The following Fedora 23 Security updates need testing: Age URL 238 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 196 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 169 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 120 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 119 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 84 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 39 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b8f91621c7 optipng-0.7.6-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ff070e8faa imlib2-1.4.9-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-286bacdbfb moodle-2.9.6-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c9d560e23a pgpdump-0.31-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-879977eea0 cacti-0.8.8h-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e1234b65a2 mingw-openssl-1.0.2h-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3b9407940 squid-3.5.10-4.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cf91320535 wordpress-4.5.2-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f36247d441 php-symfony-2.7.13-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9d91338972 kernel-4.5.4-200.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d31c00ca51 gsi-openssh-7.2p2-2.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0cb7475aa6 websvn-2.3.3-13.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 26 https://bodhi.fedoraproject.org/updates/FEDORA-2016-88778482ea lorax-23.21-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ff070e8faa imlib2-1.4.9-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9d91338972 kernel-4.5.4-200.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e5b72fe554 firefox-46.0.1-4.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-68136b911f wpa_supplicant-2.4-8.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-05d4c87988 bind-9.10.3-13.P4.fc23 The following builds have been pushed to Fedora 23 updates-testing Lmod-6.3.4-1.fc23 bind-9.10.3-13.P4.fc23 cdbs-0.4.131-1.fc23 certbot-0.6.0-2.fc23 distro-info-data-0.29-1.fc23 empathy-3.12.12-1.fc23 firefox-46.0.1-4.fc23 getmail-4.49.0-1.fc23 ginac-1.6.7-1.fc23 gsi-openssh-7.2p2-2.fc23 kea-1.0.0-9.fc23 koji-containerbuild-0.6.1-1.3.fc23 libstoragemgmt-1.3.1-2.fc23 liquibase-3.5.1-1.fc23 lirc-0.9.3a-4.fc23 mod_auth_cas-1.1-0.2.rc3.fc23 mtr-0.85-8.fc23 mycli-1.7.0-1.fc23 ocaml-camomile-0.8.5-16.fc23 openclonk-7.0-3.fc23 openocd-0.9.0-4.fc23 perl-HTML-StripScripts-1.06-1.fc23 postgresql-9.4.8-1.fc23 pyparsing-2.1.3-1.fc23 python-acme-0.6.0-1.fc23 python-sphinx-theme-alabaster-0.7.8-1.fc23 qt-virt-manager-0.27.50-3.fc23 recoll-1.21.7-1.fc23 rubygem-review-2.0.0-2.fc23 skylable-sx-2.1-1.fc23 sssd-1.13.4-3.fc23 websvn-2.3.3-13.fc23 whatsup-1.14-15.fc23 wpa_supplicant-2.4-8.fc23 xen-4.5.3-4.fc23 Details about builds: ================================================================================ Lmod-6.3.4-1.fc23 (FEDORA-2016-97f222e0f2) Environmental Modules System in Lua -------------------------------------------------------------------------------- Update Information: Update to 6.3.4 (fixes bug #1334529) ---- Update to 6.3.1 - protects it from user changes to LUA_PATH and LUA_CPATH by using these values at configuration time. - Fixed bug with Capital Letters in a version string. - Do not overwrite MODULEPATH (bug #1326075) -------------------------------------------------------------------------------- ================================================================================ bind-9.10.3-13.P4.fc23 (FEDORA-2016-05d4c87988) The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server -------------------------------------------------------------------------------- Update Information: - Removed NM dispatcher script, since it is not needed any more (#1277257) - Replaced After=network-online.target with After=network.target in all unit files -------------------------------------------------------------------------------- References: [ 1 ] Bug #1277257 - NetworkManager-wait-online fails on boot when 2 NIC are active https://bugzilla.redhat.com/show_bug.cgi?id=1277257 -------------------------------------------------------------------------------- ================================================================================ cdbs-0.4.131-1.fc23 (FEDORA-2016-9c5b309483) Common build system for Debian packages -------------------------------------------------------------------------------- Update Information: Update to version 0.4.131, see http://ftp- master.metadata.debian.org/changelogs//main/c/cdbs/cdbs_0.4.131_changelog for details. -------------------------------------------------------------------------------- ================================================================================ certbot-0.6.0-2.fc23 (FEDORA-2016-9be4108113) A free, automated certificate authority client -------------------------------------------------------------------------------- Update Information: Update python-acme to 0.6.0, add renamed certbot package (formerly letsencrypt) -------------------------------------------------------------------------------- ================================================================================ distro-info-data-0.29-1.fc23 (FEDORA-2016-a0cf3f4776) Information about releases of Debian and Ubuntu (data