The following Fedora 23 Security updates need testing: Age URL 284 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 242 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 214 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 165 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 165 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 130 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 49 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3b9407940 squid-3.5.10-4.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-34a6b65583 php-5.6.23-1.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4f3c77ef90 php-pecl-zip-1.13.3-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9df3915036 phpMyAdmin-4.6.3-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0b966047e1 krb5-1.14.1-7.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3093027736 mediawiki-1.26.3-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fcccb0a547 nodejs-0.10.46-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-16e8d38f57 gsi-openssh-7.1p2-2.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ef784cf9f7 python3-3.4.3-9.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d126bb1b74 gd-2.1.1-8.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-73a733f4d9 kernel-4.5.7-202.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d97547150a nodejs-ws-1.1.1-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f0552e1341 libreoffice-5.0.6.2-9.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d2d6890690 xerces-c-3.1.4-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-87e8468465 mingw-xerces-c-3.1.4-1.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 25 https://bodhi.fedoraproject.org/updates/FEDORA-2016-28873e4832 vim-7.4.1868-1.fc23 25 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fad11727bf PackageKit-1.1.1-2.fc23 appstream-data-23-11.fc23 fwupd-0.7.1-1.fc23 gnome-software-3.20.3-1.fc23.1 json-glib-1.2.0-1.fc23 libappstream-glib-0.5.14-1.fc23 libgusb-0.2.9-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c9c2badcb selinux-policy-3.13.1-158.20.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e9bc854cca texinfo-6.0-3.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-001588074b libfm-1.2.4-4.D20160618gitb22c0995e7.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-06b36c0134 lxsession-0.5.2-10.D20160417git9f8d613332.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f637b89dda samba-4.3.10-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0b966047e1 krb5-1.14.1-7.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-abff7c6423 kde-settings-23-12.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-99671098b1 qt-4.8.7-18.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4b66e3011c lxpanel-0.8.2-2.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-73a733f4d9 kernel-4.5.7-202.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-20e8af4a21 audit-2.6.1-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d126bb1b74 gd-2.1.1-8.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d55470177d libwnck3-3.18.0-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5e71233527 dmidecode-3.0-4.fc23 The following builds have been pushed to Fedora 23 updates-testing ansible-lint-3.1.0-1.fc23 btrfs-sxbackup-0.6.9-1.fc23 dmidecode-3.0-4.fc23 flatpak-0.6.6-1.fc23 fldigi-3.23.12-1.fc23 flmsg-3.00.01-1.fc23 geary-0.11.1-1.fc23 kubernetes-1.2.0-0.24.git4a3f9c5.fc23 libreoffice-5.0.6.2-9.fc23 libwnck3-3.18.0-1.fc23 mingw-tk-8.6.4-2.fc23 mingw-xerces-c-3.1.4-1.fc23 nfdump-1.6.15-2.fc23 ngspice-26-4.fc23 nodejs-ws-1.1.1-1.fc23 pychess-0.12.4-5.fc23 qgit-2.6-2.fc23 rabbitmq-server-3.6.2-4.fc23 the_silver_searcher-0.32.0-1.fc23 xerces-c-3.1.4-1.fc23 Details about builds: ================================================================================ ansible-lint-3.1.0-1.fc23 (FEDORA-2016-14d168dec4) Best practices checker for Ansible -------------------------------------------------------------------------------- Update Information: Fixed typo in previous changelog entry ---- Fixed typo in previous changelog entry ---- Update to 3.0.0 release -------------------------------------------------------------------------------- ================================================================================ btrfs-sxbackup-0.6.9-1.fc23 (FEDORA-2016-0d6a7dc291) Incremental btrfs snapshot backups with push/pull support via SSH -------------------------------------------------------------------------------- Update Information: Update to 0.6.9 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1347484 - btrfs-sxbackup-0.6.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1347484 [ 2 ] Bug #1350287 - btrfs-sxbackup-0.6.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1350287 -------------------------------------------------------------------------------- ================================================================================ dmidecode-3.0-4.fc23 (FEDORA-2016-5e71233527) Tool to analyse BIOS DMI data -------------------------------------------------------------------------------- Update Information: Applied out-a-tree patch from Petr Oros: dmidecode: Unmask LRDIMM in memory type detail -------------------------------------------------------------------------------- ================================================================================ flatpak-0.6.6-1.fc23 (FEDORA-2016-47b1efdf38) Application deployment framework for desktop apps -------------------------------------------------------------------------------- Update Information: Update to 0.6.6 -------------------------------------------------------------------------------- ================================================================================ fldigi-3.23.12-1.fc23 (FEDORA-2016-c4e35547a4) Digital modem program for Linux -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1346520 - fldigi-3.23.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=1346520 -------------------------------------------------------------------------------- ================================================================================ flmsg-3.00.01-1.fc23 (FEDORA-2016-c4e35547a4) Fast Light Message Amateur Radio Forms Manager -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1346520 - fldigi-3.23.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=1346520 -------------------------------------------------------------------------------- ================================================================================ geary-0.11.1-1.fc23 (FEDORA-2016-7a2fb3caf1) A lightweight email program designed around conversations -------------------------------------------------------------------------------- Update Information: #### Geary 0.11.1 - 27 June 2016 #### * Fix frequent crashes on 32-bit/i686 OS installations * Fix error connecting to certain Outlook\.com accounts * Find special folders with lower case names * Find Exchange Sent and Deleted special folders * Don't create Archive folders for GMail accounts * Use HTTPS for accessing Gravatar\.com * Fix text not show when only plain text and image parts * Fix crash when is:foo is not translated * Make English versions of search ops always work * Allow to:me and from:me to be translated separately * Fix date typo in NEWS * Updated UI translations The list of changes including credits can be found [here](https://download.gnome.org/sources/geary/0.11/geary-0.11.1.news). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1337903 - geary fails to initialize: unknown tokenizer: unicodesn https://bugzilla.redhat.com/show_bug.cgi?id=1337903 -------------------------------------------------------------------------------- ================================================================================ kubernetes-1.2.0-0.24.git4a3f9c5.fc23 (FEDORA-2016-f612484f9e) Container cluster management -------------------------------------------------------------------------------- Update Information: Be more verbose about devel subpackage ---- Own /run/kubernetes directory -------------------------------------------------------------------------------- References: [ 1 ] Bug #1269449 - Summary for kubernetes-devel package should be more informative https://bugzilla.redhat.com/show_bug.cgi?id=1269449 [ 2 ] Bug #1264699 - kubernetes do not respect tpmfiles.d policy https://bugzilla.redhat.com/show_bug.cgi?id=1264699 -------------------------------------------------------------------------------- ================================================================================ libreoffice-5.0.6.2-9.fc23 (FEDORA-2016-f0552e1341) Free Software Productivity Suite -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-4324 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1351197 - CVE-2016-4324 libreoffice: Dereference of invalid STL iterator on processing RTF file https://bugzilla.redhat.com/show_bug.cgi?id=1351197 -------------------------------------------------------------------------------- ================================================================================ libwnck3-3.18.0-1.fc23 (FEDORA-2016-d55470177d) Window Navigator Construction Kit -------------------------------------------------------------------------------- Update Information: update to latest upstream releases -------------------------------------------------------------------------------- References: [ 1 ] Bug #1347757 - libwnck3 needs updating to latest upstream version https://bugzilla.redhat.com/show_bug.cgi?id=1347757 -------------------------------------------------------------------------------- ================================================================================ mingw-tk-8.6.4-2.fc23 (FEDORA-2016-9ba96d7d65) MinGW Windows graphical toolkit for the Tcl scripting language -------------------------------------------------------------------------------- Update Information: Update to 8.6.4 and build mingw64-tk -------------------------------------------------------------------------------- References: [ 1 ] Bug #1269746 - Please build mingw64-tk https://bugzilla.redhat.com/show_bug.cgi?id=1269746 -------------------------------------------------------------------------------- ================================================================================ mingw-xerces-c-3.1.4-1.fc23 (FEDORA-2016-87e8468465) MingGW Windows validating XML parser -------------------------------------------------------------------------------- Update Information: MinGW cross compiled xerces-c 3.1.4, fixing CVE-2016-0729, CVE-2016-2099 and CVE-2016-4463 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1348845 - CVE-2016-4463 xerces-c: Stack overflow when parsing deeply nested DTD https://bugzilla.redhat.com/show_bug.cgi?id=1348845 [ 2 ] Bug #1310699 - CVE-2016-2099 xerces-c: Use-after-free in heap on specially crafted XML input https://bugzilla.redhat.com/show_bug.cgi?id=1310699 [ 3 ] Bug #1312231 - CVE-2016-0729 xerces-c: parser crashes on malformed input https://bugzilla.redhat.com/show_bug.cgi?id=1312231 -------------------------------------------------------------------------------- ================================================================================ nfdump-1.6.15-2.fc23 (FEDORA-2016-76dac84a5e) NetFlow collecting and processing tools -------------------------------------------------------------------------------- Update Information: Remove superfluous debug output. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1350764 - nfdump built with debug output enabled https://bugzilla.redhat.com/show_bug.cgi?id=1350764 -------------------------------------------------------------------------------- ================================================================================ ngspice-26-4.fc23 (FEDORA-2016-a8d80244f6) A mixed level/signal circuit simulator -------------------------------------------------------------------------------- Update Information: Some function in ngspice may not work without installing tclspice because tclspice configuration overwrote ngspice configuration during make install process. This new rpm should fix this issue. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1311869 - wrong codemodel paths in /usr/share/ngspice/scripts/spinit https://bugzilla.redhat.com/show_bug.cgi?id=1311869 -------------------------------------------------------------------------------- ================================================================================ nodejs-ws-1.1.1-1.fc23 (FEDORA-2016-d97547150a) Web socket client, server and console for nodejs -------------------------------------------------------------------------------- Update Information: Security fix - Update to 1.1.1 (#1351230,1351231) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1351230 - nodejs-ws: DoS due to excessively large websocket message https://bugzilla.redhat.com/show_bug.cgi?id=1351230 -------------------------------------------------------------------------------- ================================================================================ pychess-0.12.4-5.fc23 (FEDORA-2016-0c189e807e) Chess game for GNOME -------------------------------------------------------------------------------- Update Information: python-gobject is required for pychess to work properly. ---- gtksourceview3 is needed ---- Move to supported version, Bug fixes -------------------------------------------------------------------------------- ================================================================================ qgit-2.6-2.fc23 (FEDORA-2016-b3ec4cf195) GUI browser for git repositories -------------------------------------------------------------------------------- Update Information: use correct compiler flags ---- - updated to 2.6 - switched to Qt 5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1351438 - Patch to build with $RPM_OPT_FLAGS https://bugzilla.redhat.com/show_bug.cgi?id=1351438 [ 2 ] Bug #1336144 - Build QGit v2.6 with Qt5 https://bugzilla.redhat.com/show_bug.cgi?id=1336144 -------------------------------------------------------------------------------- ================================================================================ rabbitmq-server-3.6.2-4.fc23 (FEDORA-2016-1ec5eeea50) The RabbitMQ server -------------------------------------------------------------------------------- Update Information: * Fixed failure during slave promotion * Restored compatibility with resource- agents -------------------------------------------------------------------------------- ================================================================================ the_silver_searcher-0.32.0-1.fc23 (FEDORA-2016-3b747a6e46) Super-fast text searching tool (ag) -------------------------------------------------------------------------------- Update Information: update to 0.32.0 ---- Build for RHEL6(EPEL) -------------------------------------------------------------------------------- ================================================================================ xerces-c-3.1.4-1.fc23 (FEDORA-2016-d2d6890690) Validating XML Parser -------------------------------------------------------------------------------- Update Information: Update to xerces-c 3.1.4, fixing CVE-2016-2099 and CVE-2016-4463 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1348845 - CVE-2016-4463 xerces-c: Stack overflow when parsing deeply nested DTD https://bugzilla.redhat.com/show_bug.cgi?id=1348845 [ 2 ] Bug #1310699 - CVE-2016-2099 xerces-c: Use-after-free in heap on specially crafted XML input https://bugzilla.redhat.com/show_bug.cgi?id=1310699 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx