The following Fedora 23 Security updates need testing: Age URL 240 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 197 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 170 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 121 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 121 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 86 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 41 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b8f91621c7 optipng-0.7.6-1.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ff070e8faa imlib2-1.4.9-1.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-286bacdbfb moodle-2.9.6-1.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c9d560e23a pgpdump-0.31-1.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-879977eea0 cacti-0.8.8h-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e1234b65a2 mingw-openssl-1.0.2h-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3b9407940 squid-3.5.10-4.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cf91320535 wordpress-4.5.2-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f36247d441 php-symfony-2.7.13-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9d91338972 kernel-4.5.4-200.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d31c00ca51 gsi-openssh-7.2p2-2.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0cb7475aa6 websvn-2.3.3-13.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9ba53cf8a2 jenkins-1.625.3-4.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e2d635cbf8 dosfstools-3.0.28-3.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5cbcaebaf2 libndp-1.6-1.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ff070e8faa imlib2-1.4.9-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9d91338972 kernel-4.5.4-200.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e2d635cbf8 dosfstools-3.0.28-3.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-728a7def67 pungi-4.0.15-2.fc23 The following builds have been pushed to Fedora 23 updates-testing boinc-client-7.6.22-4.fc23 ceph-0.94.7-2.fc23 cflow-1.5-1.fc23 clusterssh-4.07-1.fc23 dosfstools-3.0.28-3.fc23 golang-github-cockroachdb-cmux-0-0.1.git112f050.fc23 golang-github-dustin-go-humanize-0-0.1.git8929fe9.fc23 golang-github-eapache-queue-1.0.2-0.1.gitded5959.fc23 ipmiutil-2.9.9-1.fc23 jenkins-1.625.3-4.fc23 libndp-1.6-1.fc23 libsolv-0.6.20-2.fc23 owncloud-client-2.2.0-1.fc23 perl-Unicode-LineBreak-2016.003-1.fc23 php-pear-Text-Diff-1.2.1-1.fc23 postfix-3.0.5-1.fc23 pungi-4.0.15-2.fc23 pysvn-1.9.2-1.fc23 python-pycxx-6.2.8-1.fc23 python-rhsm-1.17.2-1.fc23 python-sqlalchemy-1.0.13-1.fc23 qtkeychain-0.6.2-1.fc23 smartmontools-6.5-1.fc23 sombok-2.4.0-2.fc23 subscription-manager-1.17.6-1.fc23 xboard-4.9.0-1.fc23 Details about builds: ================================================================================ boinc-client-7.6.22-4.fc23 (FEDORA-2016-2623b55517) The BOINC client core -------------------------------------------------------------------------------- Update Information: Update to 7.6.22 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1305388 - Please upgrade to 7.6.x which supports open-source OpenCL drivers and GCC 6 https://bugzilla.redhat.com/show_bug.cgi?id=1305388 [ 2 ] Bug #1303070 - boinc-client runs unconfined https://bugzilla.redhat.com/show_bug.cgi?id=1303070 [ 3 ] Bug #1323492 - [abrt] boinc-manager: _g_log_abort(): boincmgr killed by SIGTRAP https://bugzilla.redhat.com/show_bug.cgi?id=1323492 -------------------------------------------------------------------------------- ================================================================================ ceph-0.94.7-2.fc23 (FEDORA-2016-9baf684815) User space components of the Ceph file system -------------------------------------------------------------------------------- Update Information: New minor bugfix upstream version. -------------------------------------------------------------------------------- ================================================================================ cflow-1.5-1.fc23 (FEDORA-2016-40d4aa87a8) Analyzes C files charting control flow within the program -------------------------------------------------------------------------------- Update Information: Update to latest upstream release cflow 1.5. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1336597 - cflow-1.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1336597 -------------------------------------------------------------------------------- ================================================================================ clusterssh-4.07-1.fc23 (FEDORA-2016-0ca7e2366c) Secure concurrent multiple server terminal control -------------------------------------------------------------------------------- Update Information: - Updated to new 4.07 upstream version, attempt to fix rhbz #1025913 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1025913 - clusterssh segfaults when no fonts are installed https://bugzilla.redhat.com/show_bug.cgi?id=1025913 -------------------------------------------------------------------------------- ================================================================================ dosfstools-3.0.28-3.fc23 (FEDORA-2016-e2d635cbf8) Utilities for making and checking MS-DOS FAT filesystems on Linux -------------------------------------------------------------------------------- Update Information: This is an update fixing off-by-2 error leading to corruption in FAT12 ( CVE-2015-8872) and heap-buffer-overflows in read_fat() and get_fat() functions (CVE-2016-4804). -------------------------------------------------------------------------------- ================================================================================ golang-github-cockroachdb-cmux-0-0.1.git112f050.fc23 (FEDORA-2016-6842763379) Connection mux for serving different services on the same port -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1336218 - Review Request: golang-github-cockroachdb-cmux - Connection mux for serving different services on the same port https://bugzilla.redhat.com/show_bug.cgi?id=1336218 -------------------------------------------------------------------------------- ================================================================================ golang-github-dustin-go-humanize-0-0.1.git8929fe9.fc23 (FEDORA-2016-43f5b6f973) Formatters for units to human friendly sizes -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1336217 - Review Request: golang-github-dustin-go-humanize - Formatters for units to human friendly sizes https://bugzilla.redhat.com/show_bug.cgi?id=1336217 -------------------------------------------------------------------------------- ================================================================================ golang-github-eapache-queue-1.0.2-0.1.gitded5959.fc23 (FEDORA-2016-bbf4c57334) Fast golang queue using ring-buffer -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1327254 - Review Request: golang-github-eapache-queue - Fast golang queue using ring-buffer https://bugzilla.redhat.com/show_bug.cgi?id=1327254 -------------------------------------------------------------------------------- ================================================================================ ipmiutil-2.9.9-1.fc23 (FEDORA-2016-dd32662b31) Easy-to-use IPMI server management utilities -------------------------------------------------------------------------------- Update Information: update to ipmiutil-2.9.9 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1017558 - ipmiutil-2.9.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1017558 [ 2 ] Bug #865612 - ipmiutil-2.8.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=865612 [ 3 ] Bug #1318393 - 'yum install ipmiutil' creates /%{_unitdir} instead of service file https://bugzilla.redhat.com/show_bug.cgi?id=1318393 [ 4 ] Bug #1177213 - Mispackaged .so library https://bugzilla.redhat.com/show_bug.cgi?id=1177213 [ 5 ] Bug #1271020 - ipmiutil-2.9.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1271020 -------------------------------------------------------------------------------- ================================================================================ jenkins-1.625.3-4.fc23 (FEDORA-2016-9ba53cf8a2) An extendable open source continuous integration server -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-3721, CVE-2016-3722, CVE-2016-3723, CVE-2016-3724, CVE-2016-3725, CVE-2016-3726, CVE-2016-3727 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1335415 - CVE-2016-3721 jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170) https://bugzilla.redhat.com/show_bug.cgi?id=1335415 [ 2 ] Bug #1335416 - CVE-2016-3722 jenkins: Malicious users with multiple user accounts can prevent other users from logging in (SECURITY-243) https://bugzilla.redhat.com/show_bug.cgi?id=1335416 [ 3 ] Bug #1335417 - CVE-2016-3723 jenkins: Information on installed plugins exposed via API (SECURITY-250) https://bugzilla.redhat.com/show_bug.cgi?id=1335417 [ 4 ] Bug #1335418 - CVE-2016-3724 jenkins: Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration (SECURITY-266) https://bugzilla.redhat.com/show_bug.cgi?id=1335418 [ 5 ] Bug #1335420 - CVE-2016-3725 jenkins: Regular users can trigger download of update site metadata (SECURITY-273) https://bugzilla.redhat.com/show_bug.cgi?id=1335420 [ 6 ] Bug #1335421 - CVE-2016-3726 jenkins: Open redirect to scheme-relative URLs (SECURITY-276) https://bugzilla.redhat.com/show_bug.cgi?id=1335421 [ 7 ] Bug #1335422 - CVE-2016-3727 jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281) https://bugzilla.redhat.com/show_bug.cgi?id=1335422 -------------------------------------------------------------------------------- ================================================================================ libndp-1.6-1.fc23 (FEDORA-2016-5cbcaebaf2) Library for Neighbor Discovery Protocol -------------------------------------------------------------------------------- Update Information: Fix CVE-2016-3698 