The following Fedora 23 Security updates need testing: Age URL 379 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 337 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 310 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 261 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 260 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 225 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 101 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fcccb0a547 nodejs-0.10.46-1.fc23 79 https://bodhi.fedoraproject.org/updates/FEDORA-2016-70b5173c05 ecryptfs-utils-111-1.fc23 67 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d79ade826 flex-2.6.0-2.fc23 56 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c2ec9c716e redis-3.2.3-1.fc23 49 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23 47 https://bodhi.fedoraproject.org/updates/FEDORA-2016-47dc2b203f firewalld-0.4.3.3-1.fc23 33 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3a6435b14 dhcpcd-6.11.3-1.fc23 24 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ed1c402851 thunderbird-45.3.0-1.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-97454404fe openssl-1.0.2j-1.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0551065fe0 irssi-0.8.20-2.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-77e5105570 php-ZendFramework-1.12.20-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3795497354 python-django-1.8.15-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ad1871cf02 openjpeg2-2.1.2-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe55f449e0 mingw-openjpeg2-2.1.2-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3af8b344f1 bind-9.10.4-2.P3.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cbef6c8619 bind99-9.9.9-2.P3.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1b9d24c2b6 zathura-pdf-mupdf-0.3.0-2.fc23 mujs-0-5.20160921git5c337af.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7aa3c89e7b c-ares-1.12.0-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-66d9389548 mingw-c-ares-1.12.0-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f15168439d bash-4.3.42-5.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bb007a4097 openssh-7.2p2-6.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8e4e733bef systemd-222-17.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c0f589bd32 perl-DBD-MySQL-4.033-3.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2e50862950 chromium-53.0.2785.143-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e99bb57db9 python-pillow-3.0.0-5.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-94bdf707d4 ghostscript-9.16-5.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 76 https://bodhi.fedoraproject.org/updates/FEDORA-2016-98a7a1b6e0 abrt-2.8.0-6.fc23 libreport-2.6.4-3.fc23 49 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23 24 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ed1c402851 thunderbird-45.3.0-1.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-79072fd70e python-virtkey-0.63.0-1.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ab35400bb1 poppler-0.34.0-4.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7aef55393a polkit-qt-0.112.0-8.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-97454404fe openssl-1.0.2j-1.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6a3e81a5be linux-firmware-20160923-68.git42ad5367.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cf2b06f96f libass-0.13.3-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bb007a4097 openssh-7.2p2-6.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f15168439d bash-4.3.42-5.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9d283ed227 python-2.7.11-11.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3af8b344f1 bind-9.10.4-2.P3.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d26923757a koji-1.10.1-13.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8e4e733bef systemd-222-17.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fdf15e65fd hwdata-0.293-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c0f589bd32 perl-DBD-MySQL-4.033-3.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7b1087bfe4 nss-3.27.0-1.1.fc23 nss-softokn-3.27.0-1.0.fc23 nss-util-3.27.0-1.0.fc23 nspr-4.13.0-1.fc23 The following builds have been pushed to Fedora 23 updates-testing ceres-solver-1.11.0-6.fc23 check-mk-1.2.8p11-2.fc23 chromium-53.0.2785.143-1.fc23 cmst-2016.10.03-1.gitf85b216.fc23 corebird-1.3.3-1.fc23 davfs2-1.5.4-3.fc23 dpm-dsi-1.9.9-1.fc23 eigen3-3.2.10-1.fc23 fail2ban-0.9.5-3.fc23 gammu-1.37.4-2.fc23 ghostscript-9.16-5.fc23 hwdata-0.293-1.fc23 liveusb-creator-3.95.4-1.fc23 mingw-eigen3-3.2.10-1.fc23 mingw-opusfile-0.8-1.fc23 otter-browser-0.9.11-0.2.beta11gitc051a5e.fc23 perl-DBD-MySQL-4.033-3.fc23 perl-Digest-SHA3-0.25-1.fc23 php-bartlett-php-compatinfo-db-1.13.0-1.fc23 php-phpseclib-2.0.4-1.fc23 php-symfony-2.8.12-2.fc23 php-twig-1.26.0-1.fc23 php-udan11-sql-parser-3.4.10-1.fc23 pjproject-2.4.5-8.fc23 python-bitarray-0.8.1-4.fc23 python-pillow-3.0.0-5.fc23 sks-1.1.6-1.fc23 vagrant-1.8.1-2.fc23 zstd-1.1.0-1.fc23 Details about builds: ================================================================================ ceres-solver-1.11.0-6.fc23 (FEDORA-2016-20ab53cb14) A non-linear least squares minimizer -------------------------------------------------------------------------------- Update Information: Update to version 3.2.10, see http://eigen.tuxfamily.org/index.php?title=ChangeLog#Eigen_3.2.10 for details. -------------------------------------------------------------------------------- ================================================================================ check-mk-1.2.8p11-2.fc23 (FEDORA-2016-fcdd202b2c) A new general purpose Nagios-plugin for retrieving data -------------------------------------------------------------------------------- Update Information: Dist tag fix for mod_python to be a require on EL6 only. ---- New upstream release. -------------------------------------------------------------------------------- ================================================================================ chromium-53.0.2785.143-1.fc23 (FEDORA-2016-2e50862950) A WebKit (Blink) powered web browser -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-5177, CVE-2016-5178 https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for- desktop_29.html ---- Update to 53.0.2785.116. https://chromium.googlesource.c om/chromium/src/+log/53.0.2785.113..53.0.2785.116?pretty=fuller&n=10000 ---- Update to 53.0.2785.113 Security fix for CVE-2016-5170, CVE-2016-5171, CVE-2016-5172, CVE-2016-5173, CVE-2016-5174, CVE-2016-5175 ---- Stable update to 53.0.2785.101. Security fix for CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154, CVE-2016-5155, CVE-2016-5156, CVE-2016-5157, CVE-2016-5158, CVE-2016-5159, CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164, CVE-2016-5165, CVE-2016-5166, CVE-2016-5160, CVE-2016-5167 Also applies fix for chrome-remote- desktop where HOME env variable was not properly set via systemd service. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1380632 - CVE-2016-5178 chromium-browser: various fixes from internal audits https://bugzilla.redhat.com/show_bug.cgi?id=1380632 [ 2 ] Bug #1380631 - CVE-2016-5177 chromium-browser: use after free in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1380631 [ 3 ] Bug #1375868 - CVE-2016-5175 chromium-browser: various fixes from internal audits https://bugzilla.redhat.com/show_bug.cgi?id=1375868 [ 4 ] Bug #1375867 - CVE-2016-5174 chromium-browser: popup not correctly suppressed https://bugzilla.redhat.com/show_bug.cgi?id=1375867 [ 5 ] Bug #1375866 - CVE-2016-5173 chromium-browser: extension resource access https://bugzilla.redhat.com/show_bug.cgi?id=1375866 [ 6 ] Bug #1375865 - CVE-2016-5172 chromium-browser: arbitrary memory read in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1375865 [ 7 ] Bug #1375864 - CVE-2016-5171 chromium-browser: use after free in blink https://bugzilla.redhat.com/show_bug.cgi?id=1375864 [ 8 ] Bug #1375863 - CVE-2016-5170 chromium-browser: use after free in blink https://bugzilla.redhat.com/show_bug.cgi?id=1375863 [ 9 ] Bug #1372229 - CVE-2016-5167 chromium-browser: various fixes from internal audits https://bugzilla.redhat.com/show_bug.cgi?id=1372229 [ 10 ] Bug #1372228 - CVE-2016-5160 chromium-browser: extensions web accessible resources bypass https://bugzilla.redhat.com/show_bug.cgi?id=1372228 [ 11 ] Bug #1372227 - CVE-2016-5166 chromium-browser: smb relay attack via save page as https://bugzilla.redhat.com/show_bug.cgi?id=1372227 [ 12 ] Bug #1372225 - CVE-2016-5165 chromium-browser: script injection in devtools https://bugzilla.redhat.com/show_bug.cgi?id=1372225 [ 13 ] Bug #1372224 - CVE-2016-5164 chromium-browser: universal xss using devtools https://bugzilla.redhat.com/show_bug.cgi?id=1372224 [ 14 ] Bug #1372223 - CVE-2016-5163 chromium-browser: address bar spoofing https://bugzilla.redhat.com/show_bug.cgi?id=1372223 [ 15 ] Bug #1372222 - CVE-2016-5162 chromium-browser: extensions web accessible resources bypass https://bugzilla.redhat.com/show_bug.cgi?id=1372222 [ 16 ] Bug #1372221 - CVE-2016-5161 chromium-browser: type confusion in blink https://bugzilla.redhat.com/show_bug.cgi?id=1372221 [ 17 ] Bug #1372220 - CVE-2016-5159 chromium-browser: heap overflow in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1372220 [ 18 ] Bug #1372219 - CVE-2016-5158 chromium-browser: heap overflow in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1372219 [ 19 ] Bug #1372218 - CVE-2016-5157 chromium-browser: heap overflow in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1372218 [ 20 ] Bug #1372217 - CVE-2016-5156 chromium-browser: use after free in event bindings https://bugzilla.redhat.com/show_bug.cgi?id=1372217 [ 21 ] Bug #1372216 - CVE-2016-5155 chromium-browser: address bar spoofing https://bugzilla.redhat.com/show_bug.cgi?id=1372216 [ 22 ] Bug #1372215 - CVE-2016-5154 chromium-browser: heap overflow in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1372215 [ 23 ] Bug #1372214 - CVE-2016-5153 chromium-browser: use after destruction in blink https://bugzilla.redhat.com/show_bug.cgi?id=1372214 [ 24 ] Bug #1372213 - CVE-2016-5152 chromium-browser: heap overflow in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1372213 [ 25 ] Bug #1372212 - CVE-2016-5151 chromium-browser: use after free in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1372212 [ 26 ] Bug #1372210 - CVE-2016-5150 chromium-browser: use after free in blink https://bugzilla.redhat.com/show_bug.cgi?id=1372210 [ 27 ] Bug #1372209 - CVE-2016-5149 chromium-browser: script injection in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1372209 [ 28 ] Bug #1372208 - CVE-2016-5148 chromium-browser: universal xss in blink https://bugzilla.redhat.com/show_bug.cgi?id=1372208 [ 29 ] Bug #1372207 - CVE-2016-5147 chromium-browser: universal xss in blink https://bugzilla.redhat.com/show_bug.cgi?id=1372207 -------------------------------------------------------------------------------- ================================================================================ cmst-2016.10.03-1.gitf85b216.fc23 (FEDORA-2016-fec776880f) A Qt based GUI front end for the connman connection manager with systemtray icon -------------------------------------------------------------------------------- Update Information: Update to 2016.10.03-1.gitf85b216 ---- Update to 2016.10.02-1.git35ebb4b -------------------------------------------------------------------------------- ================================================================================ corebird-1.3.3-1.fc23 (FEDORA-2016-1b086dda18) Native GTK Twitter client -------------------------------------------------------------------------------- Update Information: corebird 1.3.3 release. - Support longer tweets in a few more places - Properly escape ampersand characters in user mentions to fix GtkLabel warnings about wrong escape characters in tooltips - Fix tweet length calculations for whitespace-only tweets - Check for duplicated entries in media arrays. This is apparently a problem on Twitter's side but led to crashes in Corebird - Use the correct nsfw status of a tweet, i.e. the one that can actually show images. - Fix a crash when sending a tweet with multiple images attached - Fix tweet length calculation of quote tweets. This previously led to tweets getting rejected by the server even though Corebird claimed they were fine. -------------------------------------------------------------------------------- ================================================================================ davfs2-1.5.4-3.fc23 (FEDORA-2016-441c3bf1fe) A filesystem driver for WebDAV -------------------------------------------------------------------------------- Update Information: update to same version as f24 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1339411 - Please update the package https://bugzilla.redhat.com/show_bug.cgi?id=1339411 -------------------------------------------------------------------------------- ================================================================================ dpm-dsi-1.9.9-1.fc23 (FEDORA-2016-5e3c232199) Disk Pool Manager (DPM) plugin for the Globus GridFTP server -------------------------------------------------------------------------------- Update Information: * new upstream release -------------------------------------------------------------------------------- ================================================================================ eigen3-3.2.10-1.fc23 (FEDORA-2016-20ab53cb14) A lightweight C++ template library for vector and matrix math -------------------------------------------------------------------------------- Update