Fedora 23 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 23 Security updates need testing:
 Age  URL
 276  https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240   nagios-4.0.8-1.fc23
 234  https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe   miniupnpc-1.9-6.fc23
 206  https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324   jbig2dec-0.12-2.fc23
 157  https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1   python-pymongo-3.0.3-1.fc23
 157  https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8   thttpd-2.25b-37.fc23
 122  https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4   mingw-nsis-2.50-1.fc23
  77  https://bodhi.fedoraproject.org/updates/FEDORA-2016-b8f91621c7   optipng-0.7.6-1.fc23
  41  https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3b9407940   squid-3.5.10-4.fc23
  19  https://bodhi.fedoraproject.org/updates/FEDORA-2016-89e0874533   ntp-4.2.6p5-41.fc23
   5  https://bodhi.fedoraproject.org/updates/FEDORA-2016-3a05803486   drupal7-7.44-1.fc23
   2  https://bodhi.fedoraproject.org/updates/FEDORA-2016-2a66f41200   xguest-1.0.10-33.fc23
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-031aa4a6b6   python3-3.4.3-8.fc23
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-a0853405eb   python-2.7.11-5.fc23
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-f8a01aa629   squidGuard-1.4-26.fc23
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-f2493c754a   setroubleshoot-3.3.9.1-1.fc23
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-e538b11379   python-django-horizon-2015.1.4-1.fc23
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-a5e392ef01   wordpress-4.5.3-1.fc23
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-21bd6a33af   struts-1.3.10-18.fc23
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-b68f69b086   setroubleshoot-plugins-3.3.5.1-1.fc23
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-73853a7a16   qemu-2.4.1-11.fc23


The following Fedora 23 Critical Path updates have yet to be approved:
 Age URL
  17  https://bodhi.fedoraproject.org/updates/FEDORA-2016-28873e4832   vim-7.4.1868-1.fc23
  17  https://bodhi.fedoraproject.org/updates/FEDORA-2016-fad11727bf   PackageKit-1.1.1-2.fc23 appstream-data-23-11.fc23 fwupd-0.7.1-1.fc23 gnome-software-3.20.3-1.fc23.1 json-glib-1.2.0-1.fc23 libappstream-glib-0.5.14-1.fc23 libgusb-0.2.9-1.fc23
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c9c2badcb   selinux-policy-3.13.1-158.20.fc23
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-e9bc854cca   texinfo-6.0-3.fc23
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-641487b5a4   hwdata-0.290-1.fc23
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-001588074b   libfm-1.2.4-4.D20160618gitb22c0995e7.fc23
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-06b36c0134   lxsession-0.5.2-10.D20160417git9f8d613332.fc23
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-7722e39e8c   mesa-11.1.0-4.20151218.fc23
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-a0853405eb   python-2.7.11-5.fc23


The following builds have been pushed to Fedora 23 updates-testing

    Field3D-1.7.2-1.fc23
    adwaita-qt-0.4-2.fc23
    budgie-2-7.fc23
    dyninst-9.0.3-3.fc23
    fusioninventory-agent-2.3.18-2.fc23
    ghex-3.18.2-1.fc23
    gnome-chemistry-utils-0.14.12-3.fc23
    gnumeric-1.12.30-1.fc23
    goffice-0.10.30-1.fc23
    hwdata-0.290-1.fc23
    libfm-1.2.4-4.D20160618gitb22c0995e7.fc23
    libsoc-0.8.2-1.fc23
    libtaskotron-0.4.13-3.fc23
    lilypond-2.19.44-1.fc23
    lilypond-doc-2.19.44-1.fc23
    lxsession-0.5.2-10.D20160417git9f8d613332.fc23
    mdds-0.12.1-5.fc23
    mesa-11.1.0-4.20151218.fc23
    python-django-horizon-2015.1.4-1.fc23
    qemu-2.4.1-11.fc23
    rubygem-github-linguist-4.8.7-1.fc23
    screen-4.4.0-1.fc23
    selinux-policy-3.13.1-158.20.fc23
    setroubleshoot-plugins-3.3.5.1-1.fc23
    softhsm-2.1.0-1.fc23
    strongswan-5.4.0-2.fc23
    struts-1.3.10-18.fc23
    texinfo-6.0-3.fc23
    tunir-0.16-1.fc23
    unicode-ucd-9.0.0-1.fc23
    wordpress-4.5.3-1.fc23

Details about builds:


================================================================================
 Field3D-1.7.2-1.fc23 (FEDORA-2016-dc483e46b3)
 Library for storing voxel data
--------------------------------------------------------------------------------
Update Information:

Minor update to latest upstream release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1347967 - Field3D-v1.7.2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1347967
--------------------------------------------------------------------------------


================================================================================
 adwaita-qt-0.4-2.fc23 (FEDORA-2016-4b46d59b3f)
 Adwaita theme for Qt-based applications
--------------------------------------------------------------------------------
Update Information:

Attempt to fix QtCreator missing menubar issue
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1340627 - Qt creator does not draw menu bar in GNOME
        https://bugzilla.redhat.com/show_bug.cgi?id=1340627
--------------------------------------------------------------------------------


================================================================================
 budgie-2-7.fc23 (FEDORA-2016-86ecaf71cf)
 Simple and distraction free media player
--------------------------------------------------------------------------------
Update Information:

Fix appdata.xml file
--------------------------------------------------------------------------------


================================================================================
 dyninst-9.0.3-3.fc23 (FEDORA-2016-5118ab44aa)
 An API for Run-time Code Generation
--------------------------------------------------------------------------------
Update Information:

Use static TLS for libdyninstAPI_RT.so
--------------------------------------------------------------------------------


================================================================================
 fusioninventory-agent-2.3.18-2.fc23 (FEDORA-2016-7a6f6826a0)
 FusionInventory agent
--------------------------------------------------------------------------------
Update Information:

Update to latest upstream release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1300870 - fusioninventory-agent-2.3.18 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1300870
--------------------------------------------------------------------------------


================================================================================
 ghex-3.18.2-1.fc23 (FEDORA-2016-aaad375aa8)
 Binary editor for GNOME
--------------------------------------------------------------------------------
Update Information:

ghex 3.18.2 release with translation updates.
--------------------------------------------------------------------------------


================================================================================
 gnome-chemistry-utils-0.14.12-3.fc23 (FEDORA-2016-591e1730be)
 A set of chemical utilities
--------------------------------------------------------------------------------
Update Information:

This is an update to the latest upstream releases of gnumeric and goffice:  *
http://gnumeric.org/announcements/1.12/gnumeric-1.12.30.html
--------------------------------------------------------------------------------


================================================================================
 gnumeric-1.12.30-1.fc23 (FEDORA-2016-591e1730be)
 Spreadsheet program for GNOME
--------------------------------------------------------------------------------
Update Information:

This is an update to the latest upstream releases of gnumeric and goffice:  *
http://gnumeric.org/announcements/1.12/gnumeric-1.12.30.html
--------------------------------------------------------------------------------


================================================================================
 goffice-0.10.30-1.fc23 (FEDORA-2016-591e1730be)
 G Office support libraries
--------------------------------------------------------------------------------
Update Information:

This is an update to the latest upstream releases of gnumeric and goffice:  *
http://gnumeric.org/announcements/1.12/gnumeric-1.12.30.html
--------------------------------------------------------------------------------


================================================================================
 hwdata-0.290-1.fc23 (FEDORA-2016-641487b5a4)
 Hardware identification and configuration data
--------------------------------------------------------------------------------
Update Information:

Updated pci and vendor ids.
--------------------------------------------------------------------------------


================================================================================
 libfm-1.2.4-4.D20160618gitb22c0995e7.fc23 (FEDORA-2016-001588074b)
 GIO-based library for file manager-like programs
--------------------------------------------------------------------------------
Update Information:

Update the the newest git to pull in some bug fixes by the upstream.
--------------------------------------------------------------------------------


================================================================================
 libsoc-0.8.2-1.fc23 (FEDORA-2016-b5ebe541d5)
 Interface with common SoC peripherals through generic kernel interfaces
--------------------------------------------------------------------------------
Update Information:

Update to 0.8.2
--------------------------------------------------------------------------------


================================================================================
 libtaskotron-0.4.13-3.fc23 (FEDORA-2016-848283f988)
 Taskotron Support Library
--------------------------------------------------------------------------------
Update Information:

New package
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1344249 - Review Request: libtaskotron - Taskotron Support Library
        https://bugzilla.redhat.com/show_bug.cgi?id=1344249
--------------------------------------------------------------------------------


================================================================================
 lilypond-2.19.44-1.fc23 (FEDORA-2016-002d8d3428)
 A typesetting system for music notation
--------------------------------------------------------------------------------
Update Information:

2.19.44
--------------------------------------------------------------------------------


================================================================================
 lilypond-doc-2.19.44-1.fc23 (FEDORA-2016-002d8d3428)
 HTML documentation for LilyPond
--------------------------------------------------------------------------------
Update Information:

2.19.44
--------------------------------------------------------------------------------


================================================================================
 lxsession-0.5.2-10.D20160417git9f8d613332.fc23 (FEDORA-2016-06b36c0134)
 Lightweight X11 session manager
--------------------------------------------------------------------------------
Update Information:

Update the the newest git to pull in some bug fixes by the upstream.
--------------------------------------------------------------------------------


================================================================================
 mdds-0.12.1-5.fc23 (FEDORA-2016-502f366a29)
 A collection of multi-dimensional data structures and indexing algorithms
--------------------------------------------------------------------------------
Update Information:

fix double delete in mtv::swap
--------------------------------------------------------------------------------


================================================================================
 mesa-11.1.0-4.20151218.fc23 (FEDORA-2016-7722e39e8c)
 Mesa graphics libraries
--------------------------------------------------------------------------------
Update Information:

Adds a missing dependency on opencl-filesystem to mesa-libOpenCL.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1265948 - mesa-libOpenCL missing dependency on opencl-filesystem
        https://bugzilla.redhat.com/show_bug.cgi?id=1265948
--------------------------------------------------------------------------------


================================================================================
 python-django-horizon-2015.1.4-1.fc23 (FEDORA-2016-e538b11379)
 Django application for talking to Openstack
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2016-4428, rebase to 2015.1.4
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1343982 - CVE-2016-4428 python-django-horizon: XSS in client side template
        https://bugzilla.redhat.com/show_bug.cgi?id=1343982
--------------------------------------------------------------------------------


================================================================================
 qemu-2.4.1-11.fc23 (FEDORA-2016-73853a7a16)
 QEMU is a FAST! processor emulator
--------------------------------------------------------------------------------
Update Information:

* CVE-2016-4002: net: buffer overflow in MIPSnet (bz #1326083) * CVE-2016-4952
scsi: pvscsi: out-of-bounds access issue * CVE-2016-5106: scsi: megasas: out-of-
bounds write (bz #1339581) * CVE-2016-5105: scsi: megasas: stack information
leakage (bz #1339585) * CVE-2016-5107: scsi: megasas: out-of-bounds read (bz
#1339573) * CVE-2016-4454: display: vmsvga: out-of-bounds read (bz #1340740) *
CVE-2016-4453: display: vmsvga: infinite loop (bz #1340744) * CVE-2016-5238:
scsi: esp: OOB write (bz #1341932) * CVE-2016-5338: scsi: esp: OOB r/w access
(bz #1343325) * CVE-2016-5337: scsi: megasas: information leakage (bz #1343910)
* Add deps on edk2-ovmf and edk2-aarch64
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1326082 - CVE-2016-4002 Qemu: net: buffer overflow in MIPSnet emulator
        https://bugzilla.redhat.com/show_bug.cgi?id=1326082
  [ 2 ] Bug #1334384 - CVE-2016-4952 Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines
        https://bugzilla.redhat.com/show_bug.cgi?id=1334384
  [ 3 ] Bug #1339578 - CVE-2016-5106 Qemu: scsi: megasas: out-of-bounds write while setting controller properties
        https://bugzilla.redhat.com/show_bug.cgi?id=1339578
  [ 4 ] Bug #1339583 - CVE-2016-5105 Qemu: scsi: megasas: stack information leakage while reading configuration
        https://bugzilla.redhat.com/show_bug.cgi?id=1339583
  [ 5 ] Bug #1336461 - CVE-2016-5107 Qemu: scsi: megasas: out-of-bounds read in megasas_lookup_frame() function
        https://bugzilla.redhat.com/show_bug.cgi?id=1336461
  [ 6 ] Bug #1336429 - CVE-2016-4454 Qemu: display: vmsvga: out-of-bounds read in vmsvga_fifo_read_raw() routine
        https://bugzilla.redhat.com/show_bug.cgi?id=1336429
  [ 7 ] Bug #1336650 - CVE-2016-4453 Qemu: display: vmsvga: infinite loop in vmsvga_fifo_run() routine
        https://bugzilla.redhat.com/show_bug.cgi?id=1336650
  [ 8 ] Bug #1341931 - CVE-2016-5238 Qemu: scsi: esp: OOB write when using non-DMA mode in get_cmd
        https://bugzilla.redhat.com/show_bug.cgi?id=1341931
  [ 9 ] Bug #1343323 - CVE-2016-5338 Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO
        https://bugzilla.redhat.com/show_bug.cgi?id=1343323
  [ 10 ] Bug #1343909 - CVE-2016-5337 Qemu: scsi: megasas: information leakage in megasas_ctrl_get_info
        https://bugzilla.redhat.com/show_bug.cgi?id=1343909
--------------------------------------------------------------------------------


