The following Fedora 23 Security updates need testing: Age URL 306 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 263 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 236 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 187 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 187 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 152 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 27 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fcccb0a547 nodejs-0.10.46-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a7322c9fd1 spice-0.12.8-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-70b5173c05 ecryptfs-utils-111-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6db1c9eb69 dnsmasq-2.76-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-430bc0f808 p7zip-16.02-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1136df48e5 openssh-7.2p2-4.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-16e8d38f57 gsi-openssh-7.2p2-3.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c8cf5912c php-guzzlehttp-guzzle6-6.2.1-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-df0726ae26 httpd-2.4.23-4.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e2c8f5f95a php-guzzlehttp-guzzle-5.3.1-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7b7e16a39e libvirt-1.2.18.4-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6f69bc4d59 glpi-0.90.4-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-833533ffde ca-certificates-2016.2.8-1.0.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c libarchive-3.2.1-3.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ed5f606dde drupal7-views-3.14-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-340e361b90 golang-1.5.4-2.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cd2bd0800f php-5.6.24-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b777fc7a8b php-pecl-zip-1.13.4-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2e20730676 pbuilder-0.225.2-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ec4c27d766 libgcrypt-1.6.5-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-97ca9d52a4 python-django-1.8.14-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-610fe5f5f8 libidn-1.33-1.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1f48f924bb gnome-online-accounts-3.18.5-1.fc23 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-afcccffb41 fuse-2.9.7-1.fc23 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fc3a26d327 coreutils-8.24-8.fc23 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-dd82ceb4e0 poppler-0.34.0-3.fc23 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6e407680b6 libtasn1-4.8-2.fc23 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-916c007124 firefox-47.0.1-2.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6db1c9eb69 dnsmasq-2.76-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1136df48e5 openssh-7.2p2-4.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-70344c9c11 thunderbird-45.2.0-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c libarchive-3.2.1-3.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-833533ffde ca-certificates-2016.2.8-1.0.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-98a7a1b6e0 abrt-2.8.0-6.fc23 libreport-2.6.4-3.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f76d52932c koji-1.10.1-10.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-df0726ae26 httpd-2.4.23-4.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2abbdf016d gnupg2-2.1.13-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ec4c27d766 libgcrypt-1.6.5-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-65dc8f0ead libassuan-2.4.3-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c110d99b0b libgpg-error-1.24-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-610fe5f5f8 libidn-1.33-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c87f8f1eb3 systemtap-3.0-3.fc23 The following builds have been pushed to Fedora 23 updates-testing MUMPS-5.0.2-1.fc23 R-Rcpp-0.12.6-1.fc23 boinc-client-7.6.22-7.fc23 edk2-20160418gita8c39ba-4.fc23 engauge-digitizer-9.0-1.fc23 gnome-shell-extension-panel-osd-1-0.16.20160722git5897019.fc23 golang-github-mvo5-uboot-go-0-0.1.git361f6eb.fc23 libidn-1.33-1.fc23 lighttpd-1.4.40-3.fc23 mariadb-10.0.25-2.fc23 mariadb-10.0.25-3.fc23 nodejs-emojione-2.2.6-3.fc23 opendkim-2.10.3-6.fc23 python-django-1.8.14-1.fc23 python-libcloud-1.1.0-1.fc23 python-rpmfluff-0.5-1.fc23 shotwell-0.23.4-1.fc23 systemtap-3.0-3.fc23 tomoe-gtk-0.6.0-25.fc23 tuned-2.7.0-2.fc23 Details about builds: ================================================================================ MUMPS-5.0.2-1.fc23 (FEDORA-2016-4b42e85ea3) A MUltifrontal Massively Parallel sparse direct Solver -------------------------------------------------------------------------------- Update Information: - Update to 5.0.2 -------------------------------------------------------------------------------- ================================================================================ R-Rcpp-0.12.6-1.fc23 (FEDORA-2016-bf20cb3fdc) Seamless R and C++ Integration -------------------------------------------------------------------------------- Update Information: See https://cran.r-project.org/web/packages/Rcpp/news.html -------------------------------------------------------------------------------- ================================================================================ boinc-client-7.6.22-7.fc23 (FEDORA-2016-a35db13be2) The BOINC client core -------------------------------------------------------------------------------- Update Information: while waiting for upstream fixing user idle time detection, old algorithm has been disabled due not working + triggering SELinux alerts -------------------------------------------------------------------------------- References: [ 1 ] Bug #1337607 - BOINC relies on running "stat /dev/input/" for idle detection time. This approach does not work and triggers SELinux alerts https://bugzilla.redhat.com/show_bug.cgi?id=1337607 -------------------------------------------------------------------------------- ================================================================================ edk2-20160418gita8c39ba-4.fc23 (FEDORA-2016-8b9615e65a) EFI Development Kit II -------------------------------------------------------------------------------- Update Information: Also build for armv7. -------------------------------------------------------------------------------- ================================================================================ engauge-digitizer-9.0-1.fc23 (FEDORA-2016-d814e6a23a) Convert graphs or map files into numbers -------------------------------------------------------------------------------- Update Information: - Update to 9.0 -------------------------------------------------------------------------------- ================================================================================ gnome-shell-extension-panel-osd-1-0.16.20160722git5897019.fc23 (FEDORA-2016-c17fde7580) Configure the place where notifications are shown -------------------------------------------------------------------------------- Update Information: Add polish translation. Make gsettings-schema translatable. ---- Fixes layout on multimonitor-systems or when using bottom-panel extensions. -------------------------------------------------------------------------------- ================================================================================ golang-github-mvo5-uboot-go-0-0.1.git361f6eb.fc23 (FEDORA-2016-4154def2ea) Read/write uboot environment -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1358692 - Review Request: golang-github-mvo5-uboot-go - Read/write uboot environment https://bugzilla.redhat.com/show_bug.cgi?id=1358692 -------------------------------------------------------------------------------- ================================================================================ libidn-1.33-1.fc23 (FEDORA-2016-610fe5f5f8) Internationalized Domain Name support library -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-6263, CVE-2015-8948, CVE-2016-6262, CVE-2016-6261 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1359145 - CVE-2016-6263 libidn: Crash when given invalid UTF-8 data on input https://bugzilla.redhat.com/show_bug.cgi?id=1359145 [ 2 ] Bug #1359141 - CVE-2015-8948 libidn: Out-of-bounds read due to use of fgets with fixed-size buffer https://bugzilla.redhat.com/show_bug.cgi?id=1359141 [ 3 ] Bug #1359138 - CVE-2016-6262 libidn: Out-of-bounds read when reading zero byte as input https://bugzilla.redhat.com/show_bug.cgi?id=1359138 [ 4 ] Bug #1359134 - CVE-2016-6261 libidn: Out of bounds stack read in idna_to_ascii_4i https://bugzilla.redhat.com/show_bug.cgi?id=1359134 -------------------------------------------------------------------------------- ================================================================================ lighttpd-1.4.40-3.fc23 (FEDORA-2016-37c80bd3d5) Lightning fast webserver with light system requirements -------------------------------------------------------------------------------- Update Information: Connection state patch. -------------------------------------------------------------------------------- ================================================================================ mariadb-10.0.25-2.fc23 (FEDORA-2016-a84a3e4936) A community developed branch of MySQL -------------------------------------------------------------------------------- Update Information: This update fixes potential issue in database initialization which could lead to removing unwanted data in some corner cases. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1335849 - MariaDB removes all databases! https://bugzilla.redhat.com/show_bug.cgi?id=1335849 -------------------------------------------------------------------------------- ================================================================================ mariadb-10.0.25-3.fc23 (FEDORA-2016-0513b8170f) A community developed branch of MySQL -------------------------------------------------------------------------------- Update Information: use uname -n instead of hostname ---- This update fixes potential issue in database initialization which could lead to removing unwanted data in some corner cases. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1317907 - mariadb-server needs `hostname` command, but does not declare it as a dependency https://bugzilla.redhat.com/show_bug.cgi?id=1317907 [ 2 ] Bug #1335849 - MariaDB removes all databases! https://bugzilla.redhat.com/show_bug.cgi?id=1335849 -------------------------------------------------------------------------------- ================================================================================ nodejs-emojione-2.2.6-3.fc23 (FEDORA-2016-38e4c90532) EmojiOne is a complete set of emojis designed for the web -------------------------------------------------------------------------------- Update Information: This is a new package and will be used by ibus package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1350700 - Review Request: nodejs-emojione - Emoji One is a complete set of emojis designed for the web https://bugzilla.redhat.com/show_bug.cgi?id=1350700 -------------------------------------------------------------------------------- ================================================================================ opendkim-2.10.3-6.fc23 (FEDORA-2016-83e8509ece) A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail -------------------------------------------------------------------------------- Update Information: Added patch for SourceForge Ticket #226 to fix a bad signature due to a wrapping From: field ---- Fixed OpenLDAP support for all versions except EL5 (required version not available). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1293279 - opendkim miss LDAP support https://bugzilla.redhat.com/show_bug.cgi?id=1293279 -------------------------------------------------------------------------------- ================================================================================ python-django-1.8.14-1.fc23 (FEDORA-2016-97ca9d52a4) A high-level Python Web framework -------------------------------------------------------------------------------- Update Information: fix CVE-2016-6186 (rhbz#1357701) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1357701 - CVE-2016-6186 python-django: django: XSS in admin's add/change related popup [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1357701 -------------------------------------------------------------------------------- ================================================================================ python-libcloud-1.1.0-1.fc23 (FEDORA-2016-1d10a6e3f6) A Python library to address multiple cloud provider APIs -------------------------------------------------------------------------------- Update Information: Python Libcloud 1.1.0 release -------------------------------------------------------------------------------- ================================================================================ python-rpmfluff-0.5-1.fc23 (FEDORA-2016-d83916b0af) Lightweight way of building RPMs, and sabotaging them -------------------------------------------------------------------------------- Update Information: Update to 0.5 -------------------------------------------------------------------------------- ================================================================================ shotwell-0.23.4-1.fc23 (FEDORA-2016-02fbcc8a68) A photo organizer for the GNOME desktop -------------------------------------------------------------------------------- Update Information: #### Shotwell 0.23.4 - 20 Jul 2016 #### * Plugins: Fix linking error #### Shotwell 0.23.3 - 18 Jul 2016 #### * libraw: Fix binding of ProcessedImage.data * graw: Prevent needless array duplication * Fix screenshot URLs in appdata * db: Add option to trace SQL statements * Change build system to autotools * Add help, appdata, gsettings and desktop files to translation system * Change way help is built and installed * Always install the manpage * Several translation fixes * Make message more clear that there are no photos matching a filter ---- #### Shotwell 0.23.2 - 20 Jun 2016 #### * Use yelp-build to generate HTML docs * Remove gphoto-2.4 support * Fix background color drawing (#766864) * Port GtkNotebook to GtkStack (#744289) * Fix missing scroll bars in events (#766864) * Fix URLs in manpage * Clean up external functions * Port librest's internal hmac_sha1 implementation to Vala * Fix multiplication of symbols in plugins * Request "popup" login in Facebook * Update help regarding publishing permissions in Facebook (#766919) * Add source SVG for new app icons * Update logo for help * Remove executable flag on images * Piwigo: Let libsoup parse the cookie * Remove string utility functions in publishing plugins * Remove a libgee work- around, bump to 0.10 minimum version * Make filter toolbar buttons contain text and image * Move commonly used functions into shared library to prevent multiple definition of symbols -------------------------------------------------------------------------------- ================================================================================ systemtap-3.0-3.fc23 (FEDORA-2016-c87f8f1eb3) Programmable system-wide instrumentation system -------------------------------------------------------------------------------- Update Information: Backport upstream fixes for running with kernel-4.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1358863 - Current fedora 23 systemtap does not work with the 4.6 kernel https://bugzilla.redhat.com/show_bug.cgi?id=1358863 -------------------------------------------------------------------------------- ================================================================================ tomoe-gtk-0.6.0-25.fc23 (FEDORA-2016-1a7d5ddda2) Gtk library for tomoe for Japanese and Chinese handwritten input -------------------------------------------------------------------------------- Update Information: - Fixed Bug 1240071 - tomoe-gtk: FTBFS in rawhide - Correct path for translation -------------------------------------------------------------------------------- References: [ 1 ] Bug #1240071 - tomoe-gtk: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1240071 -------------------------------------------------------------------------------- ================================================================================ tuned-2.7.0-2.fc23 (FEDORA-2016-3acc8e3722) A dynamic adaptive system tuning daemon -------------------------------------------------------------------------------- Update Information: This is an update fixing two tracebacks - tuned-gui and 'tuned-adm list' if running with main tuned daemon stopped. ---- This is new version of Tuned fixing many bugs and also introducing new features, for details see upstream changelog: https://fedorahosted.org/tuned/#Changelog -------------------------------------------------------------------------------- References: [ 1 ] Bug #1358846 - tuned-gui: traceback https://bugzilla.redhat.com/show_bug.cgi?id=1358846 [ 2 ] Bug #1095142 - Tuned should use polkit instead of dbus policy https://bugzilla.redhat.com/show_bug.cgi?id=1095142 [ 3 ] Bug #1246992 - tuned doesnt honor devices specified when setting alpm policy https://bugzilla.redhat.com/show_bug.cgi?id=1246992 [ 4 ] Bug #1351937 - fix conditional support for grub2 in RPM post scriplets https://bugzilla.redhat.com/show_bug.cgi?id=1351937 [ 5 ] Bug #1356369 - tuned-gui: After installing the tuned-gtk package a launcher is not generated (*.desktop) https://bugzilla.redhat.com/show_bug.cgi?id=1356369 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
