The following Fedora 23 Security updates need testing: Age URL 157 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12739 python-kdcproxy-0.3.2-1.fc23 111 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 97 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 85 https://bodhi.fedoraproject.org/updates/FEDORA-2015-66439aa9e2 openstack-glance-2015.1.2-1.fc23 68 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 41 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 40 https://bodhi.fedoraproject.org/updates/FEDORA-2015-28076d0830 thttpd-2.25b-35.fc23 40 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-36.fc23 32 https://bodhi.fedoraproject.org/updates/FEDORA-2015-abf9659276 php-PHPMailer-5.2.14-1.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2015-aa3a69bdc3 kea-1.0.0-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6f20fac744 lighttpd-1.4.39-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-105b3b8804 salt-2015.5.8-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c82e5c322c gajim-0.16.5-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-64c69ec297 libxmp-4.3.10-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3509d27585 nodejs-ws-1.0.1-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-902a2b18d8 shotwell-0.23.0-0.1.20160105gitf2fb1f7.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f048c43393 radicale-1.1-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6ce812a1e0 kernel-4.3.3-300.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-558167a417 php-5.6.17-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-21f5261525 wordpress-4.4.1-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-971f4f3a50 wireshark-1.12.9-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4aec7860d8 rsync-3.1.1-8.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-38e48069f8 prosody-0.9.9-1.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6ce812a1e0 kernel-4.3.3-300.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-59825bca79 krb5-1.14-5.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7ca7599efc dracut-043-63.git20151211.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-aae4b3b916 systemd-222-12.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-678f6610dd librsvg2-2.40.13-1.fc23 The following builds have been pushed to Fedora 23 updates-testing MUMPS-5.0.1-10.fc23 atoum-2.5.0-1.fc23 beanstalkd-1.10-1.fc23 djview4-4.10.5-1.fc23 fbzx-3.1.0-1.fc23 gap-pkg-genss-1.6.3-1.fc23 gap-pkg-nq-2.5.2-1.fc23 gap-pkg-orb-4.7.4-1.fc23 gnome-shell-extensions-3.18.3-1.fc23 keepassx-2.0.0-1.fc23 kf5-kwallet-5.18.0-2.fc23 krb5-1.14-5.fc23 libndn-cxx-0.4.0-1.fc23 mgarepo-1.11.6-1.fc23 pdf-stapler-0.3.3-5.fc23 perl-Spreadsheet-XLSX-0.15-1.fc23 php-bartlett-php-compatinfo-db-1.4.0-1.fc23 piglit-1.0.20151124-1.git72e5518.fc23 prosody-0.9.9-1.fc23 python-flower-0.8.3-4.fc23 python-matplotlib-1.4.3-10.fc23 python-nsdf-0.0-2.git9621ced.fc23 python-prompt_toolkit-0.57-1.fc23 python-rhsm-1.16.5-1.fc23 python-sqlalchemy-1.0.11-1.fc23 python-wcwidth-0.1.6-1.fc23 subscription-manager-1.16.7-1.fc23 tito-0.6.3-1.fc23 tktable-2.10-10.fc23 waf-1.8.18-1.fc23 Details about builds: ================================================================================ MUMPS-5.0.1-10.fc23 (FEDORA-2016-efc5150750) A MUltifrontal Massively Parallel sparse direct Solver -------------------------------------------------------------------------------- Update Information: - Built MPICH libraries on EPEL (bz#1296387) - Exclude OpenMPI on s390 arches - Exclude MPICH on PPC arches - Built MPICH libraries (bz#1296387) - Removed useless Requires packages -------------------------------------------------------------------------------- References: [ 1 ] Bug #1296387 - Build for mpich, drop requires environment-modules https://bugzilla.redhat.com/show_bug.cgi?id=1296387 -------------------------------------------------------------------------------- ================================================================================ atoum-2.5.0-1.fc23 (FEDORA-2016-3188b2293d) PHP Unit Testing framework -------------------------------------------------------------------------------- Update Information: **Version 2.5.0** - 2016-01-08 * 539 Add a newMockInstance helper method on test class Grummfy * 548 The dateTime asserter now supports \dateTimeImmutable (jubianchi) * 540 Assert on child arrays using the phpArray asserter (jubianchi) * 541 New toArray (along with toArray method on phpString and object asserters) and iterator asserters (jubianchi) * 535 New resource asserter group (with isOfType or is* wildcard like isStream) (hywan) * 529 Allow extensions to define configuration (jubianchi) * 496 Mock generator supports variadic arguments passed by reference (jubianchi) * 496 Auto generate and inject mocks in test methods (jubianchi) **Bugfix** * 350 PHAR can be built on Windows (kao98) * 530 Extracted mocked method signature generation to make it work with visibility extension (jubianchi) * 537 exception asserter handles PHP 7 throwables (jubianchi) -------------------------------------------------------------------------------- ================================================================================ beanstalkd-1.10-1.fc23 (FEDORA-2016-2f34bfc9e3) A simple, fast work-queue service -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- ================================================================================ djview4-4.10.5-1.fc23 (FEDORA-2016-76a5a80be4) DjVu viewer -------------------------------------------------------------------------------- Update Information: Update to latest upstream release djview 4.10.5. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1296527 - djview4-4.10.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1296527 -------------------------------------------------------------------------------- ================================================================================ fbzx-3.1.0-1.fc23 (FEDORA-2016-900844ac61) A ZX Spectrum emulator for FrameBuffer -------------------------------------------------------------------------------- Update Information: * Added Kempston Mouse emulation * Added block 30 support for TZX files -------------------------------------------------------------------------------- ================================================================================ gap-pkg-genss-1.6.3-1.fc23 (FEDORA-2016-48a79d2a32) Randomized Schreier-Sims algorithm -------------------------------------------------------------------------------- Update Information: gap-pkg-genss-1.6.3-1.fc23: - Fix a bug in SetwiseStabilizer (see issue #5) - Move website to http://gap-packages.github.io/genss/ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1296720 - gap-pkg-genss-v1.6.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1296720 -------------------------------------------------------------------------------- ================================================================================ gap-pkg-nq-2.5.2-1.fc23 (FEDORA-2016-dab1e1e958) Nilpotent Quotients of finitely presented groups -------------------------------------------------------------------------------- Update Information: Update URLs for the new website. Minor documentation fixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1296735 - gap-pkg-nq-v2.5.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1296735 -------------------------------------------------------------------------------- ================================================================================ gap-pkg-orb-4.7.4-1.fc23 (FEDORA-2016-b40a7ed967) Methods to enumerate orbits in GAP -------------------------------------------------------------------------------- Update Information: gap-pkg-orb-4.7.4-1.fc23: - Show an error when the user tries to compute orbits of objects for which no ChooseHashFunction method is available. Previously, it would fall back to a "trivial" hash function, which led to worst- case performance. - Require GAP >= 4.6 - Remove Jenkins hash in favor of the Murmur hash built into GAP - Clarify that the code is licensed under GPL v3. - Document that MakeSchreierTreeShallow only works for orbits with log. - Move website to http://gap-packages.github.io/orb/ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1296736 - gap-pkg-orb-v4.7.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1296736 -------------------------------------------------------------------------------- ================================================================================ gnome-shell-extensions-3.18.3-1.fc23 (FEDORA-2016-8d466dc1df) Modify and extend GNOME Shell functionality and behavior -------------------------------------------------------------------------------- Update Information: Fix regression in handling .desktop entries in subdirectories -------------------------------------------------------------------------------- References: [ 1 ] Bug #1278366 - After F22->F23 upgrade, some menus no longer work in the application menu https://bugzilla.redhat.com/show_bug.cgi?id=1278366 -------------------------------------------------------------------------------- ================================================================================ keepassx-2.0.0-1.fc23 (FEDORA-2016-d5cca74851) Cross-platform password manager -------------------------------------------------------------------------------- Update Information: Version bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1282825 - update keepassx to 2.0.0 (was: KeePassX 2.0 is coming!) https://bugzilla.redhat.com/show_bug.cgi?id=1282825 -------------------------------------------------------------------------------- ================================================================================ kf5-kwallet-5.18.0-2.fc23 (FEDORA-2016-87a1fc173b) KDE Frameworks 5 Tier 3 solution for password management -------------------------------------------------------------------------------- Update Information: Pull in upstream fix for kwallet possibly blocking (when opened via pam- kwallet). -------------------------------------------------------------------------------- ================================================================================ krb5-1.14-5.fc23 (FEDORA-2016-59825bca79) The Kerberos network authentication system -------------------------------------------------------------------------------- Update Information: Fix for a Chrome crash in spnego_gss_inquire_context() -------------------------------------------------------------------------------- References: [ 1 ] Bug #1295893 - Chrome crash in spnego_gss_inquire_context() https://bugzilla.redhat.com/show_bug.cgi?id=1295893 -------------------------------------------------------------------------------- ================================================================================ libndn-cxx-0.4.0-1.fc23 (FEDORA-2016-71a706c9e3) C++ library implementing Named Data Networking primitives -------------------------------------------------------------------------------- Update Information: Package for 0.4.0 release -------------------------------------------------------------------------------- ================================================================================ mgarepo-1.11.6-1.fc23 (FEDORA-2016-0fa55ff076) Tools for Mageia repository access and management -------------------------------------------------------------------------------- Update Information: Update to 1.11.6 (switches to Python 3) -------------------------------------------------------------------------------- ================================================================================ pdf-stapler-0.3.3-5.fc23 (FEDORA-2016-aa0c4facc9) Tool for manipulating PDF documents from the command line -------------------------------------------------------------------------------- Update Information: pdf-stapler is the Fedora package for stapler, the opensource python project which provides a commandline tool that staples, deletes, concatenates and shuffles documents in the Portable Document Format (PDF). It is an alternative to PDFtk which was discontinued from Fedora 21. It is therefore an important new package to be introduced to Fedora for many users. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1234210 - Review Request: pdf-stapler - tool for manipulating PDF documents from the command line https://bugzilla.redhat.com/show_bug.cgi?id=1234210 -------------------------------------------------------------------------------- ================================================================================ perl-Spreadsheet-XLSX-0.15-1.fc23 (FEDORA-2016-f4ecb68b44) Perl extension for reading Microsoft Excel 2007 files -------------------------------------------------------------------------------- Update Information: Spreadsheet::XLSX 0.15 ====================== * Revert a numeric formatting change which caused isssues with Spreadsheet::Read. Spreadsheet::XLSX 0.14 ====================== * Change default date format to yyyy-mm-dd. This matches Spreadsheet::ParseExcel. * Handle xml tag attributes in varying order (RT #86667, et.al.) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1285437 - Upgrade perl-Spreadsheet-XLSX to 0.15 https://bugzilla.redhat.com/show_bug.cgi?id=1285437 -------------------------------------------------------------------------------- ================================================================================ php-bartlett-php-compatinfo-db-1.4.0-1.fc23 (FEDORA-2016-3c3766e602) Reference Database to be used with php-compatinfo library -------------------------------------------------------------------------------- Update Information: **Version 1.4.0** - 2016-01-09 Added * Support to PHP 7.0.2 * Support to PHP 5.6.17 * Support to PHP 5.5.31 Changed * Stomp reference updated to version 1.0.9 (stable) Fixed * Issue 3 : Json Failed test -------------------------------------------------------------------------------- ================================================================================ piglit-1.0.20151124-1.git72e5518.fc23 (FEDORA-2016-03d8391955) Collection of automated tests for OpenGL implementations -------------------------------------------------------------------------------- Update Information: Add dependency on python-mako -------------------------------------------------------------------------------- References: [ 1 ] Bug #1296987 - Missing dependency for piglit: python-mako https://bugzilla.redhat.com/show_bug.cgi?id=1296987 -------------------------------------------------------------------------------- ================================================================================ prosody-0.9.9-1.fc23 (FEDORA-2016-38e48069f8) Flexible communications server for Jabber/XMPP -------------------------------------------------------------------------------- Update Information: Prosody 0.9.9 ============= A summary of changes: Security fixes -------------- * Fix path traversal vulnerability in mod_http_files (CVE-2016-1231) * Fix use of weak PRNG in generation of dialback secrets (CVE-2016-1232) Bugs ---- * Improve handling of CNAME records in DNS * Fix traceback when deleting a user in some configurations (issue #496) * MUC: restrict_room_creation could prevent users from joining rooms (issue #458) * MUC: fix occasional dropping of iq stanzas sent privately between occupants * Fix a potential memory leak in mod_pep Additions --------- * Add http:list() command to telnet to view active HTTP services * Simplify IPv4/v6 address selection code for outgoing s2s * Add support for importing SCRAM hashes from ejabberd -------------------------------------------------------------------------------- References: [ 1 ] Bug #1296984 - CVE-2016-1232 prosody: Use of weak PRNG in generation of dialback secrets https://bugzilla.redhat.com/show_bug.cgi?id=1296984 [ 2 ] Bug #1296983 - CVE-2016-1231 prosody: Path traversal vulnerability in mod_http_files https://bugzilla.redhat.com/show_bug.cgi?id=1296983 -------------------------------------------------------------------------------- ================================================================================ python-flower-0.8.3-4.fc23 (FEDORA-2016-6a09ffb1a8) A web based tool for monitoring and administrating Celery clusters -------------------------------------------------------------------------------- Update Information: Initial release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1285941 - Review Request: python-flower - A web based tool for monitoring and administrating Celery clusters https://bugzilla.redhat.com/show_bug.cgi?id=1285941 -------------------------------------------------------------------------------- ================================================================================ python-matplotlib-1.4.3-10.fc23 (FEDORA-2016-499e21bb8a) Python 2D plotting library -------------------------------------------------------------------------------- Update Information: Add patch to fix GDK backend and remove problematic image from the tarball and final installation -------------------------------------------------------------------------------- References: [ 1 ] Bug #1231748 - NameError: global name 'cbook' is not defined https://bugzilla.redhat.com/show_bug.cgi?id=1231748 [ 2 ] Bug #1295174 - python-matplotlib contain problematic content https://bugzilla.redhat.com/show_bug.cgi?id=1295174 -------------------------------------------------------------------------------- ================================================================================ python-nsdf-0.0-2.git9621ced.fc23 (FEDORA-2016-69d7ede8aa) Support library for the Neuroscience Simulation Data