The following Fedora 23 Security updates need testing: Age URL 158 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12739 python-kdcproxy-0.3.2-1.fc23 112 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 98 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 86 https://bodhi.fedoraproject.org/updates/FEDORA-2015-66439aa9e2 openstack-glance-2015.1.2-1.fc23 69 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 42 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 41 https://bodhi.fedoraproject.org/updates/FEDORA-2015-28076d0830 thttpd-2.25b-35.fc23 41 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-36.fc23 33 https://bodhi.fedoraproject.org/updates/FEDORA-2015-abf9659276 php-PHPMailer-5.2.14-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6f20fac744 lighttpd-1.4.39-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-105b3b8804 salt-2015.5.8-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c82e5c322c gajim-0.16.5-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-64c69ec297 libxmp-4.3.10-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3509d27585 nodejs-ws-1.0.1-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-902a2b18d8 shotwell-0.23.0-0.1.20160105gitf2fb1f7.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6ce812a1e0 kernel-4.3.3-300.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-558167a417 php-5.6.17-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-21f5261525 wordpress-4.4.1-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-971f4f3a50 wireshark-1.12.9-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-38e48069f8 prosody-0.9.9-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f048c43393 radicale-1.1.1-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e9bba2bb01 qemu-2.4.1-5.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6ce812a1e0 kernel-4.3.3-300.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-59825bca79 krb5-1.14-5.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-678f6610dd librsvg2-2.40.13-1.fc23 The following builds have been pushed to Fedora 23 updates-testing SDL2_image-2.0.1-1.fc23 SDL2_mixer-2.0.1-1.fc23 SDL2_net-2.0.1-1.fc23 SDL2_ttf-2.0.13-1.fc23 awscli-1.9.16-1.fc23 dosbox-0.74-17.fc23 eclib-20160101-1.fc23 enki-15.11.0-2.fc23 hadoop-2.4.1-12.fc23 kanatest-0.4.8-16.fc23 kde-connect-0.9-4.fc23 marsshooter-0.7.6-1.fc23 mbedtls-2.2.1-1.fc23 mycli-1.5.2-4.fc23 perl-WWW-Shorten-3.08-1.fc23 php-JsonSchema-1.6.0-1.fc23 php-pear-HTTP-OAuth-0.3.2-1.fc23 polyglot-chess-1.4-5.20140902gitf46ee06.fc23 qemu-2.4.1-5.fc23 radicale-1.1.1-1.fc23 xflr5-6.12-1.fc23 yash-2.40-1.fc23 Details about builds: ================================================================================ SDL2_image-2.0.1-1.fc23 (FEDORA-2016-ceb8831a8c) Image loading library for SDL -------------------------------------------------------------------------------- Update Information: Update to 2.0.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1296751 - SDL2_image-2.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1296751 -------------------------------------------------------------------------------- ================================================================================ SDL2_mixer-2.0.1-1.fc23 (FEDORA-2016-aa9e575c83) Simple DirectMedia Layer - Sample Mixer Library -------------------------------------------------------------------------------- Update Information: Update to 2.0.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1296752 - SDL2_mixer-2.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1296752 [ 2 ] Bug #1295221 - SDL2_mixer-2.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1295221 -------------------------------------------------------------------------------- ================================================================================ SDL2_net-2.0.1-1.fc23 (FEDORA-2016-e63ce2aa12) SDL portable network library -------------------------------------------------------------------------------- Update Information: Update to 2.0.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1296753 - SDL2_net-2.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1296753 -------------------------------------------------------------------------------- ================================================================================ SDL2_ttf-2.0.13-1.fc23 (FEDORA-2016-7e4ca5143b) TrueType font rendering library for SDL2 -------------------------------------------------------------------------------- Update Information: Update to 2.0.13 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1296754 - SDL2_ttf-2.0.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1296754 -------------------------------------------------------------------------------- ================================================================================ awscli-1.9.16-1.fc23 (FEDORA-2016-40c8c8e087) Universal Command Line Environment for AWS -------------------------------------------------------------------------------- Update Information: First version -------------------------------------------------------------------------------- ================================================================================ dosbox-0.74-17.fc23 (FEDORA-2016-5620730110) x86/DOS emulator with sound and graphics -------------------------------------------------------------------------------- Update Information: This update should fix an issue where dosbox frequently crashes when run with 'cycles=auto' (a common configuration). -------------------------------------------------------------------------------- ================================================================================ eclib-20160101-1.fc23 (FEDORA-2016-f617775199) Library for Computations on Elliptic Curves -------------------------------------------------------------------------------- Update Information: eclib-20160101-1.fc23: - No non-trivial changes to code, and none to the library interface. - Various obsolete compiler flags have been removed, and documentation updated (see github issue #10). - A new configure option --disable-mpfp has been added but the behavior with the default is unchanged. -------------------------------------------------------------------------------- ================================================================================ enki-15.11.0-2.fc23 (FEDORA-2016-35eb73f03b) Text editor for programmers -------------------------------------------------------------------------------- Update Information: obsoletes plugins subpackage, fixes functionality of menu -------------------------------------------------------------------------------- References: [ 1 ] Bug #1292724 - Enki not usable without plugins https://bugzilla.redhat.com/show_bug.cgi?id=1292724 [ 2 ] Bug #1281876 - Review Request: enki - Extensible text editor for programmers https://bugzilla.redhat.com/show_bug.cgi?id=1281876 -------------------------------------------------------------------------------- ================================================================================ hadoop-2.4.1-12.fc23 (FEDORA-2016-182ae3df92) A software platform for processing vast amounts of data -------------------------------------------------------------------------------- Update Information: Fixed the bug inhibiting the tomcat@httpfs service to start. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1295968 - hadoop-httpfs service does not start https://bugzilla.redhat.com/show_bug.cgi?id=1295968 -------------------------------------------------------------------------------- ================================================================================ kanatest-0.4.8-16.fc23 (FEDORA-2016-d99975c856) Hiragana and Katakana drill tool -------------------------------------------------------------------------------- Update Information: kanatest on Fedora 23 does not launch and immediately segfaults at the startup. This new rpm should fix this issue. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1296655 - [abrt] kanatest: gtk_icon_source_set_pixbuf(): kanatest killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1296655 -------------------------------------------------------------------------------- ================================================================================ kde-connect-0.9-4.fc23 (FEDORA-2016-f034164e15) KDE Connect client for communication with smartphones -------------------------------------------------------------------------------- Update Information: New kdeconnect-0.9g release -------------------------------------------------------------------------------- ================================================================================ marsshooter-0.7.6-1.fc23 (FEDORA-2016-859b9f2a75) M.A.R.S. - A Ridiculous Shooter -------------------------------------------------------------------------------- Update Information: - Switch to new upstream: https://github.com/jwrdegoede/M.A.R.S. - Update to 0.7.6 release: - Replace a few non-free fonts and sound files which accidentally slipped in with free alternatives - Add appdata -------------------------------------------------------------------------------- ================================================================================ mbedtls-2.2.1-1.fc23 (FEDORA-2016-b3784096ef) Light-weight cryptographic and SSL/TLS library -------------------------------------------------------------------------------- Update Information: - Update to 2.2.1 Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released ---- - Update to 2.2.0 Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.2.0-2.1.3-1.3.15-and-polarssl.1.2.18-released -------------------------------------------------------------------------------- ================================================================================ mycli-1.5.2-4.fc23 (FEDORA-2016-fe605bc905) Interactive CLI for MySQL Database with auto-completion and syntax highlighting -------------------------------------------------------------------------------- Update Information: New package: mycli. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1295108 - Review Request: mycli - Nice command line interface for MySQL Database with auto-completion and syntax highlighting https://bugzilla.redhat.com/show_bug.cgi?id=1295108 -------------------------------------------------------------------------------- ================================================================================ perl-WWW-Shorten-3.08-1.fc23 (FEDORA-2016-c3402a3a0e) Interface to URL shortening sites -------------------------------------------------------------------------------- Update Information: Upgrade to 3.08 (bz#1296197) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1296197 - Upgrade perl-WWW-Shorten to 3.08 https://bugzilla.redhat.com/show_bug.cgi?id=1296197 -------------------------------------------------------------------------------- ================================================================================ php-JsonSchema-1.6.0-1.fc23 (FEDORA-2016-45a064537d) PHP implementation of JSON schema -------------------------------------------------------------------------------- Update Information: **Version1.6.0** * 142 Optional extra arguments for custom error messages * 143 Add constraint factory * 192 Create .gitattributes * 194 bugfix: patternProperties raised errors when the pattern has slashes * 202 Fix CollectionConstraint to allow uniqueItems to be false * 204 Fix path output for required properties * 206 An email is a string, not much else. * 207 Fix non-6 digit microsecond date time formats * 209 RefResolver::$depth restoration after JsonDecodingException **Version1.5.0** * 182 Fix #93 ($ref to local definition not working) -------------------------------------------------------------------------------- ================================================================================ php-pear-HTTP-OAuth-0.3.2-1.fc23 (FEDORA-2016-67e86e67b4) Implementation of the OAuth spec -------------------------------------------------------------------------------- Update Information: **Version 0.3.2** * Fixed PEAR#20426. Authorization header values parsed incorrectly * Added composer support. -------------------------------------------------------------------------------- ================================================================================ polyglot-chess-1.4-5.20140902gitf46ee06.fc23 (FEDORA-2016-b099b47360) Polyglot chess opening book program -------------------------------------------------------------------------------- Update Information: initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1197333 - Review Request: polyglot-chess - Polyglot chess opening book program https://bugzilla.redhat.com/show_bug.cgi?id=1197333 -------------------------------------------------------------------------------- ================================================================================ qemu-2.4.1-5.fc23 (FEDORA-2016-e9bba2bb01) QEMU is a FAST! processor emulator -------------------------------------------------------------------------------- Update Information: * CVE-2015-7549: pci: null pointer dereference issue (bz #1291138) * CVE-2015-8558: DoS by infinite loop in ehci_advance_state (bz #1291309) * CVE-2015-8666: Heap-based buffer overrun during VM migration (bz #1294027) * CVE-2015-8744: vmxnet3: fix crash with short packets (bz #1295440) * CVE-2015-8745: vmxnet3: don't assert reading registers in bar0 (bz #1295442) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1291137 - CVE-2015-7549 Qemu: pci: null pointer dereference issue https://bugzilla.redhat.com/show_bug.cgi?id=1291137 [ 2 ] Bug #1277983 - CVE-2015-8558 Qemu: usb: infinite loop in ehci_advance_state results in DoS https://bugzilla.redhat.com/show_bug.cgi?id=1277983 [ 3 ] Bug #1283722 - CVE-2015-8666 Qemu: acpi: heap based buffer overrun during VM migration https://bugzilla.redhat.com/show_bug.cgi?id=1283722 [ 4 ] Bug #1270871 - CVE-2015-8744 Qemu: net: vmxnet3: incorrect l2 header validation leads to a crash via assert(2) call https://bugzilla.redhat.com/show_bug.cgi?id=1270871 [ 5 ] Bug #1270876 - CVE-2015-8745 Qemu: net: vmxnet3: reading IMR registers leads to a crash via assert(2) call https://bugzilla.redhat.com/show_bug.cgi?id=1270876 -------------------------------------------------------------------------------- ================================================================================ radicale-1.1.1-1.fc23 (FEDORA-2016-f048c43393) A simple CalDAV (calendar) and CardDAV (contact) server -------------------------------------------------------------------------------- Update Information: Version 1.1.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1295836 - CVE-2015-8747 CVE-2015-8748 radicale: Multiple security issues fixed in 1.1 https://bugzilla.redhat.com/show_bug.cgi?id=1295836 -------------------------------------------------------------------------------- ================================================================================ xflr5-6.12-1.fc23 (FEDORA-2016-89a0d4b2cd) Analysis tool for airfoils, wings and planes -------------------------------------------------------------------------------- Update Information: Update to version 6.12, see http://sourceforge.net/projects/xflr5/files/6.12/ReleaseNotes.txt for details. -------------------------------------------------------------------------------- ================================================================================ yash-2.40-1.fc23 (FEDORA-2016-3c26ae5b42) Yet Another SHell -------------------------------------------------------------------------------- Update Information: New version 2.40 is released. -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
