The following Fedora 23 Security updates need testing: Age URL 225 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 183 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 156 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 106 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 106 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 71 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 26 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b8f91621c7 optipng-0.7.6-1.fc23 26 https://bodhi.fedoraproject.org/updates/FEDORA-2016-dffdc981ff squid-3.5.10-2.fc23 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7c48036d73 community-mysql-5.6.30-1.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a8e2be0fe6 cacti-0.8.8g-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5733ad20f5 pgpdump-0.30-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f2aae0dbc5 botan-1.10.13-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5b2eb0bf9c ntp-4.2.6p5-40.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c93d49faf3 dhcp-4.3.3-9.P1.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-88778482ea lorax-23.21-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0a2ca2016e xulrunner-44.0-6.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-afa56613ca lxsession-0.5.2-9.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a1b48953d4 pungi-4.0.15-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5587c0678e phonon-4.9.0-2.fc23 phonon-backend-gstreamer-4.9.0-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c93d49faf3 dhcp-4.3.3-9.P1.fc23 The following builds have been pushed to Fedora 23 updates-testing argus-3.0.8-6.fc23 blktap-3.0.0-7.fc23.git0.9.2 dhcp-4.3.3-9.P1.fc23 docker-1.10.3-16.gita41254f.fc23 fedora-review-0.6.1-1.fc23 gmic-1.7.1-1.fc23 kshutdown-3.99.1-0.1.beta.fc23 mutt-1.6.1-1.fc23 ntp-4.2.6p5-40.fc23 owncloud-8.2.3-6.fc23 perl-Module-CoreList-5.20160429-1.fc23 perl-PerlIO-eol-0.16-1.fc23 perl-Thread-Queue-3.09-1.fc23 php-myclabs-deep-copy-1.5.1-1.fc23 php-owncloud-tarstreamer-0.1.0-1.fc23 php-swiftmailer-5.4.2-1.fc23 php-symfony-2.7.12-2.fc23 python-assimulo-2.9-1.fc23 python-pyudev-0.20.0-1.fc23 Details about builds: ================================================================================ argus-3.0.8-6.fc23 (FEDORA-2016-f92332b224) Network transaction audit tool -------------------------------------------------------------------------------- Update Information: Logrotate fix. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1332098 - /etc/logrotate.d/argus from argus-3.0.8-4.fc23.x86_64 causes global default log compression for all logs handled by logrotate and not just the argus log https://bugzilla.redhat.com/show_bug.cgi?id=1332098 -------------------------------------------------------------------------------- ================================================================================ blktap-3.0.0-7.fc23.git0.9.2 (FEDORA-2016-483db91cbe) Blktap Userspace Tools + Library -------------------------------------------------------------------------------- Update Information: Applied a bundled patch to fix a udev warning (BZ#1229953) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1229953 - blktap rule generates udev warning https://bugzilla.redhat.com/show_bug.cgi?id=1229953 -------------------------------------------------------------------------------- ================================================================================ dhcp-4.3.3-9.P1.fc23 (FEDORA-2016-c93d49faf3) Dynamic host configuration protocol software -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-2774 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1315259 - CVE-2016-2774 dhcp: unclosed TCP connections to OMAPI or failover ports can cause DoS https://bugzilla.redhat.com/show_bug.cgi?id=1315259 -------------------------------------------------------------------------------- ================================================================================ docker-1.10.3-16.gita41254f.fc23 (FEDORA-2016-87f810b0f5) Automates deployment of containerized applications -------------------------------------------------------------------------------- Update Information: built docker @projectatomic/fedora-1.10.3 commit a41254f ---- built docker @projectatomic/fedora-1.10.3 commit#964eda6 ---- built docker @projectatomic/fedora-1.10.3 commit#ef2fa35 ---- docker package runtime depends on docker-forward-journald ---- rebuilt to remove dockerroot user creation ---- rebuilt to remove dockerroot user creation ---- rebuilt to include dss_libdir directory ---- built docker @projectatomic/fedora-1.10.2 commit#86e59a5 ---- rebuilt with seccomp enabled ---- built docker @projectatomic/fedora-1.10.1 commit#6c71d8f ---- built docker @projectatomic/fedora-1.10.1 commit#6c71d8f ---- rebuilt, no change ---- built docker @projectatomic/fedora-1.10.2 commit#0f5ac89 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1289851 - Docker.service does not require docker.socket which can lead to Docker crash when docker.sock is host mounted https://bugzilla.redhat.com/show_bug.cgi?id=1289851 [ 2 ] Bug #1254694 - "man docker-login" incorrectly claims that you can "docker login" to Docker Hub as non-root user https://bugzilla.redhat.com/show_bug.cgi?id=1254694 [ 3 ] Bug #1269602 - Secrets patch does not work in Fedora https://bugzilla.redhat.com/show_bug.cgi?id=1269602 [ 4 ] Bug #1289963 - docker push not working in 1.9.1 https://bugzilla.redhat.com/show_bug.cgi?id=1289963 [ 5 ] Bug #1303105 - Docker does not own /usr/lib/docker-storage-setup https://bugzilla.redhat.com/show_bug.cgi?id=1303105 [ 6 ] Bug #1326110 - Unable to create containers with Kubernetes master and Docker 1.9.1-9 https://bugzilla.redhat.com/show_bug.cgi?id=1326110 [ 7 ] Bug #1312934 - "docker images" command returns all the repositories prepended with the "docker.io/" string https://bugzilla.redhat.com/show_bug.cgi?id=1312934 -------------------------------------------------------------------------------- ================================================================================ fedora-review-0.6.1-1.fc23 (FEDORA-2016-c502551b96) Review tool for fedora rpm packages -------------------------------------------------------------------------------- Update Information: Bugfix release. From NEWS: - spec: Make plugin-ruby a separate package. - Fix handling of license files w blanks (bz #1229412). - Handle licensecheck crash gracefully (bz #1241481). - Fix bad check for %license (bz #1231019). - Add COPYRIGHT to license files (bz #1232814). - fedora-create-review: --test: Print used bz (#266). - fedora-review.1: typo (#262). - Optimize some dnf operations (#1275275). - De-duplicate installed rpms (bz #1264803). - Clean up koji- download-scratch and create-review (#260), add options --logs and --nodebug to skip downloading logs and debuginfo packages - Generate correct PkgDB URL in CheckNoNameConflict - Use rpm to find %check section (#225). - fedora-review.1: Add info on bugz (#237, sort of). - ruby: Add test for obsolete R:rubygem, %fedora > 20 (bz 1128094). - ruby: Disable check for R: rubygem when %fedora > 20 (bz #1128094). - generic_should, ruby: Add plugin checking code. - generic: Move SHOULD checks to generic_should. - Fix false positive for Packager: tag (bz #1146442). - Fix command line options w spaces (bz #1192184). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1275275 - fedora-review queries too many times for same thing https://bugzilla.redhat.com/show_bug.cgi?id=1275275 -------------------------------------------------------------------------------- ================================================================================ gmic-1.7.1-1.fc23 (FEDORA-2016-5ab9882f3a) GREYC's Magic for Image Computing -------------------------------------------------------------------------------- Update Information: bump version ---- bump version -------------------------------------------------------------------------------- ================================================================================ kshutdown-3.99.1-0.1.beta.fc23 (FEDORA-2016-a98f0f7879) Graphical shutdown utility for Plasma 5 -------------------------------------------------------------------------------- Update Information: KShutdown 3.99.1 beta release. For more information visit http://kshutdown.sourceforge.net/releases/3.99.1beta.html. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1331948 - kshutdown-3.99.1beta is available https://bugzilla.redhat.com/show_bug.cgi?id=1331948 -------------------------------------------------------------------------------- ================================================================================ mutt-1.6.1-1.fc23 (FEDORA-2016-f59f02b2b7) A text mode mail user agent -------------------------------------------------------------------------------- Update Information: Bugfix release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1332105 - mutt-1.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1332105 -------------------------------------------------------------------------------- ================================================================================ ntp-4.2.6p5-40.fc23 (FEDORA-2016-5b2eb0bf9c) The NTP daemon and utilities -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-1548, CVE-2016-2516, CVE-2016-2518, CVE-2016-1550 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1331462 - CVE-2016-1548 ntp: ntpd switching to interleaved mode with spoofed packets https://bugzilla.redhat.com/show_bug.cgi?id=1331462 [ 2 ] Bug #1331466 - CVE-2016-2516 ntp: assertion failure in ntpd on duplicate IPs on unconfig directives https://bugzilla.redhat.com/show_bug.cgi?id=1331466 [ 3 ] Bug #1331468 - CVE-2016-2518 ntp: out-of-bounds references on crafted packet https://bugzilla.redhat.com/show_bug.cgi?id=1331468 [ 4 ] Bug #1331464 - CVE-2016-1550 ntp: libntp message digest disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1331464 -------------------------------------------------------------------------------- ================================================================================ owncloud-8.2.3-6.fc23 (FEDORA-2016-6f479decc6) Private file sync and share server -------------------------------------------------------------------------------- Update Information: Owncloud now follows the PHP SIG direction of using a fedora autoloader to directly call the autoloaders of the PHP libraries used. In addition a %check has been added to ensure the autoloader works correctly and new dependency versions bumped to match more closely with upstream. -------------------------------------------------------------------------------- ================================================================================ perl-Module-CoreList-5.20160429-1.fc23 (FEDORA-2016-e456fcb429) What modules are shipped with versions of perl -------------------------------------------------------------------------------- Update Information: This release brings data for perl 5.22.2. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1331902 - perl-Module-CoreList-5.20160429 is available https://bugzilla.redhat.com/show_bug.cgi?id=1331902 -------------------------------------------------------------------------------- ================================================================================ perl-PerlIO-eol-0.16-1.fc23 (FEDORA-2016-21c0249f74) PerlIO layer for normalizing line endings -------------------------------------------------------------------------------- Update Information: This release corrects build-time warnings. ---- This release improves documentation. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1331951 - perl-PerlIO-eol-0.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1331951 [ 2 ] Bug #1330787 - perl-PerlIO-eol-0.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=1330787 -------------------------------------------------------------------------------- ================================================================================ perl-Thread-Queue-3.09-1.fc23 (FEDORA-2016-3aac4ecc07) Thread-safe queues -------------------------------------------------------------------------------- Update Information: This release updates documentation. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1331991 - perl-Thread-Queue-3.09 is available https://bugzilla.redhat.com/show_bug.cgi?id=1331991 -------------------------------------------------------------------------------- ================================================================================ php-myclabs-deep-copy-1.5.1-1.fc23 (FEDORA-2016-60eec52353) Create deep copies (clones) of your objects -------------------------------------------------------------------------------- Update Information: **Version 1.5.1** * fix for exception -------------------------------------------------------------------------------- ================================================================================ php-owncloud-tarstreamer-0.1.0-1.fc23 (FEDORA-2016-85231c0e47) Streaming dynamic tar files -------------------------------------------------------------------------------- Update Information: **Version 0.1.0** * Use UTF-8 filenames for any browser except Internet Explorer -------------------------------------------------------------------------------- ================================================================================ php-swiftmailer-5.4.2-1.fc23 (FEDORA-2016-359620c6de) Free Feature-rich PHP Mailer -------------------------------------------------------------------------------- Update Information: **Version 5.4.2** (2016-05-01) * fixed support for IPv6 sockets * added auto- retry when sending messages from the memory spool * fixed consecutive read calls in Swift_ByteStream_FileByteStream * added support for iso-8859-15 encoding * fixed PHP mail extra params on missing reversePath * added methods to set custom stream context options * fixed charset changes in QpContentEncoderProxy * added return-path header to the ignoredHeaders list of DKIMSigner * fixed crlf for subject using mail * fixed add soft line break only when necessary * fixed escaping command-line args to Sendmail -------------------------------------------------------------------------------- ================================================================================ php-symfony-2.7.12-2.fc23 (FEDORA-2016-7bff4ca867) PHP framework for web projects -------------------------------------------------------------------------------- Update Information: **Version 2.7.12** (2016-04-29) * bug #18180 [Form] fixed BC break with pre selection of choices with `ChoiceType` and its children (HeahDude) * bug #18562 [WebProfilerBunde] Give an absolute url in case the request occured from another domain (romainneutron) * bug #18603 [PropertyAccess] ->getValue() should be read-only (nicolas-grekas) * bug #18593 [VarDumper] Fix dumping type hints for non-existing parent classes (nicolas-grekas) * bug #18581 [Console] [TableHelper] make it work with SymfonyStyle. (aitboudad) * bug #18280 [Routing] add query param if value is different from default (Tobion) * bug #18496 [Console] use ANSI escape sequences in ProgressBar overwrite method (alekitto) * bug #18491 [DependencyInjection] anonymous services are always private (xabbuh) * bug #18515 [Filesystem] Better error handling in remove() (nicolas-grekas) * bug #18449 [PropertyAccess] Fix regression (nicolas-grekas) * bug #18429 [Console] Correct time formatting. (camporter) * bug #18467 [DependencyInjection] Resolve aliases before removing abstract services + add tests (nicolas-grekas) * bug #18460 [DomCrawler] Fix select option with empty value (Matt Wells) * bug #18425 [Security] Fixed SwitchUserListener when exiting an impersonation with AnonymousToken (lyrixx) * bug #18317 [Form] fix "prototype" not required when parent form is not required (HeahDude) * bug #18439 [Logging] Add support for Firefox (43+) in ChromePhpHandler (arjenm) * bug #18385 Detect CLI color support for Windows 10 build 10586 (mlocati) * bug #18426 [EventDispatcher] Try first if the event is Stopped (lyrixx) * bug #18394 [FrameworkBundle] Return the invokable service if its name is the class name (dunglas) * bug #18265 Optimize ReplaceAliasByActualDefinitionPass (ajb- in) * bug #18349 [Process] Fix stream_select priority when writing to stdin (nicolas-grekas) * bug #18358 [Form] NumberToLocalizedStringTransformer should return floats when possible (nicolas-grekas) * bug #17926 [DependencyInjection] Enable alias for service_container (hason) * bug #18352 [Debug] Fix case sensitivity checks (nicolas-grekas) * bug #18336 [Debug] Fix handling of php7 throwables (nicolas-grekas) * bug #18354 [FrameworkBundle][TwigBridge] fix high deps tests (xabbuh) * bug #18312 [ClassLoader] Fix storing not-found classes in APC cache (nicolas-grekas) * bug #18298 [Validator] do not treat payload as callback (xabbuh) -------------------------------------------------------------------------------- ================================================================================ python-assimulo-2.9-1.fc23 (FEDORA-2016-45fc12fcae) Ordinary differential and differential algebraic equations solver -------------------------------------------------------------------------------- Update Information: - Update to 2.9 -------------------------------------------------------------------------------- ================================================================================ python-pyudev-0.20.0-1.fc23 (FEDORA-2016-04bcd492ef) A libudev binding -------------------------------------------------------------------------------- Update Information: Fixes to minor bugs that only those who noticed them should care about. No other changes. -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
