The following Fedora 23 Security updates need testing: Age URL 199 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 156 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 129 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 80 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 79 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 68 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554 xulrunner-44.0-1.fc23 45 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 27 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d7dafbf27f python-tgcaptcha2-0.3.1-1.fc23 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b05672c54f libmaxminddb-1.2.0-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b7f1f8e3bf mercurial-3.5.2-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-de909cc333 xstream-1.4.9-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e5432ca977 xen-4.5.3-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b9368247d4 latex2rtf-2.3.10-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1cf1b49047 php-5.6.20-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-858277b967 fuse-encfs-1.8.1-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7e602c0e5e kernel-4.4.6-301.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-35700c5956 python-pillow-3.0.0-4.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-73eb29f890 parallel-20160222-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f8eee2e628 imlib2-1.4.8-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b8f91621c7 optipng-0.7.6-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-dffdc981ff squid-3.5.10-2.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e6e8436b98 qpid-proton-0.12.1-1.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 68 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554 xulrunner-44.0-1.fc23 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d8dbbc4b73 kde-settings-23-11.fc23.1 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6d6d4d8f8 ntfs-3g-2016.2.22-1.fc23 testdisk-7.0-7.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-86fd9bc8c4 pungi-4.0.11-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7e602c0e5e kernel-4.4.6-301.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-dcddcc1f06 python-2.7.11-3.fc23 python-rpm-macros-3-7.fc23 python3-3.4.3-6.fc23 redhat-rpm-config-36-1.fc23.1 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f8eee2e628 imlib2-1.4.8-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5d2823c643 breeze-icon-theme-5.20.0-1.fc23 extra-cmake-modules-5.20.0-1.fc23 kactivitymanagerd-5.5.0-2.fc23 kf5-5.20.0-1.fc23 kf5-attica-5.20.0-1.fc23 kf5-baloo-5.20.0-1.fc23 kf5-bluez-qt-5.20.0-1.fc23 kf5-frameworkintegration-5.20.0-2.fc23 kf5-kactivities-5.20.0-2.fc23 kf5-kapidox-5.20.0-1.fc23 kf5-karchive-5.20.0-1.fc23 kf5-kauth-5.20.0-1.fc23 kf5-kbookmarks-5.20.0-1.fc23 kf5-kcmutils-5.20.0-1.fc23 kf5-kcodecs-5.20.0-1.fc23 kf5-kcompletion-5.20.0-1.fc23 kf5-kconfig-5.20.0-1.fc23 kf5-kconfigwidgets-5.20.0-1.fc23 kf5-kcoreaddons-5.20.0-1.fc23 kf5-kcrash-5.20.0-1.fc23 kf5-kdbusaddons-5.20.0-1.fc23 kf5-kdeclarative-5.20.0-1.fc23 kf5-kded-5.20.0-1.fc23 kf5-kdelibs4support-5.20.0-1.fc23 kf5-kdesignerplugin-5.20.0-1.fc23 kf5-kdesu-5.20.0-1.fc23 kf5-kdewebkit-5.20.0-1.fc23 kf5-kdnssd-5.20.0-1.fc23 kf5-kdoctools-5.20.0-1.fc23 kf5-kemoticons-5.20.0-1.fc23 kf5-kfilemetadata-5.20.0-1.fc23 kf5-kglobalaccel-5.20.0-1.fc23 kf5-kgu iaddons- 5.20.0-1.fc23 kf5-khtml-5.20.0-1.fc23 kf5-ki18n-5.20.0-1.fc23 kf5-kiconthemes-5.20.0-1.fc23 kf5-kidletime-5.20.0-1.fc23 kf5-kimageformats-5.20.0-1.fc23 kf5-kinit-5.20.0-1.fc23 kf5-kio-5.20.0-1.fc23 kf5-kitemmodels-5.20.0-1.fc23 kf5-kitemviews-5.20.0-1.fc23 kf5-kjobwidgets-5.20.0-1.fc23 kf5-kjs-5.20.0-1.fc23 kf5-kjsembed-5.20.0-1.fc23 kf5-kmediaplayer-5.20.0-1.fc23 kf5-knewstuff-5.20.0-1.fc23 kf5-knotifications-5.20.0-2.fc23 kf5-knotifyconfig-5.20.0-1.fc23 kf5-kpackage-5.20.0-1.fc23 kf5-kparts-5.20.0-1.fc23 kf5-kpeople-5.20.0-1.fc23 kf5-kplotting-5.20.0-1.fc23 kf5-kpty-5.20.0-1.fc23 kf5-kross-5.20.0-1.fc23 kf5-krunner-5.20.0-1.fc23 kf5-kservice-5.20.0-1.fc23 kf5-ktexteditor-5.20.0-2.fc23 kf5-ktextwidgets-5.20.0-1.fc23 kf5-kunitconversion-5.20.0-1.fc23 kf5-kwallet-5.20.0-1.fc23 kf5-kwidgetsaddons-5.20.0-1.fc23 kf5-kwindowsystem-5.20.0-1.fc23 kf5-kxmlgui-5.20.0-1.fc23 kf5-kxmlrpcclient-5.20.0-1.fc23 kf5-modemmanager-qt-5.20.0-1.fc23 kf5-networkmanager-qt-5.20.0-1.fc23 kf5-plasm a-5.20.0 -1.fc23 kf5-solid-5.20.0-1.fc23 kf5-sonnet-5.20.0-1.fc23 kf5-threadweaver-5.20.0-1.fc23 oxygen-icon-theme-5.20.0-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-823415a5de webkitgtk3-2.4.10-2.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d1b501db15 krb5-1.14.1-5.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9ebdb3d44e elfutils-0.166-1.fc23 The following builds have been pushed to Fedora 23 updates-testing borgbackup-1.0.0-1.fc23 composer-1.0.0-1.fc23 copr-dist-git-0.15-1.fc23 elfutils-0.166-1.fc23 glusterfs-3.7.10-1.fc23 gtkspell3-3.0.8-1.fc23 gtkspellmm30-3.0.4-2.fc23 hawaii-workspace-0.6.90-0.2.20160301git.fc23 krb5-1.14.1-5.fc23 libguestfs-1.32.4-1.fc23 libmediainfo-0.7.84-1.fc23 liferea-1.10.19-1.fc23 mediainfo-0.7.84-1.fc23 mingw-gtkspell3-3.0.8-1.fc23 mingw-gtkspellmm30-3.0.4-2.fc23 optipng-0.7.6-1.fc23 ovirt-guest-agent-1.0.11-3.fc23 php-PHP-CSS-Parser-7.0.2-1.fc23 php-horde-Horde-Auth-2.1.12-1.fc23 php-horde-Horde-Crypt-2.7.3-1.fc23 php-horde-Horde-Css-Parser-1.0.9-1.fc23 php-horde-Horde-Dav-1.1.3-1.fc23 php-horde-Horde-Kolab-Storage-2.2.2-1.fc23 php-horde-Horde-ListHeaders-1.2.4-1.fc23 php-horde-Horde-Log-2.2.0-1.fc23 php-horde-Horde-Nls-2.2.0-1.fc23 php-horde-Horde-SyncMl-2.0.7-1.fc23 php-horde-imp-6.2.14-1.fc23 php-horde-ingo-3.2.10-1.fc23 php-horde-nag-4.2.9-1.fc23 php-horde-turba-4.2.14-1.fc23 php-paragonie-random-compat-1.4.1-1.fc23 php-symfony-2.7.11-2.fc23 python-pygraphviz-1.3-3.rc2.fc23 qpid-proton-0.12.1-1.fc23 rubygem-github-linguist-4.8.2-2.fc23 rubygem-qpid_proton-0.12.0-2.fc23 runc-0.0.9-0.2.git94dc520.fc23 squid-3.5.10-2.fc23 sysreporter-3.0.3-1.fc23 ugene-1.22.0-1.fc23 webkitgtk-2.4.10-2.fc23 webkitgtk3-2.4.10-2.fc23 Details about builds: ================================================================================ borgbackup-1.0.0-1.fc23 (FEDORA-2016-bd1515f44d) A deduplicating backup program (attic fork) -------------------------------------------------------------------------------- Update Information: Upstream version 1.0.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1287837 - Review Request: borgbackup - A deduplicating backup program https://bugzilla.redhat.com/show_bug.cgi?id=1287837 -------------------------------------------------------------------------------- ================================================================================ composer-1.0.0-1.fc23 (FEDORA-2016-05f1dc7baa) Dependency Manager for PHP -------------------------------------------------------------------------------- Update Information: **Version 1.0.0** * Added support for bitbucket-oauth configuration * Added warning when running composer as super user, set COMPOSER_ALLOW_SUPERUSER=1 to hide the warning if you really must * Added PluginManager::getGlobalComposer getter to retrieve the global instance (which can be null!) * Fixed dependency solver error reporting in many cases it now shows you proper errors instead of just saying a package does not exist * Fixed output of failed downloads appearing as 100% done instead of Failed * Fixed handling of empty directories when archiving, they are not skipped anymore * Fixed installation of broken plugins corrupting the vendor state when combined with symlinked path repositories ---- **Version 1.0.0-beta2** * Break: The install command now turns into an update command automatically if you have no composer.lock. This was done only half-way before which caused inconsistencies * Break: By default the remove command now removes dependencies as well, and --update-with-dependencies is deprecated. Use --no- update-with-dependencies to get old behavior * Added support for SSL_CERT_DIR env var and openssl.capath ini value * Added some conflict detection in why- not command * Added suggestion of root package's suggests in create-project command * Fixed create-project ignoring --ignore-platform-reqs when choosing a version of the package * Fixed search command in a directory without composer.json * Fixed path repository handling of symlinks on windows * Fixed PEAR repo handling to prefer HTTPS mirrors over HTTP ones * Fixed handling of Path env var on Windows, only PATH was accepted before * Small error reporting and docs improvements -------------------------------------------------------------------------------- ================================================================================ copr-dist-git-0.15-1.fc23 (FEDORA-2016-49331c598d) Copr services for Dist Git server -------------------------------------------------------------------------------- Update Information: new package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1318358 - Review Request: copr-dist-git - Copr services for Dist Git server https://bugzilla.redhat.com/show_bug.cgi?id=1318358 -------------------------------------------------------------------------------- ================================================================================ elfutils-0.166-1.fc23 (FEDORA-2016-9ebdb3d44e) A collection of utilities and DSOs to handle compiled objects -------------------------------------------------------------------------------- Update Information: Upgrade to elfutils-0.166. Various bug fixes. ppc32 and sparc32 build/testsuite fixes, better support for non-linux (kfreebsd/hurd), build fixes for older glibc without ELF compression types, a fix for over-adjusting alignment of NOBITS sections, bug fixes for issues found by gcc6, recognize some Go and ARM ELF notes, addition of new i386/x86_64 relocation types and elfcompress -q would erroneously imply --force. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1295951 - Unsupported/confusing golang notes https://bugzilla.redhat.com/show_bug.cgi?id=1295951 [ 2 ] Bug #1285613 - Missing NT_ARM_SYSTEM_CALL https://bugzilla.redhat.com/show_bug.cgi?id=1285613 -------------------------------------------------------------------------------- ================================================================================ glusterfs-3.7.10-1.fc23 (FEDORA-2016-6bb9cfbdbd) Distributed File System -------------------------------------------------------------------------------- Update Information: GlusterFS 3.7.10 GA -------------------------------------------------------------------------------- ================================================================================ gtkspell3-3.0.8-1.fc23 (FEDORA-2016-3c6431e054) On-the-fly spell checking for GtkTextView widgets -------------------------------------------------------------------------------- Update Information: Update to version 3.0.8, see http://gtkspell.sourceforge.net/ChangeLog for details. -------------------------------------------------------------------------------- ================================================================================ gtkspellmm30-3.0.4-2.fc23 (FEDORA-2016-77fb11e5ed) On-the-fly spell checking for GtkTextView widgets - C++ bindings -------------------------------------------------------------------------------- Update Information: Update to version 3.0.4, see http://gtkspell.sourceforge.net/NEWS for details. -------------------------------------------------------------------------------- ================================================================================ hawaii-workspace-0.6.90-0.2.20160301git.fc23 (FEDORA-2016-79a9092639) Hawaii workspace, applications and plugins -------------------------------------------------------------------------------- Update Information: Fix Hawaii applications menu that was showing only the Internet category. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1323498 - menu https://bugzilla.redhat.com/show_bug.cgi?id=1323498 -------------------------------------------------------------------------------- ================================================================================ krb5-1.14.1-5.fc23 (FEDORA-2016-d1b501db15) The Kerberos network authentication system -------------------------------------------------------------------------------- Update Information: Add support for pre-send and post-receive KDC hooks. Includes tests. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1321135 - Please add the new pre send and post receive hooks to libkrb5 https://bugzilla.redhat.com/show_bug.cgi?id=1321135 -------------------------------------------------------------------------------- ================================================================================ libguestfs-1.32.4-1.fc23 (FEDORA-2016-4114ba2de9) Access and modify virtual machine disk images -------------------------------------------------------------------------------- Update Information: New upstream version 1.32.4. -------------------------------------------------------------------------------- ================================================================================ libmediainfo-0.7.84-1.fc23 (FEDORA-2016-d21301f720) Library for supplies technical and tag information about a video or audio file -------------------------------------------------------------------------------- Update Information: Update to 0.7.84. -------------------------------------------------------------------------------- ================================================================================ liferea-1.10.19-1.fc23 (FEDORA-2016-7e4883a46c) An RSS/RDF feed reader -------------------------------------------------------------------------------- Update Information: This update updates liferea to 1.10.19 * it fixes compilation problems in the 1.10.18 release * it also fixes a problem with updating favicons -------------------------------------------------------------------------------- ================================================================================ mediainfo-0.7.84-1.fc23 (FEDORA-2016-d21301f720) Supplies technical and tag information about a video or audio file (CLI) -------------------------------------------------------------------------------- Update Information: Update to 0.7.84. -------------------------------------------------------------------------------- ================================================================================ mingw-gtkspell3-3.0.8-1.fc23 (FEDORA-2016-0c297dbf90) MinGW Windows GtkSpell3 library -------------------------------------------------------------------------------- Update Information: Update to version 3.0.8, see http://gtkspell.sourceforge.net/ChangeLog for details. -------------------------------------------------------------------------------- ================================================================================ mingw-gtkspellmm30-3.0.4-2.fc23 (FEDORA-2016-782e22720a) MinGW Windows GtkSpellmm library -------------------------------------------------------------------------------- Update Information: Update to version 3.0.4, see http://gtkspell.sourceforge.net/NEWS for details. -------------------------------------------------------------------------------- ================================================================================ optipng-0.7.6-1.fc23 (FEDORA-2016-b8f91621c7) PNG optimizer and converter -------------------------------------------------------------------------------- Update Information: Update to 0.7.6, security fix for CVE-2016-2191 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1308550 - CVE-2016-2191 optipng: Invalid write while processing delta escapes without any boundary checking https://bugzilla.redhat.com/show_bug.cgi?id=1308550 -------------------------------------------------------------------------------- ================================================================================ ovirt-guest-agent-1.0.11-3.fc23 (FEDORA-2016-784c26e928) The oVirt Guest Agent -------------------------------------------------------------------------------- Update Information: Bump to ovirt guest agent 1.0.11.3 release (ovirt 3.6.5) -------------------------------------------------------------------------------- ================================================================================ php-PHP-CSS-Parser-7.0.2-1.fc23 (FEDORA-2016-5fbdaff8d0) A Parser for CSS Files -------------------------------------------------------------------------------- Update Information: **Horde_Css_Parser 1.0.9** * [jan] Update to PHP-CSS-Parser 7.0.2 (Request #14297). --- **PHP-CSS-Parser 7.0.2** * Compatibility with PHP 7. -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Auth-2.1.12-1.fc23 (FEDORA-2016-608ec9badd) Horde Authentication API -------------------------------------------------------------------------------- Update Information: **Horde_Auth 2.1.12** * [mjr] Fix creating/removing mailbox in cyrsql driver (Bug #14295, federico.mennite). -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Crypt-2.7.3-1.fc23 (FEDORA-2016-09a35f6ba2) Horde Cryptography API -------------------------------------------------------------------------------- Update Information: **Horde_Crypt 2.7.3** * [jan] Work around broken PGP key servers. -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Css-Parser-1.0.9-1.fc23 (FEDORA-2016-5fbdaff8d0) Horde CSS Parser -------------------------------------------------------------------------------- Update Information: **Horde_Css_Parser 1.0.9** * [jan] Update to PHP-CSS-Parser 7.0.2 (Request #14297). --- **PHP-CSS-Parser 7.0.2** * Compatibility with PHP 7. -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Dav-1.1.3-1.fc23 (FEDORA-2016-e0c5bae4b9) Horde library for WebDAV, CalDAV, CardDAV -------------------------------------------------------------------------------- Update Information: **Horde_Dav 1.1.3** * [jan] Fix down migration of database schema. -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Kolab-Storage-2.2.2-1.fc23 (FEDORA-2016-90d8ac0592) A package for handling Kolab data stored on an IMAP server -------------------------------------------------------------------------------- Update Information: **Horde_Kolab_Storage 2.2.2** * [jan] Update Greek translation (Limperis Antonis). -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-ListHeaders-1.2.4-1.fc23 (FEDORA-2016-aa9ac235af) Horde List Headers Parsing Library -------------------------------------------------------------------------------- Update Information: **Horde_ListHeaders 1.2.4** * [jan] Add Greek translation (Limperis Antonis). -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Log-2.2.0-1.fc23 (FEDORA-2016-049279e6be) Horde Logging library -------------------------------------------------------------------------------- Update Information: **Horde_Log 2.2.0** * [jan] Add a few common aliases for the log level constants. * [jan] Allow to have multiple log level names with the same value. -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Nls-2.2.0-1.fc23 (FEDORA-2016-29380da66f) Native Language Support (NLS) -------------------------------------------------------------------------------- Update Information: **Horde_Nls 2.2.0** * [jan] Add Horde_Nls::getTimezonesWithAbbreviations(). * [jan] Update Greek translation (Limperis Antonis). -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-SyncMl-2.0.7-1.fc23 (FEDORA-2016-79883fce7c) Horde_SyncMl provides an API for processing SyncML requests -------------------------------------------------------------------------------- Update Information: **Horde_SyncMl 2.0.7** * [jan] Update Greek translation (Limperis Antonis). -------------------------------------------------------------------------------- ================================================================================ php-horde-imp-6.2.14-1.fc23 (FEDORA-2016-2b0327fa11) A web based webmail system -------------------------------------------------------------------------------- Update Information: **imp 6.2.14** * [mjr] Fix renaming subfolders in basic view (Bug #14254). * [mjr] Fix display of mailbox sizes in basic view (Bug #14308). * [mjr] Fix fatal error when deleting messages in basic view when IMAP server does not support QRESYNC or CONDSTORE (Bug #14257). -------------------------------------------------------------------------------- ================================================================================ php-horde-ingo-3.2.10-1.fc23 (FEDORA-2016-86ab5143f5) An email filter rules manager -------------------------------------------------------------------------------- Update Information: **ingo 3.2.10** * [jan] Don't duplicate messages in Procmail's vacation recipe if excluding email addresses (Michael.Martin, Bug #14275). * [jan] Remove stop- script feature from Procmail driver. -------------------------------------------------------------------------------- ================================================================================ php-horde-nag-4.2.9-1.fc23 (FEDORA-2016-384ea23b13) A web based task list manager -------------------------------------------------------------------------------- Update Information: **nag 4.2.9** * [jan] Fix regression with date picker in tasks form (Bug #14303). * [mjr] Fix handling EAS categories/tags. -------------------------------------------------------------------------------- ================================================================================ php-horde-turba-4.2.14-1.fc23 (FEDORA-2016-378eaae4f2) A web based address book -------------------------------------------------------------------------------- Update Information: **turba 4.2.14** * [mjr] Fix persisting tags when moving or copying a contact to another address book (Bug #14312). * [mjr] Fix resetting state when changing sync_book prefs and device has forced multiplex. * [mjr] Fix synchronizing contact notes via ActiveSync when no truncation value is requested by the client (Bug #14307). -------------------------------------------------------------------------------- ================================================================================ php-paragonie-random-compat-1.4.1-1.fc23 (FEDORA-2016-83857c234f) PHP 5.x polyfill for random_bytes() and random_int() from PHP 7 -------------------------------------------------------------------------------- Update Information: ### Version 1.4.1 - 2016-03-18 * Update comment in random.php ### Version 1.4.0 - 2016-03-18 * Restored OpenSSL in the version 1 branch in preparation to remove OpenSSL in version 2. ### Version 1.3.1/1.2.3 - 2016-03-18 * Add more possible values to `open_baseir` check. ### Version 1.3.0 - 2016-03-17 * Removed `openssl_random_pseudo_bytes()` entirely. If you are using random_compat in PHP on a Unix-like OS but cannot access `/dev/urandom`, version 1.3+ will throw an `Exception`. If you want to trust OpenSSL, feel free to write your own fallback code. e.g. ``` try { $bytes = random_bytes(32); } catch (Exception $ex) { $strong = false; $bytes = openssl_random_pseudo_bytes(32, $strong); if (!$strong) { throw $ex; } } ``` -------------------------------------------------------------------------------- References: [ 1 ] Bug #1318836 - php-paragonie-random-compat-2.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1318836 -------------------------------------------------------------------------------- ================================================================================ php-symfony-2.7.11-2.fc23 (FEDORA-2016-ab4f4ade00) PHP framework for web projects -------------------------------------------------------------------------------- Update Information: **Version 2.7.11** (2016-03-25) * bug #18255 [HttpFoundation] Fix support of custom mime types with parameters (Ener-Getick) * bug #18272 [Bridge\PhpUnit] Workaround old phpunit bug, no colors in weak mode, add tests (nicolas-grekas) * bug #18259 [PropertyAccess] Backport fixes from 2.7 (nicolas-grekas) * bug #18261 [PropertyAccess] Fix isPropertyWritable not using the reflection cache (nicolas-grekas) * bug #18224 [PropertyAccess] Remove most ref mismatches to improve perf (nicolas-grekas) * bug #18210 [PropertyAccess] Throw an UnexpectedTypeException when the type do not match (dunglas, nicolas-grekas) * bug #18216 [Intl] Fix invalid numeric literal on PHP 7 (nicolas-grekas) * bug #18147 [Validator] EmailValidator cannot extract hostname if email contains multiple @ symbols (natechicago) * bug #18023 [Process] getIncrementalOutput should work without calling getOutput (romainneutron) * bug #18175 [Translation] Add support for fuzzy tags in PoFileLoader (nud) * bug #18179 [Form] Fix NumberToLocalizedStringTransformer::reverseTransform with big integers (ovrflo, nicolas-grekas) * bug #18164 [HttpKernel] set s-maxage only if all responses are cacheable (xabbuh) * bug #18150 [Process] Wait a bit less on Windows (nicolas-grekas) * bug #18130 [Debug] Replaced logic for detecting filesystem case sensitivity (Dan Blows) * bug #18080 [HttpFoundation] Set the Content-Range header if the requested Range is unsatisfied (jakzal) * bug #18084 [HttpFoundation] Avoid warnings when checking malicious IPs (jakzal) * bug #18066 [Process] Fix pipes handling (nicolas-grekas) * bug #18078 [Console] Fix an autocompletion question helper issue with non-sequentially indexed choices (jakzal) * bug #18048 [HttpKernel] Fix mem usage when stripping the prod container (nicolas-grekas) * bug #18065 [Finder] Partially revert #17134 to fix a regression (jakzal) * bug #18018 [HttpFoundation] exception when registering bags for started sessions (xabbuh) * bug #18054 [Filesystem] Fix false positive in ->remove() (nicolas-grekas) * bug #18049 [Validator] Fix the locale validator so it treats a locale alias as a valid locale (jakzal) * bug #18019 [Intl] Update ICU to version 55 (jakzal) * bug #18015 [Process] Fix memory issue when using large input streams (romainneutron) * bug #16656 [HttpFoundation] automatically generate safe fallback filename (xabbuh) * bug #15794 [Console] default to stderr in the console helpers (alcohol) * bug #17984 Allow to normalize \Traversable when serializing xml (Ener-Getick) * bug #17434 Improved the error message when a template is not found (rvanginneken, javiereguiluz) * bug #17687 Improved the error message when using "@" in a decorated service (javiereguiluz) * bug #17744 Improve error reporting in router panel of web profiler (javiereguiluz) * bug #17894 [FrameworkBundle] Fix a regression in handling absolute template paths (jakzal) * bug #17990 [DoctrineBridge][Form] Fix performance regression in EntityType (kimlai) * bug #17595 [HttpKernel] Remove _path from query parameters when fragment is a subrequest (cmenning) * bug #17986 [DomCrawler] Dont use LIBXML_PARSEHUGE by default (nicolas-grekas) * bug #17668 add 'guid' to list of exception to filter out (garak) * bug #17615 Ensure backend slashes for symlinks on Windows systems (cpsitgmbh) * bug #17626 Try to delete broken symlinks (IchHabRecht) * bug #17978 [Yaml] ensure dump indentation to be greather than zero (xabbuh) * bug #16886 [Form] [ChoiceType] Prefer placeholder to empty_value (boite) * bug #17976 [WebProfilerBundle] fix debug toolbar rendering by removing inadvertently added links (craue) * bug #17971 Variadic controller params (NiR-, fabpot) * bug #17568 Improved Bootstrap form theme for hidden fields (javiereguiluz) * bug #17925 [Bridge] The WebProcessor now forwards the client IP (magnetik) -------------------------------------------------------------------------------- ================================================================================ python-pygraphviz-1.3-3.rc2.fc23 (FEDORA-2016-539f429b52) Create and Manipulate Graphs and Networks -------------------------------------------------------------------------------- Update Information: * Rename python2 subpackage to python2-pygraphviz. * Fix Requires. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1324237 - python3-pygraphviz depends on Python 2 https://bugzilla.redhat.com/show_bug.cgi?id=1324237 -------------------------------------------------------------------------------- ================================================================================ qpid-proton-0.12.1-1.fc23 (FEDORA-2016-e6e8436b98) A high performance, lightweight messaging library -------------------------------------------------------------------------------- Update Information: Rebased to 0.12.1. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1320843 - CVE-2016-2166 qpid-proton: reactor sends messages in clear if ssl is requested but not available [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1320843 -------------------------------------------------------------------------------- ================================================================================ rubygem-github-linguist-4.8.2-2.fc23 (FEDORA-2016-b978faee31) GitHub Language detection -------------------------------------------------------------------------------- Update Information: New upstream bug-fix release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1322182 - rubygem-github-linguist-v4.8.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1322182 -------------------------------------------------------------------------------- ================================================================================ rubygem-qpid_proton-0.12.0-2.fc23 (FEDORA-2016-52e2e03511) Ruby language bindings for the Qpid Proton messaging framework -------------------------------------------------------------------------------- Update Information: Revised dependencies. -------------------------------------------------------------------------------- ================================================================================ runc-0.0.9-0.2.git94dc520.fc23 (FEDORA-2016-82665d7a6c) CLI for running Open Containers -------------------------------------------------------------------------------- Update Information: Rebase to 0.0.9 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1290943 - runc-v0.0.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1290943 -------------------------------------------------------------------------------- ================================================================================ squid-3.5.10-2.fc23 (FEDORA-2016-dffdc981ff) The Squid proxy caching server -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-3947 and CVE-2016-3948 ---- Security fix for CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1323594 - CVE-2016-3948 squid: denial of service issue in HTTP response processing https://bugzilla.redhat.com/show_bug.cgi?id=1323594 [ 2 ] Bug #1323590 - CVE-2016-3947 squid: buffer overrun in Squid proxy pinger https://bugzilla.redhat.com/show_bug.cgi?id=1323590 -------------------------------------------------------------------------------- ================================================================================ sysreporter-3.0.3-1.fc23 (FEDORA-2016-92d50eb056) Basic system reporter with emailing -------------------------------------------------------------------------------- Update Information: Update to 3.0.3 -------------------------------------------------------------------------------- ================================================================================ ugene-1.22.0-1.fc23 (FEDORA-2016-cfe3ddde5b) Integrated bioinformatics toolkit -------------------------------------------------------------------------------- Update Information: Major changes in this release include: In silico PCR: Degenerate primers were supported. Sequence View: Annotations editing was improved. Configuration of translation frames visibility was simplified. NGS: Extracting of an assembly region in BAM/SAM/UGENE database formats was supported. -------------------------------------------------------------------------------- ================================================================================ webkitgtk-2.4.10-2.fc23 (FEDORA-2016-12ec741b0f) GTK+ Web content engine library -------------------------------------------------------------------------------- Update Information: This update fixes a regression causing various crashes in various WebKitGTK+ consumers. -------------------------------------------------------------------------------- ================================================================================ webkitgtk3-2.4.10-2.fc23 (FEDORA-2016-823415a5de) GTK+ Web content engine library -------------------------------------------------------------------------------- Update Information: This update fixes a regression causing various crashes in Evolution and other WebKitGTK+ consumers. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1321722 - [abrt] evolution: WTF::StringImpl::startsWith(): SIGSEGV with webkitgtk3-2.4.10 https://bugzilla.redhat.com/show_bug.cgi?id=1321722 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
