The following Fedora 23 Security updates need testing: Age URL 132 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 90 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 63 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 54 https://bodhi.fedoraproject.org/updates/FEDORA-2015-abf9659276 php-PHPMailer-5.2.14-1.fc23 13 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 13 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-29995fbd42 privoxy-3.0.23-3.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2256c80a94 openstack-swift-2.3.0-3.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe5b9da308 openstack-heat-2015.1.2-2.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2f25d12c51 kernel-4.3.4-300.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-25ab518a58 nodejs-is-my-json-valid-2.12.4-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b02ad4e424 ecryptfs-utils-109-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554 xulrunner-44.0-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5a5c85c5a8 prosody-0.9.10-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e55278763e phpMyAdmin-4.5.4.1-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4509765b4b gsi-openssh-7.1p2-2.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2ec7f779f2 claws-mail-3.13.2-1.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2f25d12c51 kernel-4.3.4-300.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554 xulrunner-44.0-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9f1ca30913 perl-IO-Socket-SSL-2.023-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-72f953d453 openssh-7.1p2-3.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-69c039b644 taglib-1.10-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8caca0b06d rpm-4.13.0-0.rc1.10.fc23 The following builds have been pushed to Fedora 23 updates-testing batctl-2016.0-1.fc23 konsole5-15.12.1-2.fc23 libburn-1.4.2-2.fc23 milkytracker-0.90.86-1.fc23 mote-0.4.3-2.fc23 perl-IO-Socket-SSL-2.023-1.fc23 phpMyAdmin-4.5.4.1-1.fc23 Details about builds: ================================================================================ batctl-2016.0-1.fc23 (FEDORA-2016-3a11fbab22) B.A.T.M.A.N. advanced control and management tool -------------------------------------------------------------------------------- Update Information: Update to 2016.0 See changelog at https://www.open-mesh.org/projects/open- mesh/wiki/2016-01-19-batman-adv-2016-0-release -------------------------------------------------------------------------------- ================================================================================ konsole5-15.12.1-2.fc23 (FEDORA-2016-2335bd3bb5) KDE Terminal emulator -------------------------------------------------------------------------------- Update Information: Include candidate fix for konsole not respecting geometry settings. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1244269 - Konsole geometry settings fail to function https://bugzilla.redhat.com/show_bug.cgi?id=1244269 -------------------------------------------------------------------------------- ================================================================================ libburn-1.4.2-2.fc23 (FEDORA-2016-1f3ed3545a) Library for reading, mastering and writing optical discs -------------------------------------------------------------------------------- Update Information: libburn 1.4.2.pl01 ================== * Bug fix: cdrskin "failed to attach fifo" when burning from stdin. Regression of 1.4.2, rev 5522. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1294947 - k3b does not work with cdrskin https://bugzilla.redhat.com/show_bug.cgi?id=1294947 -------------------------------------------------------------------------------- ================================================================================ milkytracker-0.90.86-1.fc23 (FEDORA-2016-dabc67c2c5) Module tracker software for creating music -------------------------------------------------------------------------------- Update Information: Updated to new upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1270882 - Please bundle the libzzip library included with MilkyTracker in order to fix broken zip support https://bugzilla.redhat.com/show_bug.cgi?id=1270882 -------------------------------------------------------------------------------- ================================================================================ mote-0.4.3-2.fc23 (FEDORA-2016-a626e1e51c) A MeetBot log wrangler, providing a user-friendly