================================================================================
 rubygem-github-linguist-4.8.7-1.fc23 (FEDORA-2016-633d8c7555)
 GitHub Language detection
--------------------------------------------------------------------------------
Update Information:

New upstream release.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1348747 - rubygem-github-linguist-v4.8.7 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1348747
--------------------------------------------------------------------------------


================================================================================
 screen-4.4.0-1.fc23 (FEDORA-2016-a023fd9be1)
 A screen manager that supports multiple logins on one terminal
--------------------------------------------------------------------------------
Update Information:

New upstream release 4.4.0 (#1348015)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1348015 - screen-4.4.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1348015
--------------------------------------------------------------------------------


================================================================================
 selinux-policy-3.13.1-158.20.fc23 (FEDORA-2016-4c9c2badcb)
 SELinux policy configuration
--------------------------------------------------------------------------------
Update Information:

More info: http://koji.fedoraproject.org/koji/buildinfo?buildID=774751
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1177202 - None
        https://bugzilla.redhat.com/show_bug.cgi?id=1177202
  [ 2 ] Bug #1225660 - None
        https://bugzilla.redhat.com/show_bug.cgi?id=1225660
  [ 3 ] Bug #1241415 - None
        https://bugzilla.redhat.com/show_bug.cgi?id=1241415
  [ 4 ] Bug #1241451 - None
        https://bugzilla.redhat.com/show_bug.cgi?id=1241451
  [ 5 ] Bug #1241453 - None
        https://bugzilla.redhat.com/show_bug.cgi?id=1241453
  [ 6 ] Bug #1241456 - None
        https://bugzilla.redhat.com/show_bug.cgi?id=1241456
  [ 7 ] Bug #1283243 - None
        https://bugzilla.redhat.com/show_bug.cgi?id=1283243
  [ 8 ] Bug #1331316 - None
        https://bugzilla.redhat.com/show_bug.cgi?id=1331316
  [ 9 ] Bug #1331574 - None
        https://bugzilla.redhat.com/show_bug.cgi?id=1331574
  [ 10 ] Bug #1332287 - None
        https://bugzilla.redhat.com/show_bug.cgi?id=1332287
  [ 11 ] Bug #1340886 - None
        https://bugzilla.redhat.com/show_bug.cgi?id=1340886
  [ 12 ] Bug #1346021 - None
        https://bugzilla.redhat.com/show_bug.cgi?id=1346021
  [ 13 ] Bug #1348447 - None
        https://bugzilla.redhat.com/show_bug.cgi?id=1348447
--------------------------------------------------------------------------------


================================================================================
 setroubleshoot-plugins-3.3.5.1-1.fc23 (FEDORA-2016-b68f69b086)
 Analysis plugins for use with setroubleshoot
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2016-4446
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1339250 - CVE-2016-4446 setroubleshoot-plugins: insecure commands.getoutput use in the allow_execstack plugin
        https://bugzilla.redhat.com/show_bug.cgi?id=1339250
--------------------------------------------------------------------------------


================================================================================
 softhsm-2.1.0-1.fc23 (FEDORA-2016-c43dd0091f)
 Software version of a PKCS#11 Hardware Security Module
--------------------------------------------------------------------------------
Update Information:

Resolves: rhbz#1244461 Updated to 2.1.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1244461 - softhsm-2.1.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1244461
  [ 2 ] Bug #1272423 - Softhsm PKCS#11 module not visible to NSS becasue it is not in the search path
        https://bugzilla.redhat.com/show_bug.cgi?id=1272423
  [ 3 ] Bug #11 - shutdown -F failsfr works
        https://bugzilla.redhat.com/show_bug.cgi?id=11
  [ 4 ] Bug #1177086 - A marked as trusted certificate cannot be written in a softhsmv2 db
        https://bugzilla.redhat.com/show_bug.cgi?id=1177086
  [ 5 ] Bug #1272453 - A marked as CA certificate cannot be written in a softhsmv2 db
        https://bugzilla.redhat.com/show_bug.cgi?id=1272453
  [ 6 ] Bug #162 - dosemu is not able to handle subst command / lredir in default configuration
        https://bugzilla.redhat.com/show_bug.cgi?id=162
--------------------------------------------------------------------------------


================================================================================
 strongswan-5.4.0-2.fc23 (FEDORA-2016-59d09a451d)
 An OpenSource IPsec-based VPN and TNC solution
--------------------------------------------------------------------------------
Update Information:

Enhancement update.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1298230 - None
        https://bugzilla.redhat.com/show_bug.cgi?id=1298230
--------------------------------------------------------------------------------


================================================================================
 struts-1.3.10-18.fc23 (FEDORA-2016-21bd6a33af)
 Web application framework
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2016-1181, CVE-2016-1182
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1343538 - CVE-2016-1181 struts: Vulnerability in ActionForm allows unintended remote operations against components on server memory
        https://bugzilla.redhat.com/show_bug.cgi?id=1343538
  [ 2 ] Bug #1343540 - CVE-2016-1182 struts: Improper input validation in Validator
        https://bugzilla.redhat.com/show_bug.cgi?id=1343540
--------------------------------------------------------------------------------


================================================================================
 texinfo-6.0-3.fc23 (FEDORA-2016-e9bc854cca)
 Tools needed to create Texinfo format documentation files
--------------------------------------------------------------------------------
Update Information:

install-info: use create-tmp-then-rename pattern because of OSTree
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1348671 - [PATCH] install-info: Use create-tmp-then-rename pattern
        https://bugzilla.redhat.com/show_bug.cgi?id=1348671
--------------------------------------------------------------------------------


================================================================================
 tunir-0.16-1.fc23 (FEDORA-2016-3824ee7635)
 An ultra light testing system
--------------------------------------------------------------------------------
Update Information:

Updates to bugfix release 0.16  ----  Updates to bugfix release 0.15.3  ----
Updates to 0.15.1  ----  Updates to 0.14 with multihost and Ansible support
--------------------------------------------------------------------------------


================================================================================
 unicode-ucd-9.0.0-1.fc23 (FEDORA-2016-bc09ccb25c)
 Unicode Character Database
--------------------------------------------------------------------------------
Update Information:

Update to new Unicode 9 release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1232539 - unicode-ucd-9.0.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1232539
--------------------------------------------------------------------------------


================================================================================
 wordpress-4.5.3-1.fc23 (FEDORA-2016-a5e392ef01)
 Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:

See upstream announcement [WordPress 4.5.3 Maintenance and Security
Release](ttps://wordpress.org/news/2016/06/wordpress-4-5-3/)  Packaging changes:
- provide nginx configuration (fedora) - drop mandatory dependency on httpd
(suggested) #1336091 - protect php files in uploads directory
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux