The following Fedora 23 Security updates need testing: Age URL 216 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 174 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 147 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 97 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 97 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 86 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554 xulrunner-44.0-1.fc23 62 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 44 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d7dafbf27f python-tgcaptcha2-0.3.1-1.fc23 24 https://bodhi.fedoraproject.org/updates/FEDORA-2016-de909cc333 xstream-1.4.9-1.fc23 18 https://bodhi.fedoraproject.org/updates/FEDORA-2016-73eb29f890 parallel-20160222-1.fc23 17 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b8f91621c7 optipng-0.7.6-1.fc23 17 https://bodhi.fedoraproject.org/updates/FEDORA-2016-dffdc981ff squid-3.5.10-2.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e57f60ec84 keepassx-0.4.4-1.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c848d48286 mingw-poppler-0.34.0-2.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2fcfc7670f golang-1.5.4-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-65519440f5 ansible1.9-1.9.6-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8b28358b72 mod_nss-1.0.12-3.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-188267b485 gsi-openssh-7.2p2-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fcfe4c73b0 i7z-0.27.2-16.20150629gitec09c4f.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-35d7b09908 xen-4.5.3-2.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cd3cf8e7d0 ansible-2.0.2.0-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8a1f49149e kernel-4.4.8-300.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d5c26081f3 thunderbird-45.0-2.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7f5004093e openssh-7.2p2-3.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7c48036d73 community-mysql-5.6.30-1.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 86 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554 xulrunner-44.0-1.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-edd725cafb pungi-4.0.14-3.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-118f9af2bb avahi-0.6.32-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-88778482ea lorax-23.21-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8dbbc0a5d2 lldpad-1.0.1-4.git036e314.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1487ac680a libsoup-2.52.2-2.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c760211587 wavpack-4.80.0-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8a1f49149e kernel-4.4.8-300.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5587c0678e phonon-backend-gstreamer-4.9.0-1.fc23 phonon-4.9.0-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7f5004093e openssh-7.2p2-3.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d5c26081f3 thunderbird-45.0-2.fc23 The following builds have been pushed to Fedora 23 updates-testing blueman-2.0.4-1.fc23 can-utils-20160229git-1.fc23 clearsilver-0.10.5-35.fc23 community-mysql-5.6.30-1.fc23 docker-1.10.3-14.gitef2fa35.fc23 eclipse-quickrex-3.5.0-24.fc23 frescobaldi-2.19.0-1.fc23 grub-customizer-5.0.6-1.fc23 holland-1.0.12-6.fc23 kf5-kactivities-stats-5.21.0-2.fc23 kf5-kross-interpreters-16.04.0-1.fc23 koschei-1.6-1.fc23 kuser-16.04.0-2.fc23 mingw-wavpack-4.80.0-1.fc23 mpdris2-0.7-2.20160422gita3af302.fc23 openscap-1.2.9-1.fc23 openscap-daemon-0.1.5-1.fc23 openssh-7.2p2-3.fc23 perl-DateTime-TimeZone-1.98-1.fc23 phonon-4.9.0-1.fc23 phonon-backend-gstreamer-4.9.0-1.fc23 php-getid3-1.9.12-1.fc23 php-league-flysystem-1.0.21-1.fc23 pidgin-sipe-1.21.0-1.fc23 pki-core-10.2.6-19.fc23 python-freezegun-0.3.6-1.fc23 python-librosa-0.4.2-1.fc23 python-ly-0.9.4-2.fc23 python-pypandoc-1.1.3-1.fc23 qtractor-0.7.6-1.fc23 speed-dreams-2.2.1-1.fc23 sssd-1.13.4-2.fc23 thunderbird-45.0-2.fc23 trac-1.0.10-1.fc23 tripwire-2.4.3.0-10.fc23 tzdata-2016d-1.fc23 unbound-1.5.8-2.fc23 Details about builds: ================================================================================ blueman-2.0.4-1.fc23 (FEDORA-2016-8a82a812d3) GTK+ Bluetooth Manager -------------------------------------------------------------------------------- Update Information: Revert to stable release -------------------------------------------------------------------------------- ================================================================================ can-utils-20160229git-1.fc23 (FEDORA-2016-2c9f971c67) SocketCAN user space utilities and tools -------------------------------------------------------------------------------- Update Information: This is the first version of can-utils in Fedora, containing user space utilities for working with Linux SocketCAN subsystem. For further information about the CAN bus and SocketCAN, see eg https://en.wikipedia.org/wiki/CAN_bus and https://en.wikipedia.org/wiki/SocketCAN -------------------------------------------------------------------------------- References: [ 1 ] Bug #1327050 - Review Request: can-utils - SocketCAN userspace utilities and tools https://bugzilla.redhat.com/show_bug.cgi?id=1327050 -------------------------------------------------------------------------------- ================================================================================ clearsilver-0.10.5-35.fc23 (FEDORA-2016-b61ad8c9f2) Fast and powerful HTML templating system -------------------------------------------------------------------------------- Update Information: Fix perl symbol issue, add EL-7 build. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1329524 - perl-clearsilver has symbol lookup error: undefined symbol: hdf_init because of wrong command order in %build https://bugzilla.redhat.com/show_bug.cgi?id=1329524 -------------------------------------------------------------------------------- ================================================================================ community-mysql-5.6.30-1.fc23 (FEDORA-2016-7c48036d73) MySQL client programs and shared libraries -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. Also fixes CVE-2016-0705, CVE-2016-0639, CVE-2016-2047, CVE-2016-0647, CVE-2016-0648, CVE-2016-0666, CVE-2016-0642, CVE-2016-0655, CVE-2016-0643 -------------------------------------------------------------------------------- ================================================================================ docker-1.10.3-14.gitef2fa35.fc23 (FEDORA-2016-0bfa795385) Automates deployment of containerized applications -------------------------------------------------------------------------------- Update Information: built docker @projectatomic/fedora-1.10.3 commit#ef2fa35 ---- docker package runtime depends on docker-forward-journald ---- rebuilt to remove dockerroot user creation ---- rebuilt to remove dockerroot user creation ---- rebuilt to include dss_libdir directory ---- built docker @projectatomic/fedora-1.10.2 commit#86e59a5 ---- rebuilt with seccomp enabled ---- built docker @projectatomic/fedora-1.10.1 commit#6c71d8f ---- built docker @projectatomic/fedora-1.10.1 commit#6c71d8f ---- rebuilt, no change ---- built docker @projectatomic/fedora-1.10.2 commit#0f5ac89 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1289851 - Docker.service does not require docker.socket which can lead to Docker crash when docker.sock is host mounted https://bugzilla.redhat.com/show_bug.cgi?id=1289851 [ 2 ] Bug #1254694 - "man docker-login" incorrectly claims that you can "docker login" to Docker Hub as non-root user https://bugzilla.redhat.com/show_bug.cgi?id=1254694 -------------------------------------------------------------------------------- ================================================================================ eclipse-quickrex-3.5.0-24.fc23 (FEDORA-2016-4cd9aeb79f) QuickREx regular-expression plug-in for Eclipse -------------------------------------------------------------------------------- Update Information: Packaging changes only. Now built as a droplet, improves the performance of launching the Eclipse IDE. -------------------------------------------------------------------------------- ================================================================================ frescobaldi-2.19.0-1.fc23 (FEDORA-2016-593b60ff9f) Edit LilyPond sheet music with ease! -------------------------------------------------------------------------------- Update Information: Latest upstream release. -------------------------------------------------------------------------------- ================================================================================ grub-customizer-5.0.6-1.fc23 (FEDORA-2016-5fcb1c4e1c) Graphical GRUB2 settings manager -------------------------------------------------------------------------------- Update Information: Update to 5.0.6. -------------------------------------------------------------------------------- ================================================================================ holland-1.0.12-6.fc23 (FEDORA-2016-fdc97ce118) Pluggable Backup Framework -------------------------------------------------------------------------------- Update Information: Integrate commvault plugin -------------------------------------------------------------------------------- ================================================================================ kf5-kactivities-stats-5.21.0-2.fc23 (FEDORA-2016-e8ca16cb0e) A KDE Frameworks 5 Tier 3 library for accessing the usage data collected by the activities system -------------------------------------------------------------------------------- Update Information: A KDE Frameworks 5 Tier 3 library for accessing the usage data collected by the activities system -------------------------------------------------------------------------------- References: [ 1 ] Bug #1323832 - Review Request: kf5-kactivities-stats - A KDE Frameworks 5 Tier 3 library for accessing the usage data collected by the activities system https://bugzilla.redhat.com/show_bug.cgi?id=1323832 -------------------------------------------------------------------------------- ================================================================================ kf5-kross-interpreters-16.04.0-1.fc23 (FEDORA-2016-1da015da73) Kross interpreters for KDE Frameworks 5 -------------------------------------------------------------------------------- Update Information: Kross interpreters for KDE Frameworks 5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1287201 - Review Request: kf5-kross-interpreters - Kross interpreters for KDE Frameworks 5 https://bugzilla.redhat.com/show_bug.cgi?id=1287201 -------------------------------------------------------------------------------- ================================================================================ koschei-1.6-1.fc23 (FEDORA-2016-5079d26d02) Continuous integration for Fedora packages -------------------------------------------------------------------------------- Update Information: Update to upstream release 1.6 -------------------------------------------------------------------------------- ================================================================================ kuser-16.04.0-2.fc23 (FEDORA-2016-ed48efbccf) User Manager for KDE -------------------------------------------------------------------------------- Update Information: Set default login shell to /bin/bash. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1209019 - Missing default login shell for new users https://bugzilla.redhat.com/show_bug.cgi?id=1209019 -------------------------------------------------------------------------------- ================================================================================ mingw-wavpack-4.80.0-1.fc23 (FEDORA-2016-9fc947560d) Completely open audiocodec -------------------------------------------------------------------------------- Update Information: New release 4.80.0 with fixes and improvements. It contains also full Unicode support for Windows platform. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1329173 - Update to 4.80.0 https://bugzilla.redhat.com/show_bug.cgi?id=1329173 -------------------------------------------------------------------------------- ================================================================================ mpdris2-0.7-2.20160422gita3af302.fc23 (FEDORA-2016-c15b56ad9c) Provide MPRIS 2 support to mpd -------------------------------------------------------------------------------- Update Information: Bugfix - update to latest git commit -------------------------------------------------------------------------------- References: [ 1 ] Bug #1322498 - [abrt] mpdris2: mpDris2:753:_fetch_object:TypeError: _writecommand() takes at least 2 arguments (1 given) https://bugzilla.redhat.com/show_bug.cgi?id=1322498 -------------------------------------------------------------------------------- ================================================================================ openscap-1.2.9-1.fc23 (FEDORA-2016-7e957e4177) Set of open source libraries enabling integration of the SCAP line of standards -------------------------------------------------------------------------------- Update Information: upgrade to the latest upstream release -------------------------------------------------------------------------------- ================================================================================ openscap-daemon-0.1.5-1.fc23 (FEDORA-2016-b47a1bf8d0) Manages continuous SCAP scans of your infrastructure -------------------------------------------------------------------------------- Update Information: upgrade to the latest upstream release -------------------------------------------------------------------------------- ================================================================================ openssh-7.2p2-3.fc23 (FEDORA-2016-7f5004093e) An open source implementation of SSH protocol versions 1 and 2 -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-8325: ignore PAM environment vars when UseLogin=yes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1328012 - CVE-2015-8325 openssh: privilege escalation via user's PAM environment and UseLogin=yes https://bugzilla.redhat.com/show_bug.cgi?id=1328012 -------------------------------------------------------------------------------- ================================================================================ perl-DateTime-TimeZone-1.98-1.fc23 (FEDORA-2016-33d4913574) Time zone object base class and factory -------------------------------------------------------------------------------- Update Information: Updated to the latest version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1328844 - perl-DateTime-TimeZone-1.98 is available https://bugzilla.redhat.com/show_bug.cgi?id=1328844 -------------------------------------------------------------------------------- ================================================================================ phonon-4.9.0-1.fc23 (FEDORA-2016-5587c0678e) Multimedia framework api -------------------------------------------------------------------------------- Update Information: New phonon release, see also https://www.mail-archive.com/kde- announce@xxxxxxx/msg00174.html -------------------------------------------------------------------------------- ================================================================================ phonon-backend-gstreamer-4.9.0-1.fc23 (FEDORA-2016-5587c0678e) Gstreamer phonon backend -------------------------------------------------------------------------------- Update Information: New phonon release, see also https://www.mail-archive.com/kde- announce@xxxxxxx/msg00174.html -------------------------------------------------------------------------------- ================================================================================ php-getid3-1.9.12-1.fc23 (FEDORA-2016-00d9fb4379) The PHP media file parser -------------------------------------------------------------------------------- Update Information: * Update to upstream version 1.9.12 * Add a simple autoloader -------------------------------------------------------------------------------- References: [ 1 ] Bug #1319676 - Please add an autoloader and update to latest version 1.9.12 https://bugzilla.redhat.com/show_bug.cgi?id=1319676 -------------------------------------------------------------------------------- ================================================================================ php-league-flysystem-1.0.21-1.fc23 (FEDORA-2016-77cfac49f4) Filesystem abstraction: Many filesystems, one API -------------------------------------------------------------------------------- Update Information: **Version 1.0.21** - 2016-04-22 * Explicitly return false when a has call receives an empty filename. * MounManager copy and move operators now comply to the Filesystem's signature. -------------------------------------------------------------------------------- ================================================================================ pidgin-sipe-1.21.0-1.fc23 (FEDORA-2016-29b1cca114) Pidgin protocol plugin to connect to MS Office Communicator -------------------------------------------------------------------------------- Update Information: New upstream release: * add support for Lync File Transfer * support embedded XML as buddy photo URL * improve "Join scheduled conference" dialog * add AppStream metadata file -------------------------------------------------------------------------------- ================================================================================ pki-core-10.2.6-19.fc23 (FEDORA-2016-8705c11822) Certificate System - PKI Core Components -------------------------------------------------------------------------------- Update Information: PKI TRAC Ticket #2022 - pkispawn ignores 3rd party CA certs in pki_clone_pkcs12_path (fixed python hash) ---- Resolves: PKI TRAC Ticket #2257 - PKCS #12 backup does not contain trust attributes ---- Resolves: PKI TRAC Ticket #2022, 2253, 2252, 2257, 2216 -------------------------------------------------------------------------------- ================================================================================ python-freezegun-0.3.6-1.fc23 (FEDORA-2016-4d586c9863) Let your Python tests travel through time -------------------------------------------------------------------------------- Update Information: Update to 0.3.6. Fixes bug #1328934 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1328934 - Build version 0.3.6 https://bugzilla.redhat.com/show_bug.cgi?id=1328934 -------------------------------------------------------------------------------- ================================================================================ python-librosa-0.4.2-1.fc23 (FEDORA-2016-13db7afc5d) A Python package for music and audio analysis -------------------------------------------------------------------------------- Update Information: A Python package for music and audio analysis. It provides the building blocks necessary to create music information retrieval systems. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1316186 - Review Request: python-librosa - a python package for music and audio analysis https://bugzilla.redhat.com/show_bug.cgi?id=1316186 -------------------------------------------------------------------------------- ================================================================================ python-ly-0.9.4-2.fc23 (FEDORA-2016-b9ed1890e0) Tool and library for manipulating LilyPond files -------------------------------------------------------------------------------- Update Information: Requires fix. ---- Latest upstream. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1329556 - python-ly requires both Python 2 and Python 3 https://bugzilla.redhat.com/show_bug.cgi?id=1329556 [ 2 ] Bug #1328650 - python-ly-0.9.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1328650 -------------------------------------------------------------------------------- ================================================================================ python-pypandoc-1.1.3-1.fc23 (FEDORA-2016-3c3691d30a) Thin wrapper for pandoc -------------------------------------------------------------------------------- Update Information: New package. -------------------------------------------------------------------------------- ================================================================================ qtractor-0.7.6-1.fc23 (FEDORA-2016-9020afae73) Audio/MIDI multi-track sequencer -------------------------------------------------------------------------------- Update Information: For release notes: http://qtractor.sourceforge.net/qtractor-downloads.html -------------------------------------------------------------------------------- References: [ 1 ] Bug #1299930 - update 0.7.3 https://bugzilla.redhat.com/show_bug.cgi?id=1299930 -------------------------------------------------------------------------------- ================================================================================ speed-dreams-2.2.1-1.fc23 (FEDORA-2016-f3698e59f5) The Open Racing Car Simulator -------------------------------------------------------------------------------- Update Information: Update to 2.2.1 -------------------------------------------------------------------------------- ================================================================================ sssd-1.13.4-2.fc23 (FEDORA-2016-f1498ed136) System Security Services Daemon -------------------------------------------------------------------------------- Update Information: Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1328108 - Protocol error with FreeIPA on CentOS 6 https://bugzilla.redhat.com/show_bug.cgi?id=1328108 -------------------------------------------------------------------------------- ================================================================================ thunderbird-45.0-2.fc23 (FEDORA-2016-d5c26081f3) Mozilla Thunderbird mail/newsgroup client -------------------------------------------------------------------------------- Update Information: For changes see https://www.mozilla.org/en-US/thunderbird/45.0/releasenotes/ -------------------------------------------------------------------------------- ================================================================================ trac-1.0.10-1.fc23 (FEDORA-2016-728277fe38) Enhanced wiki and issue tracking system -------------------------------------------------------------------------------- Update Information: Update to 1.0.10 -------------------------------------------------------------------------------- ================================================================================ tripwire-2.4.3.0-10.fc23 (FEDORA-2016-ba967ce8e5) IDS (Intrusion Detection System) -------------------------------------------------------------------------------- Update Information: update to 2.4.3.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1308196 - tripwire: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1308196 -------------------------------------------------------------------------------- ================================================================================ tzdata-2016d-1.fc23 (FEDORA-2016-a38c7d9762) Timezone data -------------------------------------------------------------------------------- Update Information: - Rebase to 2016d - America/Caracas will switch from -0430 to -04 on 2016-05-01 at 02:30. - Asia/Magadan will switch from +10 to +11 on 2016-04-24 at 02:00. - New zone Asia/Tomsk, has split off from Asia/Novosibirsk. It covers Tomsk Oblast, Russia, which will switch from +06 to +07 on 2016-05-29 at 02:00. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1328294 - tzdata-2016d is available https://bugzilla.redhat.com/show_bug.cgi?id=1328294 -------------------------------------------------------------------------------- ================================================================================ unbound-1.5.8-2.fc23 (FEDORA-2016-e4c5807324) Validating, recursive, and caching DNS(SEC) resolver -------------------------------------------------------------------------------- Update Information: Fix python3 subpackage to not drag in python2 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
