The following Fedora 23 Security updates need testing: Age URL 257 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 214 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 187 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 138 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 137 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 102 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 57 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b8f91621c7 optipng-0.7.6-1.fc23 22 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3b9407940 squid-3.5.10-4.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d9dbd6d339 openslp-2.0.0-8.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-396403ec02 roundcubemail-1.2.0-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7a878ed298 GraphicsMagick-1.3.24-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ea323bd6cf nginx-1.8.1-3.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6a0d540088 docker-1.10.3-24.gitf476348.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1faf6005c kernel-4.5.6-200.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-89e0874533 ntp-4.2.6p5-41.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b2dfb591cd glibc-2.22-17.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 16 https://bodhi.fedoraproject.org/updates/FEDORA-2016-728a7def67 pungi-4.0.15-2.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d9dbd6d339 openslp-2.0.0-8.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b2dfb591cd glibc-2.22-17.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-db48cd10e9 nss-3.24.0-1.2.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e0d521a0da glib2-2.46.2-2.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1faf6005c kernel-4.5.6-200.fc23 The following builds have been pushed to Fedora 23 updates-testing abi-tracker-1.7-1.fc23 cmake-3.4.3-1.fc23 fedpkg-1.23-2.fc23 glib2-2.46.2-2.fc23 glibc-2.22-17.fc23 ibus-libzhuyin-1.7.7-1.fc23 kernel-4.5.6-200.fc23 kmod-22-4.fc23 libxkbcommon-0.6.1-1.fc23 mkvtoolnix-9.2.0-1.fc23 nodejs-rhea-0.1.3-1.fc23 nss-3.24.0-1.2.fc23 ntp-4.2.6p5-41.fc23 pam_wrapper-1.0.2-1.fc23 php-composer-semver-1.4.1-1.fc23 php-icewind-streams-0.4.1-1.fc23 php-justinrainbow-json-schema-2.0.5-1.fc23 php-nette-utils-2.3.9-1.fc23 pyp2rpm-3.1.1-1.fc23 python-gnupg-0.3.8-3.fc23 python-libcnml-0.9.4-2.fc23 python-netdiff-0.4.7-2.fc23 python-requests-2.10.0-2.fc23 python-responses-0.5.1-2.fc23 python-urllib3-1.15.1-3.fc23 qt5ct-0.24-1.fc23 resolv_wrapper-1.1.4-1.fc23 rpkg-1.44-1.fc23 scim-1.4.17-1.fc23 setroubleshoot-3.3.8.1-1.fc23 skopeo-0.1.13-1.fc23 socket_wrapper-1.1.7-1.fc23 Details about builds: ================================================================================ abi-tracker-1.7-1.fc23 (FEDORA-2016-0eec5efa69) Tool to visualize ABI changes timeline of a C/C++ library -------------------------------------------------------------------------------- Update Information: Added version to the meta data of ABI dumps. Fixed index of libraries. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1340295 - abi-tracker-1.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1340295 -------------------------------------------------------------------------------- ================================================================================ cmake-3.4.3-1.fc23 (FEDORA-2016-d7f570536f) Cross-platform make system -------------------------------------------------------------------------------- Update Information: Update to 3.4.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1342123 - Please update CMake in Fedora 23 from 3.4.1 to 3.4.3 https://bugzilla.redhat.com/show_bug.cgi?id=1342123 -------------------------------------------------------------------------------- ================================================================================ fedpkg-1.23-2.fc23 (FEDORA-2016-47cbb175b0) Fedora utility for working with dist-git -------------------------------------------------------------------------------- Update Information: Move bash completion file to `/usr/share/bash-completion/completions/`. -------------------------------------------------------------------------------- ================================================================================ glib2-2.46.2-2.fc23 (FEDORA-2016-e0d521a0da) A library of handy utility functions -------------------------------------------------------------------------------- Update Information: This update backports a fix for a common memory leak. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1342253 - Backport a patch to fix a memory leak during initialization in GDBusProxy https://bugzilla.redhat.com/show_bug.cgi?id=1342253 -------------------------------------------------------------------------------- ================================================================================ glibc-2.22-17.fc23 (FEDORA-2016-b2dfb591cd) The GNU libc libraries -------------------------------------------------------------------------------- Update Information: This updated addresses a minor security vulnerability in the Sun RPC client (CVE-2016-4429), increases compatibility with GCC 6, and addresses a problem which caused `fork` to crash when `BIND_NOW` was used for linking shared objects. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1337291 - glibc: GCC 6 enablement for struct sockaddr_storage https://bugzilla.redhat.com/show_bug.cgi?id=1337291 [ 2 ] Bug #1326903 - "fork" resolves to NULL with -lpthread -l$user_with_DT_BIND_NOW https://bugzilla.redhat.com/show_bug.cgi?id=1326903 [ 3 ] Bug #1337140 - CVE-2016-4429 glibc: stack (frame) overflow in Sun RPC clntudp_call() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1337140 -------------------------------------------------------------------------------- ================================================================================ ibus-libzhuyin-1.7.7-1.fc23 (FEDORA-2016-b1d0fc1597) New Zhuyin engine based on libzhuyin for IBus -------------------------------------------------------------------------------- Update Information: new upstream release. -------------------------------------------------------------------------------- ================================================================================ kernel-4.5.6-200.fc23 (FEDORA-2016-c1faf6005c) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 4.5.6 stable update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1338625 - CVE-2016-4951 kernel: Null pointer dereference in tipc_nl_publ_dump https://bugzilla.redhat.com/show_bug.cgi?id=1338625 -------------------------------------------------------------------------------- ================================================================================ kmod-22-4.fc23 (FEDORA-2016-f480a24989) Linux kernel module management utilities -------------------------------------------------------------------------------- Update Information: Add powerpc patch to fix ToC on 4.5 ppc64le kernel -------------------------------------------------------------------------------- ================================================================================ libxkbcommon-0.6.1-1.fc23 (FEDORA-2016-5073b1c6d2) X.Org X11 XKB parsing library -------------------------------------------------------------------------------- Update Information: xkbcommon 0.6.1 -------------------------------------------------------------------------------- ================================================================================ mkvtoolnix-9.2.0-1.fc23 (FEDORA-2016-5cb965b77b) Matroska container manipulation utilities -------------------------------------------------------------------------------- Update Information: >From upstream changelog: * MKVToolNix GUI: merge tool enhancement: the action "select all attached files" in the popup menu actions for the attached files view has been split up into "enable all attached files" and "disable all attached files". Implements #1698. * MKVToolNix GUI: merge tool bug fix: it's no longer possible to select "1" as the maximum number of files to split into as mkvmerge doesn't accept that value. Fixes #1695. * mkvmerge: bug fix: the "interval" chapter generation mode was always creating one chapter too many. * mkvmerge: bug fix: if a certain number of chapters had been generated with --generate-chapters then mkvmerge wasn't replacing the void placeholder with the actual chapters. Fixes #1693. * MKVToolNix GUI: merge tool bug fix: the track column "track in output" wasn't taking into account if the track had its "default track" flag set to "no" in the source file. This would result in the column showing "yes" in certain situations even though mkvmerge would assign "no". * mkvmerge: bug fix: fixed detection of (E-)AC-3 in MPEG TS files with unusual stream types (e.g. 0x87) but with (E-)AC-3 PMT descriptors. Fixes #1684. * mkvmerge, mkvextract: bug fix: fixed handling of Big Endian PCM with a bit depth other than 16, 32 or 64 bits/sample. Other formats were using the Little Endian codec ID, but their content was actually not byte-swapped to match it. Now those other bit depths are byte-swapped to Little Endian, too. Fixes #1683. * mkvinfo GUI: enhancement: the window title now includes the file name. Implements #1679. * mkvmerge: enhancement: the "bit depth" track header field will be set for DTS tracks from the first DTS core header. Implements #1680. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1340601 - mkvtoolnix-9.2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1340601 -------------------------------------------------------------------------------- ================================================================================ nodejs-rhea-0.1.3-1.fc23 (FEDORA-2016-119379a697) A reactive messaging library based on the AMQP protocol -------------------------------------------------------------------------------- Update Information: Initial release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1341432 - nodejs-rhea-0.1.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1341432 -------------------------------------------------------------------------------- ================================================================================ nss-3.24.0-1.2.fc23 (FEDORA-2016-db48cd10e9) Network Security Services -------------------------------------------------------------------------------- Update Information: Fix a bug introduced with the update to nss-3.24, that SSLSv2 support removed, that caused of IPA failures because nss init failed. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1342158 - nss-3.24 does no longer support ssl V2, installation of IPA fails because nss init fails https://bugzilla.redhat.com/show_bug.cgi?id=1342158 -------------------------------------------------------------------------------- ================================================================================ ntp-4.2.6p5-41.fc23 (FEDORA-2016-89e0874533) The NTP daemon and utilities -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-8139, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1300654 - CVE-2015-8139 ntp: ntpq and ntpdc disclose origin timestamp to unauthenticated clients https://bugzilla.redhat.com/show_bug.cgi?id=1300654 [ 2 ] Bug #1302225 - CVE-2016-4954 ntp: partial processing of spoofed packets https://bugzilla.redhat.com/show_bug.cgi?id=1302225 [ 3 ] Bug #1340858 - CVE-2016-4955 ntp: autokey association reset https://bugzilla.redhat.com/show_bug.cgi?id=1340858 [ 4 ] Bug #1340860 - CVE-2016-4956 ntp: broadcast interleave (incomplete fix for CVE-2016-1548) https://bugzilla.redhat.com/show_bug.cgi?id=1340860 -------------------------------------------------------------------------------- ================================================================================ pam_wrapper-1.0.2-1.fc23 (FEDORA-2016-49d5411b7f) A tool to test PAM applications and PAM modules -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ================================================================================ php-composer-semver-1.4.1-1.fc23 (FEDORA-2016-e3b57efb00) Semver library that offers utilities, version constraint parsing and validation -------------------------------------------------------------------------------- Update Information: ** Version 1.4.1** - 2016-06-02 * Changed: branch-like requirements no longer strip build metadata - [composer/semver#38](https://github.com/composer/semver/pull/38). -------------------------------------------------------------------------------- ================================================================================ php-icewind-streams-0.4.1-1.fc23 (FEDORA-2016-e63aaf7b47) A set of generic stream wrappers -------------------------------------------------------------------------------- Update Information: **Version 0.4.1** Fixed an issue with `RetryWrapper` when the wrapped read/write fails -------------------------------------------------------------------------------- ================================================================================ php-justinrainbow-json-schema-2.0.5-1.fc23 (FEDORA-2016-398e3384d4) A library to validate a json schema -------------------------------------------------------------------------------- Update Information: A PHP Implementation for validating JSON Structures against a given Schema. This package provides the library version 2. The php-JsonSchema package provides the library version 1 and the validate-json command. See http://json- schema.org/ Autoloader: /usr/share/php/JsonSchema2/autoload.php -------------------------------------------------------------------------------- References: [ 1 ] Bug #1327511 - Review Request: php-justinrainbow-json-schema - A library to validate a json schema https://bugzilla.redhat.com/show_bug.cgi?id=1327511 -------------------------------------------------------------------------------- ================================================================================ php-nette-utils-2.3.9-1.fc23 (FEDORA-2016-6b839d8694) Nette Utility Classes -------------------------------------------------------------------------------- Update Information: **Released version 2.3.9** * Object: removed alias for ObjectMixin, it may interfere with nette/deprecated, which creates alias Nette\ObjectMixin -------------------------------------------------------------------------------- ================================================================================ pyp2rpm-3.1.1-1.fc23 (FEDORA-2016-f432f392f3) Convert Python packages to RPM SPECFILES -------------------------------------------------------------------------------- Update Information: Update to 3.1.1 -------------------------------------------------------------------------------- ================================================================================ python-gnupg-0.3.8-3.fc23 (FEDORA-2016-237f2b2818) A wrapper for the Gnu Privacy Guard (GPG or GnuPG) -------------------------------------------------------------------------------- Update Information: Add missing dependency to gnupg for both python2-gnupg and python3-gnupg -------------------------------------------------------------------------------- References: [ 1 ] Bug #1342154 - python2-gnupg and python3-gnupg should require gnupg https://bugzilla.redhat.com/show_bug.cgi?id=1342154 -------------------------------------------------------------------------------- ================================================================================ python-libcnml-0.9.4-2.fc23 (FEDORA-2016-47c202b488) libcnml is a CNML parser library for Python -------------------------------------------------------------------------------- Update Information: Fixed dependencies prefixes -------------------------------------------------------------------------------- ================================================================================ python-netdiff-0.4.7-2.fc23 (FEDORA-2016-4b81a74cdb) Python library for parsing network topology data and detect changes -------------------------------------------------------------------------------- Update Information: Fixed dependencies prefixes -------------------------------------------------------------------------------- ================================================================================ python-requests-2.10.0-2.fc23 (FEDORA-2016-a4a303abd0) HTTP library, written in Python, for human beings -------------------------------------------------------------------------------- Update Information: Create a python2 subpackage. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1342056 - bad implementation of python2 prefix https://bugzilla.redhat.com/show_bug.cgi?id=1342056 -------------------------------------------------------------------------------- ================================================================================ python-responses-0.5.1-2.fc23 (FEDORA-2016-e4f6b2767e) Reusable django app for collecting and visualizing network topology -------------------------------------------------------------------------------- Update Information: fixed problems in dependency names -------------------------------------------------------------------------------- ================================================================================ python-urllib3-1.15.1-3.fc23 (FEDORA-2016-90cb798292) Python HTTP library with thread-safe connection pooling and file post -------------------------------------------------------------------------------- Update Information: Create a python2 subpackage. ---- Remove broken symlinks. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1295015 - Many Packages create broken symbolic links - in this case Python34 https://bugzilla.redhat.com/show_bug.cgi?id=1295015 -------------------------------------------------------------------------------- ================================================================================ qt5ct-0.24-1.fc23 (FEDORA-2016-0749725467) Qt5 Configuration Tool -------------------------------------------------------------------------------- Update Information: Update to version 0.24 (mostly bugfixes) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1342094 - qt5ct-0.24 is available https://bugzilla.redhat.com/show_bug.cgi?id=1342094 -------------------------------------------------------------------------------- ================================================================================ resolv_wrapper-1.1.4-1.fc23 (FEDORA-2016-810a421f45) A wrapper for dns name resolving or dns faking -------------------------------------------------------------------------------- Update Information: Update to version 1.1.4 -------------------------------------------------------------------------------- ================================================================================ rpkg-1.44-1.fc23 (FEDORA-2016-cdb9303cd0) Utility for interacting with rpm+git packaging systems -------------------------------------------------------------------------------- Update Information: * Better output of container-build task results * Add support for BuildContainer release task opt * Allow space appearing in path to cloned repo * Minor fixes -------------------------------------------------------------------------------- ================================================================================ scim-1.4.17-1.fc23 (FEDORA-2016-0e9d4f3c52) Smart Common Input Method platform -------------------------------------------------------------------------------- Update Information: new upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1341439 - scim-1.4.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1341439 -------------------------------------------------------------------------------- ================================================================================ setroubleshoot-3.3.8.1-1.fc23 (FEDORA-2016-927d275831) Helps troubleshoot SELinux problems -------------------------------------------------------------------------------- Update Information: This update moves /run/setroubleshoot directory to setroubleshoot-server; cleans the default setroubleshoot.conf which contained sections and options which were not used in the code; adds new configuration option to suppress full analysis output to journal - log_full_report=False; and makes changes in DBUS API wanted/needed by Cockpit -------------------------------------------------------------------------------- References: [ 1 ] Bug #1329550 - sealert: failed to connect to server: No such file or directory https://bugzilla.redhat.com/show_bug.cgi?id=1329550 -------------------------------------------------------------------------------- ================================================================================ skopeo-0.1.13-1.fc23 (FEDORA-2016-401c780eda) Inspect Docker images and repositories on registries -------------------------------------------------------------------------------- Update Information: update to v0.1.13 ---- update to v0.1.12 -------------------------------------------------------------------------------- ================================================================================ socket_wrapper-1.1.7-1.fc23 (FEDORA-2016-819efd12ff) A library passing all socket communications through Unix sockets -------------------------------------------------------------------------------- Update Information: Update to version 1.1.7 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
