The following Fedora 23 Security updates need testing: Age URL 229 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 186 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 159 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 110 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 110 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 75 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 30 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b8f91621c7 optipng-0.7.6-1.fc23 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7c48036d73 community-mysql-5.6.30-1.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5733ad20f5 pgpdump-0.30-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f2aae0dbc5 botan-1.10.13-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5b2eb0bf9c ntp-4.2.6p5-40.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-78ad11154f ocaml-4.02.2-5.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7edf033fd8 squid-3.5.10-3.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7d900003e6 kernel-4.4.9-300.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f2e2b178ea jackson-dataformat-xml-2.5.0-3.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 16 https://bodhi.fedoraproject.org/updates/FEDORA-2016-88778482ea lorax-23.21-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0a2ca2016e xulrunner-44.0-6.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-afa56613ca lxsession-0.5.2-9.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5587c0678e phonon-4.9.0-2.fc23 phonon-backend-gstreamer-4.9.0-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-035c5cc546 taglib-1.11-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-edcdaedcc0 livecd-tools-23.3-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7d900003e6 kernel-4.4.9-300.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b23268e0fc xdg-utils-1.1.1-4.fc23 The following builds have been pushed to Fedora 23 updates-testing apper-0.9.2-6.fc23 bird-1.6.0-1.fc23 copr-backend-1.85-1.fc23 copr-frontend-1.92-1.fc23 copr-keygen-1.66-1.fc23 copr-selinux-1.40-1.fc23 cryptobone-1.0.3-1.fc23 docker-1.10.3-18.git667d6d1.fc23 dpm-contrib-admintools-0.2.2-1.fc23 fontawesome-fonts-4.6.2-1.fc23 ibus-chewing-1.5.0-1.fc23 iipsrv-1.0.0-6.0.fc23 jackson-dataformat-xml-2.5.0-3.fc23 kernel-4.4.9-300.fc23 knot-resolver-1.0.0-0.3.4f463d7.fc23 libmediainfo-0.7.85-1.fc23 libreswan-3.17-2.fc23 libvirt-1.2.18.3-1.fc23 livecd-tools-23.3-1.fc23 mediainfo-0.7.85-1.fc23 mod_intercept_form_submit-1.0.1-1.fc23 mod_lookup_identity-0.9.4-1.fc23 mu-0.2-1.fc23 perl-Inline-Struct-0.23-1.fc23 perl-Tree-Simple-1.28-1.fc23 php-Analog-1.0.7-2.fc23 pidgin-sipe-1.21.0-2.fc23 python-gnupg-0.3.8-2.fc23 python-multi_key_dict-2.0.3-1.fc23 python-osrf-pycommon-0.1.2-1.fc23 python3-bsddb3-6.2.0-1.fc23 rubygem-font-awesome-rails-4.6.2.0-1.fc23 rubygem-kramdown-1.11.1-1.fc23 scap-security-guide-0.1.29-1.fc23 squid-3.5.10-3.fc23 wxGTK3-3.0.2-19.fc23 xdg-utils-1.1.1-4.fc23 Details about builds: ================================================================================ apper-0.9.2-6.fc23 (FEDORA-2016-4425a10a1d) KDE interface for PackageKit -------------------------------------------------------------------------------- Update Information: Hard-code style (plastique/oxygen) to workaround UI glitches -------------------------------------------------------------------------------- References: [ 1 ] Bug #1209017 - 0.9.1 Apper overlapping messages while downloading https://bugzilla.redhat.com/show_bug.cgi?id=1209017 -------------------------------------------------------------------------------- ================================================================================ bird-1.6.0-1.fc23 (FEDORA-2016-8f0968aa5b) BIRD Internet Routing Daemon -------------------------------------------------------------------------------- Update Information: Update to unmodified upstream release of bird 1.6.0. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1331895 - bird-1.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1331895 -------------------------------------------------------------------------------- ================================================================================ copr-backend-1.85-1.fc23 (FEDORA-2016-7e51c1e094) Backend for Copr -------------------------------------------------------------------------------- Update Information: * PyPI builds improvement * improvement to group projects -------------------------------------------------------------------------------- ================================================================================ copr-frontend-1.92-1.fc23 (FEDORA-2016-7e51c1e094) Frontend for Copr -------------------------------------------------------------------------------- Update Information: * PyPI builds improvement * improvement to group projects -------------------------------------------------------------------------------- ================================================================================ copr-keygen-1.66-1.fc23 (FEDORA-2016-7e51c1e094) Part of Copr build system. Aux service that generate keys for signd -------------------------------------------------------------------------------- Update Information: * PyPI builds improvement * improvement to group projects -------------------------------------------------------------------------------- ================================================================================ copr-selinux-1.40-1.fc23 (FEDORA-2016-7e51c1e094) SELinux module for COPR -------------------------------------------------------------------------------- Update Information: * PyPI builds improvement * improvement to group projects -------------------------------------------------------------------------------- ================================================================================ cryptobone-1.0.3-1.fc23 (FEDORA-2016-3e317b7bb3) Secure Communication Under Your Control -------------------------------------------------------------------------------- Update Information: Everything is being built with $RPM_OPT_FLAGS, including cryptlib. -------------------------------------------------------------------------------- ================================================================================ docker-1.10.3-18.git667d6d1.fc23 (FEDORA-2016-7a1fb10a39) Automates deployment of containerized applications -------------------------------------------------------------------------------- Update Information: built docker @projectatomic/fedora-1.10.3 commit 667d6d1 ---- built docker @projectatomic/fedora-1.10.3 commit bba2d6d ---- built docker @projectatomic/fedora-1.10.3 commit a41254f ---- built docker @projectatomic/fedora-1.10.3 commit#964eda6 ---- built docker @projectatomic/fedora-1.10.3 commit#ef2fa35 ---- docker package runtime depends on docker-forward-journald ---- rebuilt to remove dockerroot user creation ---- rebuilt to remove dockerroot user creation ---- rebuilt to include dss_libdir directory ---- built docker @projectatomic/fedora-1.10.2 commit#86e59a5 ---- rebuilt with seccomp enabled ---- built docker @projectatomic/fedora-1.10.1 commit#6c71d8f ---- built docker @projectatomic/fedora-1.10.1 commit#6c71d8f ---- rebuilt, no change ---- built docker @projectatomic/fedora-1.10.2 commit#0f5ac89 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1289851 - Docker.service does not require docker.socket which can lead to Docker crash when docker.sock is host mounted https://bugzilla.redhat.com/show_bug.cgi?id=1289851 [ 2 ] Bug #1254694 - "man docker-login" incorrectly claims that you can "docker login" to Docker Hub as non-root user https://bugzilla.redhat.com/show_bug.cgi?id=1254694 [ 3 ] Bug #1269602 - Secrets patch does not work in Fedora https://bugzilla.redhat.com/show_bug.cgi?id=1269602 [ 4 ] Bug #1289963 - docker push not working in 1.9.1 https://bugzilla.redhat.com/show_bug.cgi?id=1289963 [ 5 ] Bug #1303105 - Docker does not own /usr/lib/docker-storage-setup https://bugzilla.redhat.com/show_bug.cgi?id=1303105 [ 6 ] Bug #1326110 - Unable to create containers with Kubernetes master and Docker 1.9.1-9 https://bugzilla.redhat.com/show_bug.cgi?id=1326110 [ 7 ] Bug #1312934 - "docker images" command returns all the repositories prepended with the "docker.io/" string https://bugzilla.redhat.com/show_bug.cgi?id=1312934 -------------------------------------------------------------------------------- ================================================================================ dpm-contrib-admintools-0.2.2-1.fc23 (FEDORA-2016-2982fe8d2f) DPM administration toolkit (contrib from GridPP) -------------------------------------------------------------------------------- Update Information: - new upstream release -------------------------------------------------------------------------------- ================================================================================ fontawesome-fonts-4.6.2-1.fc23 (FEDORA-2016-be9341f3b7) Iconic font set -------------------------------------------------------------------------------- Update Information: Update to 4.6.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1333213 - fontawesome-fonts-v4.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1333213 -------------------------------------------------------------------------------- ================================================================================ ibus-chewing-1.5.0-1.fc23 (FEDORA-2016-3fa61a9a2a) The Chewing engine for IBus input platform -------------------------------------------------------------------------------- Update Information: - Enhancement: * New option: "Clean pre-edit buffer when focus out" - Fix: * Fixed the issues found in static checks * Fixed Bug 1182813 ibus-chewing crashes gedit in search box while window out of focus a.k.a GitHub issue #28 * Fixed GitHub issue #37 Cannot use cmake out of source build Cannot use cmake out of source build * Fixed GitHub issue #47 CHEWING_DATADIR CMake variable name mismatch * Fixed GitHub issue #61 GConf2 should be removed from INSTALL document * Fixed GitHub issue #64 systray should be able to show the Chinese/English mode * Fixed GitHub issue #68 CPU usage very high when switch to Chewing Engine * Fixed Bug 1177198 - [abrt] ibus-chewing: XGetKeyboardControl(): ibus-engine-chewing killed by SIGSEGV * Fixed Bug 1319403 - [RFE] ibus-chewing: New option: Caps Lock behavior a.k.a. GitHub issue #66 * Fixed Bug 1330194 - Ctrl-c failed to output as Ctrl-c a.k.a. GitHub issue #69 * Pull Request #67 Fix property "easy-symbol-input" is covered by "shift-toggle-chinese" Thanks southernbear for providing this fix. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1309524 - [RFE] ibus-chewing: systray should be able to show the Chinese/English mode https://bugzilla.redhat.com/show_bug.cgi?id=1309524 [ 2 ] Bug #1330194 - Ctrl-c failed to output as Ctrl-c https://bugzilla.redhat.com/show_bug.cgi?id=1330194 [ 3 ] Bug #1319403 - [RFE] ibus-chewing: New option: Caps Lock behavior https://bugzilla.redhat.com/show_bug.cgi?id=1319403 [ 4 ] Bug #1177198 - [abrt] ibus-chewing: XGetKeyboardControl(): ibus-engine-chewing killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1177198 [ 5 ] Bug #1182813 - ibus-chewing crashes gedit in search box while window out of focus https://bugzilla.redhat.com/show_bug.cgi?id=1182813 -------------------------------------------------------------------------------- ================================================================================ iipsrv-1.0.0-6.0.fc23 (FEDORA-2016-9f67f6b8ab) Light-weight streaming for viewing and zooming of ultra high-resolution images -------------------------------------------------------------------------------- Update Information: Last upstream release -------------------------------------------------------------------------------- ================================================================================ jackson-dataformat-xml-2.5.0-3.fc23 (FEDORA-2016-f2e2b178ea) XML data binding extension for Jackson -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-3720 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1328427 - CVE-2016-3720 jackson-dataformat-xml: XmlMapper is vulnerable to XXE attack https://bugzilla.redhat.com/show_bug.cgi?id=1328427 -------------------------------------------------------------------------------- ================================================================================ kernel-4.4.9-300.fc23 (FEDORA-2016-7d900003e6) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 4.4.9 update contains a number of important fixes across the tree -------------------------------------------------------------------------------- References: [ 1 ] Bug #1332931 - CVE-2016-4482 kernel: information leak in devio.c https://bugzilla.redhat.com/show_bug.cgi?id=1332931 -------------------------------------------------------------------------------- ================================================================================ knot-resolver-1.0.0-0.3.4f463d7.fc23 (FEDORA-2016-efe8c69614) Caching full DNS Resolver -------------------------------------------------------------------------------- Update Information: New package introducing [Knot Resolver](https://www.knot-resolver.cz). The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1321455 - Review Request: knot-resolver - Caching full DNS Resolver https://bugzilla.redhat.com/show_bug.cgi?id=1321455 -------------------------------------------------------------------------------- ================================================================================ libmediainfo-0.7.85-1.fc23 (FEDORA-2016-a819dd2323) Library for supplies technical and tag information about a video or audio file -------------------------------------------------------------------------------- Update Information: Update to 0.7.85. -------------------------------------------------------------------------------- ================================================================================ libreswan-3.17-2.fc23 (FEDORA-2016-0072a30afe) IPsec implementation with IKEv1 and IKEv2 keying protocols -------------------------------------------------------------------------------- Update Information: Resolves: rhbz#1324956 prelink is gone, /etc/prelink.conf.d/* is no longer used -------------------------------------------------------------------------------- References: [ 1 ] Bug #1324956 - prelink is gone, /etc/prelink.conf.d/* is no longer used https://bugzilla.redhat.com/show_bug.cgi?id=1324956 -------------------------------------------------------------------------------- ================================================================================ libvirt-1.2.18.3-1.fc23 (FEDORA-2016-d28ee2f99f) Library providing a simple virtualization API -------------------------------------------------------------------------------- Update Information: * Rebased to version 1.2.18.3 * Start network after config-network RPM install (bz #867546) -------------------------------------------------------------------------------- ================================================================================ livecd-tools-23.3-1.fc23 (FEDORA-2016-edcdaedcc0) Tools for building live CDs -------------------------------------------------------------------------------- Update Information: - litd: add the "rw" argument even if there's no "ro" (#1318470) (lkundrak) - Remove everything but LiveOS/ from appended ISO (lzap+git) - support aarch64 (jef199006) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1318470 - failure to mount persistent overlay when booting live USB https://bugzilla.redhat.com/show_bug.cgi?id=1318470 -------------------------------------------------------------------------------- ================================================================================ mediainfo-0.7.85-1.fc23 (FEDORA-2016-a819dd2323) Supplies technical and tag information about a video or audio file (CLI) -------------------------------------------------------------------------------- Update Information: Update to 0.7.85. -------------------------------------------------------------------------------- ================================================================================ mod_intercept_form_submit-1.0.1-1.fc23 (FEDORA-2016-ee5bc0d903) Apache module to intercept login form submission and run PAM authentication -------------------------------------------------------------------------------- Update Information: Rebase to upstream version 1.0.1 to bring in InterceptGETOnSuccess. -------------------------------------------------------------------------------- ================================================================================ mod_lookup_identity-0.9.4-1.fc23 (FEDORA-2016-51df7627aa) Apache module to retrieve additional information about the authenticated user -------------------------------------------------------------------------------- Update Information: Rebase to mod_lookup_identity 0.9.4 to bring in the LookupOutput headers and LookupOutput headers-base64 functionality. -------------------------------------------------------------------------------- ================================================================================ mu-0.2-1.fc23 (FEDORA-2016-df7569952d) A simple Python editor for micro:bit -------------------------------------------------------------------------------- Update Information: Updates to 0.2 release -------------------------------------------------------------------------------- ================================================================================ perl-Inline-Struct-0.23-1.fc23 (FEDORA-2016-5c9229a81d) Manipulate C structures directly from Perl -------------------------------------------------------------------------------- Update Information: This release makes tests more portable. -------------------------------------------------------------------------------- ================================================================================ perl-Tree-Simple-1.28-1.fc23 (FEDORA-2016-74d045e2e1) Tree::Simple Perl module -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ================================================================================ php-Analog-1.0.7-2.fc23 (FEDORA-2016-363c3ba769) PHP micro logging package -------------------------------------------------------------------------------- Update Information: Add autoloader, thanks to Remi ---- Last upstream release PHP7 compatible -------------------------------------------------------------------------------- ================================================================================ pidgin-sipe-1.21.0-2.fc23 (FEDORA-2016-e9f5dab2ab) Pidgin protocol plugin to connect to MS Office Communicator -------------------------------------------------------------------------------- Update Information: add patch to fix configure failure on F23+ x86_64 (bz #1333438) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1333438 - 1.21.0-1.fc23 lost ability to make calls and video https://bugzilla.redhat.com/show_bug.cgi?id=1333438 -------------------------------------------------------------------------------- ================================================================================ python-gnupg-0.3.8-2.fc23 (FEDORA-2016-f3dfb669b4) A wrapper for the Gnu Privacy Guard (GPG or GnuPG) -------------------------------------------------------------------------------- Update Information: Fix provides and obsoletes ---- Version 0.3.8. This update also introduce the python3- package for the releases that support it. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1305346 - python-gnupg 0.3.8 has been released https://bugzilla.redhat.com/show_bug.cgi?id=1305346 [ 2 ] Bug #1332704 - python2-gnupg does not seem to provide python-gnupg https://bugzilla.redhat.com/show_bug.cgi?id=1332704 -------------------------------------------------------------------------------- ================================================================================ python-multi_key_dict-2.0.3-1.fc23 (FEDORA-2016-91b1ad071d) Multi-key dictionary implementation in Python -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1325452 - Review Request: python-multi_key_dict - Multi-key dictionary implementation in Python https://bugzilla.redhat.com/show_bug.cgi?id=1325452 -------------------------------------------------------------------------------- ================================================================================ python-osrf-pycommon-0.1.2-1.fc23 (FEDORA-2016-4b1af78765) Commonly needed Python modules used by software developed at OSRF -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1328350 - Review Request: python-osrf-pycommon - Commonly needed Python modules used by software developed at OSRF https://bugzilla.redhat.com/show_bug.cgi?id=1328350 -------------------------------------------------------------------------------- ================================================================================ python3-bsddb3-6.2.0-1.fc23 (FEDORA-2016-12c32e1ecf) Python 3 bindings for BerkleyDB -------------------------------------------------------------------------------- Update Information: Update to version 6.2.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1329440 - python3-bsddb3-6.2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1329440 -------------------------------------------------------------------------------- ================================================================================ rubygem-font-awesome-rails-4.6.2.0-1.fc23 (FEDORA-2016-be9341f3b7) An asset gemification of the font-awesome icon font library -------------------------------------------------------------------------------- Update Information: Update to 4.6.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1333213 - fontawesome-fonts-v4.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1333213 -------------------------------------------------------------------------------- ================================================================================ rubygem-kramdown-1.11.1-1.fc23 (FEDORA-2016-4260d58054) Fast, pure-Ruby Markdown-superset converter -------------------------------------------------------------------------------- Update Information: New version 1.11.1 is released. -------------------------------------------------------------------------------- ================================================================================ scap-security-guide-0.1.29-1.fc23 (FEDORA-2016-2a44222037) Security guidance and baselines in SCAP formats -------------------------------------------------------------------------------- Update Information: - Update to latest upstream SCAP-Security-Guide-0.1.29 release: https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.29 - Do not ship Firefox/DISCLAIMER documentation file since it has been removed in 0.1.29 upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1215277 - Doc locations incorrect in man page https://bugzilla.redhat.com/show_bug.cgi?id=1215277 [ 2 ] Bug #1147277 - ntpd is not a default ntp client since fedora 16 https://bugzilla.redhat.com/show_bug.cgi?id=1147277 -------------------------------------------------------------------------------- ================================================================================ squid-3.5.10-3.fc23 (FEDORA-2016-7edf033fd8) The Squid proxy caching server -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-4051, CVE-2016-4052, CVE-2016-4053, CVE-2016-4054 ---- Security fix for CVE-2016-3947 and CVE-2016-3948 ---- Security fix for CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1329136 - CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: multiple issues in ESI processing https://bugzilla.redhat.com/show_bug.cgi?id=1329136 [ 2 ] Bug #1329126 - CVE-2016-4051 squid: buffer overflow in cachemgr.cgi https://bugzilla.redhat.com/show_bug.cgi?id=1329126 [ 3 ] Bug #1323594 - CVE-2016-3948 squid: denial of service issue in HTTP response processing https://bugzilla.redhat.com/show_bug.cgi?id=1323594 [ 4 ] Bug #1323590 - CVE-2016-3947 squid: buffer overrun in Squid proxy pinger https://bugzilla.redhat.com/show_bug.cgi?id=1323590 -------------------------------------------------------------------------------- ================================================================================ wxGTK3-3.0.2-19.fc23 (FEDORA-2016-d538ea4eb1) GTK port of the wxWidgets GUI library -------------------------------------------------------------------------------- Update Information: Add patch to resolve window sizing issue with gtk 3.19+ -------------------------------------------------------------------------------- ================================================================================ xdg-utils-1.1.1-4.fc23 (FEDORA-2016-b23268e0fc) Basic desktop integration functions -------------------------------------------------------------------------------- Update Information: Pull in upstream fix for xdg-mime to prefer saving values to ~/.config/mimeapps.list (over ~/.local/share/applications/mimeapps.list) -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
