The following Fedora 23 Security updates need testing: Age URL 276 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 234 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 206 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 157 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 157 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 122 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 77 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b8f91621c7 optipng-0.7.6-1.fc23 41 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3b9407940 squid-3.5.10-4.fc23 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-89e0874533 ntp-4.2.6p5-41.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3a05803486 drupal7-7.44-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2a66f41200 xguest-1.0.10-33.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-031aa4a6b6 python3-3.4.3-8.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a0853405eb python-2.7.11-5.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f8a01aa629 squidGuard-1.4-26.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f2493c754a setroubleshoot-3.3.9.1-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e538b11379 python-django-horizon-2015.1.4-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a5e392ef01 wordpress-4.5.3-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-21bd6a33af struts-1.3.10-18.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b68f69b086 setroubleshoot-plugins-3.3.5.1-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-73853a7a16 qemu-2.4.1-11.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 17 https://bodhi.fedoraproject.org/updates/FEDORA-2016-28873e4832 vim-7.4.1868-1.fc23 17 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fad11727bf PackageKit-1.1.1-2.fc23 appstream-data-23-11.fc23 fwupd-0.7.1-1.fc23 gnome-software-3.20.3-1.fc23.1 json-glib-1.2.0-1.fc23 libappstream-glib-0.5.14-1.fc23 libgusb-0.2.9-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c9c2badcb selinux-policy-3.13.1-158.20.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e9bc854cca texinfo-6.0-3.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-641487b5a4 hwdata-0.290-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-001588074b libfm-1.2.4-4.D20160618gitb22c0995e7.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-06b36c0134 lxsession-0.5.2-10.D20160417git9f8d613332.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7722e39e8c mesa-11.1.0-4.20151218.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a0853405eb python-2.7.11-5.fc23 The following builds have been pushed to Fedora 23 updates-testing Field3D-1.7.2-1.fc23 adwaita-qt-0.4-2.fc23 budgie-2-7.fc23 dyninst-9.0.3-3.fc23 fusioninventory-agent-2.3.18-2.fc23 ghex-3.18.2-1.fc23 gnome-chemistry-utils-0.14.12-3.fc23 gnumeric-1.12.30-1.fc23 goffice-0.10.30-1.fc23 hwdata-0.290-1.fc23 libfm-1.2.4-4.D20160618gitb22c0995e7.fc23 libsoc-0.8.2-1.fc23 libtaskotron-0.4.13-3.fc23 lilypond-2.19.44-1.fc23 lilypond-doc-2.19.44-1.fc23 lxsession-0.5.2-10.D20160417git9f8d613332.fc23 mdds-0.12.1-5.fc23 mesa-11.1.0-4.20151218.fc23 python-django-horizon-2015.1.4-1.fc23 qemu-2.4.1-11.fc23 rubygem-github-linguist-4.8.7-1.fc23 screen-4.4.0-1.fc23 selinux-policy-3.13.1-158.20.fc23 setroubleshoot-plugins-3.3.5.1-1.fc23 softhsm-2.1.0-1.fc23 strongswan-5.4.0-2.fc23 struts-1.3.10-18.fc23 texinfo-6.0-3.fc23 tunir-0.16-1.fc23 unicode-ucd-9.0.0-1.fc23 wordpress-4.5.3-1.fc23 Details about builds: ================================================================================ Field3D-1.7.2-1.fc23 (FEDORA-2016-dc483e46b3) Library for storing voxel data -------------------------------------------------------------------------------- Update Information: Minor update to latest upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1347967 - Field3D-v1.7.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1347967 -------------------------------------------------------------------------------- ================================================================================ adwaita-qt-0.4-2.fc23 (FEDORA-2016-4b46d59b3f) Adwaita theme for Qt-based applications -------------------------------------------------------------------------------- Update Information: Attempt to fix QtCreator missing menubar issue -------------------------------------------------------------------------------- References: [ 1 ] Bug #1340627 - Qt creator does not draw menu bar in GNOME https://bugzilla.redhat.com/show_bug.cgi?id=1340627 -------------------------------------------------------------------------------- ================================================================================ budgie-2-7.fc23 (FEDORA-2016-86ecaf71cf) Simple and distraction free media player -------------------------------------------------------------------------------- Update Information: Fix appdata.xml file -------------------------------------------------------------------------------- ================================================================================ dyninst-9.0.3-3.fc23 (FEDORA-2016-5118ab44aa) An API for Run-time Code Generation -------------------------------------------------------------------------------- Update Information: Use static TLS for libdyninstAPI_RT.so -------------------------------------------------------------------------------- ================================================================================ fusioninventory-agent-2.3.18-2.fc23 (FEDORA-2016-7a6f6826a0) FusionInventory agent -------------------------------------------------------------------------------- Update Information: Update to latest upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1300870 - fusioninventory-agent-2.3.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1300870 -------------------------------------------------------------------------------- ================================================================================ ghex-3.18.2-1.fc23 (FEDORA-2016-aaad375aa8) Binary editor for GNOME -------------------------------------------------------------------------------- Update Information: ghex 3.18.2 release with translation updates. -------------------------------------------------------------------------------- ================================================================================ gnome-chemistry-utils-0.14.12-3.fc23 (FEDORA-2016-591e1730be) A set of chemical utilities -------------------------------------------------------------------------------- Update Information: This is an update to the latest upstream releases of gnumeric and goffice: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.30.html -------------------------------------------------------------------------------- ================================================================================ gnumeric-1.12.30-1.fc23 (FEDORA-2016-591e1730be) Spreadsheet program for GNOME -------------------------------------------------------------------------------- Update Information: This is an update to the latest upstream releases of gnumeric and goffice: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.30.html -------------------------------------------------------------------------------- ================================================================================ goffice-0.10.30-1.fc23 (FEDORA-2016-591e1730be) G Office support libraries -------------------------------------------------------------------------------- Update Information: This is an update to the latest upstream releases of gnumeric and goffice: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.30.html -------------------------------------------------------------------------------- ================================================================================ hwdata-0.290-1.fc23 (FEDORA-2016-641487b5a4) Hardware identification and configuration data -------------------------------------------------------------------------------- Update Information: Updated pci and vendor ids. -------------------------------------------------------------------------------- ================================================================================ libfm-1.2.4-4.D20160618gitb22c0995e7.fc23 (FEDORA-2016-001588074b) GIO-based library for file manager-like programs -------------------------------------------------------------------------------- Update Information: Update the the newest git to pull in some bug fixes by the upstream. -------------------------------------------------------------------------------- ================================================================================ libsoc-0.8.2-1.fc23 (FEDORA-2016-b5ebe541d5) Interface with common SoC peripherals through generic kernel interfaces -------------------------------------------------------------------------------- Update Information: Update to 0.8.2 -------------------------------------------------------------------------------- ================================================================================ libtaskotron-0.4.13-3.fc23 (FEDORA-2016-848283f988) Taskotron Support Library -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1344249 - Review Request: libtaskotron - Taskotron Support Library https://bugzilla.redhat.com/show_bug.cgi?id=1344249 -------------------------------------------------------------------------------- ================================================================================ lilypond-2.19.44-1.fc23 (FEDORA-2016-002d8d3428) A typesetting system for music notation -------------------------------------------------------------------------------- Update Information: 2.19.44 -------------------------------------------------------------------------------- ================================================================================ lilypond-doc-2.19.44-1.fc23 (FEDORA-2016-002d8d3428) HTML documentation for LilyPond -------------------------------------------------------------------------------- Update Information: 2.19.44 -------------------------------------------------------------------------------- ================================================================================ lxsession-0.5.2-10.D20160417git9f8d613332.fc23 (FEDORA-2016-06b36c0134) Lightweight X11 session manager -------------------------------------------------------------------------------- Update Information: Update the the newest git to pull in some bug fixes by the upstream. -------------------------------------------------------------------------------- ================================================================================ mdds-0.12.1-5.fc23 (FEDORA-2016-502f366a29) A collection of multi-dimensional data structures and indexing algorithms -------------------------------------------------------------------------------- Update Information: fix double delete in mtv::swap -------------------------------------------------------------------------------- ================================================================================ mesa-11.1.0-4.20151218.fc23 (FEDORA-2016-7722e39e8c) Mesa graphics libraries -------------------------------------------------------------------------------- Update Information: Adds a missing dependency on opencl-filesystem to mesa-libOpenCL. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1265948 - mesa-libOpenCL missing dependency on opencl-filesystem https://bugzilla.redhat.com/show_bug.cgi?id=1265948 -------------------------------------------------------------------------------- ================================================================================ python-django-horizon-2015.1.4-1.fc23 (FEDORA-2016-e538b11379) Django application for talking to Openstack -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-4428, rebase to 2015.1.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1343982 - CVE-2016-4428 python-django-horizon: XSS in client side template https://bugzilla.redhat.com/show_bug.cgi?id=1343982 -------------------------------------------------------------------------------- ================================================================================ qemu-2.4.1-11.fc23 (FEDORA-2016-73853a7a16) QEMU is a FAST! processor emulator -------------------------------------------------------------------------------- Update Information: * CVE-2016-4002: net: buffer overflow in MIPSnet (bz #1326083) * CVE-2016-4952 scsi: pvscsi: out-of-bounds access issue * CVE-2016-5106: scsi: megasas: out-of- bounds write (bz #1339581) * CVE-2016-5105: scsi: megasas: stack information leakage (bz #1339585) * CVE-2016-5107: scsi: megasas: out-of-bounds read (bz #1339573) * CVE-2016-4454: display: vmsvga: out-of-bounds read (bz #1340740) * CVE-2016-4453: display: vmsvga: infinite loop (bz #1340744) * CVE-2016-5238: scsi: esp: OOB write (bz #1341932) * CVE-2016-5338: scsi: esp: OOB r/w access (bz #1343325) * CVE-2016-5337: scsi: megasas: information leakage (bz #1343910) * Add deps on edk2-ovmf and edk2-aarch64 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1326082 - CVE-2016-4002 Qemu: net: buffer overflow in MIPSnet emulator https://bugzilla.redhat.com/show_bug.cgi?id=1326082 [ 2 ] Bug #1334384 - CVE-2016-4952 Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines https://bugzilla.redhat.com/show_bug.cgi?id=1334384 [ 3 ] Bug #1339578 - CVE-2016-5106 Qemu: scsi: megasas: out-of-bounds write while setting controller properties https://bugzilla.redhat.com/show_bug.cgi?id=1339578 [ 4 ] Bug #1339583 - CVE-2016-5105 Qemu: scsi: megasas: stack information leakage while reading configuration https://bugzilla.redhat.com/show_bug.cgi?id=1339583 [ 5 ] Bug #1336461 - CVE-2016-5107 Qemu: scsi: megasas: out-of-bounds read in megasas_lookup_frame() function https://bugzilla.redhat.com/show_bug.cgi?id=1336461 [ 6 ] Bug #1336429 - CVE-2016-4454 Qemu: display: vmsvga: out-of-bounds read in vmsvga_fifo_read_raw() routine https://bugzilla.redhat.com/show_bug.cgi?id=1336429 [ 7 ] Bug #1336650 - CVE-2016-4453 Qemu: display: vmsvga: infinite loop in vmsvga_fifo_run() routine https://bugzilla.redhat.com/show_bug.cgi?id=1336650 [ 8 ] Bug #1341931 - CVE-2016-5238 Qemu: scsi: esp: OOB write when using non-DMA mode in get_cmd https://bugzilla.redhat.com/show_bug.cgi?id=1341931 [ 9 ] Bug #1343323 - CVE-2016-5338 Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO https://bugzilla.redhat.com/show_bug.cgi?id=1343323 [ 10 ] Bug #1343909 - CVE-2016-5337 Qemu: scsi: megasas: information leakage in megasas_ctrl_get_info https://bugzilla.redhat.com/show_bug.cgi?id=1343909 -------------------------------------------------------------------------------- ================================================================================ rubygem-github-linguist-4.8.7-1.fc23 (FEDORA-2016-633d8c7555) GitHub Language detection -------------------------------------------------------------------------------- Update Information: New upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1348747 - rubygem-github-linguist-v4.8.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1348747 -------------------------------------------------------------------------------- ================================================================================ screen-4.4.0-1.fc23 (FEDORA-2016-a023fd9be1) A screen manager that supports multiple logins on one terminal -------------------------------------------------------------------------------- Update Information: New upstream release 4.4.0 (#1348015) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1348015 - screen-4.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1348015 -------------------------------------------------------------------------------- ================================================================================ selinux-policy-3.13.1-158.20.fc23 (FEDORA-2016-4c9c2badcb) SELinux policy configuration -------------------------------------------------------------------------------- Update Information: More info: http://koji.fedoraproject.org/koji/buildinfo?buildID=774751 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1177202 - None https://bugzilla.redhat.com/show_bug.cgi?id=1177202 [ 2 ] Bug #1225660 - None https://bugzilla.redhat.com/show_bug.cgi?id=1225660 [ 3 ] Bug #1241415 - None https://bugzilla.redhat.com/show_bug.cgi?id=1241415 [ 4 ] Bug #1241451 - None https://bugzilla.redhat.com/show_bug.cgi?id=1241451 [ 5 ] Bug #1241453 - None https://bugzilla.redhat.com/show_bug.cgi?id=1241453 [ 6 ] Bug #1241456 - None https://bugzilla.redhat.com/show_bug.cgi?id=1241456 [ 7 ] Bug #1283243 - None https://bugzilla.redhat.com/show_bug.cgi?id=1283243 [ 8 ] Bug #1331316 - None https://bugzilla.redhat.com/show_bug.cgi?id=1331316 [ 9 ] Bug #1331574 - None https://bugzilla.redhat.com/show_bug.cgi?id=1331574 [ 10 ] Bug #1332287 - None https://bugzilla.redhat.com/show_bug.cgi?id=1332287 [ 11 ] Bug #1340886 - None https://bugzilla.redhat.com/show_bug.cgi?id=1340886 [ 12 ] Bug #1346021 - None https://bugzilla.redhat.com/show_bug.cgi?id=1346021 [ 13 ] Bug #1348447 - None https://bugzilla.redhat.com/show_bug.cgi?id=1348447 -------------------------------------------------------------------------------- ================================================================================ setroubleshoot-plugins-3.3.5.1-1.fc23 (FEDORA-2016-b68f69b086) Analysis plugins for use with setroubleshoot -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-4446 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1339250 - CVE-2016-4446 setroubleshoot-plugins: insecure commands.getoutput use in the allow_execstack plugin https://bugzilla.redhat.com/show_bug.cgi?id=1339250 -------------------------------------------------------------------------------- ================================================================================ softhsm-2.1.0-1.fc23 (FEDORA-2016-c43dd0091f) Software version of a PKCS#11 Hardware Security Module -------------------------------------------------------------------------------- Update Information: Resolves: rhbz#1244461 Updated to 2.1.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1244461 - softhsm-2.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1244461 [ 2 ] Bug #1272423 - Softhsm PKCS#11 module not visible to NSS becasue it is not in the search path https://bugzilla.redhat.com/show_bug.cgi?id=1272423 [ 3 ] Bug #11 - shutdown -F failsfr works https://bugzilla.redhat.com/show_bug.cgi?id=11 [ 4 ] Bug #1177086 - A marked as trusted certificate cannot be written in a softhsmv2 db https://bugzilla.redhat.com/show_bug.cgi?id=1177086 [ 5 ] Bug #1272453 - A marked as CA certificate cannot be written in a softhsmv2 db https://bugzilla.redhat.com/show_bug.cgi?id=1272453 [ 6 ] Bug #162 - dosemu is not able to handle subst command / lredir in default configuration https://bugzilla.redhat.com/show_bug.cgi?id=162 -------------------------------------------------------------------------------- ================================================================================ strongswan-5.4.0-2.fc23 (FEDORA-2016-59d09a451d) An OpenSource IPsec-based VPN and TNC solution -------------------------------------------------------------------------------- Update Information: Enhancement update. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1298230 - None https://bugzilla.redhat.com/show_bug.cgi?id=1298230 -------------------------------------------------------------------------------- ================================================================================ struts-1.3.10-18.fc23 (FEDORA-2016-21bd6a33af) Web application framework -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-1181, CVE-2016-1182 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1343538 - CVE-2016-1181 struts: Vulnerability in ActionForm allows unintended remote operations against components on server memory https://bugzilla.redhat.com/show_bug.cgi?id=1343538 [ 2 ] Bug #1343540 - CVE-2016-1182 struts: Improper input validation in Validator https://bugzilla.redhat.com/show_bug.cgi?id=1343540 -------------------------------------------------------------------------------- ================================================================================ texinfo-6.0-3.fc23 (FEDORA-2016-e9bc854cca) Tools needed to create Texinfo format documentation files -------------------------------------------------------------------------------- Update Information: install-info: use create-tmp-then-rename pattern because of OSTree -------------------------------------------------------------------------------- References: [ 1 ] Bug #1348671 - [PATCH] install-info: Use create-tmp-then-rename pattern https://bugzilla.redhat.com/show_bug.cgi?id=1348671 -------------------------------------------------------------------------------- ================================================================================ tunir-0.16-1.fc23 (FEDORA-2016-3824ee7635) An ultra light testing system -------------------------------------------------------------------------------- Update Information: Updates to bugfix release 0.16 ---- Updates to bugfix release 0.15.3 ---- Updates to 0.15.1 ---- Updates to 0.14 with multihost and Ansible support -------------------------------------------------------------------------------- ================================================================================ unicode-ucd-9.0.0-1.fc23 (FEDORA-2016-bc09ccb25c) Unicode Character Database -------------------------------------------------------------------------------- Update Information: Update to new Unicode 9 release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1232539 - unicode-ucd-9.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1232539 -------------------------------------------------------------------------------- ================================================================================ wordpress-4.5.3-1.fc23 (FEDORA-2016-a5e392ef01) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: See upstream announcement [WordPress 4.5.3 Maintenance and Security Release](ttps://wordpress.org/news/2016/06/wordpress-4-5-3/) Packaging changes: - provide nginx configuration (fedora) - drop mandatory dependency on httpd (suggested) #1336091 - protect php files in uploads directory -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx