Fedora 23 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 23 Security updates need testing:
 Age  URL
 157  https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240   nagios-4.0.8-1.fc23
 114  https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe   miniupnpc-1.9-6.fc23
  87  https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324   jbig2dec-0.12-2.fc23
  38  https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1   python-pymongo-3.0.3-1.fc23
  38  https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8   thttpd-2.25b-37.fc23
  27  https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554   xulrunner-44.0-1.fc23
  23  https://bodhi.fedoraproject.org/updates/FEDORA-2016-97002ad37b   rubygem-actionview-4.2.3-3.fc23
  23  https://bodhi.fedoraproject.org/updates/FEDORA-2016-f486068393   rubygem-actionpack-4.2.3-4.fc23
  22  https://bodhi.fedoraproject.org/updates/FEDORA-2016-eb4d6e8aab   rubygem-activemodel-4.2.3-2.fc23
  22  https://bodhi.fedoraproject.org/updates/FEDORA-2016-3ede04cd79   rubygem-activesupport-4.2.3-3.fc23
  22  https://bodhi.fedoraproject.org/updates/FEDORA-2016-cc465a34df   rubygem-activerecord-4.2.3-2.fc23
  13  https://bodhi.fedoraproject.org/updates/FEDORA-2016-59ce8b61dd   rubygem-rails-html-sanitizer-1.0.3-1.fc23
   9  https://bodhi.fedoraproject.org/updates/FEDORA-2016-40401300ed   389-ds-base-1.3.4.8-1.fc23
   9  https://bodhi.fedoraproject.org/updates/FEDORA-2016-65a1f22818   community-mysql-5.6.29-1.fc23
   9  https://bodhi.fedoraproject.org/updates/FEDORA-2016-94b0b50351   gummi-0.6.6-1.fc23
   7  https://bodhi.fedoraproject.org/updates/FEDORA-2016-ba6fd98830   jabberd-2.3.3-7.fc23
   3  https://bodhi.fedoraproject.org/updates/FEDORA-2016-65b7608d8b   okhttp-2.7.4-1.fc23 okio-1.6.0-1.fc23
   3  https://bodhi.fedoraproject.org/updates/FEDORA-2016-e48f4bd14f   xen-4.5.2-8.fc23
   3  https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4   mingw-nsis-2.50-1.fc23
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-cdd4228cc7   pcs-0.9.149-2.fc23
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-5e0bb2f21a   tomcat-8.0.32-3.fc23
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-215a2219b1   libssh2-1.6.0-4.fc23


The following Fedora 23 Critical Path updates have yet to be approved:
 Age URL
  27  https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554   xulrunner-44.0-1.fc23
   7  https://bodhi.fedoraproject.org/updates/FEDORA-2016-054e18a33d   htdig-3.2.0-0.23.b6.fc23
   7  https://bodhi.fedoraproject.org/updates/FEDORA-2016-9ce8624a6c   selinux-policy-3.13.1-158.7.fc23
   3  https://bodhi.fedoraproject.org/updates/FEDORA-2016-8dde5e377c   lxsession-0.5.2-8.fc23
   3  https://bodhi.fedoraproject.org/updates/FEDORA-2016-2400dcd3d1   virtuoso-opensource-6.1.6-10.fc23
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-f24b72ecbd   gvfs-1.26.3-1.fc23
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-215a2219b1   libssh2-1.6.0-4.fc23
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-59c9fbaf94   gamin-0.1.10-22.fc23
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-3fb652d988   krb5-1.14-9.fc23


The following builds have been pushed to Fedora 23 updates-testing

    ardour4-4.7.0-1.fc23
    blivet-gui-1.0.4-1.fc23
    cherrytree-0.36.5-1.fc23
    docker-1.10.2-3.git0f5ac89.fc23
    gamin-0.1.10-22.fc23
    gdouros-avdira-fonts-6.31-1.fc23
    gerrymander-1.5-1.fc23
    gitolite3-3.6.5-2.fc23
    gvfs-1.26.3-1.fc23
    krb5-1.14-9.fc23
    libssh2-1.6.0-4.fc23
    libusbx-1.0.21-0.1.git448584a.fc23
    mingw-gstreamer1-plugins-bad-free-1.6.0-2.fc23
    mock-1.2.15-1.fc23
    mod_auth_gssapi-1.3.2-1.fc23
    msitools-0.95-2.fc23
    pam_yubico-2.21-1.fc23
    pcs-0.9.149-2.fc23
    php-pdepend-PHP-Depend-2.2.3-1.fc23
    pngquant-2.6.0-1.fc23
    python-django-markdown2-0.3.0-2.fc23
    python-django-tables2-0.10.0-7.fc23
    python-mysql-1.3.7-4.fc23
    python-qpid-0.32-13.fc23
    qutebrowser-0.5.1-1.fc23
    retrace-server-1.14-2.fc23
    sipp-3.5.0-3.fc23
    tomcat-8.0.32-3.fc23
    wine-1.9.4-1.fc23
    wxGTK3-3.0.2-14.fc23
    zeal-0.2.1-1.fc23

Details about builds:


================================================================================
 ardour4-4.7.0-1.fc23 (FEDORA-2016-eb9c56ff0f)
 Digital Audio Workstation
--------------------------------------------------------------------------------
Update Information:

New upstream bugfix and enhancement release.   For details refer to the
[upstream release announcement](https://community.ardour.org/node/13365).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1289349 - ardour4 startup script needs nm command from binutils
        https://bugzilla.redhat.com/show_bug.cgi?id=1289349
--------------------------------------------------------------------------------


================================================================================
 blivet-gui-1.0.4-1.fc23 (FEDORA-2016-6d0b744b24)
 Tool for data storage configuration
--------------------------------------------------------------------------------
Update Information:

Fix adding devices on DASD and zFCP disks (#1305495) (vtrefny)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1305495 - Unable to create new partition on s390x: KeyError: 'dasd'
        https://bugzilla.redhat.com/show_bug.cgi?id=1305495
--------------------------------------------------------------------------------


================================================================================
 cherrytree-0.36.5-1.fc23 (FEDORA-2016-1ec5b7341a)
 Hierarchical note taking application
--------------------------------------------------------------------------------
Update Information:

update to 0.36.5  ----  Update to 0.36.4  ----  update to cherrytree 0.36.3
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1309140 - cherrytree-0.36.5 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1309140
  [ 2 ] Bug #1160249 - cherrytree-0.36.3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1160249
  [ 3 ] Bug #1301941 - cherrytree-0.36.4 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1301941
--------------------------------------------------------------------------------


================================================================================
 docker-1.10.2-3.git0f5ac89.fc23 (FEDORA-2016-8215edf228)
 Automates deployment of containerized applications
--------------------------------------------------------------------------------
Update Information:

built docker @projectatomic/fedora-1.10.2 commit#0f5ac89
--------------------------------------------------------------------------------


================================================================================
 gamin-0.1.10-22.fc23 (FEDORA-2016-59c9fbaf94)
 Library providing the FAM File Alteration Monitor API
--------------------------------------------------------------------------------
Update Information:

Pull in slightly different upstream fix to avoid a possible deadlock condition.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #917848 - gam_server deadlocks, leading to all KDE applications hanging
        https://bugzilla.redhat.com/show_bug.cgi?id=917848
--------------------------------------------------------------------------------


================================================================================
 gdouros-avdira-fonts-6.31-1.fc23 (FEDORA-2016-5ab85da278)
 A font based on elements created by Demetrios Damilas (late 15th c.)
--------------------------------------------------------------------------------
Update Information:

First release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1307238 - Review Request: gdouros-avdira-fonts - A font based on elements created by Demetrios Damilas (late 15th c.)
        https://bugzilla.redhat.com/show_bug.cgi?id=1307238
--------------------------------------------------------------------------------


================================================================================
 gerrymander-1.5-1.fc23 (FEDORA-2016-9bdfef6c5b)
 The gerrit client tools
--------------------------------------------------------------------------------
Update Information:

New upstream release 1.5  ----  Add 'python-prettytable' to 'Requires'; fixes
rhbz# 1307167
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1307167 - gerrymander should require: python-prettytable
        https://bugzilla.redhat.com/show_bug.cgi?id=1307167
--------------------------------------------------------------------------------


================================================================================
 gitolite3-3.6.5-2.fc23 (FEDORA-2016-647420a708)
 Highly flexible server for git directory version tracker
--------------------------------------------------------------------------------
Update Information:

Latest upstream.
--------------------------------------------------------------------------------


================================================================================
 gvfs-1.26.3-1.fc23 (FEDORA-2016-f24b72ecbd)
 Backends for the gio framework in GLib
--------------------------------------------------------------------------------
Update Information:

Update to 1.26.3
--------------------------------------------------------------------------------


================================================================================
 krb5-1.14-9.fc23 (FEDORA-2016-3fb652d988)
 The Kerberos network authentication system
--------------------------------------------------------------------------------
Update Information:

Fix selinux issue on kadmin.log when created by kadmin.local.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1309421 - kadmin creates kadmind.log with bad SELinux context
        https://bugzilla.redhat.com/show_bug.cgi?id=1309421
--------------------------------------------------------------------------------


================================================================================
 libssh2-1.6.0-4.fc23 (FEDORA-2016-215a2219b1)
 A library implementing the SSH2 protocol
--------------------------------------------------------------------------------
Update Information:

During the SSHv2 handshake when libssh2 is to get a suitable value for 'group
order' in the Diffle Hellman negotiation, it would pass in number of bytes to a
function that expected number of bits. This would result in the library
generating numbers using only an 8th the number of random bits than what were
intended: 128 or 256 bits instead of 1023 or 2047  Using such drastically
reduced amount of random bits for Diffie Hellman weakened the handshake security
significantly.  The Common Vulnerabilities and Exposures (CVE) project has
assigned the name CVE-2016-0787 to this issue.
--------------------------------------------------------------------------------


================================================================================
 libusbx-1.0.21-0.1.git448584a.fc23 (FEDORA-2016-ebace1242a)
 Library for accessing USB devices
--------------------------------------------------------------------------------
Update Information:

- Update to a pre 1.0.21 git snapshot to bring in libusb_interrupt_event_handler
which chromium needs
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1270324 - Chromium needs libusb_interrupt_handle_event exposed
        https://bugzilla.redhat.com/show_bug.cgi?id=1270324
--------------------------------------------------------------------------------


================================================================================
 mingw-gstreamer1-plugins-bad-free-1.6.0-2.fc23 (FEDORA-2016-896100c13d)
 Cross compiled GStreamer1 plug-ins "bad"
--------------------------------------------------------------------------------
Update Information:

Rebuild due to a mingw-nettle update
--------------------------------------------------------------------------------


================================================================================
 mock-1.2.15-1.fc23 (FEDORA-2016-327a55296a)
 Builds packages inside chroots
--------------------------------------------------------------------------------
Update Information:

- ccache plugin disabled by default - F21 configs removed - F24 configs added -
read user config from ~/.config/mock.cfg too
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1294979 - [abrt] mock: shutil.py:420:_rmtree_safe_fd:PermissionError: [Errno 13] Permission denied: 'nosync.so'
        https://bugzilla.redhat.com/show_bug.cgi?id=1294979
  [ 2 ] Bug #1264215 - python-dnf-plugins-extras-local together with mock can be dangerous
        https://bugzilla.redhat.com/show_bug.cgi?id=1264215
  [ 3 ] Bug #1285630 - typo in site-defaults.cfg
        https://bugzilla.redhat.com/show_bug.cgi?id=1285630
--------------------------------------------------------------------------------


================================================================================
 mod_auth_gssapi-1.3.2-1.fc23 (FEDORA-2016-61412d3773)
 A GSSAPI Authentication module for Apache
--------------------------------------------------------------------------------
Update Information:

New features to report named extensions as environment variables and to stop
offering the negotiate header if negotiation fails.
--------------------------------------------------------------------------------


================================================================================
 msitools-0.95-2.fc23 (FEDORA-2016-b9b7e9c7a1)
 Windows Installer tools
--------------------------------------------------------------------------------
Update Information:

Add libvirt-glib.wxi
--------------------------------------------------------------------------------


================================================================================
 pam_yubico-2.21-1.fc23 (FEDORA-2016-cdcd67be0d)
 A Pluggable Authentication Module for yubikeys
--------------------------------------------------------------------------------
Update Information:

update to 2.21
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1265220 - pam_yubico-2.21 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1265220
--------------------------------------------------------------------------------


================================================================================
 pcs-0.9.149-2.fc23 (FEDORA-2016-cdd4228cc7)
 Pacemaker Configuration System
--------------------------------------------------------------------------------
Update Information:

* Re-synced to upstream sources * Security fix for CVE-2016-0720, CVE-2016-0721
* Rubygems built with RELRO * Spec file cleanup * Fixed multilib .pyc/.pyo issue
----  * Re-synced to upstream sources * Security fix for CVE-2016-0720,
CVE-2016-0721 * Rubygems built with RELRO * Spec file cleanup * Fixed multilib
.pyc/.pyo issue
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1299614 - CVE-2016-0720 pcs: Cross-Site Request Forgery in web UI
        https://bugzilla.redhat.com/show_bug.cgi?id=1299614
  [ 2 ] Bug #1299615 - CVE-2016-0721 pcs: cookies are not invalidated upon logout
        https://bugzilla.redhat.com/show_bug.cgi?id=1299615
--------------------------------------------------------------------------------


================================================================================
 php-pdepend-PHP-Depend-2.2.3-1.fc23 (FEDORA-2016-c8198b4b6e)
 PHP_Depend design quality metrics for PHP package
--------------------------------------------------------------------------------
Update Information:

**pdepend-2.2.3** (2016/02/22)  This release includes several pending pull
requests from GitHub.  Beside that this release adds support for complex
expressions in  property, constant and parameter declarations, introduced with
PHP  5.6.  - Fixed #226: Fixed division by zero issue. Fixed in commit #fb46614.
- Fixed #227: Fix support to files filters. Fixed in commit #4e150db. - Fixed
#230: Fix handling cygwin home folder location. Fixed in    commit #126c38a. -
Implemented #221: Add --quiet option. Implemented in commit    #9a710f7. -
Implemented #236: Switch to PSR-4 for autoloading Implemented in    commit
#57b54bd. - Implemented #238: Unexpected token errors for 5.6 "constant
expression" initializers. Implemented in commit #0087c94.
--------------------------------------------------------------------------------


================================================================================
 pngquant-2.6.0-1.fc23 (FEDORA-2016-e80651537e)
 PNG quantization tool for reducing image file size
--------------------------------------------------------------------------------
Update Information:

Update to 2.6.0 (#1310413)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1310413 - pngquant-2.6.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1310413
--------------------------------------------------------------------------------


================================================================================
 python-django-markdown2-0.3.0-2.fc23 (FEDORA-2016-0858d66635)
 Simple Django app, which supplies a single template tag for markdown markup
--------------------------------------------------------------------------------
Update Information:

update to 0.3.0, add python2- subpackage
--------------------------------------------------------------------------------


================================================================================
 python-django-tables2-0.10.0-7.fc23 (FEDORA-2016-f0492f8a3d)
 Table framework for Django
--------------------------------------------------------------------------------
Update Information:

fix django dependency
--------------------------------------------------------------------------------


================================================================================
 python-mysql-1.3.7-4.fc23 (FEDORA-2016-eca3958656)
 An interface to MySQL
--------------------------------------------------------------------------------
Update Information:

Provide python2-* packages  ----  Provide python2-* packages
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1306026 - python-mysql: nothing provides python2-mysql
        https://bugzilla.redhat.com/show_bug.cgi?id=1306026
  [ 2 ] Bug #1294321 - Unowned mysqlclient-*.egg-info dirs
        https://bugzilla.redhat.com/show_bug.cgi?id=1294321
--------------------------------------------------------------------------------


================================================================================
 python-qpid-0.32-13.fc23 (FEDORA-2016-a172eb2efe)
 Python client library for AMQP
--------------------------------------------------------------------------------
Update Information:

Added a fix for QPID-7053.
--------------------------------------------------------------------------------


================================================================================
 qutebrowser-0.5.1-1.fc23 (FEDORA-2016-258c9a3a47)
 A keyboard-driven, vim-like browser based on PyQt5 and QtWebKit
--------------------------------------------------------------------------------
Update Information:

First update of the package.
--------------------------------------------------------------------------------


================================================================================
 retrace-server-1.14-2.fc23 (FEDORA-2016-57aeb6095f)
 Application for remote coredump analysis
--------------------------------------------------------------------------------
Update Information:

- Introduce AllowVMCoreTask and AllowUserCoreTask configuration options  ----
New upstream release 1.14 that fixes build & packaging issues.  ----  New
upstream release that fixes several usability issues.
--------------------------------------------------------------------------------


================================================================================
 sipp-3.5.0-3.fc23 (FEDORA-2016-ac41e446b4)
 SIP test tool / traffic generator
--------------------------------------------------------------------------------
Update Information:

- Fix qop parameter in auth Digest.  ----  * Ver. 3.5.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1306382 - epel7 sipp-3.4.1 FTBFS on aarch64
        https://bugzilla.redhat.com/show_bug.cgi?id=1306382
--------------------------------------------------------------------------------


================================================================================
 tomcat-8.0.32-3.fc23 (FEDORA-2016-5e0bb2f21a)
 Apache Servlet/JSP Engine, RI for Servlet 3.1/JSP 2.3 API
--------------------------------------------------------------------------------
Update Information:

- Updated to 8.0.32 - Fix symlinks from $CATALINA_HOME/lib perspective,
resolves: rhbz#1308685 - Remove log4j support. It has never been working
actually. See rhbz#1236297 - Move shipped config to /etc/sysconfig/tomcat.
/etc/tomcat/tomcat.conf can now be used to override it with shell expansion,
resolves rhbz#1293636 - Recommend tomcat-native, resolves: rhbz#1243132 -
Resolves: rhbz#1286800 Failed to start component due to wrong
allowLinking="true" in context.xml - Program /bin/nologin does not exist
(#1302718) - Security fix for CVE-2016-0763
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1311093 - CVE-2016-0763 tomcat: security manager bypass via setGlobalContext()
        https://bugzilla.redhat.com/show_bug.cgi?id=1311093
--------------------------------------------------------------------------------


================================================================================
 wine-1.9.4-1.fc23 (FEDORA-2016-89c0c7e50b)
 A compatibility layer for windows applications
--------------------------------------------------------------------------------
Update Information:

     Support for color glyphs and font fallbacks in DirectWrite.
Improvements to the WebServices reader.     Support for more formats in Direct3D
11.     Simplified syntax and clean up of tests marked todo.     Various bug
fixes.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1310285 - wine-1.9.4 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1310285
--------------------------------------------------------------------------------


================================================================================
 wxGTK3-3.0.2-14.fc23 (FEDORA-2016-f389037f2c)
 GTK port of the wxWidgets GUI library
--------------------------------------------------------------------------------
Update Information:

Removes python bytecode from devel file (fixes #1294712)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1294712 - conflict between wxGTK3-devel-3.0.2-11.fc23.i686.rpm and wxGTK3-devel-3.0.2-11.fc23.x86_64
        https://bugzilla.redhat.com/show_bug.cgi?id=1294712
--------------------------------------------------------------------------------


================================================================================
 zeal-0.2.1-1.fc23 (FEDORA-2016-5fd8488c20)
 Offline documentation browser inspired by Dash
--------------------------------------------------------------------------------
Update Information:

Upstream bugfix release, see https://github.com/zealdocs/zeal/releases for
details
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1280293 - zeal-0.2.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1280293
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux