The following Fedora 23 Security updates need testing: Age URL 150 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 108 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 80 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 31 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 31 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554 xulrunner-44.0-1.fc23 16 https://bodhi.fedoraproject.org/updates/FEDORA-2016-97002ad37b rubygem-actionview-4.2.3-3.fc23 16 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f486068393 rubygem-actionpack-4.2.3-4.fc23 15 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eb4d6e8aab rubygem-activemodel-4.2.3-2.fc23 15 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3ede04cd79 rubygem-activesupport-4.2.3-3.fc23 15 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cc465a34df rubygem-activerecord-4.2.3-2.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5d0e7f15ef php-horde-horde-5.2.9-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-17670e1b90 kscreenlocker-5.5.4-3.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-59ce8b61dd rubygem-rails-html-sanitizer-1.0.3-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e0a6c9ebc4 postgresql-9.4.6-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-40401300ed 389-ds-base-1.3.4.8-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-65a1f22818 community-mysql-5.6.29-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-94b0b50351 gummi-0.6.6-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ba6fd98830 jabberd-2.3.3-7.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fb9b356b74 qt-creator-3.6.0-6.fc23 qca-2.1.1-4.fc23 code-editor-2.8.1-13.fc23 monotone-1.1-13.fc23 botan-1.10.12-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4154a4d0ba graphite2-1.3.5-1.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554 xulrunner-44.0-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-054e18a33d htdig-3.2.0-0.23.b6.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9ce8624a6c selinux-policy-3.13.1-158.7.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-990c070b19 spatialite-tools-4.3.0-9.fc23 sqlite-3.11.0-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-aba95ed7ff gnome-online-accounts-3.18.4-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a7c44257a0 breeze-icon-theme-5.19.0-1.fc23 extra-cmake-modules-5.19.0-1.fc23 kf5-5.19.0-1.fc23 kf5-attica-5.19.0-1.fc23 kf5-baloo-5.19.0-1.fc23 kf5-bluez-qt-5.19.0-1.fc23 kf5-frameworkintegration-5.19.0-1.fc23 kf5-kactivities-5.19.0-1.fc23 kf5-kapidox-5.19.0-1.fc23 kf5-karchive-5.19.0-1.fc23 kf5-kauth-5.19.0-1.fc23 kf5-kbookmarks-5.19.0-1.fc23 kf5-kcmutils-5.19.0-1.fc23 kf5-kcodecs-5.19.0-1.fc23 kf5-kcompletion-5.19.0-1.fc23 kf5-kconfig-5.19.0-1.fc23 kf5-kconfigwidgets-5.19.0-1.fc23 kf5-kcoreaddons-5.19.0-1.fc23 kf5-kcrash-5.19.0-1.fc23 kf5-kdbusaddons-5.19.0-1.fc23 kf5-kdeclarative-5.19.0-2.fc23 kf5-kded-5.19.0-1.fc23 kf5-kdelibs4support-5.19.0-1.fc23 kf5-kdesignerplugin-5.19.0-1.fc23 kf5-kdesu-5.19.0-1.fc23 kf5-kdewebkit-5.19.0-1.fc23 kf5-kdnssd-5.19.0-1.fc23 kf5-kdoctools-5.19.0-1.fc23 kf5-kemoticons-5.19.0-1.fc23 kf5-kfilemetadata-5.19.0-1.fc23 kf5-kglobalaccel-5.19.0-1.fc23 kf5-kguiaddons-5.19.0-1.fc23 kf5-khtml -5.19.0- 1.fc23 kf5-ki18n-5.19.0-1.fc23 kf5-kiconthemes-5.19.0-1.fc23 kf5-kidletime-5.19.0-1.fc23 kf5-kimageformats-5.19.0-1.fc23 kf5-kinit-5.19.0-1.fc23 kf5-kio-5.19.0-1.fc23 kf5-kitemmodels-5.19.0-1.fc23 kf5-kitemviews-5.19.0-1.fc23 kf5-kjobwidgets-5.19.0-1.fc23 kf5-kjs-5.19.0-1.fc23 kf5-kjsembed-5.19.0-1.fc23 kf5-kmediaplayer-5.19.0-1.fc23 kf5-knewstuff-5.19.0-1.fc23 kf5-knotifications-5.19.0-1.fc23 kf5-knotifyconfig-5.19.0-1.fc23 kf5-kpackage-5.19.0-1.fc23 kf5-kparts-5.19.0-1.fc23 kf5-kpeople-5.19.0-1.fc23 kf5-kplotting-5.19.0-1.fc23 kf5-kpty-5.19.0-1.fc23 kf5-kross-5.19.0-1.fc23 kf5-krunner-5.19.0-1.fc23 kf5-kservice-5.19.0-1.fc23 kf5-ktexteditor-5.19.0-1.fc23 kf5-ktextwidgets-5.19.0-1.fc23 kf5-kunitconversion-5.19.0-1.fc23 kf5-kwallet-5.19.0-1.fc23 kf5-kwidgetsaddons-5.19.0-1.fc23 kf5-kwindowsystem-5.19.0-1.fc23 kf5-kxmlgui-5.19.0-1.fc23 kf5-kxmlrpcclient-5.19.0-1.fc23 kf5-modemmanager-qt-5.19.0-1.fc23 kf5-networkmanager-qt-5.19.0-1.fc23 kf5-plasma-5.19.0-2.fc23 kf5-solid-5.19. 0-1.fc23 kf5-sonnet-5.19.0-1.fc23 kf5-threadweaver-5.19.0-1.fc23 oxygen-icon-theme-5.19.0-3.