files) -------------------------------------------------------------------------------- Update Information: Update to 0.29 -------------------------------------------------------------------------------- ================================================================================ empathy-3.12.12-1.fc23 (FEDORA-2016-bcb53b3cf8) Instant Messaging Client for GNOME -------------------------------------------------------------------------------- Update Information: Empathy 3.12.12 release. See https://mail.gnome.org/archives/ftp-release- list/2016-May/msg00066.html for details. -------------------------------------------------------------------------------- ================================================================================ firefox-46.0.1-4.fc23 (FEDORA-2016-e5b72fe554) Mozilla Firefox Web browser -------------------------------------------------------------------------------- Update Information: - Added fix for rhbz#1332821 - Crash on "Select" in "Open with" dialog - Added patch for rhbz#1332875 - new Samba auth reponse - Disable dark theme until we support it correctly (mozbz#1216658) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1332875 - After Samba upgrade to 4.3.8, automatic NTLM auth stops working https://bugzilla.redhat.com/show_bug.cgi?id=1332875 [ 2 ] Bug #1332821 - Crash on "Select" in "Open with" dialog https://bugzilla.redhat.com/show_bug.cgi?id=1332821 -------------------------------------------------------------------------------- ================================================================================ getmail-4.49.0-1.fc23 (FEDORA-2016-3cd38a9785) POP3, IMAP4 and SDPS mail retriever with Maildir delivery -------------------------------------------------------------------------------- Update Information: Update to 4.49.0 release -------------------------------------------------------------------------------- ================================================================================ ginac-1.6.7-1.fc23 (FEDORA-2016-3ec39ff457) C++ library for symbolic calculations -------------------------------------------------------------------------------- Update Information: Bugfix update. -------------------------------------------------------------------------------- ================================================================================ gsi-openssh-7.2p2-2.fc23 (FEDORA-2016-d31c00ca51) An implementation of the SSH protocol with GSI authentication -------------------------------------------------------------------------------- Update Information: Sync with openssh -------------------------------------------------------------------------------- References: [ 1 ] Bug #1328431 - CVE-2015-8325 gsi-openssh: openssh: privilege escalation via user's PAM environment and UseLogin=yes [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1328431 -------------------------------------------------------------------------------- ================================================================================ kea-1.0.0-9.fc23 (FEDORA-2016-aee0c72dab) DHCPv4, DHCPv6 and DDNS server from ISC -------------------------------------------------------------------------------- Update Information: kea-devel now requires boost-devel -------------------------------------------------------------------------------- References: [ 1 ] Bug #1335900 - kea-devel: missing requirement https://bugzilla.redhat.com/show_bug.cgi?id=1335900 -------------------------------------------------------------------------------- ================================================================================ koji-containerbuild-0.6.1-1.3.fc23 (FEDORA-2016-de5e61d765) Koji support for building layered container images -------------------------------------------------------------------------------- Update Information: Properly handle log uploads with popen patch. ---- Fix popen patch for osbs cmd to continue working around pycurl bug. -------------------------------------------------------------------------------- ================================================================================ libstoragemgmt-1.3.1-2.fc23 (FEDORA-2016-86bab5f96c) Storage array management library -------------------------------------------------------------------------------- Update Information: Update to upstream 1.3.1 -------------------------------------------------------------------------------- ================================================================================ liquibase-3.5.1-1.fc23 (FEDORA-2016-6db2ea6a01) Database Refactoring Tool -------------------------------------------------------------------------------- Update Information: Provides upstream release of Liquibase 3.5.1 -------------------------------------------------------------------------------- ================================================================================ lirc-0.9.3a-4.fc23 (FEDORA-2016-4a5e563396) The Linux Infrared Remote Control package -------------------------------------------------------------------------------- Update Information: Bugfix release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1319344 - man-pages updated package conflicts with lirc https://bugzilla.redhat.com/show_bug.cgi?id=1319344 -------------------------------------------------------------------------------- ================================================================================ mod_auth_cas-1.1-0.2.rc3.fc23 (FEDORA-2016-745af9f14c) Apache 2.2/2.4 compliant module that supports the CASv1 and CASv2 protocols -------------------------------------------------------------------------------- Update Information: Upstream 1.1 RC3 - Support added for httpd 2.