The following Fedora 23 Security updates need testing: Age URL 221 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 179 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 151 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 102 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 102 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 91 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554 xulrunner-44.0-1.fc23 67 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 22 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b8f91621c7 optipng-0.7.6-1.fc23 22 https://bodhi.fedoraproject.org/updates/FEDORA-2016-dffdc981ff squid-3.5.10-2.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cd3cf8e7d0 ansible-2.0.2.0-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-69eb7f9fb2 roundcubemail-1.1.5-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7c48036d73 community-mysql-5.6.30-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a8e2be0fe6 cacti-0.8.8g-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5733ad20f5 pgpdump-0.30-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-07a8331093 firefox-46.0-4.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f1d98cf017 php-5.6.21-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5f91f43826 gd-2.1.1-5.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 91 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554 xulrunner-44.0-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-88778482ea lorax-23.21-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5587c0678e phonon-backend-gstreamer-4.9.0-1.fc23 phonon-4.9.0-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5f91f43826 gd-2.1.1-5.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-07a8331093 firefox-46.0-4.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f22cc0dc96 libtalloc-2.1.6-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5dc110cd05 libtdb-1.3.9-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-df52942a2f selinux-policy-3.13.1-158.15.fc23 The following builds have been pushed to Fedora 23 updates-testing RBTools-0.7.6-1.fc23 ansible1.9-1.9.6-2.fc23 atomic-devmode-0.3.2-1.fc23 csmock-1.9.2-1.fc23 eclipse-dtp-1.12.0-7.fc23 eclipse-moreunit-3.1.0-2.fc23 firefox-46.0-4.fc23 gd-2.1.1-5.fc23 gimagereader-3.1.90-1.fc23 ibus-typing-booster-1.4.3-1.fc23 ipsec-tools-0.8.2-5.fc23 jabberpy-0.5-0.31.fc23 libhif-0.2.2-3.fc23 libldb-1.1.26-1.fc23 libtalloc-2.1.6-1.fc23 libtdb-1.3.9-1.fc23 pencil-2.0.18-1.fc23 pgpdump-0.30-1.fc23 php-5.6.21-1.fc23 php-league-flysystem-1.0.22-1.fc23 python-fedmsg-meta-fedora-infrastructure-0.17.4-1.fc23 quassel-0.12.4-1.fc23 selinux-policy-3.13.1-158.15.fc23 shotwell-0.23.0-1.fc23 traceroute-2.1.0-2.fc23 tripwire-2.4.3.1-10.fc23 webkitgtk4-2.12.2-1.fc23 Details about builds: ================================================================================ RBTools-0.7.6-1.fc23 (FEDORA-2016-b98b3c33fd) Tools for use with ReviewBoard -------------------------------------------------------------------------------- Update Information: https://www.reviewboard.org/docs/releasenotes/rbtools/0.7.6/ -------------------------------------------------------------------------------- ================================================================================ ansible1.9-1.9.6-2.fc23 (FEDORA-2016-f392541f73) SSH-based configuration management, deployment, and task execution system -------------------------------------------------------------------------------- Update Information: Fix Conflicts so uses can 'dnf install --allowerasing' or 'yum swap ansible ansible1.9' easily to switch between versions without having to uninstall. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1330979 - Ansible 2.0 is not backwards compatible with 1.9 https://bugzilla.redhat.com/show_bug.cgi?id=1330979 -------------------------------------------------------------------------------- ================================================================================ atomic-devmode-0.3.2-1.fc23 (FEDORA-2016-3954ea446e) Atomic Developer Mode -------------------------------------------------------------------------------- Update Information: - Add a new `showpasswd` alias to easily recall the randomly-generated root password. - Make sure cloud-init doesn't create the default `fedora` user when running devmode. - Make sure cloud-init doesn't remember anything about this boot so that per-instance modules are rerun even if the instance-id is the same (which can happen if a drive with cloud-init metadata is attached; cloud-init mistakenly merges the drive config info the devmode config and overwrites our instance-id). -------------------------------------------------------------------------------- ================================================================================ csmock-1.9.2-1.fc23 (FEDORA-2016-016704fe0d) A mock wrapper for Static Analysis tools -------------------------------------------------------------------------------- Update Information: - update to the latest upstream bugfix release -------------------------------------------------------------------------------- ================================================================================ eclipse-dtp-1.12.0-7.fc23 (FEDORA-2016-49e35b1b88) Eclipse Data Tools Platform -------------------------------------------------------------------------------- Update Information: Enable more documentation bundles during the build so as to be more in line with what is distributed by upstream. Also contains packaging changes to build as a droplet instead of a dropin on Fedora releases that support that (this helps with improving Eclipse startup speed.) -------------------------------------------------------------------------------- ================================================================================ eclipse-moreunit-3.1.0-2.fc23 (FEDORA-2016-575e6c6ebb) An Eclipse plugin that assists with writing more unit tests -------------------------------------------------------------------------------- Update Information: Patch added to allow building/running on Eclipse Neon. -------------------------------------------------------------------------------- ================================================================================ firefox-46.0-4.fc23 (FEDORA-2016-07a8331093) Mozilla Firefox Web browser -------------------------------------------------------------------------------- Update Information: - New upstream version (46.0) - Fixed aarch64/ppc64le build failures - Fixed missing addons/langpacks -------------------------------------------------------------------------------- ================================================================================ gd-2.1.1-5.fc23 (FEDORA-2016-5f91f43826) A graphics library for quick creation of PNG or JPEG images -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-3074 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1321893 - CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd https://bugzilla.redhat.com/show_bug.cgi?id=1321893 -------------------------------------------------------------------------------- ================================================================================ gimagereader-3.1.90-1.fc23 (FEDORA-2016-45bafe8a36) A front-end to tesseract-ocr -------------------------------------------------------------------------------- Update Information: Update to version 3.1.90, see https://github.com/manisandro/gImageReader/releases/tag/v3.1.90 for details. -------------------------------------------------------------------------------- ================================================================================ ibus-typing-booster-1.4.3-1.fc23 (FEDORA-2016-20f97e2041) A typing booster engine for the IBus platform -------------------------------------------------------------------------------- Update Information: update to 1.4.3 ---- update to 1.4.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1331338 - [abrt] ibus-typing-booster: hunspell_table.py:1278:_process_key_event:AttributeError: 'editor' object has no attribute 'trans' https://bugzilla.redhat.com/show_bug.cgi?id=1331338 [ 2 ] Bug #1330461 - [abrt] ibus-typing-booster: hunspell_table.py:444:update_candidates:AttributeError: 'editor' object has no attribute '_transliterated_string' https://bugzilla.redhat.com/show_bug.cgi?id=1330461 -------------------------------------------------------------------------------- ================================================================================ ipsec-tools-0.8.2-5.fc23 (FEDORA-2016-fdef5ed672) Tools for configuring and using IPSEC -------------------------------------------------------------------------------- Update Information: Resolves: rhbz#1251691 ifup-ipsec causes invalid ICMP redirects -------------------------------------------------------------------------------- References: [ 1 ] Bug #1251691 - ifup-ipsec causes invalid ICMP redirects https://bugzilla.redhat.com/show_bug.cgi?id=1251691 -------------------------------------------------------------------------------- ================================================================================ jabberpy-0.5-0.31.fc23 (FEDORA-2016-caa9861c25) Python xmlstream and jabber IM protocol libs -------------------------------------------------------------------------------- Update Information: * provide python3 subpackage * rename jabberpy to python2-jabberpy -------------------------------------------------------------------------------- ================================================================================ libhif-0.2.2-3.fc23 (FEDORA-2016-ba5f1759c7) Simple package library built on top of hawkey and librepo -------------------------------------------------------------------------------- Update Information: This update fixes an issue where installs / updates done through PackageKit incorrectly marked packages as dependencies where they should have been marked as user installed, causing 'dnf autoremove' to subsequently remove them. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1253776 - [abrt] PackageKit: hy_repo_get_string(): packagekitd killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1253776 [ 2 ] Bug #1259865 - call `dnf mark install <pkgs...>`on packages installed from PK https://bugzilla.redhat.com/show_bug.cgi?id=1259865 -------------------------------------------------------------------------------- ================================================================================ libldb-1.1.26-1.fc23 (FEDORA-2016-ac9b68e0f5) A schema-less, ldap like, API and database -------------------------------------------------------------------------------- Update Information: needed for Samba AD DC work -------------------------------------------------------------------------------- ================================================================================ libtalloc-2.1.6-1.fc23 (FEDORA-2016-f22cc0dc96) The talloc library -------------------------------------------------------------------------------- Update Information: Upgrade libtalloc in f23, required for samba-ad-dc work. -------------------------------------------------------------------------------- ================================================================================ libtdb-1.3.9-1.fc23 (FEDORA-2016-5dc110cd05) The tdb library -------------------------------------------------------------------------------- Update Information: New tdb upstream release, required for samba-ad-dc work -------------------------------------------------------------------------------- ================================================================================ pencil-2.0.18-1.fc23 (FEDORA-2016-b6e90866ec) A sketching and GUI prototyping tool -------------------------------------------------------------------------------- Update Information: New upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1327652 - Pencil continues under a new upstream maintainer https://bugzilla.redhat.com/show_bug.cgi?id=1327652 -------------------------------------------------------------------------------- ================================================================================ pgpdump-0.30-1.fc23 (FEDORA-2016-5733ad20f5) PGP packet visualizer -------------------------------------------------------------------------------- Update Information: CVE-2016-4021 pgpdump: endless loop parsing specially crafted input -------------------------------------------------------------------------------- References: [ 1 ] Bug #1328351 - CVE-2016-4021 pgpdump: endless loop parsing specially crafted input https://bugzilla.redhat.com/show_bug.cgi?id=1328351 -------------------------------------------------------------------------------- ================================================================================ php-5.6.21-1.fc23 (FEDORA-2016-f1d98cf017) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: 28 Apr 2016, **PHP 5.6.21** ** Core: ** * Fixed bug #69537 (__debugInfo with empty string for key gives error). (krakjoe) * Fixed bug #71841 (EG(error_zval) is not handled well). (Laruence) **BCmath:** * Fixed bug #72093 (bcpowmod accepts negative scale and corrupts _one_ definition). (Stas) **Curl:** * Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string). (Michael Sierks) **Date:** * Fixed bug #71889 (DateInterval::format Segmentation fault). (Thomas Punt) **EXIF:** * Fixed bug #72094 (Out of bounds heap read access in exif header processing). (Stas) **GD:** * Fixed bug #71952 (Corruption inside imageaffinematrixget). (Stas) * Fixed bug #71912 (libgd: signedness vulnerability). (Stas) **Intl:** * Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative offset). (Stas) **OCI8:** * Fixed bug #71422 (Fix ORA-01438: value larger than specified precision allowed for this column). (Chris Jones) **ODBC:** * Fixed bug #63171 (Script hangs after max_execution_time). (Remi) **Opcache:** * Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER). (Laruence) **PDO:** * Fixed bug #52098 (Own PDOStatement implementation ignore __call()). (Daniel Kalaspuffar, Julien) * Fixed bug #71447 (Quotes inside comments not properly handled). (Matteo) **Postgres:** * Fixed bug #71820 (pg_fetch_object binds parameters before call constructor). (Anatol) **SPL:** * Fixed bug #67582 (Cloned SplObjectStorage with overwritten getHash fails offsetExists()). (Nikita) **Standard:** * Fixed bug #71840 (Unserialize accepts wrongly data). (Ryat, Laruence) * Fixed bug #67512 (php_crypt() crashes if crypt_r() does not exist or _REENTRANT is not defined). (Nikita) **XML:** * Fixed bug #72099 (xml_parse_into_struct segmentation fault). (Stas) -------------------------------------------------------------------------------- ================================================================================ php-league-flysystem-1.0.22-1.fc23 (FEDORA-2016-799ca1b0d2) Filesystem abstraction: Many filesystems, one API -------------------------------------------------------------------------------- Update Information: **Version 1.0.22** - 2016-04-28 * Fix root directory creation problem #632 ---- **Version 1.0.21** - 2016-04-22 * Explicitly return false when a has call receives an empty filename. * MounManager copy and move operators now comply to the Filesystem's signature. -------------------------------------------------------------------------------- ================================================================================ python-fedmsg-meta-fedora-infrastructure-0.17.4-1.fc23 (FEDORA-2016-cddac0bead) Metadata providers for Fedora Infrastructure's fedmsg deployment -------------------------------------------------------------------------------- Update Information: Latest upstream. Enabled python3 subpackage. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1331370 - Please enable python3-fedmsg-meta-fedora-infrastructure https://bugzilla.redhat.com/show_bug.cgi?id=1331370 [ 2 ] Bug #1331442 - python-fedmsg-meta-fedora-infrastructure-0.17.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1331442 -------------------------------------------------------------------------------- ================================================================================ quassel-0.12.4-1.fc23 (FEDORA-2016-42f30d76a0) A modern distributed IRC system -------------------------------------------------------------------------------- Update Information: Update to latest upstream quassel release, 0.12.4 -------------------------------------------------------------------------------- ================================================================================ selinux-policy-3.13.1-158.15.fc23 (FEDORA-2016-df52942a2f) SELinux policy configuration -------------------------------------------------------------------------------- Update Information: More info:http://koji.fedoraproject.org/koji/buildinfo?buildID=758088 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1029297 - None https://bugzilla.redhat.com/show_bug.cgi?id=1029297 [ 2 ] Bug #1232042 - None https://bugzilla.redhat.com/show_bug.cgi?id=1232042 [ 3 ] Bug #1241415 - None https://bugzilla.redhat.com/show_bug.cgi?id=1241415 [ 4 ] Bug #1241451 - None https://bugzilla.redhat.com/show_bug.cgi?id=1241451 [ 5 ] Bug #1241453 - None https://bugzilla.redhat.com/show_bug.cgi?id=1241453 [ 6 ] Bug #1241456 - None https://bugzilla.redhat.com/show_bug.cgi?id=1241456 [ 7 ] Bug #1311488 - None https://bugzilla.redhat.com/show_bug.cgi?id=1311488 [ 8 ] Bug #1330899 - None https://bugzilla.redhat.com/show_bug.cgi?id=1330899 [ 9 ] Bug #1330981 - None https://bugzilla.redhat.com/show_bug.cgi?id=1330981 -------------------------------------------------------------------------------- ================================================================================ shotwell-0.23.0-1.fc23 (FEDORA-2016-be44169357) A photo organizer for the GNOME desktop -------------------------------------------------------------------------------- Update Information: Update Shotwell to the latest released version. -------------------------------------------------------------------------------- ================================================================================ traceroute-2.1.0-2.fc23 (FEDORA-2016-1aac964aa9) Traces the route taken by packets over an IPv4/IPv6 network -------------------------------------------------------------------------------- Update Information: Provide hardened build (#1330514) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1330514 - Harden all packages: traceroute executables should use PIE and have RELRO enabled https://bugzilla.redhat.com/show_bug.cgi?id=1330514 -------------------------------------------------------------------------------- ================================================================================ tripwire-2.4.3.1-10.fc23 (FEDORA-2016-2477978dd4) IDS (Intrusion Detection System) -------------------------------------------------------------------------------- Update Information: update to 2.4.3.1 ---- update to 2.4.3.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1308196 - tripwire: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1308196 -------------------------------------------------------------------------------- ================================================================================ webkitgtk4-2.12.2-1.fc23 (FEDORA-2016-a9dc0b38b0) GTK+ Web content engine library -------------------------------------------------------------------------------- Update Information: This update brings the following changes: - Fix rendering of scrollbars with GTK themes using stepper buttons. - Fix compatibility issue with 2.12.1 regarding local storage access from file URLs. - Make menu list buttons use the text color from the theme. - Do not show resize grip in non-resizable text fields. - Fix accessibility events causing Orca to echo key presses instead of speaking the inserted characters in password fields. - Fix an off by one error in hyphenation. - Fix several crashes and rendering issues. - Fix the build with libjpeg v9. - Translation updates: Bulgarian, Finnish, Greek, Italian, Turkish. -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
