The following Fedora 23 Security updates need testing: Age URL 140 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 98 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 71 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 62 https://bodhi.fedoraproject.org/updates/FEDORA-2015-abf9659276 php-PHPMailer-5.2.14-1.fc23 21 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 21 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b02ad4e424 ecryptfs-utils-109-1.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554 xulrunner-44.0-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4509765b4b gsi-openssh-7.1p2-3.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-97002ad37b rubygem-actionview-4.2.3-3.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f486068393 rubygem-actionpack-4.2.3-4.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eb4d6e8aab rubygem-activemodel-4.2.3-2.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3ede04cd79 rubygem-activesupport-4.2.3-3.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cc465a34df rubygem-activerecord-4.2.3-2.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-50abc3e885 python-pymongo-2.5.2-8.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b61929db9e wordpress-4.4.2-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-aa00f0631d mingw-nettle-3.2-1.fc23 mingw-gnutls-3.4.9-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-46a34efa06 php-5.6.18-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-153eed2bb8 asterisk-13.7.1-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-55137a3adb mingw-curl-7.47.0-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9a1c707b10 mingw-libpng-1.6.21-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-189a7bf68c mingw-libxml2-2.9.3-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fd1199dbe2 mingw-pcre-8.38-1.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554 xulrunner-44.0-1.fc23 The following builds have been pushed to Fedora 23 updates-testing OpenLP-2.3.3-1.fc23 caja-1.12.2-3.fc23 cdsclient-3.81-1.fc23 eclipse-ptp-9.0.1-1.fc23 etherape-0.9.14-1.fc23 freeciv-2.5.3-1.fc23 gnome-chemistry-utils-0.14.10-14.fc23 gnumeric-1.12.27-1.fc23 goffice-0.10.27-1.fc23 hylafax+-5.5.8-1.fc23 mate-themes-3.18.0-1.fc23 memkind-0.3.0-5.fc23 mingw-curl-7.47.0-1.fc23 mingw-libpng-1.6.21-1.fc23 mingw-libxml2-2.9.3-1.fc23 mingw-pcre-8.38-1.fc23 mintmenu-5.6.5-3.fc23 nagios-plugins-check-updates-1.6.15-1.fc23 nex-20151213-1.fc23 perl-Path-Tiny-0.076-1.fc23 python-astropy-helpers-1.1.1-1.fc23 python-pika-0.10.0-3.fc23 restsharp-105.2.3-3.fc23 simdock-1.4-0.20160207git.fc23 usbguard-0.4-4.fc23 Details about builds: ================================================================================ OpenLP-2.3.3-1.fc23 (FEDORA-2016-2aa71baeb8) Open source Church presentation and lyrics projection application -------------------------------------------------------------------------------- Update Information: Release Candidate 2.3.3 ---- Alpha Release of 2.4 -------------------------------------------------------------------------------- ================================================================================ caja-1.12.2-3.fc23 (FEDORA-2016-aceba7139e) File manager for MATE -------------------------------------------------------------------------------- Update Information: - try fix rhbz (#1291540) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1291540 - [abrt] caja: g_type_check_instance_cast(): caja killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1291540 -------------------------------------------------------------------------------- ================================================================================ cdsclient-3.81-1.fc23 (FEDORA-2016-d159935568) Tools to query databases at CDS -------------------------------------------------------------------------------- Update Information: update to 3.81 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1304909 - cdsclient-3.81 is available https://bugzilla.redhat.com/show_bug.cgi?id=1304909 -------------------------------------------------------------------------------- ================================================================================ eclipse-ptp-9.0.1-1.fc23 (FEDORA-2016-c20cfe942b) Eclipse Parallel Tools Platform -------------------------------------------------------------------------------- Update Information: Update to upstream 9.0.1 release. -------------------------------------------------------------------------------- ================================================================================ etherape-0.9.14-1.fc23 (FEDORA-2016-0788ddd153) Graphical network monitor for Unix -------------------------------------------------------------------------------- Update Information: Latest upstream. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1305314 - etherape-0.9.14 is available https://bugzilla.redhat.com/show_bug.cgi?id=1305314 -------------------------------------------------------------------------------- ================================================================================ freeciv-2.5.3-1.fc23 (FEDORA-2016-c604a25389) A multi-player strategy game -------------------------------------------------------------------------------- Update Information: Latest upstream. -------------------------------------------------------------------------------- ================================================================================ gnome-chemistry-utils-0.14.10-14.fc23 (FEDORA-2016-f078ec18c0) A set of chemical utilities -------------------------------------------------------------------------------- Update Information: This is an update to the latest upstream releases of gnumeric and goffice: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.27.html ---- This update fixes a crash in gchemtable -------------------------------------------------------------------------------- References: [ 1 ] Bug #1302135 - [abrt] gchemtable: gcu::Dialog::SetRealName(): gchemtable-0.14 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1302135 -------------------------------------------------------------------------------- ================================================================================ gnumeric-1.12.27-1.fc23 (FEDORA-2016-f078ec18c0) Spreadsheet program for GNOME -------------------------------------------------------------------------------- Update Information: This is an update to the latest upstream releases of gnumeric and goffice: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.27.html ---- This update fixes a crash in gchemtable -------------------------------------------------------------------------------- References: [ 1 ] Bug #1302135 - [abrt] gchemtable: gcu::Dialog::SetRealName(): gchemtable-0.14 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1302135 -------------------------------------------------------------------------------- ================================================================================ goffice-0.10.27-1.fc23 (FEDORA-2016-f078ec18c0) G Office support libraries -------------------------------------------------------------------------------- Update Information: This is an update to the latest upstream releases of gnumeric and goffice: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.27.html ---- This update fixes a crash in gchemtable -------------------------------------------------------------------------------- References: [ 1 ] Bug #1302135 - [abrt] gchemtable: gcu::Dialog::SetRealName(): gchemtable-0.14 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1302135 -------------------------------------------------------------------------------- ================================================================================ hylafax+-5.5.8-1.fc23 (FEDORA-2016-a1a998d683) An enterprise-strength fax server -------------------------------------------------------------------------------- Update Information: Update to 5.5.8. -------------------------------------------------------------------------------- ================================================================================ mate-themes-3.18.0-1.fc23 (FEDORA-2016-2b2f96538b) MATE Desktop themes -------------------------------------------------------------------------------- Update Information: use gtk+3 version schema -------------------------------------------------------------------------------- ================================================================================ memkind-0.3.0-5.fc23 (FEDORA-2016-e54be2efdf) User Extensible Heap Manager -------------------------------------------------------------------------------- Update Information: Fix rpmlint error dir-or-file-in-var-run for /var/run/memkind ---- Update upstream fixes for memkind-0.3.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1305360 - Fix rpmlint error dir-or-file-in-var-run for /var/run/memkind https://bugzilla.redhat.com/show_bug.cgi?id=1305360 [ 2 ] Bug #1305292 - Fix rawhide build errod and update memkind to upstream 0.3.0 latest patches https://bugzilla.redhat.com/show_bug.cgi?id=1305292 -------------------------------------------------------------------------------- ================================================================================ mingw-curl-7.47.0-1.fc23 (FEDORA-2016-55137a3adb) MinGW Windows port of curl and libcurl -------------------------------------------------------------------------------- Update Information: Update to 7.47.0 which fixes various CVE's -------------------------------------------------------------------------------- References: [ 1 ] Bug #1302264 - CVE-2016-0755 mingw-curl: curl: NTLM credentials not-checked for proxy connection re-use [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1302264 -------------------------------------------------------------------------------- ================================================================================ mingw-libpng-1.6.21-1.fc23 (FEDORA-2016-9a1c707b10) MinGW Windows Libpng library -------------------------------------------------------------------------------- Update Information: Update to 1.6.21 which fixes various CVE's -------------------------------------------------------------------------------- References: [ 1 ] Bug #1281760 - CVE-2015-8126 mingw-libpng: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1281760 -------------------------------------------------------------------------------- ================================================================================ mingw-libxml2-2.9.3-1.fc23 (FEDORA-2016-189a7bf68c) MinGW Windows libxml2 XML processing library -------------------------------------------------------------------------------- Update Information: Update to 2.9.3 which fixes various CVE's -------------------------------------------------------------------------------- References: [ 1 ] Bug #1281952 - mingw-libxml2: libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1281952 [ 2 ] Bug #1277149 - CVE-2015-8035 mingw-libxml2: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1277149 [ 3 ] Bug #1276299 - CVE-2015-7942 mingw-libxml2: libxml2: heap-based buffer overflow in xmlParseConditionalSections() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1276299 [ 4 ] Bug #1274225 - CVE-2015-7941 mingw-libxml2: libxml2: Out-of-bounds memory access [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1274225 [ 5 ] Bug #1262853 - mingw-libxml2: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1262853 -------------------------------------------------------------------------------- ================================================================================ mingw-pcre-8.38-1.fc23 (FEDORA-2016-fd1199dbe2) MinGW Windows pcre library -------------------------------------------------------------------------------- Update Information: Update to 8.38 and fix various CVE's -------------------------------------------------------------------------------- References: [ 1 ] Bug #1287720 - CVE-2015-8395 mingw-pcre: pcre: Buffer overflow caused by certain references [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287720 [ 2 ] Bug #1287704 - CVE-2015-8394 mingw-pcre: pcre: Integer overflow caused by missing check for certain conditions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287704 [ 3 ] Bug #1287698 - CVE-2015-8393 mingw-pcre: pcre: Information leak when running pcgrep -q on crafted binary [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287698 [ 4 ] Bug #1287692 - CVE-2015-8392 mingw-pcre: pcre: Buffer overflow caused by certain patterns with duplicated named groups [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287692 [ 5 ] Bug #1287673 - CVE-2015-8391 mingw-pcre: pcre: Some pathological patterns causes pcre_compile() to run for a very long time [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287673 [ 6 ] Bug #1287668 - CVE-2015-8390 mingw-pcre: pcre: Reading from uninitialized memory when processing certain patterns [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287668 [ 7 ] Bug #1287661 - CVE-2015-8389 mingw-pcre: pcre: Infinite recursion in JIT compiler when processing certain patterns [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287661 [ 8 ] Bug #1287656 - CVE-2015-8388 mingw-pcre: pcre: Buffer overflow caused by certain patterns with an unmatched closing parenthesis [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287656 [ 9 ] Bug #1287648 - CVE-2015-8387 mingw-pcre: pcre: Integer overflow in subroutine calls [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287648 [ 10 ] Bug #1287640 - CVE-2015-8386 mingw-pcre: pcre: Buffer overflow caused by lookbehind assertion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287640 [ 11 ] Bug #1287631 - CVE-2015-8385 mingw-pcre: pcre: Buffer overflow caused by forward reference by name to certain group [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287631 [ 12 ] Bug #1287626 - CVE-2015-8384 mingw-pcre: pcre: Buffer overflow caused by recursive back reference by name within certain group [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287626 [ 13 ] Bug #1287616 - CVE-2015-8383 mingw-pcre: pcre: Buffer overflow caused by repeated conditional group [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1287616 [ 14 ] Bug #1256453 - mingw-pcre: pcre: Heap Overflow in compile_regex() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1256453 [ 15 ] Bug #1250947 - mingw-pcre: pcre: heap buffer overflow with a crafted regular expression [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1250947 [ 16 ] Bug #1249905 - mingw-pcre: php: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1249905 [ 17 ] Bug #1237225 - CVE-2015-5073 mingw-pcre: pcre: heap buffer overflow in find_fixedlength() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1237225 [ 18 ] Bug #1236660 - CVE-2015-3210 mingw-pcre: pcre: heap buffer overflow in pcre_compile2() / compile_regex() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1236660 -------------------------------------------------------------------------------- ================================================================================ mintmenu-5.6.5-3.fc23 (FEDORA-2016-39c6db9d1c) Advanced Menu for the MATE Desktop -------------------------------------------------------------------------------- Update Information: - fix rhbz (#1302737) -------------------------------------------------------------------------------- ================================================================================ nagios-plugins-check-updates-1.6.15-1.fc23 (FEDORA-2016-bff5c3ceb3) A Nagios plugin to check if Red Hat or Fedora system is up-to-date -------------------------------------------------------------------------------- Update Information: Update to 1.6.15. -------------------------------------------------------------------------------- ================================================================================ nex-20151213-1.fc23 (FEDORA-2016-24897eabd5) A lexer generator for Go that is similar to Lex/Flex -------------------------------------------------------------------------------- Update Information: Update to 20151213 -------------------------------------------------------------------------------- ================================================================================ perl-Path-Tiny-0.076-1.fc23 (FEDORA-2016-17a8ae930b) File path utility -------------------------------------------------------------------------------- Update Information: This is a cumulative bugfix and enhancement release, the latest from upstream. There should be no backwards compatibility issues. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1305293 - perl-Path-Tiny: please update package in epel7, f22, f23 branches https://bugzilla.redhat.com/show_bug.cgi?id=1305293 -------------------------------------------------------------------------------- ================================================================================ python-astropy-helpers-1.1.1-1.fc23 (FEDORA-2016-777739aab2) Utilities for building and installing Astropy and Astropy affiliated packages -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1297234 - Review Request: python-astropy-helpers - Utilities for building and installing Astropy and Astropy affiliated packages https://bugzilla.redhat.com/show_bug.cgi?id=1297234 -------------------------------------------------------------------------------- ================================================================================ python-pika-0.10.0-3.fc23 (FEDORA-2016-fdfe1e1178) AMQP 0-9-1 client library for Python -------------------------------------------------------------------------------- Update Information: Update to latest upstream stable release (0.10.0), add Python 3 subpackage -------------------------------------------------------------------------------- References: [ 1 ] Bug #1244505 - python-pika 0.10.0 is available (python 3.3+ support added!) https://bugzilla.redhat.com/show_bug.cgi?id=1244505 -------------------------------------------------------------------------------- ================================================================================ restsharp-105.2.3-3.fc23 (FEDORA-2016-01a328bcee) Simple REST and HTTP API Client -------------------------------------------------------------------------------- Update Information: initial package, rhbz#1270776 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1270776 - Review Request: restsharp - Simple REST and HTTP API Client https://bugzilla.redhat.com/show_bug.cgi?id=1270776 -------------------------------------------------------------------------------- ================================================================================ simdock-1.4-0.20160207git.fc23 (FEDORA-2016-cce0d949bc) Fast and customizable dockbar -------------------------------------------------------------------------------- Update Information: Update to latest simdock sources from github. Seems to work fine under KDE and Openbox, -------------------------------------------------------------------------------- References: [ 1 ] Bug #1125872 - [abrt] simdock: handle_error(): simdock killed by SIGTRAP https://bugzilla.redhat.com/show_bug.cgi?id=1125872 [ 2 ] Bug #1018562 - [abrt] simdock-1.2.6-1.20130128git.fc19: main_arena: Process /usr/bin/simdock was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=1018562 -------------------------------------------------------------------------------- ================================================================================ usbguard-0.4-4.fc23 (FEDORA-2016-cccd99abb3) A tool for implementing USB device usage policy -------------------------------------------------------------------------------- Update Information: * update to usbguard-0.4 * WARNING: incompatible changes, see the release notes at https://github.com/dkopecek/usbguard/releases/tag/v0.4 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