Information: Update to version 3.2.10, see http://eigen.tuxfamily.org/index.php?title=ChangeLog#Eigen_3.2.10 for details. -------------------------------------------------------------------------------- ================================================================================ fail2ban-0.9.5-3.fc23 (FEDORA-2016-07310f15dc) Daemon to ban hosts that cause multiple authentication errors -------------------------------------------------------------------------------- Update Information: - Update to 0.9.5 - see https://github.com/fail2ban/fail2ban/releases/tag/0.9.5 - Give up being PartOf iptables to allow firewalld restarts to work (bug #1379141) - Add journalmatch entries for sendmail (bug #1329919) ---- Update to 0.9.4: Fixes: roundcube-auth jail typo for logpath Fix dnsToIp resolver for fqdn with large list of IPs (gh-1164) filter.d /apache-badbots.conf Updated useragent string regex adding escape for + filter.d/mysqld-auth.conf Updated "Access denied ..." regex for MySQL 5.6 and later (gh-1211, gh-1332) filter.d/sshd.conf Updated "Auth fail" regex for OpenSSH 5.9 and later Treat failed and killed execution of commands identically (only different log messages), which addresses different behavior on different exit codes of dash and bash (gh-1155) Fix jail.conf.5 man's section (gh-1226) Fixed default banaction for allports jails like pam-generic, recidive, etc with new default variable banaction_allports (gh-1216) Fixed fail2ban-regex stops working on invalid (wrong encoded) character for python version < 3.x (gh-1248) Use postfix_log logpath for postfix-rbl jail filters.d/postfix.conf - add 'Sender address rejected: Domain not found' failregex use fail2ban_agent as user-agent in actions badips, blocklist_de, etc (gh-1271) Fix ignoring the sender option by action_mw, action_mwl and action_c_mwl Changed filter.d/asterisk regex for "Call from ..." (few vulnerable now) Removed compression and rotation count from logrotate (inherit them from the global logrotate config) New Features: New interpolation feature for definition config readers - <known/parameter> (means last known init definition of filters or actions with name parameter). This interpolation makes possible to extend a parameters of stock filter or action directly in jail inside jail.local file, without creating a separately filter.d/*.local file. As extension to interpolation %(known/parameter)s, that does not works for filter and action init parameters New actions: nftables-multiport and nftables-allports - filtering using nftables framework. Note: it requires a pre-existing chain for the filtering rule. New filters: openhab - domotic software authentication failure with the rest api and web interface (gh-1223) nginx-limit-req - ban hosts, that were failed through nginx by limit request processing rate (ngx_http_limit_req_module) murmur - ban hosts that repeatedly attempt to connect to murmur/mumble-server with an invalid server password or certificate. haproxy-http-auth - filter to match failed HTTP Authentications against a HAProxy server New jails: murmur - bans TCP and UDP from the bad host on the default murmur port. sshd filter got new failregex to match "maximum authentication attempts exceeded" (introduced in openssh 6.8) Added filter for Mac OS screen sharing (VNC) daemon Enhancements: Do not rotate empty log files Added new date pattern with year after day (e.g. Sun Jan 23 2005 21:59:59) http://bugs.debian.org/798923 Added openSUSE path configuration (Thanks Johannes Weberhofer) Allow to split ignoreip entries by ',' as well as by ' ' (gh-1197) Added a timeout (3 sec) to urlopen within badips.py action (Thanks M. Maraun) Added check against atacker's Googlebot PTR fake records (Thanks Pablo Rodriguez Fernandez) Enhance filter against atacker's Googlebot PTR fake records (gh-1226) Nginx log paths extended (prefixed with "*" wildcard) (gh-1237) Added filter for openhab domotic software authentication failure with the rest api and web interface (gh-1223) Add *_backend options for services to allow distros to set the default backend per service, set default to systemd for Fedora as appropriate Performance improvements while monitoring large number of files (gh-1265). Use associative array (dict) for monitored log files to speed up lookup operations. Thanks @kshetragia Specified that fail2ban is PartOf iptables.service firewalld.service in .service file -- would reload fail2ban if those services are restarted Provides new default fail2ban_version and interpolation variable fail2ban_agent in jail.conf Enhance