zip-1.13.1-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15590 jakarta-commons-httpclient-3.1-23.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15769 bugzilla-4.4.10-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15830 seamonkey-2.35-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15860 unzip-6.0-23.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15899 groovy-2.4.4-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15929 openjpeg2-2.1.0-6.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15934 libvpx-1.4.0-5.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15943 xen-4.5.1-8.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15983 wordpress-4.3.1-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16025 xpra-0.15.6-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16033 php-ZendFramework2-2.4.8-1.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 9 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15127 nautilus-3.17.91-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15358 cryptsetup-1.6.8-2.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15336 attr-2.4.47-13.fc23 acl-2.2.52-10.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15262 python-pycurl-7.19.5.1-3.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15487 xdg-user-dirs-0.15-7.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15477 libgcrypt-1.6.4-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15462 polkit-gnome-0.105-9.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15456 openssh-7.1p1-2.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15412 gdb-7.10-18.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15394 python-2.7.10-8.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13372 lvm2-2.02.130-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15563 enca-1.16-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15515 perl-HTTP-Message-6.11-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15703 xfce4-session-4.12.1-6.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15675 lorax-23.18-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15661 krb5-1.13.2-7.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15644 perl-Glib-1.313-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15623 gmp-6.0.0-12.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15601 pinentry-0.9.6-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15596 hunspell-1.3.3-8.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15812 attr-2.4.47-14.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15804 selinux-policy-3.13.1-147.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15797 gnutls-3.4.5-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15911 phonon-4.8.3-7.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15905 NetworkManager-1.0.6-5.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15860 unzip-6.0-23.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15846 python-blivet-1.12.4-1.fc23 anaconda-23.19.4-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16016 audit-2.4.4-2.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15972 exo-0.10.7-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15934 libvpx-1.4.0-5.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15922 net-tools-2.0-0.35.20150915git.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15840 kde-baseapps-15.08.1-1.fc23 kde-runtime-15.08.1-1.fc23 kdelibs-4.14.12-1.fc23 The following builds have been pushed to Fedora 23 updates-testing audit-2.4.4-2.fc23 compat-libvpx1-1.3.0-3.fc23 duplicity-0.7.05-1.fc23 glpi-0.85.5-1.fc23 golang-github-AdRoll-goamz-0-0.1.gitf8c4952.fc23 golang-github-Azure-azure-sdk-for-go-1.2-0.1.git97d9593.fc23 golang-github-denverdino-aliyungo-0-0.1.git0e0f322.fc23 golang-github-go-fsnotify-fsnotify-1.2.0-0.1.git96c060f.fc23 golang-github-gorilla-handlers-0-0.1.git60c7bfd.fc23 golang-github-ncw-swift-0-0.1.git22c8fa9.fc23 golang-github-noahdesu-go-ceph-0.3.0-0.1.gitb15639c.fc23 golang-github-stevvooe-resumable-0-0.1.git51ad441.fc23 gpaste-3.16.3-1.fc23 jnr-constants-0.9.0-1.fc23 kchildlock-0.91.1-1.fc23 libdwarf-20150915-1.fc23 nghttp2-1.3.2-1.fc23 perl-Encode-2.77-1.fc23 perl-Net-SSH-Perl-1.39-1.fc23 php-ZendFramework2-2.4.8-1.fc23 reposurgeon-3.29-1.fc23 texstudio-2.10.0-1.fc23 wayland-1.8.93-1.fc23 weston-1.8.93-1.fc23 woffTools-0.1-0.10.684svn.fc23 wordpress-4.3.1-1.fc23 xpra-0.15.6-1.fc23 Details about builds: ================================================================================ audit-2.4.4-2.fc23 (FEDORA-2015-16016) User space tools for 2.6 kernel auditing -------------------------------------------------------------------------------- Update Information: Fix FTBFS with hardened flags by using the distro CFLAGS, Tighten deps with the _isa macro, Use goarches macro to define supported GO architectures, Minor cleanups -------------------------------------------------------------------------------- References: [ 1 ] Bug #1263235 - audit in F23 is older than in F22, breaks upgrade https://bugzilla.redhat.com/show_bug.cgi?id=1263235 -------------------------------------------------------------------------------- ================================================================================ compat-libvpx1-1.3.0-3.fc23 (FEDORA-2015-16017) Compat package with libvpx libraries -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2015-1258. -------------------------------------------------------------------------------- ================================================================================ duplicity-0.7.05-1.fc23 (FEDORA-2015-16019) Encrypted bandwidth-efficient backup using rsync algorithm -------------------------------------------------------------------------------- Update Information: duplicity-0.7.05-1.fc23 - 0.7.05, BZ 1263488. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1263488 - duplicity-0.7.05 is available https://bugzilla.redhat.com/show_bug.cgi?id=1263488 -------------------------------------------------------------------------------- ================================================================================ glpi-0.85.5-1.fc23 (FEDORA-2015-16012) Free IT asset management software -------------------------------------------------------------------------------- Update Information: **GLPI version 0.85.5** From upstream [changelog](https://github.com/glpi- project/glpi/issues?q=milestone:0.85.5): * Missing project in total spent on budget bug * Fix queuemail is case MySQL server in not in same timezone as glpi * Notes are not deleted on item purge * Tickets/Pbs : wrong display of column 'Associated item types' when plugin * Dozens of sql errors at profile creation * Error PHP when adding a contract to an item, and contract is already linked to this item * Pb with massive action 'Remove a contract' on an asset * Error with Contract, massive action 'Remove item', 'Remove all at once' * Project task template * Collector : blacklisted email address generates php errors * Mailcollector if multi "To" in header * URL in notification for reservation * Values not corrects in glpi_events * In 'project tasks' tab of a project, type (of task) doesn't take into account available translations * In Setup > General, tab Assets, autom update elts related to computers : some fields are inverted * 0.85 and above : Child Entities, tab Notifications, pb with field 'Enable notifs by default' Packaging changes: - update to 0.85.5 - use system ircmaxell/password-compat - switch from eZ component to Zeta component -------------------------------------------------------------------------------- ================================================================================ golang-github-AdRoll-goamz-0-0.1.gitf8c4952.fc23 (FEDORA-2015-15987) Fork of the GOAMZ with additional functionality with DynamoDB -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262714 - Review Request: golang-github-AdRoll-goamz - Fork of the GOAMZ with additional functionality with DynamoDB https://bugzilla.redhat.com/show_bug.cgi?id=1262714 -------------------------------------------------------------------------------- ================================================================================ golang-github-Azure-azure-sdk-for-go-1.2-0.1.git97d9593.fc23 (FEDORA-2015-15994) Microsoft Azure SDK for Go -------------------------------------------------------------------------------- Update Information: needed by docker/distribution -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262716 - Review Request: golang-github-Azure-azure-sdk-for-go - Microsoft Azure SDK for Go https://bugzilla.redhat.com/show_bug.cgi?id=1262716 -------------------------------------------------------------------------------- ================================================================================ golang-github-denverdino-aliyungo-0-0.1.git0e0f322.fc23 (FEDORA-2015-16002) Go SDK for Aliyun Services -------------------------------------------------------------------------------- Update Information: needed by docker/distribution -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262704 - Review Request: golang-github-denverdino-aliyungo - Go SDK for Aliyun Services https://bugzilla.redhat.com/show_bug.cgi?id=1262704 -------------------------------------------------------------------------------- ================================================================================ golang-github-go-fsnotify-fsnotify-1.2.0-0.1.git96c060f.fc23 (FEDORA-2015-15977) File system notifications for Go -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262426 - Review Request: golang-github-go-fsnotify-fsnotify - File system notifications for Go https://bugzilla.redhat.com/show_bug.cgi?id=1262426 -------------------------------------------------------------------------------- ================================================================================ golang-github-gorilla-handlers-0-0.1.git60c7bfd.fc23 (FEDORA-2015-16001) A collection of useful handlers for Go's net/http package -------------------------------------------------------------------------------- Update Information: needed by docker/distribution -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262705 - Review Request: golang-github-gorilla-handlers - A collection of useful handlers for Go's net/http package https://bugzilla.redhat.com/show_bug.cgi?id=1262705 -------------------------------------------------------------------------------- ================================================================================ golang-github-ncw-swift-0-0.1.git22c8fa9.fc23 (FEDORA-2015-15995) Go language interface to Swift -------------------------------------------------------------------------------- Update Information: needed by docker/distribution -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262710 - Review Request: golang-github-ncw-swift - Go language interface to Swift https://bugzilla.redhat.com/show_bug.cgi?id=1262710 -------------------------------------------------------------------------------- ================================================================================ golang-github-noahdesu-go-ceph-0.3.0-0.1.gitb15639c.fc23 (FEDORA-2015-15986) Go bindings for RADOS, RBD, and CephFS -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262711 - Review Request: golang-github-noahdesu-go-ceph - Go bindings for RADOS, RBD, and CephFS https://bugzilla.redhat.com/show_bug.cgi?id=1262711 -------------------------------------------------------------------------------- ================================================================================ golang-github-stevvooe-resumable-0-0.1.git51ad441.fc23 (FEDORA-2015-16006) Subset of the Go `crypto` Package with a Resumable Hash Interface -------------------------------------------------------------------------------- Update Information: needed by docker/distribution -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262709 - Review Request: golang-github-stevvooe-resumable - Subset of the Go `crypto` Package with a Resumable Hash Interface https://bugzilla.redhat.com/show_bug.cgi?id=1262709 -------------------------------------------------------------------------------- ================================================================================ gpaste-3.16.3-1.fc23 (FEDORA-2015-16008) Clipboard management system -------------------------------------------------------------------------------- Update Information: * various gnome-shell extension fixes * prevent potential crash from external library users -------------------------------------------------------------------------------- References: [ 1 ] Bug #1260322 - gpaste-v3.16.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1260322 -------------------------------------------------------------------------------- ================================================================================ jnr-constants-0.9.0-1.fc23 (FEDORA-2015-16014) Java Native Runtime constants -------------------------------------------------------------------------------- Update Information: Update to upstream 0.9.0 release. -------------------------------------------------------------------------------- ================================================================================ kchildlock-0.91.1-1.fc23 (FEDORA-2015-16022) KDE Parental Control Application -------------------------------------------------------------------------------- Update Information: kchildlock-0.91.1-1.fc21 - Update to 0.91.1 kchildlock-0.91.1-1.fc22 - Update to 0.91.1 kchildlock-0.91.1-1.fc23 - Update to 0.91.1 -------------------------------------------------------------------------------- ================================================================================ libdwarf-20150915-1.fc23 (FEDORA-2015-15826) Library to access the DWARF Debugging file format -------------------------------------------------------------------------------- Update Information: Update to latest release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1263681 - libdwarf-20150915 is available https://bugzilla.redhat.com/show_bug.cgi?id=1263681 [ 2 ] Bug #1262816 - libdwarf-20150913 is available https://bugzilla.redhat.com/show_bug.cgi?id=1262816 -------------------------------------------------------------------------------- ================================================================================ nghttp2-1.3.2-1.fc23 (FEDORA-2015-16026) Experimental HTTP/2 client, server and proxy -------------------------------------------------------------------------------- Update Information: nghttp2-1.3.2-1.fc23 - update to the latest upstream release ---- nghttp2-1.3.1-1.fc23 - update to the latest upstream release -------------------------------------------------------------------------------- ================================================================================ perl-Encode-2.77-1.fc23 (FEDORA-2015-16029) Character encodings in Perl -------------------------------------------------------------------------------- Update Information: This release accepts UTF-16 encoding identifier and defaults to big endian variant as dictated by Unicode 8. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1263486 - perl-Encode-2.77 is available https://bugzilla.redhat.com/show_bug.cgi?id=1263486 -------------------------------------------------------------------------------- ================================================================================ perl-Net-SSH-Perl-1.39-1.fc23 (FEDORA-2015-16015) SSH (Secure Shell) client -------------------------------------------------------------------------------- Update Information: Current upstream maintenance release. -------------------------------------------------------------------------------- ================================================================================ php-ZendFramework2-2.4.8-1.fc23 (FEDORA-2015-16033) Zend Framework 2 -------------------------------------------------------------------------------- Update Information: **Zend Framework 2.4.8** **Security Update** * **ZF2015-07**: The filesystem storage adapter of Zend\Cache was creating directories with a liberal umask that could lead to local arbitrary code execution and/or local privilege escalation. This release contains a patch that ensures the directories are created using permissions of 0775 and files using 0664 (essentially umask 0002). **Bug fixed** from upstream [Changelog](http://framework.zend.com/changelog/2.4.8) * validate against DateTimeImmutable instead of DateTimeInterface * treat 0.0 as non-empty, restoring pre-2.4 behavior * deprecate "magic" logic for auto- attaching NonEmpty validators in favor of explicit attachment * ensure fallback values work as per pre-2.4 behavior * update the InputFilterInterface::add() docblock to match implementations * Fix how missing optoinal fields are validated to match pre 2.4.0 behavior * deprecate AllowEmpty and ContinueIfEmpty annotations, per zend-inputfilter#26 * fix typos in aria attribute names of AbstractHelper * fixes the ContentType header to properly handle encoded parameter values * fixes the Sender header to allow mailbox addresses without TLDs * fixes parsing of messages that contain an initial blank line before headers * fixes the SetCookie header to allow multiline values (as they are always encoded * fixes DefaultRenderingStrategy errors due to controllers returning non-view model results -------------------------------------------------------------------------------- ================================================================================ reposurgeon-3.29-1.fc23 (FEDORA-2015-16009) SCM Repository Manipulation Tool -------------------------------------------------------------------------------- Update Information: # 3.29: 2015-09-02 * Now included: git aliases that allow git to work with action stamps. * **The new `repomapper` tool helps prepare contributor maps.** * Use of branchify/branchify_map is now less likely to produce invalid resets. * `branchify_map` has been changed to handle subdirectories better. `branchify_map reset` actually works now. * Prevent a crash on empty SVN comments produced by dumpfiltering. * `assign` command with no selection set or arguments lists assignments. * New `--user-ignores` option on Subversion reads passes through .gitignores. * `repotool initialize` now generates an easier-to-read conversion makefile (Fedora: Used to be conversion.mk in /usr/share/doc/reposurgeon). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1259536 - reposurgeon-3.29 is available https://bugzilla.redhat.com/show_bug.cgi?id=1259536 -------------------------------------------------------------------------------- ================================================================================ texstudio-2.10.0-1.fc23 (FEDORA-2015-15998) A feature-rich editor for LaTeX documents -------------------------------------------------------------------------------- Update Information: - update to 2.10.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262987 - [PATCH] ARM build of 2.10.0 fails https://bugzilla.redhat.com/show_bug.cgi?id=1262987 -------------------------------------------------------------------------------- ================================================================================ wayland-1.8.93-1.fc23 (FEDORA-2015-16028) Wayland Compositor Infrastructure -------------------------------------------------------------------------------- Update Information: Wayland and Weston 1.8.93 releases. See http://lists.freedesktop.org/archives /wayland-devel/2015-September/024226.html and http://lists.freedesktop.org/archives/wayland-devel/2015-September/024227.html for details. -------------------------------------------------------------------------------- ================================================================================ weston-1.8.93-1.fc23 (FEDORA-2015-16028) Reference compositor for Wayland -------------------------------------------------------------------------------- Update Information: Wayland and Weston 1.8.93 releases. See http://lists.freedesktop.org/archives /wayland-devel/2015-September/024226.html and http://lists.freedesktop.org/archives/wayland-devel/2015-September/024227.html for details. -------------------------------------------------------------------------------- ================================================================================ woffTools-0.1-0.10.684svn.fc23 (FEDORA-2015-15984) Tool for manipulating and examining WOFF files -------------------------------------------------------------------------------- Update Information: Patch0 added, Release bumped -------------------------------------------------------------------------------- References: [ 1 ] Bug #1261384 - ImportError: No module named sstruct https://bugzilla.redhat.com/show_bug.cgi?id=1261384 -------------------------------------------------------------------------------- ================================================================================ wordpress-4.3.1-1.fc23 (FEDORA-2015-15983) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: **WordPress 4.3.1 Security and Maintenance Release** [Upstream announcement](https://wordpress.org/news/2015/09/wordpress-4-3-1/): WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation. * WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point. * A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team. * Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check Point. WordPress 4.3.1 also fixes twenty-six bugs. For more information, see the [release notes](https://codex.wordpress.org/Version_4.3.1) or consult the [list of changes](https://core.trac.wordpress.org/log/branches/4.3/?rev=34199&st op_rev=33647). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1263657 - CVE-2015-5714 CVE-2015-5715 wordpress: XSS and permission issue fixed in wordpress 4.3.1 https://bugzilla.redhat.com/show_bug.cgi?id=1263657 -------------------------------------------------------------------------------- ================================================================================ xpra-0.15.6-1.fc23 (FEDORA-2015-16025) Remote display server for applications and desktops -------------------------------------------------------------------------------- Update Information: This update fixes a critical bug with the Xdummy setup which allows local users to access the virtual display used for the xpra sessions. xpra-0.15.6-1.fc21 - Update to 0.15.6 xpra-0.15.6-1.fc22 - Update to 0.15.6 xpra-0.15.6-1.fc23 - Update to 0.15.6 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