interface for Fedora's logs -------------------------------------------------------------------------------- Update Information: Update 0.4.3 -------------------------------------------------------------------------------- ================================================================================ perl-IO-Socket-SSL-2.023-1.fc23 (FEDORA-2016-9f1ca30913) Perl library for transparent SSL -------------------------------------------------------------------------------- Update Information: Current upstream release, with compatibility fix for openssl 1.0.2f. -------------------------------------------------------------------------------- ================================================================================ phpMyAdmin-4.5.4.1-1.fc23 (FEDORA-2016-e55278763e) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information: phpMyAdmin 4.5.4.1 (2016-01-28) =============================== - Error with PMA 4.4.15.3 - Remove hard dependency on phpseclib phpMyAdmin 4.5.4 (2016-01-28) ============================= - live data edit of big sets is not working - Table list not saved in db QBE bookmarked search - While 'changing a column', query fails with a syntax error after the 'CHARSET=' keyword - Avoid syntax error in javascript messages on invalid PHP setting for max_input_vars - Properly handle errors in upacking zip archive - Set PHP's internal encoding to UTF-8 - Fixed Kanji encoding in some specific cases - Check whether iconv works before using it - Avoid conversion of MySQL error messages - Undefined index: parameters - Undefined index: field_name_orig - Undefined index: host - 'Add to central columns' (per column button) does nothing - SQL duplicate entry error trying to INSERT in designer_settings table - Fix handling of databases with dot in a name - Fix hiding of page content behind menu - FROM clause not generated after loading search bookmark - Fix creating/editing VIEW with DEFINER containing special chars - Do not invoke FLUSH PRIVILEGES when server in --skip- grant-tables - Misleading message for configuration storage - Table pagination does nothing when session expired - Index comments not working properly - Better handle local storage errors - Improve detection of privileges for privilege adjusting - Undefined property: stdClass::$releases at version check when disabled in config - SQL comment and variable stripped from bookmark on save - Gracefully handle errors in regex based javascript search - [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-1 - [Security] Unsafe generation of CSRF token, see PMASA-2016-2 - [Security] Multiple XSS vulnerabilities, see PMASA-2016-3 - [Security] Insecure password generation in JavaScript, see PMASA-2016-4 - [Security] Unsafe comparison of CSRF token, see PMASA-2016-5 - [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-6 - [Security] XSS vulnerability in normalization page, see PMASA-2016-7 - [Security] Full path disclosure vulnerability in SQL parser, see PMASA-2016-8 - [Security] XSS vulnerability in SQL editor, see PMASA-2016-9 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1302686 - CVE-2016-2045 phpMyAdmin: XSS vulnerability in SQL editor (PMASA-2016-9) https://bugzilla.redhat.com/show_bug.cgi?id=1302686 [ 2 ] Bug #1302685 - CVE-2016-2044 phpMyAdmin: Full path disclosure vulnerability in SQL parser (PMASA-2016-8) https://bugzilla.redhat.com/show_bug.cgi?id=1302685 [ 3 ] Bug #1302684 - CVE-2016-2043 phpMyAdmin: XSS vulnerability in normalization page (PMASA-2016-7) https://bugzilla.redhat.com/show_bug.cgi?id=1302684 [ 4 ] Bug #1302682 - CVE-2016-2042 phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-6) https://bugzilla.redhat.com/show_bug.cgi?id=1302682 [ 5 ] Bug #1302681 - CVE-2016-2041 phpMyAdmin: Unsafe comparison of XSRF/CSRF token (PMASA-2016-5) https://bugzilla.redhat.com/show_bug.cgi?id=1302681 [ 6 ] Bug #1302680 - CVE-2016-1927 phpMyAdmin: Insecure password generation in JavaScript (PMASA-2016-4) https://bugzilla.redhat.com/show_bug.cgi?id=1302680 [ 7 ] Bug #1302679 - CVE-2016-2040 phpMyAdmin: Multiple XSS vulnerabilities (PMASA-2016-3) https://bugzilla.redhat.com/show_bug.cgi?id=1302679 [ 8 ] Bug #1302677 - CVE-2016-2039 phpMyAdmin: Unsafe generation of XSRF/CSRF token (PMASA-2016-2) https://bugzilla.redhat.com/show_bug.cgi?id=1302677 [ 9 ] Bug #1302676 - CVE-2016-2038 phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-1) https://bugzilla.redhat.com/show_bug.cgi?id=1302676 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