filter 'postfix' to ban incoming SMTP client with no fqdn hostname, and to support multiple instances of postfix having varying suffix (gh-1331) (Thanks Tom Hendrikx) files/gentoo-initd to use start-stop-daemon to robustify restarting the service -------------------------------------------------------------------------------- References: [ 1 ] Bug #1329919 - None https://bugzilla.redhat.com/show_bug.cgi?id=1329919 -------------------------------------------------------------------------------- ================================================================================ gammu-1.37.4-2.fc23 (FEDORA-2016-7c2e4db0ed) Command Line utility to work with mobile phones -------------------------------------------------------------------------------- Update Information: Force the exact EVR for gammu and gammu-libs -------------------------------------------------------------------------------- ================================================================================ ghostscript-9.16-5.fc23 (FEDORA-2016-94bdf707d4) A PostScript interpreter and renderer -------------------------------------------------------------------------------- Update Information: Security fix for BZ [#1380415](https://bugzilla.redhat.com/show_bug.cgi?id=1380415). IMPORTANT NOTE: This release of ghostscript is **without OpenJPEG** support. The support had to be **temporarily disabled** in order to deliver the security fix. The support for OpenJPEG will be re-enabled as soon as possible. ----------- You can test if your system is vulnerable by these steps: * Download the bash [script](https://goo.gl/eyzZvG) for testing: wget https://goo.gl/eyzZvG * Optional - check the validity of the script: md5 ./bz1380415-test.sh [md5 hash of the script - **4ae552b75bc30e21ff066603a911b5fe**] * Make the script executable & run it: chmod +x ./bz1380415-test.sh && ./bz1380415-test.sh -------------------------------------------------------------------------------- References: [ 1 ] Bug #1380415 - ghostscript: .libfile does not honor -dSAFER https://bugzilla.redhat.com/show_bug.cgi?id=1380415 -------------------------------------------------------------------------------- ================================================================================ hwdata-0.293-1.fc23 (FEDORA-2016-fdf15e65fd) Hardware identification and configuration data -------------------------------------------------------------------------------- Update Information: Updated pci, usb and vendor ids. -------------------------------------------------------------------------------- ================================================================================ liveusb-creator-3.95.4-1.fc23 (FEDORA-2016-51feaea10b) Fedora LiveUSB Creator -------------------------------------------------------------------------------- Update Information: Update to 3.95.4 -------------------------------------------------------------------------------- ================================================================================ mingw-eigen3-3.2.10-1.fc23 (FEDORA-2016-20ab53cb14) MinGW lightweight C++ template library for vector and matrix math -------------------------------------------------------------------------------- Update Information: Update to version 3.2.10, see http://eigen.tuxfamily.org/index.php?title=ChangeLog#Eigen_3.2.10 for details. -------------------------------------------------------------------------------- ================================================================================ mingw-opusfile-0.8-1.fc23 (FEDORA-2016-349184c8ed) A high-level API for decoding and seeking within .opus files -------------------------------------------------------------------------------- Update Information: Update to 0.8 - Add support for OpenSSL 1.1.x. - Fix issues with tag parsing introduced in v0.7. - Fix skip logic for multiplexed non-Opus data. -------------------------------------------------------------------------------- ================================================================================ otter-browser-0.9.11-0.2.beta11gitc051a5e.fc23 (FEDORA-2016-4f6c02cd67) Web browser controlled by the user, not vice-versa -------------------------------------------------------------------------------- Update Information: fix BR for secondary arches ---- - Update to 0.9.11-01.beta11 - Added BR qt5 -qtwebengine-devel - Added BR hunspell-devel -------------------------------------------------------------------------------- ================================================================================ perl-DBD-MySQL-4.033-3.fc23 (FEDORA-2016-c0f589bd32) A MySQL