The following Fedora 23 Security updates need testing: Age URL 223 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 181 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 154 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 104 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 104 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 69 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 24 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b8f91621c7 optipng-0.7.6-1.fc23 24 https://bodhi.fedoraproject.org/updates/FEDORA-2016-dffdc981ff squid-3.5.10-2.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7c48036d73 community-mysql-5.6.30-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a8e2be0fe6 cacti-0.8.8g-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5733ad20f5 pgpdump-0.30-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f1d98cf017 php-5.6.21-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-afdedc8da9 openvas-cli-1.4.4-1.fc23 openvas-gsa-6.0.10-3.fc23 openvas-libraries-8.0.7-2.fc23 openvas-manager-6.0.8-2.fc23 openvas-scanner-5.0.5-3.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-88778482ea lorax-23.21-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-df52942a2f selinux-policy-3.13.1-158.15.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-afa56613ca lxsession-0.5.2-9.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a1b48953d4 pungi-4.0.15-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0a2ca2016e xulrunner-44.0-6.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5587c0678e phonon-4.9.0-2.fc23 phonon-backend-gstreamer-4.9.0-1.fc23 The following builds have been pushed to Fedora 23 updates-testing composer-1.0.3-1.fc23 ddrescue-1.21-1.fc23 gimpfx-foundry-2.6.1-5.fc23 lxsession-0.5.2-9.fc23 openvas-cli-1.4.4-1.fc23 openvas-gsa-6.0.10-3.fc23 openvas-libraries-8.0.7-2.fc23 openvas-manager-6.0.8-2.fc23 openvas-scanner-5.0.5-3.fc23 os-autoinst-4.3-10.20160408gitff760a3.fc23 phonon-4.9.0-2.fc23 phonon-backend-gstreamer-4.9.0-1.fc23 pungi-4.0.15-1.fc23 re2-20160401-2.fc23 tilda-1.3.3-1.fc23 Details about builds: ================================================================================ composer-1.0.3-1.fc23 (FEDORA-2016-803db284c9) Dependency Manager for PHP -------------------------------------------------------------------------------- Update Information: **Version 1.0.3** - 2016-04-29 * Security: Fixed possible command injection from the env vars into our sudo detection * Fixed interactive authentication with gitlab * Fixed class name replacement in plugins * Fixed classmap generation mistakenly detecting anonymous classes * Fixed auto-detection of stability flags in complex constraints like `2.0-dev || ^1.5` * Fixed content- length handling when redirecting to very small responses ---- **Version 1.0.2** * Fixed regression in 1.0.1 on systems with mbstring.func_overload enabled * Fixed regression in 1.0.1 that made dev packages update to the latest reference even if not whitelisted in a partial update * Fixed init command ignoring the COMPOSER env var for choosing the json file name * Fixed error reporting bug when the dependency resolution fails * Fixed handling of $ sign in composer config command in some cases it could corrupt the json file ---- **Version 1.0.1** * Fixed URL updating when a package's URL changes, composer.lock now contains the right URL including correct reference * Fixed URL updating of the origin git remote as well for packages installed as git clone * Fixed binary .bat files generated from linux being incompatible with windows cmd * Fixed handling of paths with trailing slashes in path repository * Fixed create-project not using platform config when selecting a package * Fixed self- update not showing the channel it uses to perform the update * Fixed file downloads not failing loudly when the content does not match the Content-Length header * Fixed secure-http detecting some malformed URLs as insecure * Updated CA bundle Notice system CA is always preferred, bundled copy is only used as a last chance fallback. -------------------------------------------------------------------------------- ================================================================================ ddrescue-1.21-1.fc23 (FEDORA-2016-a7f55a7649) Data recovery tool trying hard to rescue data in case of read errors -------------------------------------------------------------------------------- Update Information: Bump to new upstream bigfix release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1319360 - ddrescue-1.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1319360 -------------------------------------------------------------------------------- ================================================================================ gimpfx-foundry-2.6.1-5.fc23 (FEDORA-2016-170517de6b) Additional GIMP plugins -------------------------------------------------------------------------------- Update Information: gimpfx-foundry plugin for GIMP returns in the repository -------------------------------------------------------------------------------- References: [ 1 ] Bug #1327929 - Review Request: gimpfx-foundry - Additional plugins for GIMP https://bugzilla.redhat.com/show_bug.cgi?id=1327929 -------------------------------------------------------------------------------- ================================================================================ lxsession-0.5.2-9.fc23 (FEDORA-2016-afa56613ca) Lightweight X11 session manager -------------------------------------------------------------------------------- Update Information: A bug was reported that editing LXDE desktop.conf can cause CPU exhaustion by lxsession process. This new rpm should fix this issue. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1294579 - lxsession Consumes 100% CPU https://bugzilla.redhat.com/show_bug.cgi?id=1294579 -------------------------------------------------------------------------------- ================================================================================ openvas-cli-1.4.4-1.fc23 (FEDORA-2016-afdedc8da9) Command-line tool to drive OpenVAS Manager -------------------------------------------------------------------------------- Update Information: Bump to latest upstream bugfix releases. Contains Security fix for CVE-2016-1926 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1300683 - CVE-2016-1926 openvas-gsa: XSS vulnerability due to improper handling of the parameters of get_aggregate command https://bugzilla.redhat.com/show_bug.cgi?id=1300683 -------------------------------------------------------------------------------- ================================================================================ openvas-gsa-6.0.10-3.fc23 (FEDORA-2016-afdedc8da9) Greenbone Security Assistant (GSA) is GUI to the OpenVAS -------------------------------------------------------------------------------- Update Information: Bump to latest upstream bugfix releases. Contains Security fix for CVE-2016-1926 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1300683 - CVE-2016-1926 openvas-gsa: XSS vulnerability due to improper handling of the parameters of get_aggregate command https://bugzilla.redhat.com/show_bug.cgi?id=1300683 -------------------------------------------------------------------------------- ================================================================================ openvas-libraries-8.0.7-2.fc23 (FEDORA-2016-afdedc8da9) Support libraries for Open Vulnerability Assessment (OpenVAS) Scanner -------------------------------------------------------------------------------- Update Information: Bump to latest upstream bugfix releases. Contains Security fix for CVE-2016-1926 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1300683 - CVE-2016-1926 openvas-gsa: XSS vulnerability due to improper handling of the parameters of get_aggregate command https://bugzilla.redhat.com/show_bug.cgi?id=1300683 -------------------------------------------------------------------------------- ================================================================================ openvas-manager-6.0.8-2.fc23 (FEDORA-2016-afdedc8da9) Manager Module for the Open Vulnerability Assessment System (OpenVAS) -------------------------------------------------------------------------------- Update Information: Bump to latest upstream bugfix releases. Contains Security fix for CVE-2016-1926 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1300683 - CVE-2016-1926 openvas-gsa: XSS vulnerability due to improper handling of the parameters of get_aggregate command https://bugzilla.redhat.com/show_bug.cgi?id=1300683 -------------------------------------------------------------------------------- ================================================================================ openvas-scanner-5.0.5-3.fc23 (FEDORA-2016-afdedc8da9) Open Vulnerability Assessment (OpenVAS) Scanner -------------------------------------------------------------------------------- Update Information: Bump to latest upstream bugfix releases. Contains Security fix for CVE-2016-1926 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1300683 - CVE-2016-1926 openvas-gsa: XSS vulnerability due to improper handling of the parameters of get_aggregate command https://bugzilla.redhat.com/show_bug.cgi?id=1300683 -------------------------------------------------------------------------------- ================================================================================ os-autoinst-4.3-10.20160408gitff760a3.fc23 (FEDORA-2016-f00239a7d2) OS-level test automation -------------------------------------------------------------------------------- Update Information: This update corrects the path to the `os-autoinst-openvswitch` binary in the systemd service file; this prevented the service from running correctly. It also makes it possible to pass an optional argument to the `upload_logs` subroutine to make it tolerate a failed upload. -------------------------------------------------------------------------------- ================================================================================ phonon-4.9.0-2.fc23 (FEDORA-2016-5587c0678e) Multimedia framework api -------------------------------------------------------------------------------- Update Information: New phonon release, see also https://www.mail-archive.com/kde- announce@xxxxxxx/msg00174.html -------------------------------------------------------------------------------- ================================================================================ phonon-backend-gstreamer-4.9.0-1.fc23 (FEDORA-2016-5587c0678e) Gstreamer phonon backend -------------------------------------------------------------------------------- Update Information: New phonon release, see also https://www.mail-archive.com/kde- announce@xxxxxxx/msg00174.html -------------------------------------------------------------------------------- ================================================================================ pungi-4.0.15-1.fc23 (FEDORA-2016-a1b48953d4) Distribution compose tool -------------------------------------------------------------------------------- Update Information: [createiso] Add back running isohybrid on x86 disk images (dennis) [createiso] Remove chdir() (lsedlar) Pungi should log when it tries to publish notifications. (rbean) [createrepo] Use more verbose output (lsedlar) [ostree- installer] Drop filename setting (lsedlar) [ostree] Set each repo to point to current compose (lsedlar) [ostree-installer] Install ostree in runroot (lsedlar) [pkgset] Print more detailed logs when rpm is not found (lsedlar) [ostree- installer] Clone repo with templates (lsedlar) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1331317 - Server-dvd doesn't boot from flash drive created by dd https://bugzilla.redhat.com/show_bug.cgi?id=1331317 -------------------------------------------------------------------------------- ================================================================================ re2-20160401-2.fc23 (FEDORA-2016-8faede3567) C++ fast alternative to backtracking RE engines -------------------------------------------------------------------------------- Update Information: Update to 20160401, primarily for chromium. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1307988 - re2: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1307988 -------------------------------------------------------------------------------- ================================================================================ tilda-1.3.3-1.fc23 (FEDORA-2016-d8a17599ce) A Gtk based drop down terminal for Linux and Unix -------------------------------------------------------------------------------- Update Information: - update to 1.3.3 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
