The following Fedora 23 Security updates need testing: Age URL 380 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 338 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 311 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 261 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 261 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 226 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 102 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fcccb0a547 nodejs-0.10.46-1.fc23 80 https://bodhi.fedoraproject.org/updates/FEDORA-2016-70b5173c05 ecryptfs-utils-111-1.fc23 68 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d79ade826 flex-2.6.0-2.fc23 57 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c2ec9c716e redis-3.2.3-1.fc23 50 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23 48 https://bodhi.fedoraproject.org/updates/FEDORA-2016-47dc2b203f firewalld-0.4.3.3-1.fc23 34 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3a6435b14 dhcpcd-6.11.3-1.fc23 25 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ed1c402851 thunderbird-45.3.0-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-97454404fe openssl-1.0.2j-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0551065fe0 irssi-0.8.20-2.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-77e5105570 php-ZendFramework-1.12.20-1.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3795497354 python-django-1.8.15-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ad1871cf02 openjpeg2-2.1.2-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe55f449e0 mingw-openjpeg2-2.1.2-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3af8b344f1 bind-9.10.4-2.P3.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cbef6c8619 bind99-9.9.9-2.P3.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1b9d24c2b6 zathura-pdf-mupdf-0.3.0-2.fc23 mujs-0-5.20160921git5c337af.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7aa3c89e7b c-ares-1.12.0-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-66d9389548 mingw-c-ares-1.12.0-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f15168439d bash-4.3.42-5.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bb007a4097 openssh-7.2p2-6.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8e4e733bef systemd-222-17.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c0f589bd32 perl-DBD-MySQL-4.033-3.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2e50862950 chromium-53.0.2785.143-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-94bdf707d4 ghostscript-9.16-5.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5cbcad7a9a freeimage-3.17.0-7.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cca868c95f mingw-freeimage-3.17.0-4.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a29a0e8250 python-pillow-3.0.0-6.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0 ca-certificates-2016.2.10-1.0.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-689f240960 xen-4.5.5-2.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 77 https://bodhi.fedoraproject.org/updates/FEDORA-2016-98a7a1b6e0 abrt-2.8.0-6.fc23 libreport-2.6.4-3.fc23 50 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23 25 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ed1c402851 thunderbird-45.3.0-1.fc23 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-79072fd70e python-virtkey-0.63.0-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ab35400bb1 poppler-0.34.0-4.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7aef55393a polkit-qt-0.112.0-8.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-97454404fe openssl-1.0.2j-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6a3e81a5be linux-firmware-20160923-68.git42ad5367.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cf2b06f96f libass-0.13.3-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bb007a4097 openssh-7.2p2-6.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f15168439d bash-4.3.42-5.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9d283ed227 python-2.7.11-11.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3af8b344f1 bind-9.10.4-2.P3.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d26923757a koji-1.10.1-13.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8e4e733bef systemd-222-17.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7b1087bfe4 nss-3.27.0-1.1.fc23 nss-softokn-3.27.0-1.0.fc23 nss-util-3.27.0-1.0.fc23 nspr-4.13.0-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0 ca-certificates-2016.2.10-1.0.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-59b840dd69 kernel-4.7.6-100.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fdf15e65fd hwdata-0.293-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c0f589bd32 perl-DBD-MySQL-4.033-3.fc23 The following builds have been pushed to Fedora 23 updates-testing ca-certificates-2016.2.10-1.0.fc23 freeimage-3.17.0-7.fc23 frescobaldi-2.19.0-3.fc23 kernel-4.7.6-100.fc23 mingw-freeimage-3.17.0-4.fc23 notmuch-0.23-1.fc23 perl-CPANPLUS-0.91.60-2.fc23 python-pillow-3.0.0-6.fc23 qt5ct-0.27-1.fc23 strace-4.14-1.fc23 sway-0.10-0.1.rc2.fc23 tzdata-2016g-1.fc23 wlc-0.0.6-1.fc23 wxGTK3-3.0.2-25.fc23 xcowsay-1.4-1.fc23 xen-4.5.5-2.fc23 Details about builds: ================================================================================ ca-certificates-2016.2.10-1.0.fc23 (FEDORA-2016-1649cc31e0) The Mozilla CA root certificate bundle -------------------------------------------------------------------------------- Update Information: This is an update to the Mozilla CA certificates list version 2.10, which has been published as part of Mozilla NSS 3.27. For additional details, please refer to the NSS 3.27 release notes: https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/NSS_3.27_release_notes As in previous versions of the ca-certificates package, the CA list has been modified to keep several legacy CAs still trusted for compatibility reasons. Please refer to https://fedoraproject.org/wiki/CA-Certificates for details. If you prefer to use the unchanged list provided by Mozilla, and if you accept any compatibility issues it may cause, an administrator may configure the system by executing the "ca-legacy disable" command. Please refer to the manual page of the ca-legacy command for additional details. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1380067 - nss-3.27 is available https://bugzilla.redhat.com/show_bug.cgi?id=1380067 -------------------------------------------------------------------------------- ================================================================================ freeimage-3.17.0-7.fc23 (FEDORA-2016-5cbcad7a9a) Multi-format image decoder library -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-5684 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1381517 - CVE-2016-5684 freeimage: XMP Image Handling Code Execution Vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1381517 -------------------------------------------------------------------------------- ================================================================================ frescobaldi-2.19.0-3.fc23 (FEDORA-2016-c1431537c8) Edit LilyPond sheet music with ease! -------------------------------------------------------------------------------- Update Information: Require PyQt4-webkit -------------------------------------------------------------------------------- ================================================================================ kernel-4.7.6-100.fc23 (FEDORA-2016-59b840dd69) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 4.7.6 update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ================================================================================ mingw-freeimage-3.17.0-4.fc23 (FEDORA-2016-cca868c95f) MinGW Windows freeimage library -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-5684 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1381517 - CVE-2016-5684 freeimage: XMP Image Handling Code Execution Vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1381517 -------------------------------------------------------------------------------- ================================================================================ notmuch-0.23-1.fc23 (FEDORA-2016-d9a29c8d14) System for indexing, searching, and tagging email -------------------------------------------------------------------------------- Update Information: Latest upstream ---- Latest upstream -------------------------------------------------------------------------------- References: [ 1 ] Bug #1381546 - None https://bugzilla.redhat.com/show_bug.cgi?id=1381546 [ 2 ] Bug #1330998 - None https://bugzilla.redhat.com/show_bug.cgi?id=1330998 -------------------------------------------------------------------------------- ================================================================================ perl-CPANPLUS-0.91.60-2.fc23 (FEDORA-2016-1e679aaa18) Ameliorated interface to the Comprehensive Perl Archive Network -------------------------------------------------------------------------------- Update Information: This release corrects a typo in cpan2dist manual. It also fixes a test that failed if Cwd module version contained an underscore. -------------------------------------------------------------------------------- ================================================================================ python-pillow-3.0.0-6.fc23 (FEDORA-2016-a29a0e8250) Python image processing library -------------------------------------------------------------------------------- Update Information: This update backports an overflow fix. ---- Backport fix for three memory disclosure/corruption bugs from insufficient parameter validation leading to integer overflow. -------------------------------------------------------------------------------- ================================================================================ qt5ct-0.27-1.fc23 (FEDORA-2016-78048d3970) Qt5 Configuration Tool -------------------------------------------------------------------------------- Update Information: New version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1378068 - None https://bugzilla.redhat.com/show_bug.cgi?id=1378068 -------------------------------------------------------------------------------- ================================================================================ strace-4.14-1.fc23 (FEDORA-2016-deac750319) Tracks and displays system calls associated with a running process -------------------------------------------------------------------------------- Update Information: v4.13 -> v4.14: ---- v4.12 -> v4.13. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1377846 - None https://bugzilla.redhat.com/show_bug.cgi?id=1377846 -------------------------------------------------------------------------------- ================================================================================ sway-0.10-0.1.rc2.fc23 (FEDORA-2016-b39b8fbda4) i3-compatible window manager for Wayland -------------------------------------------------------------------------------- Update Information: rc2 ---- pre-release update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1380075 - None https://bugzilla.redhat.com/show_bug.cgi?id=1380075 -------------------------------------------------------------------------------- ================================================================================ tzdata-2016g-1.fc23 (FEDORA-2016-f410c23c45) Timezone data -------------------------------------------------------------------------------- Update Information: Rebase to 2016g - Turkey permanently switches from +02 to +03 as of 2016-09-07, - Per IERS Bulletin C 52, leap second to be added on 2016-09-31 at 23:59:60. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1380219 - None https://bugzilla.redhat.com/show_bug.cgi?id=1380219 -------------------------------------------------------------------------------- ================================================================================ wlc-0.0.6-1.fc23 (FEDORA-2016-b39b8fbda4) Wayland compositor library -------------------------------------------------------------------------------- Update Information: rc2 ---- pre-release update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1380075 - None https://bugzilla.redhat.com/show_bug.cgi?id=1380075 -------------------------------------------------------------------------------- ================================================================================ wxGTK3-3.0.2-25.fc23 (FEDORA-2016-d167466599) GTK port of the wxWidgets GUI library -------------------------------------------------------------------------------- Update Information: Fixes problems with files containing percent signs or non-ASCII characters. ---- Fixes crash in wxGCDC. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1381767 - None https://bugzilla.redhat.com/show_bug.cgi?id=1381767 -------------------------------------------------------------------------------- ================================================================================ xcowsay-1.4-1.fc23 (FEDORA-2016-3e4900acec) Displays a cute cow and message on your desktop -------------------------------------------------------------------------------- Update Information: 1.4 -------------------------------------------------------------------------------- ================================================================================ xen-4.5.5-2.fc23 (FEDORA-2016-689f240960) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: qemu-kvm: Directory traversal flaw in 9p virtio backend [CVE-2016-7116] qemu: hw: net: Heap overflow in xlnx.xps-ethernetlite [CVE-2016-7161] CR0.TS and CR0.EM not always honored for x86 HVM guest [XSA-190, CVE-2016-7777] ---- update to 4.5.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1346349 - CVE-2016-7116 Qemu: 9p: directory traversal flaw in 9p virtio backend https://bugzilla.redhat.com/show_bug.cgi?id=1346349 [ 2 ] Bug #1379297 - CVE-2016-7161 qemu: hw: net: Heap overflow in xlnx.xps-ethernetlite https://bugzilla.redhat.com/show_bug.cgi?id=1379297 [ 3 ] Bug #1377789 - CVE-2016-7777 xsa190 xen: CR0.TS and CR0.EM not always honored for x86 HVM guests (XSA-190) https://bugzilla.redhat.com/show_bug.cgi?id=1377789 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