interface for Perl -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-1246 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1380375 - CVE-2016-1246 perl-DBD-MySQL: Buffer overflow triggered by user supplied data https://bugzilla.redhat.com/show_bug.cgi?id=1380375 -------------------------------------------------------------------------------- ================================================================================ perl-Digest-SHA3-0.25-1.fc23 (FEDORA-2016-0e728b4613) Perl extension for SHA-3 -------------------------------------------------------------------------------- Update Information: Updated to the latest version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1371941 - None https://bugzilla.redhat.com/show_bug.cgi?id=1371941 -------------------------------------------------------------------------------- ================================================================================ php-bartlett-php-compatinfo-db-1.13.0-1.fc23 (FEDORA-2016-16c8b72160) Reference Database to be used with php-compatinfo library -------------------------------------------------------------------------------- Update Information: **Version 1.13.0** - 2016-10-03 - Support to PHP 7.0.11 - Support to PHP 5.6.26 - Fixed: curl reference with libCurl dependency, see [#7](https://github.com/llaville/php-compatinfo-db/issues/7) **Version 1.12.0** - 2016-09-26 - Support to PHP 7.0.10 - Support to PHP 5.6.25 -------------------------------------------------------------------------------- ================================================================================ php-phpseclib-2.0.4-1.fc23 (FEDORA-2016-ff0ffc30e4) PHP Secure Communications Library -------------------------------------------------------------------------------- Update Information: **Version 2.0.4** - 2016-08-18 * fix E_DEPRECATED errors on PHP 7.1 (#1041) * SFTP: speed up downloads (#945) * SFTP: fix infinite loop when uploading empty file (#995) * ASN1: fix possible infinite loop in decode (#1027) ---- **Version 2.0.3** - 2016-08-18 - BigInteger/RSA: don't compare openssl versions > 1.0 (#946) - RSA: don't attempt to use the CRT when zero value components exist (#980) - RSA: zero salt length RSA signatures don't work (#1002) - ASN1: fix PHP Warning on PHP 7.1 (#1013) - X509: set parameter fields to null for CSR's / RSA (#914) - CRL optimizations (#1000) - SSH2: fix "Expected SSH_FXP_STATUS or ..." error (#999) - SSH2: use stream_get_* instead of fread() / fgets() (#967) - SFTP: make symlinks support relative target's (#1004) - SFTP: fix sending stream resulting in zero byte file (#995) -------------------------------------------------------------------------------- ================================================================================ php-symfony-2.8.12-2.fc23 (FEDORA-2016-132a504b12) PHP framework for web projects -------------------------------------------------------------------------------- Update Information: **Twig 1.26.0** (2016-10-02) * added template cache invalidation based on more environment options * added a missing deprecation notice * fixed template paths when a template is stored in a PHAR file * allowed filters/functions/tests implementation to use a different class than the extension they belong to * deprecated Twig_ExtensionInterface::getName() ---- **Twig 1.25.0** (2016-09-21) * changed the way we store template source in template classes * removed usage of realpath in cache keys * fixed Twig cache sharing when used with different versions of PHP * removed embed parent workaround for simple use cases * deprecated the ability to store non Node instances in Node::$nodes * deprecated Twig_Environment::getLexer(), Twig_Environment::getParser(), Twig_Environment::getCompiler() * deprecated Twig_Compiler::getFilename() ---- **Symfony 2.8.12** (2016-10-03) * bug #20102 [Validator] Url validator not validating hosts ending in a number (gwkunze) * bug #20132 Use "more entropy" option for uniqid() (javiereguiluz) * bug #20122 [Validator] Reset constraint options (ro0NL) * bug #20116 fixed AddConstraintValidatorsPass config (fabpot) * bug #20078 Fix #19943 Make sure to process each interface metadata only once (lemoinem) * bug #20080 [Form] compound forms without children should be considered rendered implicitly (backbone87) * bug #20087 [VarDumper] Fix PHP 7.1 compat (nicolas-grekas) * bug #20086 [VarDumper] Fix PHP 7.1 compat (nicolas-grekas) * bug #20077 [Process] silent file operation to avoid open basedir issues (xabbuh) * bug #20079 fixed Twig support for 1.26 and 2.0 (fabpot) * bug #20051 Fix indexBy type extraction (lemoinem) * bug #19951 [Finder] Trim trailing directory slash in ExcludeDirectoryFilterIterator (ro0NL) * bug #20018 [VarDumper] Fix test (nicolas-grekas) * bug #20011 Use UUID for error codes for Form validator. (Koc) * bug #20010 [DX] Fixed regression when exception message swallowed when logging it. (Koc) * bug #19983 [TwigBridge] removed Twig null nodes (deprecated as of Twig 1.25) (fabpot) * bug #19946 [Console] Fix parsing optionnal options with empty value in argv (chalasr) * bug #19636 [Finder] no PHP warning on empty directory iteration (ggottwald) * bug #19923 [bugfix] [Console] Set `Input::$interactive` to `false` when command is executed with `--quiet` as verbosity level (phansys) * bug #19811 Fixed the nullable support for php 7.1 and below (2.7, 2.8, 3.0) (iltar) * bug #19853 [PropertyInfo] Make ReflectionExtractor compatible with ReflectionType changes in PHP 7.1 (teohhanhui) * bug #19904 [Form] Fixed collapsed ChoiceType options attributes (HeahDude) * bug #19908 [Config] Handle open_basedir restrictions in FileLocator (Nicofuma) * bug #19924 [DoctrineBridge][PropertyInfo] Treat Doctrine decimal type as string (teohhanhui) * bug #19932 Fixed bad merge (GrahamCampbell) * bug #19922 [Yaml][TwigBridge] Use JSON_UNESCAPED_SLASHES for lint commands output (chalasr) * bug #19928 [Validator] Update IpValidatorTest data set with a valid reserved IP (jakzal) * bug #19813 [Console] fixed PHP7 Errors are now handled and converted to Exceptions (fonsecas72) * bug #19879 [Form] Incorrect timezone with DateTimeLocalizedStringTransformer (mbeccati) * bug #19878 Fix translation:update command count (tgalopin) -------------------------------------------------------------------------------- ================================================================================ php-twig-1.26.0-1.fc23 (FEDORA-2016-132a504b12) The flexible, fast, and secure template engine for PHP -------------------------------------------------------------------------------- Update Information: **Twig 1.26.0** (2016-10-02) * added template cache invalidation based on more environment options * added a missing deprecation notice * fixed template paths when a template is stored in a PHAR file * allowed filters/functions/tests implementation to use a different class than the extension they belong to * deprecated Twig_ExtensionInterface::getName() ---- **Twig 1.25.0** (2016-09-21) * changed the way we store template source in template classes * removed usage of realpath in cache keys * fixed Twig cache sharing when used with different versions of PHP * removed embed parent workaround for simple use cases * deprecated the ability to store non Node instances in Node::$nodes * deprecated Twig_Environment::getLexer(), Twig_Environment::getParser(), Twig_Environment::getCompiler() * deprecated Twig_Compiler::getFilename() ---- **Symfony 2.8.12** (2016-10-03) * bug #20102 [Validator] Url validator not validating hosts ending in a number (gwkunze) * bug #20132 Use "more entropy" option for uniqid() (javiereguiluz) * bug #20122 [Validator] Reset constraint options (ro0NL) * bug #20116 fixed AddConstraintValidatorsPass config (fabpot) * bug #20078 Fix #19943 Make sure to process each interface metadata only once (lemoinem) * bug #20080 [Form] compound forms without children should be considered rendered implicitly (backbone87) * bug #20087 [VarDumper] Fix PHP 7.1 compat (nicolas-grekas) * bug #20086 [VarDumper] Fix PHP 7.1 compat (nicolas-grekas) * bug #20077 [Process] silent file operation to avoid open basedir issues (xabbuh) * bug #20079 fixed Twig support for 1.26 and 2.0 (fabpot) * bug #20051 Fix indexBy type extraction (lemoinem) * bug #19951 [Finder] Trim trailing directory slash in ExcludeDirectoryFilterIterator (ro0NL) * bug #20018 [VarDumper] Fix test (nicolas-grekas) * bug #20011 Use UUID for error codes for Form validator. (Koc) * bug #20010 [DX] Fixed regression when exception message swallowed when logging it. (Koc) * bug #19983 [TwigBridge] removed Twig null nodes (deprecated as of Twig 1.25) (fabpot) * bug #19946 [Console] Fix parsing optionnal options with empty value in argv (chalasr) * bug #19636 [Finder] no PHP warning on empty directory iteration (ggottwald) * bug #19923 [bugfix] [Console] Set `Input::$interactive` to `false` when command is executed with `--quiet` as verbosity level (phansys) * bug #19811 Fixed the nullable support for php 7.1 and below (2.7, 2.8, 3.0) (iltar) * bug #19853 [PropertyInfo] Make ReflectionExtractor compatible with ReflectionType changes in PHP 7.1 (teohhanhui) * bug #19904 [Form] Fixed collapsed ChoiceType options attributes (HeahDude) * bug #19908 [Config] Handle open_basedir restrictions in FileLocator (Nicofuma) * bug #19924 [DoctrineBridge][PropertyInfo] Treat Doctrine decimal type as string (teohhanhui) * bug #19932 Fixed bad merge (GrahamCampbell) * bug #19922 [Yaml][TwigBridge] Use JSON_UNESCAPED_SLASHES for lint commands output (chalasr) * bug #19928 [Validator] Update IpValidatorTest data set with a valid reserved IP (jakzal) * bug #19813 [Console] fixed PHP7 Errors are now handled and converted to Exceptions (fonsecas72) * bug #19879 [Form] Incorrect timezone with DateTimeLocalizedStringTransformer (mbeccati) * bug #19878 Fix translation:update command count (tgalopin) -------------------------------------------------------------------------------- ================================================================================ php-udan11-sql-parser-3.4.10-1.fc23 (FEDORA-2016-4e8abbc882) A validating SQL lexer and parser with a focus on MySQL dialect -------------------------------------------------------------------------------- Update Information: **Version 3.4.10** - 2016-10-03 * Fixed API regression on DELETE statement --- **Version 3.4.9** - 2016-10-03 * Added support for CASE expressions * Support for parsing and building DELETE statement * Support for parsing subqueries in FROM clause --- **Version 3.4.8** - 2016-09-22 * No change release to sync GitHub releases with Packagist -------------------------------------------------------------------------------- ================================================================================ pjproject-2.4.5-8.fc23 (FEDORA-2016-953f5b582d) Libraries for building embedded/non-embedded VoIP applications -------------------------------------------------------------------------------- Update Information: Commenting out latest patch for BZ 1381133 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1381133 - None https://bugzilla.redhat.com/show_bug.cgi?id=1381133 -------------------------------------------------------------------------------- ================================================================================ python-bitarray-0.8.1-4.fc23 (FEDORA-2016-c4dc0ee61a) Efficient Array of Booleans --C Extensions -------------------------------------------------------------------------------- Update Information: Add support to epel 7 and 6, disable python3 in el6 -------------------------------------------------------------------------------- ================================================================================ python-pillow-3.0.0-5.fc23 (FEDORA-2016-e99bb57db9) Python image processing library -------------------------------------------------------------------------------- Update Information: Backport fix for three memory disclosure/corruption bugs from insufficient parameter validation leading to integer overflow. -------------------------------------------------------------------------------- ================================================================================ sks-1.1.6-1.fc23 (FEDORA-2016-754c3c6ff6) Synchronizing Key Server -------------------------------------------------------------------------------- Update Information: Update to latest version of sks -------------------------------------------------------------------------------- References: [ 1 ] Bug #1304429 - None https://bugzilla.redhat.com/show_bug.cgi?id=1304429 [ 2 ] Bug #1365236 - None https://bugzilla.redhat.com/show_bug.cgi?id=1365236 -------------------------------------------------------------------------------- ================================================================================ vagrant-1.8.1-2.fc23 (FEDORA-2016-a6feb66def) Build and distribute virtualized development environments -------------------------------------------------------------------------------- Update Information: Add support for VirtualBox 5.1 (rhbz#1377399). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1377399 - None https://bugzilla.redhat.com/show_bug.cgi?id=1377399 -------------------------------------------------------------------------------- ================================================================================ zstd-1.1.0-1.fc23 (FEDORA-2016-722779c63b) Zstd compression library -------------------------------------------------------------------------------- Update Information: Initial release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1373218 - None https://bugzilla.redhat.com/show_bug.cgi?id=1373218 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
