The following Fedora 23 Security updates need testing: Age URL 143 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 101 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 74 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 25 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 24 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b02ad4e424 ecryptfs-utils-109-1.fc23 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554 xulrunner-44.0-1.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-97002ad37b rubygem-actionview-4.2.3-3.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f486068393 rubygem-actionpack-4.2.3-4.fc23 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eb4d6e8aab rubygem-activemodel-4.2.3-2.fc23 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3ede04cd79 rubygem-activesupport-4.2.3-3.fc23 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cc465a34df rubygem-activerecord-4.2.3-2.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-50abc3e885 python-pymongo-2.5.2-8.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b61929db9e wordpress-4.4.2-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-aa00f0631d mingw-nettle-3.2-1.fc23 mingw-gnutls-3.4.9-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-46a34efa06 php-5.6.18-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-153eed2bb8 asterisk-13.7.1-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-55137a3adb mingw-curl-7.47.0-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9a1c707b10 mingw-libpng-1.6.21-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-189a7bf68c mingw-libxml2-2.9.3-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fd1199dbe2 mingw-pcre-8.38-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4d0e6ba888 springframework-social-1.0.3-3.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5d0e7f15ef php-horde-horde-5.2.9-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4a3e5618eb poco-1.4.2p1-3.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-17670e1b90 kscreenlocker-5.5.4-3.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-59ce8b61dd rubygem-rails-html-sanitizer-1.0.3-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3102c11757 nodejs-0.10.42-4.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554 xulrunner-44.0-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9f14d56a0c pcre-8.38-5.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f87e991b75 enca-1.18-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-46f59ae9c0 kde-settings-23-11.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-53890487b0 nspr-4.11.0-1.fc23 nss-3.22.0-1.0.fc23 nss-softokn-3.22.0-1.0.fc23 nss-util-3.22.0-1.0.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d0e28c5cae perl-Scalar-List-Utils-1.43-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c202294c99 texinfo-6.0-2.fc23 The following builds have been pushed to Fedora 23 updates-testing abrt-2.8.0-2.fc23 eclipse-dltk-5.3.2-1.fc23 empathy-3.12.11-3.fc23 enca-1.18-1.fc23 erlang-17.4-6.fc23 globus-gram-job-manager-14.27-3.fc23 insight-7.10.50.20160208-1.fc23 k3b-2.0.3-8.fc23 kde-settings-23-11.fc23 knot-2.1.1-1.fc23 kscreenlocker-5.5.4-3.fc23 libinput-1.1.7-1.fc23 nodejs-0.10.42-4.fc23 pcre-8.38-5.fc23 perl-Business-CreditCard-0.35-1.fc23 perl-File-Edit-Portable-1.18-1.fc23 perl-Tie-Hash-Method-0.02-1.fc23 perl-Tie-Hash-Method-0.02-2.fc23 python-pillow-3.0.0-3.fc23 python-pytimeparse-1.1.5-1.fc23 python-tinydb-3.1.2-3.fc23 quassel-0.12.3-1.fc23 rhythmbox-3.3-2.fc23 rubygem-rails-html-sanitizer-1.0.3-1.fc23 rubygem-sequel-4.31.0-1.fc23 shogun-data-0.10-1.fc23 snappy-player-1.0-9.20160119gite73fab.fc23 Details about builds: ================================================================================ abrt-2.8.0-2.fc23 (FEDORA-2016-ca98ba4477) Automatic bug detection and reporting tool -------------------------------------------------------------------------------- Update Information: **Drop %e from the core_pattern** The argument is no longer need and it must be placed either at the end of the command or enclosed with '' as it can contain white space. -------------------------------------------------------------------------------- ================================================================================ eclipse-dltk-5.3.2-1.fc23 (FEDORA-2016-52dedbb914) Dynamic Languages Toolkit (DLTK) Eclipse plug-in -------------------------------------------------------------------------------- Update Information: Upgrade to 5.3.2 and debugger patch -------------------------------------------------------------------------------- ================================================================================ empathy-3.12.11-3.fc23 (FEDORA-2016-27dcc764dd) Instant Messaging Client for GNOME -------------------------------------------------------------------------------- Update Information: Backport some upstream fixes, a crash when running on wayland in particular. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1277856 - [abrt] empathy: XInternAtom(): empathy-chat killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1277856 [ 2 ] Bug #1288589 - Empathy chat windows cannot be opened, after logging in with "GNOME on Wayland" https://bugzilla.redhat.com/show_bug.cgi?id=1288589 -------------------------------------------------------------------------------- ================================================================================ enca-1.18-1.fc23 (FEDORA-2016-f87e991b75) Character set analyzer and detector -------------------------------------------------------------------------------- Update Information: Update to 1.18 -------------------------------------------------------------------------------- ================================================================================ erlang-17.4-6.fc23 (FEDORA-2016-a79a47efb0) General-purpose programming language and runtime environment -------------------------------------------------------------------------------- Update Information: * Fix segfault on ix86 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1240487 - erl segfault on fedora-23-i686 (autoconf testsuite) https://bugzilla.redhat.com/show_bug.cgi?id=1240487 -------------------------------------------------------------------------------- ================================================================================ globus-gram-job-manager-14.27-3.fc23 (FEDORA-2016-c8dd46ad7f) Globus Toolkit - GRAM Jobmanager -------------------------------------------------------------------------------- Update Information: Adjust build requires due to perl package