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1336719 - CVE-2016-3698 libndp: denial of service due to insufficient validation of source of NDP messages [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1336719 -------------------------------------------------------------------------------- ================================================================================ libsolv-0.6.20-2.fc23 (FEDORA-2016-c46a2cafe7) Package dependency solver -------------------------------------------------------------------------------- Update Information: - Backport patch to fix crashing on reading some repos (RHBZ #1318662) - Backport patch to fix installing multilib packages with weak deps (RHBZ #1325471) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1325471 - resolving Supplements: dependencies pull in multilib packages https://bugzilla.redhat.com/show_bug.cgi?id=1325471 [ 2 ] Bug #1318662 - python3 segfault when using python3-dnf-1.1.7 https://bugzilla.redhat.com/show_bug.cgi?id=1318662 -------------------------------------------------------------------------------- ================================================================================ owncloud-client-2.2.0-1.fc23 (FEDORA-2016-120ad26d10) The ownCloud Client -------------------------------------------------------------------------------- Update Information: Updated to 2.2.0 -------------------------------------------------------------------------------- ================================================================================ perl-Unicode-LineBreak-2016.003-1.fc23 (FEDORA-2016-5201db48a5) UAX #14 Unicode Line Breaking Algorithm -------------------------------------------------------------------------------- Update Information: Update to 2016.003. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1321697 - perl-Unicode-LineBreak-2016.003 is available https://bugzilla.redhat.com/show_bug.cgi?id=1321697 -------------------------------------------------------------------------------- ================================================================================ php-pear-Text-Diff-1.2.1-1.fc23 (FEDORA-2016-f8489c9d37) Engine for performing and rendering text diffs -------------------------------------------------------------------------------- Update Information: Update to 1.2.1. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1243619 - php-pear-Text-Diff-1.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1243619 -------------------------------------------------------------------------------- ================================================================================ postfix-3.0.5-1.fc23 (FEDORA-2016-45d5a9a2fb) Postfix Mail Transport Agent -------------------------------------------------------------------------------- Update Information: This is an update fixing two bugs in Milter and header_checks, for details see upstream announcement: http://www.postfix.org/announcements/postfix-3.1.1.html -------------------------------------------------------------------------------- References: [ 1 ] Bug #1336245 - postfix-3.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1336245 -------------------------------------------------------------------------------- ================================================================================ pungi-4.0.15-2.fc23 (FEDORA-2016-728a7def67) Distribution compose tool -------------------------------------------------------------------------------- Update Information: add patch to allow git+https:// urls to work -------------------------------------------------------------------------------- ================================================================================ pysvn-1.9.2-1.fc23 (FEDORA-2016-d90caf9bd7) Pythonic style bindings for Subversion -------------------------------------------------------------------------------- Update Information: Support for subversion 1.9 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1335962 - Update pysvn to the lastest version https://bugzilla.redhat.com/show_bug.cgi?id=1335962 -------------------------------------------------------------------------------- ================================================================================ python-pycxx-6.2.8-1.fc23 (FEDORA-2016-0b0ce376e7) Write Python extensions in C++ -------------------------------------------------------------------------------- Update Information: Version 6.2.8 (10-May-2016) * Fix crash when a member function is called via callMemberFunction() and that function raises an expection. * Found in comment on StackOverFlow. Fix memory size allocated for new objects. It used the wrong size calculation, but was big enough to avoid problems. Version 6.2.7 (28-Apr-2016) * Fix missing ptr__Unicode_Type. * Fixes from learn0more@xxxxxxxxx make python2 also remember the m_module and add accessor functions. * Fix for indirection issues from Vivian De Smedt. * Update to work with latest Microsoft Visual C++ for python 2.7. All test run in Win32 and Win64. * PyCXX.html documention has been updated, especially with 2TO3 information. * Use delete[] for objects allocated with new[]. Version 6.2.6 (04-Jan-2015) * Fix build issue with GCC 4.2.1 on FreeBSD and Mac OS X (stop python defining isspace as a macro). * Remove support for python 3.1 (API's are unstable). * Add Python 3.3 support. * Patch from Michael Droettboom to fix compilation issues. * Patch from Michael Droettboom to add buffer interface for python3. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1335953 - Update python-pycxx to latest version to pick up bug fixes https://bugzilla.redhat.com/show_bug.cgi?id=1335953 -------------------------------------------------------------------------------- ================================================================================ python-rhsm-1.17.2-1.fc23 (FEDORA-2016-0c686d81f4) A Python library to communicate with a Red Hat Unified Entitlement Platform -------------------------------------------------------------------------------- Update Information: Minor bug fixes. -------------------------------------------------------------------------------- ================================================================================ python-sqlalchemy-1.0.13-1.fc23 (FEDORA-2016-067bd0d5fd) Modular and flexible ORM library for python -------------------------------------------------------------------------------- Update Information: This update contains a new upstream bugfix release. The upstream [changelog](http://www.sqlalchemy.org/changelog/CHANGES_1_0_13) contains a list of all changes in version 1.0.13. -------------------------------------------------------------------------------- ================================================================================ qtkeychain-0.6.2-1.fc23 (FEDORA-2016-8c2f242042) A password store library -------------------------------------------------------------------------------- Update Information: Update to 0.6.2 -------------------------------------------------------------------------------- ================================================================================ smartmontools-6.5-1.fc23 (FEDORA-2016-bf3b957d34) Tools for monitoring SMART capable hard disks -------------------------------------------------------------------------------- Update Information: - smartmontools updated to 6.5 - smartctl '-i', '-c', '-H' and '-l error': NVMe support. - smartctl '-l nvmelog': New option for NVMe. - smartd.conf '-H', '-l error' and '-W': NVMe support. - Optional NVMe device scanning support on Linux and Windows. - configure option '--with-nvme-devicescan' to include NVMe in default device scanning result. - Device scanning now allows to specify multiple '-d TYPE' options. - ATA: Added new POWER MODE values introduced in ATA ACS-2. - ATA: SCT commands are no longer issued if ATA Security is locked. - SCSI: LB provisioning improvements. - SCSI: Fixed GLTSD bit set/cleared info messages. - SCSI: Solid State media log page is no longer checked for tapes. - SCSI: Improved handling when no tape cartridge in drive. - SCSI: Workaround for buggy Seagate firmware. - SAT: Improved heuristics to detect bogus sense data from SAT layer. - smartd: Fixed crash on missing argument to '-s' directive. - update- smart-drivedb: Now uses HTTPS for download by default. - update-smart-drivedb: New options to select URL and download tool. - update-smart-drivedb: New download tool 'svn'. - configure option '--without-update-smart-drivedb' to disable update-smart-drivedb script. - Drive database file now also includes the DEFAULT setting for each attribute. - HDD, SSD and USB additions to drive database. -------------------------------------------------------------------------------- ================================================================================ sombok-2.4.0-2.fc23 (FEDORA-2016-b39493a072) Unicode Text Segmentation Package -------------------------------------------------------------------------------- Update Information: Update to 2.4.0. -------------------------------------------------------------------------------- ================================================================================ subscription-manager-1.17.6-1.fc23 (FEDORA-2016-0c686d81f4) Tools and libraries for subscription and repository management -------------------------------------------------------------------------------- Update Information: Minor bug fixes. -------------------------------------------------------------------------------- ================================================================================ xboard-4.9.0-1.fc23 (FEDORA-2016-7d757e5c11) An X Window System graphical chessboard -------------------------------------------------------------------------------- Update Information: Rebuilt for new upstream version + fixes deps, fixes rhbz #1336257 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1336257 - xboard-4.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1336257 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