Format -------------------------------------------------------------------------------- Update Information: New package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1292209 - Review Request: python-nsdf - Support library for the Neuroscience Simulation Data Format https://bugzilla.redhat.com/show_bug.cgi?id=1292209 -------------------------------------------------------------------------------- ================================================================================ python-prompt_toolkit-0.57-1.fc23 (FEDORA-2016-f10735fb0a) Library for building powerful interactive command lines in Python -------------------------------------------------------------------------------- Update Information: Align to upstream -------------------------------------------------------------------------------- ================================================================================ python-rhsm-1.16.5-1.fc23 (FEDORA-2016-40c503e426) A Python library to communicate with a Red Hat Unified Entitlement Platform -------------------------------------------------------------------------------- Update Information: * 1263037: Change RHSM Icon reporting of unregistered system * 1283749: Upgrade the dialogs to error when required fields are blank. * 1222627: Allows removal of product certs with no active repos, given temp_disabled_repos * 1163398: Modify icon-rhsm man page to reflect the help text * Install docs with mode 644 * 1288626: Does not report pool ids as serial numbers, ignore duplicates * 1061407: Avoid unwanted translations for subscription-manager by string substitutions * Output of errors now goes to stderr * Highlight the field(s) containing the search string -------------------------------------------------------------------------------- ================================================================================ python-sqlalchemy-1.0.11-1.fc23 (FEDORA-2016-f3df7c3250) Modular and flexible ORM library for python -------------------------------------------------------------------------------- Update Information: This update contains a new upstream bugfix release. The upstream [changelog](h ttp://docs.sqlalchemy.org/en/latest/changelog/changelog_10.html#change-1.0.11) contains a list of all changes in version 1.0.11. -------------------------------------------------------------------------------- ================================================================================ python-wcwidth-0.1.6-1.fc23 (FEDORA-2016-48fc1ecbed) Measures number of Terminal column cells of wide-character codes -------------------------------------------------------------------------------- Update Information: Upstream update -------------------------------------------------------------------------------- ================================================================================ subscription-manager-1.16.7-1.fc23 (FEDORA-2016-40c503e426) Tools and libraries for subscription and repository management -------------------------------------------------------------------------------- Update Information: * 1263037: Change RHSM Icon reporting of unregistered system * 1283749: Upgrade the dialogs to error when required fields are blank. * 1222627: Allows removal of product certs with no active repos, given temp_disabled_repos * 1163398: Modify icon-rhsm man page to reflect the help text * Install docs with mode 644 * 1288626: Does not report pool ids as serial numbers, ignore duplicates * 1061407: Avoid unwanted translations for subscription-manager by string substitutions * Output of errors now goes to stderr * Highlight the field(s) containing the search string -------------------------------------------------------------------------------- ================================================================================ tito-0.6.3-1.fc23 (FEDORA-2016-1ae987dd76) A tool for managing rpm based git projects -------------------------------------------------------------------------------- Update Information: Added ability to pass extra copr-cli build options to the copr releaser. (twiest@xxxxxxxxxx) Fix changelog format function name (araszka@xxxxxxxxxx) fix mock link (glen@xxxxxxxx) Set non-zero exit code when copr-cli fails (frostyx@xxxxxxxx) Add possibility to upload SRPM directly to Copr (frostyx@xxxxxxxx) Determine correct package manager DNF is now prefered on Fedora, but it is not installed on EL6 or EL7 (frostyx@xxxxxxxx) Ask user to run DNF instead of YUM (frostyx@xxxxxxxx) Add tito tag --use-version argument to man page (dcleal@xxxxxxxxxx) Fix upstream/distribution builder failure to copy spec. (dgoodwin@xxxxxxxxxx) Allow a user specific Copr remote SRPM URL. (awood@xxxxxxxxxx) -------------------------------------------------------------------------------- ================================================================================ tktable-2.10-10.fc23 (FEDORA-2016-38e86607af) Table/matrix widget extension to Tcl/Tk -------------------------------------------------------------------------------- Update Information: - Defined relro flags for EPEL -------------------------------------------------------------------------------- ================================================================================ waf-1.8.18-1.fc23 (FEDORA-2016-7da00ed7d2) A Python-based build system -------------------------------------------------------------------------------- Update Information: Update to the latest release. New in WAF 1.8.17: * Fixed a regression in exec_cfg() introduced in 1fbac66 #1670 * Added a new option --clear-failed to unit test builds #1678 * Added support for scriptlet expressions of the form ${FOO:SRC[0].abspath()} * Added define comments to configuration headers: conf.define(.., commment='') * Added experimental Wix and Satellizer tools #1666 * Added backslash replacement to resx processing -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
