The following Fedora 23 Security updates need testing: Age URL 277 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 234 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 207 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 158 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 158 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 123 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 78 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b8f91621c7 optipng-0.7.6-1.fc23 42 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3b9407940 squid-3.5.10-4.fc23 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-89e0874533 ntp-4.2.6p5-41.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3a05803486 drupal7-7.44-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2a66f41200 xguest-1.0.10-33.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-031aa4a6b6 python3-3.4.3-8.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a0853405eb python-2.7.11-5.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f8a01aa629 squidGuard-1.4-26.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f2493c754a setroubleshoot-3.3.9.1-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e538b11379 python-django-horizon-2015.1.4-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a5e392ef01 wordpress-4.5.3-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-21bd6a33af struts-1.3.10-18.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b68f69b086 setroubleshoot-plugins-3.3.5.1-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-73853a7a16 qemu-2.4.1-11.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-34a6b65583 php-5.6.23-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4f3c77ef90 php-pecl-zip-1.13.3-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7a1853cd7d mirrormanager-1.4.4-5.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 18 https://bodhi.fedoraproject.org/updates/FEDORA-2016-28873e4832 vim-7.4.1868-1.fc23 18 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fad11727bf PackageKit-1.1.1-2.fc23 appstream-data-23-11.fc23 fwupd-0.7.1-1.fc23 gnome-software-3.20.3-1.fc23.1 json-glib-1.2.0-1.fc23 libappstream-glib-0.5.14-1.fc23 libgusb-0.2.9-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a0853405eb python-2.7.11-5.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f637b89dda samba-4.3.10-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4f6589e252 audit-2.6-3.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c9c2badcb selinux-policy-3.13.1-158.20.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e9bc854cca texinfo-6.0-3.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-641487b5a4 hwdata-0.290-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-001588074b libfm-1.2.4-4.D20160618gitb22c0995e7.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-06b36c0134 lxsession-0.5.2-10.D20160417git9f8d613332.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7722e39e8c mesa-11.1.0-4.20151218.fc23 The following builds have been pushed to Fedora 23 updates-testing aiccu-2007.01.15-26.fc23 ansible-lint-3.0.0-1.fc23 audit-2.6-3.fc23 btrfs-sxbackup-0.6.8-1.fc23 heketi-2.0.2-3.fc23 keepassx0-0.4.4-5.fc23 mirrormanager-1.4.4-5.fc23 pacemaker-1.1.15-1.fc23 perl-autobox-Junctions-0.002-1.fc23 php-5.6.23-1.fc23 php-pecl-krb5-1.0.0-7.fc23.1 php-pecl-zip-1.13.3-1.fc23 python-represent-1.5.1-1.fc23 samba-4.3.10-1.fc23 zanata-api-3.9.1-1.fc23 zanata-common-3.9.1-1.fc23 Details about builds: ================================================================================ aiccu-2007.01.15-26.fc23 (FEDORA-2016-73923c636b) SixXS Automatic IPv6 Connectivity Client Utility -------------------------------------------------------------------------------- Update Information: Enhancement update. -------------------------------------------------------------------------------- References: [ 1 ] Bug #668767 - aiccu not running setupscript https://bugzilla.redhat.com/show_bug.cgi?id=668767 -------------------------------------------------------------------------------- ================================================================================ ansible-lint-3.0.0-1.fc23 (FEDORA-2016-38c0afc207) Best practices checker for Ansible -------------------------------------------------------------------------------- Update Information: Update to 3.0.0 release -------------------------------------------------------------------------------- ================================================================================ audit-2.6-3.fc23 (FEDORA-2016-4f6589e252) User space tools for 2.6 kernel auditing -------------------------------------------------------------------------------- Update Information: This update to the audit system adds a new enriched data format. This will help in reporting when multiple system's audit logs are aggregated on a central server. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1334850 - audit.rules is readable by all https://bugzilla.redhat.com/show_bug.cgi?id=1334850 [ 2 ] Bug #1334772 - ausearch results depend on order of parameters https://bugzilla.redhat.com/show_bug.cgi?id=1334772 [ 3 ] Bug #1344268 - autrace destroys all audit rules, despite what manpage says https://bugzilla.redhat.com/show_bug.cgi?id=1344268 -------------------------------------------------------------------------------- ================================================================================ btrfs-sxbackup-0.6.8-1.fc23 (FEDORA-2016-3d92465b9e) Incremental btrfs snapshot backups with push/pull support via SSH -------------------------------------------------------------------------------- Update Information: Update to 0.6.8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1347484 - btrfs-sxbackup-0.6.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1347484 -------------------------------------------------------------------------------- ================================================================================ heketi-2.0.2-3.fc23 (FEDORA-2016-6aee7419ee) RESTful based volume management framework for GlusterFS -------------------------------------------------------------------------------- Update Information: Fixed glusterfs templates -------------------------------------------------------------------------------- ================================================================================ keepassx0-0.4.4-5.fc23 (FEDORA-2016-5c5677fe88) Cross-platform password manager -------------------------------------------------------------------------------- Update Information: Correct icon. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1349348 - missing applicaton icon https://bugzilla.redhat.com/show_bug.cgi?id=1349348 -------------------------------------------------------------------------------- ================================================================================ mirrormanager-1.4.4-5.fc23 (FEDORA-2016-7a1853cd7d) Fedora mirror management system -------------------------------------------------------------------------------- Update Information: Added a patch to move the mirrormanager client from pickle to json (related to CVE-2016-1000003). -------------------------------------------------------------------------------- ================================================================================ pacemaker-1.1.15-1.fc23 (FEDORA-2016-e52fe1a76b) Scalable High-Availability cluster resource manager -------------------------------------------------------------------------------- Update Information: * Update for new upstream tarball: Pacemaker-1.1.15, for full details, see included `ChangeLog` file or https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-1.1.15 * Adapt spec file more akin to upstream version: - move xml schema files + `PCMK- MIB.txt` (81ef956), logrotate configuration file (ce576cf; drop it from `-remote` package as well), `attrd_updater` (aff80ae), the normal resource agents (1fc7287), and common directories under `/var/lib/pacemaker` (3492794) from main package under `-cli` - simplify `docdir` build parameter passing and drop as of now redundant `chmod` invocations (e91769e) -------------------------------------------------------------------------------- ================================================================================ perl-autobox-Junctions-0.002-1.fc23 (FEDORA-2016-53fe41164f) Autoboxified junction-style operators -------------------------------------------------------------------------------- Update Information: This release updates documentation. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1349202 - perl-autobox-Junctions-0.002 is available https://bugzilla.redhat.com/show_bug.cgi?id=1349202 -------------------------------------------------------------------------------- ================================================================================ php-5.6.23-1.fc23 (FEDORA-2016-34a6b65583) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: 23 Jun 2016, **PHP 5.6.23** **Core:** * Fixed bug php#72275 (Integer Overflow in json_encode()/json_decode()/json_utf8_to_utf16()). (Stas) * Fixed bug php#72400 (Integer Overflow in addcslashes/addslashes). (Stas) * Fixed bug php#72403 (Integer Overflow in Length of String-typed ZVAL). (Stas) **GD:** * Fixed bug php#72298 (pass2_no_dither out-of-bounds access). (Stas) * Fixed bug php#72337 (invalid dimensions can lead to crash) (Pierre) * Fixed bug php#72339 (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (Pierre) * Fixed bug php#72407 (NULL Pointer Dereference at _gdScaleVert). (Stas) * Fixed bug php#72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow). (Pierre) **Intl:** * Fixed bug php#70484 (selectordinal doesn't work with named parameters). (Anatol) **mbstring:** * Fixed bug php#72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas) **mcrypt:** * Fixed bug php#72455 (Heap Overflow due to integer overflows). (Stas) **Phar:** * Fixed bug php#72321 (invalid free in phar_extract_file()). (hji at dyntopia dot com) **SPL:** * Fixed bug php#72262 (int/size_t confusion in SplFileObject::fread). (Stas) * Fixed bug php#72433 (Use After Free Vulnerability in PHP's GC algorithm and unserialize). (Dmitry) **OpenSSL:** * Fixed bug php#72140 (segfault after calling ERR_free_strings()). (Jakub Zelenka) **WDDX:** * Fixed bug php#72340 (Double Free Courruption in wddx_deserialize). (Stas) -------------------------------------------------------------------------------- ================================================================================ php-pecl-krb5-1.0.0-7.fc23.1 (FEDORA-2016-903cd8d478) Kerberos authentification extension -------------------------------------------------------------------------------- Update Information: Rebuild for krb5 1.14 new ABI (libkadm5clnt_mit.so.10) -------------------------------------------------------------------------------- ================================================================================ php-pecl-zip-1.13.3-1.fc23 (FEDORA-2016-4f3c77ef90) A ZIP archive management extension -------------------------------------------------------------------------------- Update Information: **Version 1.13.3** - Fixed bug php#71923 (integer overflow in ZipArchive::getFrom*). (CVE-2016-3078) (Stas) - Fixed bug php#72258 (ZipArchive converts filenames to unrecoverable form). (Anatol) - Fixed bug php#72434 (ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize). (Dmitry) -------------------------------------------------------------------------------- ================================================================================ python-represent-1.5.1-1.fc23 (FEDORA-2016-f648b80c05) Create __repr__ automatically or declaratively -------------------------------------------------------------------------------- Update Information: A Python package which creates __repr__ automatically or declaratively. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1348207 - Review Request: python-represent - create __repr__ automatically or declaratively https://bugzilla.redhat.com/show_bug.cgi?id=1348207 -------------------------------------------------------------------------------- ================================================================================ samba-4.3.10-1.fc23 (FEDORA-2016-f637b89dda) Server and Client software to interoperate with Windows machines -------------------------------------------------------------------------------- Update Information: resolves: #1348899 - Import of samba.ntacls fails -------------------------------------------------------------------------------- References: [ 1 ] Bug #1348899 - samba-python: Import of samba.ntacls fails https://bugzilla.redhat.com/show_bug.cgi?id=1348899 -------------------------------------------------------------------------------- ================================================================================ zanata-api-3.9.1-1.fc23 (FEDORA-2016-c7cd442a02) Zanata API modules -------------------------------------------------------------------------------- Update Information: - Upstream update to version 3.9.1 -------------------------------------------------------------------------------- ================================================================================ zanata-common-3.9.1-1.fc23 (FEDORA-2016-3ee31da2d5) Zanata common modules -------------------------------------------------------------------------------- Update Information: - Upstream update to version 3.9.1 - Add BuildRequires findbugs and mvn(org.jboss.resteasy:resteasy-bom:pom:) -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx