The following Fedora 23 Security updates need testing: Age URL 160 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12739 python-kdcproxy-0.3.2-1.fc23 113 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 100 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 87 https://bodhi.fedoraproject.org/updates/FEDORA-2015-66439aa9e2 openstack-glance-2015.1.2-1.fc23 71 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 44 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 43 https://bodhi.fedoraproject.org/updates/FEDORA-2015-28076d0830 thttpd-2.25b-35.fc23 43 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-36.fc23 35 https://bodhi.fedoraproject.org/updates/FEDORA-2015-abf9659276 php-PHPMailer-5.2.14-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-105b3b8804 salt-2015.5.8-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c82e5c322c gajim-0.16.5-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-64c69ec297 libxmp-4.3.10-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3509d27585 nodejs-ws-1.0.1-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-902a2b18d8 shotwell-0.23.0-0.1.20160105gitf2fb1f7.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-558167a417 php-5.6.17-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-21f5261525 wordpress-4.4.1-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f048c43393 radicale-1.1.1-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3784096ef mbedtls-2.2.1-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-38e48069f8 prosody-0.9.9-2.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-69e506e02d perl-PathTools-3.60-2.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a576196426 owncloud-8.0.10-1.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-59825bca79 krb5-1.14-5.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-69e506e02d perl-PathTools-3.60-2.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-faf70f2302 bash-4.3.42-3.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d704a7f93e gnutls-3.4.8-1.fc23 The following builds have been pushed to Fedora 23 updates-testing bash-4.3.42-3.fc23 coreboot-utils-4.2-1.fc23 dcap-2.47.10-1.fc23 docker-compose-1.5.2-3.fc23 fontopia-1.1-2.fc23 gnutls-3.4.8-1.fc23 gofer-2.7.1-1.fc23 kde-wallpapers-15.08.3-2.fc23 mk-files-20151111-1.fc23 nordugrid-arc-5.0.5-1.fc23 nordugrid-arc-doc-2.0.6-1.fc23 ocserv-0.10.11-1.fc23 owncloud-8.0.10-1.fc23 perl-Date-Holidays-DE-1.7-1.fc23 perl-PathTools-3.60-2.fc23 plasma-workspace-5.5.3-4.fc23 plasma-workspace-wallpapers-5.5.3-2.fc23 prosody-0.9.9-2.fc23 python-cryptography-1.2.1-1.fc23 python-fedora-0.7.1-1.fc23 python-ivi-0.14.9-3.fc23 python-libcloud-0.20.0-1.fc23 rubygem-sequel-4.30.0-1.fc23 vdr-2.2.0-8.fc23 wine-1.9.1-1.fc23 wordwarvi-1.1-1.git6beed31.fc23 xdelta-3.0.11-2.fc23 Details about builds: ================================================================================ bash-4.3.42-3.fc23 (FEDORA-2016-faf70f2302) The GNU Bourne Again shell -------------------------------------------------------------------------------- Update Information: Adding more utils to wrap around, based on an older bugzilla mentioned in the related BZ. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1297166 - hash, type, and ulimit are missing from /usr/bin https://bugzilla.redhat.com/show_bug.cgi?id=1297166 -------------------------------------------------------------------------------- ================================================================================ coreboot-utils-4.2-1.fc23 (FEDORA-2016-fd23347dd9) Various utilities from coreboot project -------------------------------------------------------------------------------- Update Information: Update to utilities from the coreboot 4.2 release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1239412 - coreboot-utils: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1239412 [ 2 ] Bug #1260802 - update to coreboot 4.1 GA stable release https://bugzilla.redhat.com/show_bug.cgi?id=1260802 -------------------------------------------------------------------------------- ================================================================================ dcap-2.47.10-1.fc23 (FEDORA-2016-94282ec4a0) Client Tools for dCache -------------------------------------------------------------------------------- Update Information: New release with IPv6 fixes. -------------------------------------------------------------------------------- ================================================================================ docker-compose-1.5.2-3.fc23 (FEDORA-2016-7a3b274c5c) Multi-container orchestration for Docker -------------------------------------------------------------------------------- Update Information: Added missing dependency python-jsonschema -------------------------------------------------------------------------------- References: [ 1 ] Bug #1297516 - pkg_resources.DistributionNotFound: The 'jsonschema' distribution was not found and is required by docker-compose https://bugzilla.redhat.com/show_bug.cgi?id=1297516 -------------------------------------------------------------------------------- ================================================================================ fontopia-1.1-2.fc23 (FEDORA-2016-ca75e185d5) The console font editor -------------------------------------------------------------------------------- Update Information: Fixed spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1293045 - Review Request: fontopia - the console font editor https://bugzilla.redhat.com/show_bug.cgi?id=1293045 -------------------------------------------------------------------------------- ================================================================================ gnutls-3.4.8-1.fc23 (FEDORA-2016-d704a7f93e) A TLS protocol implementation -------------------------------------------------------------------------------- Update Information: New upstream release (#1297079) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1297079 - gnutls-3.4.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1297079 -------------------------------------------------------------------------------- ================================================================================ gofer-2.7.1-1.fc23 (FEDORA-2016-dd71d545d8) A lightweight, extensible python agent -------------------------------------------------------------------------------- Update Information: Latest upstream. Contains both bug fixes and enhancements. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1001938 - ruby-gofer-0.74-1.el6.noarch has unresolved dependency rubygem(qpid) >= 0:0.16.0 https://bugzilla.redhat.com/show_bug.cgi?id=1001938 [ 2 ] Bug #1156524 - [rfe] use dnf instead of yum https://bugzilla.redhat.com/show_bug.cgi?id=1156524 -------------------------------------------------------------------------------- ================================================================================ kde-wallpapers-15.08.3-2.fc23 (FEDORA-2016-5b3973db2d) KDE Wallpapers -------------------------------------------------------------------------------- Update Information: Fix file conflict. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1297390 - File conflict in plasma-workspace-wallpapers https://bugzilla.redhat.com/show_bug.cgi?id=1297390 -------------------------------------------------------------------------------- ================================================================================ mk-files-20151111-1.fc23 (FEDORA-2016-3b362e697b) Support files for bmake, the NetBSD make(1) tool -------------------------------------------------------------------------------- Update Information: New upstream version -------------------------------------------------------------------------------- ================================================================================ nordugrid-arc-5.0.5-1.fc23 (FEDORA-2016-6be8b76124) Advanced Resource Connector Grid Middleware -------------------------------------------------------------------------------- Update Information: NorduGrid ARC 15.03 update 6 http://www.nordugrid.org/arc/releases/15.03u6/release_notes_15.03u6.html -------------------------------------------------------------------------------- ================================================================================ nordugrid-arc-doc-2.0.6-1.fc23 (FEDORA-2016-6be8b76124) Advanced Resource Connector Documentation -------------------------------------------------------------------------------- Update Information: NorduGrid ARC 15.03 update 6 http://www.nordugrid.org/arc/releases/15.03u6/release_notes_15.03u6.html -------------------------------------------------------------------------------- ================================================================================ ocserv-0.10.11-1.fc23 (FEDORA-2016-e2f8d76cf7) OpenConnect SSL VPN server -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- ================================================================================ owncloud-8.0.10-1.fc23 (FEDORA-2016-a576196426) Private file sync and share server -------------------------------------------------------------------------------- Update Information: This update provides the new upstream patch release of ownCloud (7.0.12 for EPEL 6, 8.0.10 for all other distributions). It also adds a 'well-known' redirect for WebDAV (alongside the existing ones for CalDAV and CardDAV) - if you don't know what this is, don't worry. These are bugfix updates which include fixes for some security vulnerabilities rated 'low' and 'medium' by upstream. For full details on the changes, see the [upstream changelog](https://www.owncloud.org/changelog) and the security advisories: [OC- SA-2016-001](https://owncloud.org/security/advisory/?id=oc-sa-2016-001), [OC- SA-2016-002](https://owncloud.org/security/advisory/?id=oc-sa-2016-002), [OC- SA-2016-003](https://owncloud.org/security/advisory/?id=oc-sa-2016-003), [OC- SA-2016-004](https://owncloud.org/security/advisory/?id=oc-sa-2016-004). -------------------------------------------------------------------------------- ================================================================================ perl-Date-Holidays-DE-1.7-1.fc23 (FEDORA-2016-e6172fdbb7) Perl module to determine German holidays -------------------------------------------------------------------------------- Update Information: Date::Holidays::DE v1.7 ======================= - Added reformation day as one-time common federal holiday in 2017 - Thanks to Christoph Biedl -------------------------------------------------------------------------------- References: [ 1 ] Bug #1297365 - Upgrade perl-Date-Holidays-DE to 1.7 https://bugzilla.redhat.com/show_bug.cgi?id=1297365 -------------------------------------------------------------------------------- ================================================================================ perl-PathTools-3.60-2.fc23 (FEDORA-2016-69e506e02d) PathTools Perl module (Cwd, File::Spec) -------------------------------------------------------------------------------- Update Information: This release fixes CVE-2015-8607 (losing taint flag in File::Spec::canonpath() subroutine). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1293272 - CVE-2015-8607 perl-PathTools: Taint propagation flaw in canonpath() https://bugzilla.redhat.com/show_bug.cgi?id=1293272 -------------------------------------------------------------------------------- ================================================================================ plasma-workspace-5.5.3-4.fc23 (FEDORA-2016-8be45c9c9f) Plasma workspace, applications and applets -------------------------------------------------------------------------------- Update Information: Disable bootstrap build mode, add explicit reference to qdbus-qt5 in startplasmacompositor (wayland) script. ---- Pull in upstream fixes for notification placement, xembedsniproxy -------------------------------------------------------------------------------- References: [ 1 ] Bug #1297528 - None https://bugzilla.redhat.com/show_bug.cgi?id=1297528 -------------------------------------------------------------------------------- ================================================================================ plasma-workspace-wallpapers-5.5.3-2.fc23 (FEDORA-2016-5b3973db2d) Additional wallpapers for Plasma workspace -------------------------------------------------------------------------------- Update Information: Fix file conflict. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1297390 - File conflict in plasma-workspace-wallpapers https://bugzilla.redhat.com/show_bug.cgi?id=1297390 -------------------------------------------------------------------------------- ================================================================================ prosody-0.9.9-2.fc23 (FEDORA-2016-38e48069f8) Flexible communications server for Jabber/XMPP -------------------------------------------------------------------------------- Update Information: Prosody 0.9.9 ============= A summary of changes: Security fixes -------------- * Fix path traversal vulnerability in mod_http_files (CVE-2016-1231) * Fix use of weak PRNG in generation of dialback secrets (CVE-2016-1232) Bugs ---- * Improve handling of CNAME records in DNS * Fix traceback when deleting a user in some configurations (issue #496) * MUC: restrict_room_creation could prevent users from joining rooms (issue #458) * MUC: fix occasional dropping of iq stanzas sent privately between occupants * Fix a potential memory leak in mod_pep Additions --------- * Add http:list() command to telnet to view active HTTP services * Simplify IPv4/v6 address selection code for outgoing s2s * Add support for importing SCRAM hashes from ejabberd -------------------------------------------------------------------------------- References: [ 1 ] Bug #1296984 - CVE-2016-1232 prosody: use of weak PRNG in generation of dialback secrets https://bugzilla.redhat.com/show_bug.cgi?id=1296984 [ 2 ] Bug #1296983 - CVE-2016-1231 prosody: path traversal vulnerability in mod_http_files https://bugzilla.redhat.com/show_bug.cgi?id=1296983 -------------------------------------------------------------------------------- ================================================================================ python-cryptography-1.2.1-1.fc23 (FEDORA-2016-8351acc81f) PyCA's cryptography library -------------------------------------------------------------------------------- Update Information: Update to v1.2.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1289599 - Regression: unresolved symbol EC_GFp_nistp224_method with openssl-1.0.2e-1.fc23.x86_64 https://bugzilla.redhat.com/show_bug.cgi?id=1289599 [ 2 ] Bug #1284148 - Error Contents: osrandom engine already registered https://bugzilla.redhat.com/show_bug.cgi?id=1284148 -------------------------------------------------------------------------------- ================================================================================ python-fedora-0.7.1-1.fc23 (FEDORA-2016-fcfb7cff96) Python modules for talking to Fedora Infrastructure Services -------------------------------------------------------------------------------- Update Information: Fix a regression in the config parser. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1297221 - [abrt] bodhi-client: bodhi.py:351:parse_file:TypeError: getboolean() got an unexpected keyword argument 'raw' https://bugzilla.redhat.com/show_bug.cgi?id=1297221 -------------------------------------------------------------------------------- ================================================================================ python-ivi-0.14.9-3.fc23 (FEDORA-2016-1f2bdb73c8) Python Interchangeable Virtual Instrument Library -------------------------------------------------------------------------------- Update Information: - New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1294275 - Review Request: python-ivi - Python Interchangeable Virtual Instrument Library https://bugzilla.redhat.com/show_bug.cgi?id=1294275 -------------------------------------------------------------------------------- ================================================================================ python-libcloud-0.20.0-1.fc23 (FEDORA-2016-de7755e490) A Python library to address multiple cloud provider APIs -------------------------------------------------------------------------------- Update Information: Release 0.20.0 with new features and improvements ---- Libcloud 0.18.0 release with new features, improvements and bug-fixes. -------------------------------------------------------------------------------- ================================================================================ rubygem-sequel-4.30.0-1.fc23 (FEDORA-2016-6be3d5eb3d) The Database Toolkit for Ruby -------------------------------------------------------------------------------- Update Information: Upgrade to sequel 4.30.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1287389 - rubygem-sequel-4.30.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1287389 -------------------------------------------------------------------------------- ================================================================================ vdr-2.2.0-8.fc23 (FEDORA-2016-8b36d1422a) Video Disk Recorder -------------------------------------------------------------------------------- Update Information: Dependency, service ordering, and LCN support fixes -------------------------------------------------------------------------------- ================================================================================ wine-1.9.1-1.fc23 (FEDORA-2016-68267e1cb0) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information: Version 1.9.1 - A few more deferred fixes. - Support for debug registers on x86-64. - More Shader Model 4 instructions. - Support for the Mingw ARM toolchain. - Various bug fixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1297118 - wine-1.9.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1297118 -------------------------------------------------------------------------------- ================================================================================ wordwarvi-1.1-1.git6beed31.fc23 (FEDORA-2016-53f83f9208) Side-scrolling shoot 'em up '80s style arcade game -------------------------------------------------------------------------------- Update Information: - Upstream has moved to github - New upstream release 1.1 - Add appdata -------------------------------------------------------------------------------- References: [ 1 ] Bug #1295112 - update 1.00 https://bugzilla.redhat.com/show_bug.cgi?id=1295112 -------------------------------------------------------------------------------- ================================================================================ xdelta-3.0.11-2.fc23 (FEDORA-2016-10ae68c62f) A binary file delta generator -------------------------------------------------------------------------------- Update Information: - Rebase to most recent stable version (3.0.11) - enable all testcases during build - add support for '-S lzma' ---- New bugfix release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1295527 - xdelta: error XD3_TOOFARBACK https://bugzilla.redhat.com/show_bug.cgi?id=1295527 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