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1177042 - mod_auth_cas missing in EPEL7 https://bugzilla.redhat.com/show_bug.cgi?id=1177042 -------------------------------------------------------------------------------- ================================================================================ mtr-0.85-8.fc23 (FEDORA-2016-5611ba3482) A network diagnostic tool -------------------------------------------------------------------------------- Update Information: Fix high CPU usage when mtr is paused. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1300309 - High cpu usage when pause https://bugzilla.redhat.com/show_bug.cgi?id=1300309 -------------------------------------------------------------------------------- ================================================================================ mycli-1.7.0-1.fc23 (FEDORA-2016-e3d06ee000) Interactive CLI for MySQL Database with auto-completion and syntax highlighting -------------------------------------------------------------------------------- Update Information: Update to latest upstream release mycli 1.7.0. -------------------------------------------------------------------------------- ================================================================================ ocaml-camomile-0.8.5-16.fc23 (FEDORA-2016-981aaab326) Unicode library for OCaml -------------------------------------------------------------------------------- Update Information: Base package should depend on -data, not other way round (RHBZ#1336000). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1336000 - ocaml-camomile is out fo date, won't install https://bugzilla.redhat.com/show_bug.cgi?id=1336000 -------------------------------------------------------------------------------- ================================================================================ openclonk-7.0-3.fc23 (FEDORA-2016-4ce3af54eb) Multiplayer action, tactics and skill game -------------------------------------------------------------------------------- Update Information: - New package (bz#1334059) -------------------------------------------------------------------------------- ================================================================================ openocd-0.9.0-4.fc23 (FEDORA-2016-418faaba64) Debugging, in-system programming and boundary-scan testing for embedded devices -------------------------------------------------------------------------------- Update Information: Fix wrong udev rules -------------------------------------------------------------------------------- References: [ 1 ] Bug #1177996 - Wrong udev rules https://bugzilla.redhat.com/show_bug.cgi?id=1177996 -------------------------------------------------------------------------------- ================================================================================ perl-HTML-StripScripts-1.06-1.fc23 (FEDORA-2016-0e68c6fa4b) Strip scripting constructs out of HTML -------------------------------------------------------------------------------- Update Information: Various bugfixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1335524 - perl-HTML-StripScripts-1.06 is available https://bugzilla.redhat.com/show_bug.cgi?id=1335524 -------------------------------------------------------------------------------- ================================================================================ postgresql-9.4.8-1.fc23 (FEDORA-2016-5b927cef55) PostgreSQL client programs -------------------------------------------------------------------------------- Update Information: update to 9.4.8 per release notes http://www.postgresql.org/docs/9.4/static/release-9-4-8.html -------------------------------------------------------------------------------- ================================================================================ pyparsing-2.1.3-1.fc23 (FEDORA-2016-18a3d6f03a) Python package with an object-oriented approach to text processing -------------------------------------------------------------------------------- Update Information: Update to the latest stable release. This is a minor update to fix some bugs that were found after 2.1.1 release and since 2.1.2 fixes were incomplete. The list of changes since 2.1.1 is: * Fixed catastrophic regex backtracking in implementation of the quoted string expressions (`dblQuotedString`, `sglQuotedString`, and `quotedString`); * Fixed bug in `_trim_arity` when pyparsing code is included in a `PyInstaller`. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1335135 - pyparsing-2.1.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1335135 -------------------------------------------------------------------------------- ================================================================================ python-acme-0.6.0-1.fc23 (FEDORA-2016-9be4108113) Python library for the ACME protocol -------------------------------------------------------------------------------- Update Information: Update python-acme to 0.6.0, add renamed certbot package (formerly letsencrypt) -------------------------------------------------------------------------------- ================================================================================ python-sphinx-theme-alabaster-0.7.8-1.fc23 (FEDORA-2016-7994b9987f) Configurable sidebar-enabled Sphinx theme -------------------------------------------------------------------------------- Update Information: Update to 0.7.8 (#1334952) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1334952 - Update to 0.7.8, branch for EPEL7 https://bugzilla.redhat.com/show_bug.cgi?id=1334952 -------------------------------------------------------------------------------- ================================================================================ qt-virt-manager-0.27.50-3.fc23 (FEDORA-2016-1f5e4c3c49) Qt Virtual Machine Manager -------------------------------------------------------------------------------- Update Information: version 0.27.50 - - Qt5 only -------------------------------------------------------------------------------- ================================================================================ recoll-1.21.7-1.fc23 (FEDORA-2016-27f6dc7b4a) Desktop full text search tool with Qt GUI -------------------------------------------------------------------------------- Update Information: Update to latest upstream release to fix a crash in the graphical interface. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1334284 - [abrt] recoll: QObject::disconnect(): recoll killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1334284 -------------------------------------------------------------------------------- ================================================================================ rubygem-review-2.0.0-2.fc23 (FEDORA-2016-b34cc05a11) Flexible document format/conversion system -------------------------------------------------------------------------------- Update Information: - Fix rubygem(rubyzip) version required ---- - Update to 2.0.0 - Fix rubygem(rubyzip) version required -------------------------------------------------------------------------------- ================================================================================ skylable-sx-2.1-1.fc23 (FEDORA-2016-48128b9b10) A reliable and scalable storage cluster -------------------------------------------------------------------------------- Update Information: new upstream release SX 2.1 -------------------------------------------------------------------------------- ================================================================================ sssd-1.13.4-3.fc23 (FEDORA-2016-a719a2f0c9) System Security Services Daemon -------------------------------------------------------------------------------- Update Information: Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV -------------------------------------------------------------------------------- References: [ 1 ] Bug #1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1335639 -------------------------------------------------------------------------------- ================================================================================ websvn-2.3.3-13.fc23 (FEDORA-2016-0cb7475aa6) Online subversion repository browser -------------------------------------------------------------------------------- Update Information: Fix for CVE-2016-1236. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1333681 - CVE-2016-1236 websvn: XSS vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1333681 -------------------------------------------------------------------------------- ================================================================================ whatsup-1.14-15.fc23 (FEDORA-2016-e1b049058f) Node up/down detection utility -------------------------------------------------------------------------------- Update Information: Rebuild for new opensm. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1331290 - Please rebuild whatsup for Fedora23 https://bugzilla.redhat.com/show_bug.cgi?id=1331290 -------------------------------------------------------------------------------- ================================================================================ wpa_supplicant-2.4-8.fc23 (FEDORA-2016-68136b911f) WPA/WPA2/IEEE 802.1X Supplicant -------------------------------------------------------------------------------- Update Information: This update fixes another instance of crashes from bug #1231973. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1231973 - [abrt] wpa_supplicant: __strcmp_sse2_unaligned(): wpa_supplicant killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1231973 -------------------------------------------------------------------------------- ================================================================================ xen-4.5.3-4.fc23 (FEDORA-2016-beba065b97) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: create link to /usr/bin/qemu-system-i386 from /usr/lib/xen/bin for back compatibility and for virt-manager, cleaner fix for XSA-179 on qemu-xen- traditional -------------------------------------------------------------------------------- References: [ 1 ] Bug #1334554 - Provide back compat /usr/lib/xen/bin/qemu-system-i386 https://bugzilla.redhat.com/show_bug.cgi?id=1334554 [ 2 ] Bug #1299745 - /usr/lib/xen/bin/qemu-system-i386 missing https://bugzilla.redhat.com/show_bug.cgi?id=1299745 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
