The following Fedora 23 Security updates need testing: Age URL 255 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 212 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 185 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 136 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 135 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 100 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 55 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b8f91621c7 optipng-0.7.6-1.fc23 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3b9407940 squid-3.5.10-4.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d9dbd6d339 openslp-2.0.0-8.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-06f1572324 kernel-4.5.5-201.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d94300845b compat-nettle27-2.7.1-2.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-396403ec02 roundcubemail-1.2.0-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d3fe9914b xen-4.5.3-6.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-de6e26b8aa gd-2.1.1-6.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7a878ed298 GraphicsMagick-1.3.24-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ea323bd6cf nginx-1.8.1-3.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-728a7def67 pungi-4.0.15-2.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d9dbd6d339 openslp-2.0.0-8.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-06f1572324 kernel-4.5.5-201.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7d2670c9ec nss-util-3.24.0-1.0.fc23 nss-softokn-3.24.0-1.0.fc23 nss-3.24.0-1.1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1d6ecc3f3 findutils-4.5.16-2.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-de6e26b8aa gd-2.1.1-6.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-807ec5d5cf mesa-11.1.0-3.20151218.fc23 The following builds have been pushed to Fedora 23 updates-testing GraphicsMagick-1.3.24-1.fc23 beep-1.3-16.fc23 certbot-0.7.0-1.fc23 composer-1.1.2-1.fc23 findutils-4.5.16-2.fc23 fldigi-3.23.10-1.fc23 gd-2.1.1-6.fc23 keycloak-httpd-client-install-0.3-1.fc23 nginx-1.8.1-3.fc23 nss-3.24.0-1.1.fc23 nss-softokn-3.24.0-1.0.fc23 nss-util-3.24.0-1.0.fc23 perl-Date-Manip-6.54-1.fc23 php-nette-database-2.3.9-1.fc23 php-nette-forms-2.3.9-1.fc23 python-acme-0.7.0-1.fc23 qt5-qtdeclarative-5.6.0-11.fc23 rpmgrill-0.28-1.fc23 salt-2015.5.10-2.fc23 seafile-5.1.2-3.fc23 strace-4.12-1.fc23 ti-uim-0-0.4.a0236bc.fc23 Details about builds: ================================================================================ GraphicsMagick-1.3.24-1.fc23 (FEDORA-2016-7a878ed298) An ImageMagick fork, offering faster image generation and better quality -------------------------------------------------------------------------------- Update Information: New GraphicsMagick bugfix/security release, see also: http://www.graphicsmagick.org/NEWS.html#may-30-2016 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1306148 - CVE-2016-2317 CVE-2016-2318 GraphicsMagick: SVG parsing issues https://bugzilla.redhat.com/show_bug.cgi?id=1306148 [ 2 ] Bug #1333410 - GraphicsMagick: SVG converting issues https://bugzilla.redhat.com/show_bug.cgi?id=1333410 [ 3 ] Bug #1340814 - CVE-2016-5118 ImageMagick: Remote code execution via filename https://bugzilla.redhat.com/show_bug.cgi?id=1340814 -------------------------------------------------------------------------------- ================================================================================ beep-1.3-16.fc23 (FEDORA-2016-5aa5d3a2f1) Beep the PC speaker any number of ways -------------------------------------------------------------------------------- Update Information: `beep-1.3-16.fc*` adds documentation and helping files for non-root users to run `beep` successfully. This includes: * Updated documentation in `/usr/share/doc/beep/README.fedora` which explains the `sudo` based setup. * Example _sudoers_ configuration file at `/etc/sudoers.d/beep` which the system admin must adapt for their local system's needs. * Shell aliases for `beep` to allow non-root users to run `beep` from the shell via `sudo -n`, for both _sh_ and _csh_ type shells. If you do not set up _sudoers_, the behaviour of `beep` is the same: As root, running `beep` beeps. As non-root user, running `beep` produces an error message. The error message is just a different one now, produced by `sudo`. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1133231 - beep only works for root https://bugzilla.redhat.com/show_bug.cgi?id=1133231 -------------------------------------------------------------------------------- ================================================================================ certbot-0.7.0-1.fc23 (FEDORA-2016-f8b0f2e872) A free, automated certificate authority client -------------------------------------------------------------------------------- Update Information: Update to 0.7.0 -------------------------------------------------------------------------------- ================================================================================ composer-1.1.2-1.fc23 (FEDORA-2016-502bcc6ac3) Dependency Manager for PHP -------------------------------------------------------------------------------- Update Information: **Version 1.1.2** - 2016-05-31 * Fixed degraded mode issue when accessing packagist.org * Fixed GitHub access_token being added on subsequent requests in case of redirections * Fixed exclude-from-classmap not working in some circumstances * Fixed openssl warning preventing the use of config command for disabling tls -------------------------------------------------------------------------------- ================================================================================ findutils-4.5.16-2.fc23 (FEDORA-2016-c1d6ecc3f3) The GNU versions of find utilities (find and xargs) -------------------------------------------------------------------------------- Update Information: - make sure that find -exec + passes all arguments (upstream bug #48030) -------------------------------------------------------------------------------- ================================================================================ fldigi-3.23.10-1.fc23 (FEDORA-2016-cb28bc0604) Digital modem program for Linux -------------------------------------------------------------------------------- Update Information: =Version 3.23.10= 2016-05-23 David Freese <iam_w1hkj@xxxxxxxxx> 33ad2e6: logger c184758: Restore focus af25ef7: RsID button ae93f9c: flmsg keepalive 5b367fb: 4bars b4b8df4: ASCII ctl chars 759e6cf: Suppress dockable macros 065ead7: Packet Prep 2016-04-13 Edouard Lafargue W6ELA <edouard@xxxxxxxxxxxxx> 505c8b3: Portaudio Mono 2016-04-13 David Freese <iam_w1hkj@xxxxxxxxx> 68d9b32: FSQ message files 2016-04-12 Robert Stiles <kk5vd@xxxxxxxxx> 4ab48d4: KISS, 8PSK, FLARQ icon Modifications 2016-04-12 David Freese <iam_w1hkj@xxxxxxxxx> 76ab77c: FLARQ 9c04f07: focus behavior 2a3f4d4: PTT delays -------------------------------------------------------------------------------- References: [ 1 ] Bug #1314945 - fldigi-3.23.10.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1314945 -------------------------------------------------------------------------------- ================================================================================ gd-2.1.1-6.fc23 (FEDORA-2016-de6e26b8aa) A graphics library for quick creation of PNG or JPEG images -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-8877 --- Security fix for CVE-2016-5116 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1338907 - CVE-2015-8877 gd: gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches https://bugzilla.redhat.com/show_bug.cgi?id=1338907 [ 2 ] Bug #1340856 - CVE-2016-5116 gd: Information leak due to stack overflow in gdCtxPrintf https://bugzilla.redhat.com/show_bug.cgi?id=1340856 -------------------------------------------------------------------------------- ================================================================================ keycloak-httpd-client-install-0.3-1.fc23 (FEDORA-2016-e46be78900) Tools to configure Apache HTTPD as Keycloak client -------------------------------------------------------------------------------- Update Information: Initial upstream release -------------------------------------------------------------------------------- ================================================================================ nginx-1.8.1-3.fc23 (FEDORA-2016-ea323bd6cf) A high performance web server and reverse proxy server -------------------------------------------------------------------------------- Update Information: fix CVE-2016-4450 ---- update to upstream release 1.8.1 to fix CVE-2016-4450 -------------------------------------------------------------------------------- ================================================================================ nss-3.24.0-1.1.fc23 (FEDORA-2016-7d2670c9ec) Network Security Services -------------------------------------------------------------------------------- Update Information: Updates the nss family of packages to upstream NSS 3.24. For details about new functionality and a list of bugs fixed in this release please see the upstream releases notes https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/NSS_3.24_release_notes -------------------------------------------------------------------------------- ================================================================================ nss-softokn-3.24.0-1.0.fc23 (FEDORA-2016-7d2670c9ec) Network Security Services Softoken Module -------------------------------------------------------------------------------- Update Information: Updates the nss family of packages to upstream NSS 3.24. For details about new functionality and a list of bugs fixed in this release please see the upstream releases notes https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/NSS_3.24_release_notes -------------------------------------------------------------------------------- ================================================================================ nss-util-3.24.0-1.0.fc23 (FEDORA-2016-7d2670c9ec) Network Security Services Utilities Library -------------------------------------------------------------------------------- Update Information: Updates the nss family of packages to upstream NSS 3.24. For details about new functionality and a list of bugs fixed in this release please see the upstream releases notes https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/NSS_3.24_release_notes -------------------------------------------------------------------------------- ================================================================================ perl-Date-Manip-6.54-1.fc23 (FEDORA-2016-18037c8b70) Date manipulation routines -------------------------------------------------------------------------------- Update Information: Rebase to upstream version 6.54. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1341373 - perl-Date-Manip-6.54 is available https://bugzilla.redhat.com/show_bug.cgi?id=1341373 -------------------------------------------------------------------------------- ================================================================================ php-nette-database-2.3.9-1.fc23 (FEDORA-2016-2d6ba9f446) Nette Database Component -------------------------------------------------------------------------------- Update Information: **Released version 2.3.9** * Helpers::detectType() detects DATERANGE as text * Structure::analyzeForeignKeys() fixed lowercased name #122 -------------------------------------------------------------------------------- ================================================================================ php-nette-forms-2.3.9-1.fc23 (FEDORA-2016-7b761b9090) Nette Forms: greatly facilitates web forms -------------------------------------------------------------------------------- Update Information: **Released version 2.3.9** * UploadControl: added isOK() * Helpers::exportRules() skips empty branches * netteForms.js: Nette.noInit = true disables auto initialization -------------------------------------------------------------------------------- ================================================================================ python-acme-0.7.0-1.fc23 (FEDORA-2016-f8b0f2e872) Python library for the ACME protocol -------------------------------------------------------------------------------- Update Information: Update to 0.7.0 -------------------------------------------------------------------------------- ================================================================================ qt5-qtdeclarative-5.6.0-11.fc23 (FEDORA-2016-e78000fedc) Qt5 - QtDeclarative component -------------------------------------------------------------------------------- Update Information: Include upstream workaround for a common crash condition. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1259472 - [abrt] plasma-workspace: KCrash::defaultCrashHandler(int)(): kscreenlocker_greet killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1259472 -------------------------------------------------------------------------------- ================================================================================ rpmgrill-0.28-1.fc23 (FEDORA-2016-c3b7e4bbb1) A utility for catching problems in koji builds -------------------------------------------------------------------------------- Update Information: New release fixing two important bugs. bz1202634: fixes fetch-build has a hardcoded koji URL -------------------------------------------------------------------------------- References: [ 1 ] Bug #1202634 - fetch-build has a hardcoded koji URL https://bugzilla.redhat.com/show_bug.cgi?id=1202634 -------------------------------------------------------------------------------- ================================================================================ salt-2015.5.10-2.fc23 (FEDORA-2016-52cfe0e708) A parallel remote execution system -------------------------------------------------------------------------------- Update Information: Updated patch ---- Update to bugfix release 2015.5.10 -------------------------------------------------------------------------------- ================================================================================ seafile-5.1.2-3.fc23 (FEDORA-2016-fe49e1df99) Cloud storage cli client -------------------------------------------------------------------------------- Update Information: Initial commit -------------------------------------------------------------------------------- ================================================================================ strace-4.12-1.fc23 (FEDORA-2016-ce2e684467) Tracks and displays system calls associated with a running process -------------------------------------------------------------------------------- Update Information: v4.11 -> v4.12. -------------------------------------------------------------------------------- ================================================================================ ti-uim-0-0.4.a0236bc.fc23 (FEDORA-2016-88e1b5edea) Texas Instruments User Mode Init manager -------------------------------------------------------------------------------- Update Information: Latest git snapshot -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