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7ccad9e603 kdepim-4.14.10-10.fc23 kdepim-runtime-4.14.10-6.fc23 kdepimlibs-4.14.10-8.fc23 The following builds have been pushed to Fedora 23 updates-testing cachefilesd-0.10.9-1.fc23 catfish-1.3.4-1.fc23 eclipse-4.5.1-12.fc23 graphite2-1.3.5-1.fc23 htdig-3.2.0-0.23.b6.fc23 openqa-4.3-15.fc23 opensmtpd-5.7.3p2-1.fc23 perl-Parse-Gitignore-0.02-2.fc23 perl-Text-Fuzzy-0.24-3.fc23 python-funcsigs-0.4-2.fc23 python-pybeam-0.3.2-1.fc23 sayonara-0.8.2-1.20160214git.fc23 selinux-policy-3.13.1-158.7.fc23 spatialite-tools-4.3.0-9.fc23 sqlite-3.11.0-1.fc23 texlive-2014-19.20140525_r34255.fc23 vdr-epg-daemon-0.3.2-2.20160215gitbac34c9.fc23 Details about builds: ================================================================================ cachefilesd-0.10.9-1.fc23 (FEDORA-2016-eead0f3cc5) CacheFiles user-space management daemon -------------------------------------------------------------------------------- Update Information: Update cachefilesd to interact with systemd in the correct way to change the status of the cachefilesd during installation, fix the service file to refer to /usr/sbin rather than /sbin and turn on build hardening (RELRO and PIE). ---- Suspend the scanning for cache objects that can be culled after a just completed scan has turned up no usable candidates. This is typically due to the kernel having all extant cache objects open and attached to network filesystem inodes. With the aid of a kernel patch that is queued for 4.6, scanning will resume when the cache has released sufficient objects or space to make it worth doing another scan. If the kernel patch is not in place, this will be detected and scanning will resume after 30 seconds. The thresholds for resumption when the kernel patch is available can be configured in /etc/cachefilesd.conf. See the manual page for that file. -------------------------------------------------------------------------------- References: [ 1 ] Bug #850053 - Introduce new systemd-rpm macros in cachefilesd spec file https://bugzilla.redhat.com/show_bug.cgi?id=850053 [ 2 ] Bug #1301734 - cachefilesd spins in tight loop trying to cull empty cache https://bugzilla.redhat.com/show_bug.cgi?id=1301734 -------------------------------------------------------------------------------- ================================================================================ catfish-1.3.4-1.fc23 (FEDORA-2016-2780480426) A handy file search tool -------------------------------------------------------------------------------- Update Information: New version 1.3.4 is released. -------------------------------------------------------------------------------- ================================================================================ eclipse-4.5.1-12.fc23 (FEDORA-2016-bfb1b334da) An open, extensible IDE -------------------------------------------------------------------------------- Update Information: Fixes a crash in the webkit widget (seen in Eclipse web browser view and any SWT application that uses the widget). Fixes testing framework to allow suites to run to completion when PyDev is enabled. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1270612 - [abrt] java-1.8.0-openjdk-headless: signalHandler(): java killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1270612 [ 2 ] Bug #1290685 - Can't run tests due to failure to correctly delete symlinks https://bugzilla.redhat.com/show_bug.cgi?id=1290685 -------------------------------------------------------------------------------- ================================================================================ graphite2-1.3.5-1.fc23 (FEDORA-2016-4154a4d0ba) Font rendering capabilities for complex non-Roman writing systems -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-1521, CVE-2016-1522, CVE-2016-1523 and CVE-2016-1526 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1305806 - CVE-2016-1521 graphite2: Two out-of-bound read vulnerabilities triggered by crafted fonts [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1305806 [ 2 ] Bug #1308591 - CVE-2016-1526 graphite2: Out-of-bounds read vulnerability in TfUtil:LocaLookup [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1308591 [ 3 ] Bug #1305814 - CVE-2016-1523 graphite2: Heap-based buffer overflow in context item handling functionality [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1305814 [ 4 ] Bug #1305811 - CVE-2016-1522 graphite2: Null pointer dereference and out-of-bounds access vulnerabilities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1305811 -------------------------------------------------------------------------------- ================================================================================ htdig-3.2.0-0.23.b6.fc23 (FEDORA-2016-054e18a33d) ht://Dig - Web search engine -------------------------------------------------------------------------------- Update Information: one bug fixed -------------------------------------------------------------------------------- References: [ 1 ] Bug #1230897 - RPM does not contain binary for htsearch https://bugzilla.redhat.com/show_bug.cgi?id=1230897 -------------------------------------------------------------------------------- ================================================================================ openqa-4.3-15.fc23 (FEDORA-2016-2f4ba2e1d3) OS-level automated testing framework -------------------------------------------------------------------------------- Update Information: This update introduces openQA, an OS-level automated testing framework, to the Fedora 23 repositories. Earlier builds of this package have already been in use on the Fedora openQA installs - https://openqa.fedoraproject.org and https://openqa.stg.fedoraproject.org - for some time. -------------------------------------------------------------------------------- ================================================================================ opensmtpd-5.7.3p2-1.fc23 (FEDORA-2016-58dde2301c) Free implementation of the server-side SMTP protocol as defined by RFC 5321 -------------------------------------------------------------------------------- Update Information: New release (5.7.3p2), fixing issue with OpenSSL API change. https://github.com/OpenSMTPD/OpenSMTPD/issues/650#issuecomment-178120346 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1304134 - opensmtpd-5.7.3p2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1304134 -------------------------------------------------------------------------------- ================================================================================ perl-Parse-Gitignore-0.02-2.fc23 (FEDORA-2016-8bb99cd844) Parse a .gitignore file -------------------------------------------------------------------------------- Update Information: 0.02 2016-02-04 - Testing problem resolved - Add "excludesfile" method 0.01 2016-02-03 - Initial version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1305294 - Review Request: perl-Parse-Gitignore - Parse .gitignore files https://bugzilla.redhat.com/show_bug.cgi?id=1305294 -------------------------------------------------------------------------------- ================================================================================ perl-Text-Fuzzy-0.24-3.fc23 (FEDORA-2016-b9b25e2bf4) Partial string matching using edit distances -------------------------------------------------------------------------------- Update Information: 0.24 2015-11-06 * Array length underflow error * Documentation internal link 0.23 2015-11-05 * Minor documentation fixes * Fix for Windows and fuzzy_index 0.22 2015-10-19 * Minor documentation fixes 0.21 2015-10-19 * Documents the undocumented fuzzy_index function * Fixes the return values for fuzzy_index to make sense * Adds a simple test for fuzzy_index -------------------------------------------------------------------------------- References: [ 1 ] Bug #1305263 - Review Request: perl-Text-Fuzzy - Partial string matching using edit distances https://bugzilla.redhat.com/show_bug.cgi?id=1305263 -------------------------------------------------------------------------------- ================================================================================ python-funcsigs-0.4-2.fc23 (FEDORA-2016-38574b8369) Python function signatures from PEP362 for Python 2.6, 2.7 and 3.2+ -------------------------------------------------------------------------------- Update Information: This update introduces python2 and python3 packages for the `funcsigs` module. -------------------------------------------------------------------------------- ================================================================================ python-pybeam-0.3.2-1.fc23 (FEDORA-2016-a319fb7fff) Python module to parse Erlang BEAM files -------------------------------------------------------------------------------- Update Information: * Initial build -------------------------------------------------------------------------------- References: [ 1 ] Bug #1308581 - Review Request: python-pybeam - Python module to parse Erlang BEAM files https://bugzilla.redhat.com/show_bug.cgi?id=1308581 -------------------------------------------------------------------------------- ================================================================================ sayonara-0.8.2-1.20160214git.fc23 (FEDORA-2016-d2ee68baea) A lightweight Qt Audio player -------------------------------------------------------------------------------- Update Information: * Tue Feb 16 2016 Martin Gansser <martinkg@xxxxxxxxxxxxxxxxx> - 0.8.2-1.20160214git - Update to 0.8.2 -------------------------------------------------------------------------------- ================================================================================ selinux-policy-3.13.1-158.7.fc23 (FEDORA-2016-9ce8624a6c) SELinux policy configuration -------------------------------------------------------------------------------- Update Information: This update contain new policy for lttng-sessiond, please be careful with karma. More info: http://koji.fedoraproject.org/koji/buildinfo?buildID=736503 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1309235 - lttng-sessiond should be confined https://bugzilla.redhat.com/show_bug.cgi?id=1309235 [ 2 ] Bug #1306819 - SELinux Prevents Mongodb from writing to syslog https://bugzilla.redhat.com/show_bug.cgi?id=1306819 -------------------------------------------------------------------------------- ================================================================================ spatialite-tools-4.3.0-9.fc23 (FEDORA-2016-990c070b19) A set of useful CLI tools for SpatiaLite -------------------------------------------------------------------------------- Update Information: Update to the latest upstream version, with rebuilt spatialite-tools. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1288606 - Split library from binary to drop unnecessary dependencies. https://bugzilla.redhat.com/show_bug.cgi?id=1288606 [ 2 ] Bug #1308765 - sqlite-3.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1308765 -------------------------------------------------------------------------------- ================================================================================ sqlite-3.11.0-1.fc23 (FEDORA-2016-990c070b19) Library that implements an embeddable SQL database engine -------------------------------------------------------------------------------- Update Information: Update to the latest upstream version, with rebuilt spatialite-tools. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1288606 - Split library from binary to drop unnecessary dependencies. https://bugzilla.redhat.com/show_bug.cgi?id=1288606 [ 2 ] Bug #1308765 - sqlite-3.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1308765 -------------------------------------------------------------------------------- ================================================================================ texlive-2014-19.20140525_r34255.fc23 (FEDORA-2016-0e583ec035) TeX formatting system -------------------------------------------------------------------------------- Update Information: Fixed issue with thumbpdf not working with PDFs without streams (new default). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1305887 - thumbpdf fails with unrecoverable error https://bugzilla.redhat.com/show_bug.cgi?id=1305887 -------------------------------------------------------------------------------- ================================================================================ vdr-epg-daemon-0.3.2-2.20160215gitbac34c9.fc23 (FEDORA-2016-1240b94bbf) A daemon to download EPG data from internet and manage it in a mysql database -------------------------------------------------------------------------------- Update Information: * Wed Feb 17 2016 Martin Gansser <martinkg@xxxxxxxxxxxxxxxxx> - 0.3.2-2.20160215gitbac34c9 - rebuild for new git release - dropped %%{name}-0.3.0-variable-overflow.patch * Mon Feb 15 2016 Martin Gansser <martinkg@xxxxxxxxxxxxxxxxx> - 0.3.2-1 - Update to 0.3.2 - Dropped %%{name}-0.3.0-variable-overflow.patch * Wed Feb 10 2016 Martin Gansser <martinkg@xxxxxxxxxxxxxxxxx> - 0.3.0-1 - Update to 0.3.0 - moved %%{name}-makefile.patch to %%{name}-0.3.0-makefile.patch - added %%{name}-0.3.0 -variable-overflow.patch -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