split. -------------------------------------------------------------------------------- ================================================================================ insight-7.10.50.20160208-1.fc23 (FEDORA-2016-e63c35886f) Graphical debugger based on GDB -------------------------------------------------------------------------------- Update Information: New snapshot -------------------------------------------------------------------------------- ================================================================================ k3b-2.0.3-8.fc23 (FEDORA-2016-dc315fd49f) CD/DVD/Blu-ray burning application -------------------------------------------------------------------------------- Update Information: Pull in latest 2.0 branch fixes, add support for kf5 actions and service menus. -------------------------------------------------------------------------------- ================================================================================ kde-settings-23-11.fc23 (FEDORA-2016-46f59ae9c0) Config files for kde -------------------------------------------------------------------------------- Update Information: Cleanup default mimetype associations -------------------------------------------------------------------------------- References: [ 1 ] Bug #1299586 - Duplicate file association for "*.pdf" https://bugzilla.redhat.com/show_bug.cgi?id=1299586 -------------------------------------------------------------------------------- ================================================================================ knot-2.1.1-1.fc23 (FEDORA-2016-f8fa7248eb) High-performance authoritative DNS server -------------------------------------------------------------------------------- Update Information: new upstream release: + fix: Allow import of duplicate private key into the KASP + fix: Avoid duplicate NSEC for Wildcard No Data answer + fix: Server crash when an incomming transfer is in progress and reload is issued + fix: Socket polling when configured with many interfaces and threads + improvement: Use correct source address for UDP messages recieved on ANY address + improvement: Extend documentation of knotc commands -------------------------------------------------------------------------------- ================================================================================ kscreenlocker-5.5.4-3.fc23 (FEDORA-2016-17670e1b90) Library and components for secure lock screen architecture -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-2312 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1306293 - CVE-2016-2312 plasma-workspace: kscreenlocker: Lock screen bypass https://bugzilla.redhat.com/show_bug.cgi?id=1306293 -------------------------------------------------------------------------------- ================================================================================ libinput-1.1.7-1.fc23 (FEDORA-2016-de0fc8d402) Input device library -------------------------------------------------------------------------------- Update Information: Fix disabling of disable-while-typing, kept the touchpad disabled under some circumstances. -------------------------------------------------------------------------------- ================================================================================ nodejs-0.10.42-4.fc23 (FEDORA-2016-3102c11757) JavaScript runtime -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-2216, CVE-2016-2086 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1306203 - CVE-2016-2216 nodejs: Response splitting vulnerability using Unicode characters https://bugzilla.redhat.com/show_bug.cgi?id=1306203 [ 2 ] Bug #1306200 - CVE-2016-2086 nodejs: Request smuggling vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1306200 -------------------------------------------------------------------------------- ================================================================================ pcre-8.38-5.fc23 (FEDORA-2016-9f14d56a0c) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release fixes a workspace overflow for expressions with (*ACCEPT) with deeply nested parentheses and it fixes pcretest for expressions with a callout inside a look-behind assertion. -------------------------------------------------------------------------------- ================================================================================ perl-Business-CreditCard-0.35-1.fc23 (FEDORA-2016-c9e79a6210) Validate/generate credit card check-sums/names -------------------------------------------------------------------------------- Update Information: A new version of Business-CreditCard is available. This release fixes a bug identifying 49* Visa cards introduced in 0.34. ---- A new version of Business- CreditCard is available. This release adds support for new cards and ranges. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1306245 - perl-Business-CreditCard-0.35 is available https://bugzilla.redhat.com/show_bug.cgi?id=1306245 [ 2 ] Bug #1305186 - perl-Business-CreditCard-0.34 is available https://bugzilla.redhat.com/show_bug.cgi?id=1305186 -------------------------------------------------------------------------------- ================================================================================ perl-File-Edit-Portable-1.18-1.fc23 (FEDORA-2016-fed83465dd) Read and write files while keeping the original line-endings intact -------------------------------------------------------------------------------- Update Information: 1.18 2016-01-28 - flock() now disabled for all FreeBSD amd64 versions 1.17 2016-01-26 - dir() in write mode now does the transform with a file handle instead of slurping the entire file into an array (performance) (closes #16) - fixed bugtracker link in POD (fixes #17) - bumped prereq version of Mock::Sub to 1.06 due to new efficiencies - FreeBSD 10.1 and 9.2 amd64 fail on flock() in write(), so we check for these versions and skip over the lock (prereq POSIX) 1.16 2016-01-22 - removed the write() lock test completely (closes #15) - platform_recsep() can be used as the custom recsep to write(). Added tests to confirm this (closes #12) - splice() now croaks if the 'line' param is sent in, and it doesn't consist of only an integer (closes #10) - RHEL vendor .list build files now ignored in MANIFEST (closes #14) - splice() now accepts both quoted strings and qr// objects in the 'find' parameter (closes #13) - major POD updates/fixes (closes #11) 1.15 2016-01-18 - we now LOCK_EX in write() (prereq Fcntl) - new build prereqs File::Tempdir and File::Spec for tests - cleaned up test data files - all temporary test files created with File::Tempdir, removed several unlink()s within tests (and their accompanying tests) 1.14 20160115 - build prereq Mock::Sub 1.01 added - test coverage now at 100% 1.13 20151229 - closes #3; splice() now warns if both 'find' and 'line' params are sent in, and 'line' takes precedence (and find isn't used) - closes #4; in dir()s write() call, the recsep is now checked with defined-or, not for truth 1.12 20151209 - closes #1; Changes didn't contain 1.10 update - POD updates -------------------------------------------------------------------------------- References: [ 1 ] Bug #1285518 - Review Request: perl-File-Edit-Portable - Read and write files while keeping the original line-endings intact https://bugzilla.redhat.com/show_bug.cgi?id=1285518 -------------------------------------------------------------------------------- ================================================================================ perl-Tie-Hash-Method-0.02-1.fc23 (FEDORA-2016-484ed6038a) Tied hash with specific methods overridden by callbacks -------------------------------------------------------------------------------- Update Information: This package provides Perl tied hashes with specific methods overridden by callbacks. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1304967 - Review Request: perl-Tie-Hash-Method - Tied hash with specific methods overridden by callbacks https://bugzilla.redhat.com/show_bug.cgi?id=1304967 -------------------------------------------------------------------------------- ================================================================================ perl-Tie-Hash-Method-0.02-2.fc23 (FEDORA-2016-fbe71c51b8) Tied hash with specific methods overridden by callbacks -------------------------------------------------------------------------------- Update Information: This release enables optional tests. ---- This package provides Perl tied hashes with specific methods overridden by callbacks. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1304967 - Review Request: perl-Tie-Hash-Method - Tied hash with specific methods overridden by callbacks https://bugzilla.redhat.com/show_bug.cgi?id=1304967 -------------------------------------------------------------------------------- ================================================================================ python-pillow-3.0.0-3.fc23 (FEDORA-2016-53d3bc0841) Python image processing library -------------------------------------------------------------------------------- Update Information: This update fixes the python3-pillow package description. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1306166 - python3-pillow RPM lacks a real description https://bugzilla.redhat.com/show_bug.cgi?id=1306166 -------------------------------------------------------------------------------- ================================================================================ python-pytimeparse-1.1.5-1.fc23 (FEDORA-2016-d5964ffc7e) Python time expression parse library -------------------------------------------------------------------------------- Update Information: new version build -------------------------------------------------------------------------------- ================================================================================ python-tinydb-3.1.2-3.fc23 (FEDORA-2016-f0ffd18314) TinyDB is a tiny, document oriented database -------------------------------------------------------------------------------- Update Information: Initial RPM Package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1303819 - Review Request: python-tinydb - A tiny, document oriented database https://bugzilla.redhat.com/show_bug.cgi?id=1303819 -------------------------------------------------------------------------------- ================================================================================ quassel-0.12.3-1.fc23 (FEDORA-2016-6b2f89b487) A modern distributed IRC system -------------------------------------------------------------------------------- Update Information: Update to latest upstream quassel release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1306081 - quassel-0.12.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1306081 -------------------------------------------------------------------------------- ================================================================================ rhythmbox-3.3-2.fc23 (FEDORA-2016-2bba416202) Music Management Application -------------------------------------------------------------------------------- Update Information: Drop non-functional Zeitgeist plugin (#1062912) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1062912 - unable to activate zeitgeist plugin https://bugzilla.redhat.com/show_bug.cgi?id=1062912 -------------------------------------------------------------------------------- ================================================================================ rubygem-rails-html-sanitizer-1.0.3-1.fc23 (FEDORA-2016-59ce8b61dd) This gem is responsible to sanitize HTML fragments in Rails applications -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-7578 CVE-2015-7579 CVE-2015-7580 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1302014 - CVE-2015-7579 rubygem-rails-html-sanitizer: XSS vulnerability in Action View's strip_tags function https://bugzilla.redhat.com/show_bug.cgi?id=1302014 [ 2 ] Bug #1301920 - CVE-2015-7578 rails-html-sanitizer: XSS vulnerability due to unremoved attributes from tags https://bugzilla.redhat.com/show_bug.cgi?id=1301920 -------------------------------------------------------------------------------- ================================================================================ rubygem-sequel-4.31.0-1.fc23 (FEDORA-2016-8a072cef88) The Database Toolkit for Ruby -------------------------------------------------------------------------------- Update Information: Updated to sequel 4.31.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1303792 - rubygem-sequel-4.31.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1303792 -------------------------------------------------------------------------------- ================================================================================ shogun-data-0.10-1.fc23 (FEDORA-2016-e2fbe00070) Data-files for the SHOGUN machine learning toolbox -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- ================================================================================ snappy-player-1.0-9.20160119gite73fab.fc23 (FEDORA-2016-77dbde0778) A Gnome media player -------------------------------------------------------------------------------- Update Information: - Update to commit #e73fab -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
