The following Fedora 23 Security updates need testing: Age URL 381 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 339 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 312 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 262 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 262 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 227 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 103 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fcccb0a547 nodejs-0.10.46-1.fc23 81 https://bodhi.fedoraproject.org/updates/FEDORA-2016-70b5173c05 ecryptfs-utils-111-1.fc23 68 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d79ade826 flex-2.6.0-2.fc23 58 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c2ec9c716e redis-3.2.3-1.fc23 51 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23 49 https://bodhi.fedoraproject.org/updates/FEDORA-2016-47dc2b203f firewalld-0.4.3.3-1.fc23 34 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3a6435b14 dhcpcd-6.11.3-1.fc23 26 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ed1c402851 thunderbird-45.3.0-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-97454404fe openssl-1.0.2j-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0551065fe0 irssi-0.8.20-2.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-77e5105570 php-ZendFramework-1.12.20-1.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3795497354 python-django-1.8.15-1.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ad1871cf02 openjpeg2-2.1.2-1.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe55f449e0 mingw-openjpeg2-2.1.2-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3af8b344f1 bind-9.10.4-2.P3.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cbef6c8619 bind99-9.9.9-2.P3.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1b9d24c2b6 zathura-pdf-mupdf-0.3.0-2.fc23 mujs-0-5.20160921git5c337af.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7aa3c89e7b c-ares-1.12.0-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-66d9389548 mingw-c-ares-1.12.0-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f15168439d bash-4.3.42-5.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bb007a4097 openssh-7.2p2-6.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8e4e733bef systemd-222-17.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c0f589bd32 perl-DBD-MySQL-4.033-3.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2e50862950 chromium-53.0.2785.143-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-94bdf707d4 ghostscript-9.16-5.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5cbcad7a9a freeimage-3.17.0-7.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cca868c95f mingw-freeimage-3.17.0-4.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a29a0e8250 python-pillow-3.0.0-6.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0 ca-certificates-2016.2.10-1.0.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-689f240960 xen-4.5.5-2.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0e7694c456 libXfixes-5.0.3-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d045c2c7b3 libXrandr-1.5.1-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7abdfc5a52 libXi-1.7.7-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b26b497381 libXtst-1.2.3-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-49d560da23 libXrender-0.9.10-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d286ffb801 libXvMC-1.0.10-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b41a9eaa8 libXv-1.0.11-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f8fd3891f8 perl-Image-Info-1.38-6.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 78 https://bodhi.fedoraproject.org/updates/FEDORA-2016-98a7a1b6e0 abrt-2.8.0-6.fc23 libreport-2.6.4-3.fc23 51 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23 26 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ed1c402851 thunderbird-45.3.0-1.fc23 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-79072fd70e python-virtkey-0.63.0-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ab35400bb1 poppler-0.34.0-4.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7aef55393a polkit-qt-0.112.0-8.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-97454404fe openssl-1.0.2j-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6a3e81a5be linux-firmware-20160923-68.git42ad5367.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cf2b06f96f libass-0.13.3-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3af8b344f1 bind-9.10.4-2.P3.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d26923757a koji-1.10.1-13.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bb007a4097 openssh-7.2p2-6.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f15168439d bash-4.3.42-5.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9d283ed227 python-2.7.11-11.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7b1087bfe4 nss-3.27.0-1.1.fc23 nss-softokn-3.27.0-1.0.fc23 nss-util-3.27.0-1.0.fc23 nspr-4.13.0-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8e4e733bef systemd-222-17.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fdf15e65fd hwdata-0.293-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c0f589bd32 perl-DBD-MySQL-4.033-3.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3646279587 libgdata-0.17.5-2.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b41a9eaa8 libXv-1.0.11-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d286ffb801 libXvMC-1.0.10-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-49d560da23 libXrender-0.9.10-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b26b497381 libXtst-1.2.3-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7abdfc5a52 libXi-1.7.7-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d045c2c7b3 libXrandr-1.5.1-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0e7694c456 libXfixes-5.0.3-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0 ca-certificates-2016.2.10-1.0.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-59b840dd69 kernel-4.7.6-100.fc23 The following builds have been pushed to Fedora 23 updates-testing dpm-xrootd-3.6.1-2.fc23 emacs-common-ddskk-16.1-1.fc23 esmtp-1.0-16.fc23 fldigi-3.23.14-1.fc23 kde-connect-1.0.1-1.fc23.1 libXfixes-5.0.3-1.fc23 libXi-1.7.7-1.fc23 libXrandr-1.5.1-1.fc23 libXrender-0.9.10-1.fc23 libXtst-1.2.3-1.fc23 libXv-1.0.11-1.fc23 libXvMC-1.0.10-1.fc23 libgdata-0.17.5-2.fc23 libmediainfo-0.7.89-1.fc23 mediainfo-0.7.89-1.fc23 perl-Image-Info-1.38-6.fc23 php-webmozart-assert-1.1.0-1.fc23 php-webmozart-path-util-2.3.0-1.fc23 python-asciitree-0.3.3-1.fc23 wxGTK3-3.0.2-26.fc23 xrootd-4.4.1-1.fc23 Details about builds: ================================================================================ dpm-xrootd-3.6.1-2.fc23 (FEDORA-2016-a96a0ce39b) XROOT interface to the Disk Pool Manager (DPM) -------------------------------------------------------------------------------- Update Information: - fix wrong dependency to dmlite ---- * new upstream release -------------------------------------------------------------------------------- ================================================================================ emacs-common-ddskk-16.1-1.fc23 (FEDORA-2016-565d8116ff) Daredevil SKK - Simple Kana to Kanji conversion program for Emacs -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1381020 - None https://bugzilla.redhat.com/show_bug.cgi?id=1381020 -------------------------------------------------------------------------------- ================================================================================ esmtp-1.0-16.fc23 (FEDORA-2016-8991b160df) User configurable send-only Mail Transfer Agent -------------------------------------------------------------------------------- Update Information: Fixed patch esmtp-1.0-cron-fix.patch from the last release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1303305 - errors from esmtp in /var/log/messages every time my cron job runs https://bugzilla.redhat.com/show_bug.cgi?id=1303305 -------------------------------------------------------------------------------- ================================================================================ fldigi-3.23.14-1.fc23 (FEDORA-2016-253c81536c) Digital modem program for Linux -------------------------------------------------------------------------------- Update Information: Version 3.23.14 - Changes since 3.23.13 Documentation update trx inhibit * Inhibit trx loop rx decoding when file select dialog is open. - Native file select dialogs block while waiting for user to make selection Log Reports * Add missing fields * Remove debugging stdout lines N3FJP application interface * Create tcpip interface to various N3FJP log and contest applications Field Day * Added SECTION, CLASS support for tracking field day exchanges * Added full support for accessing the tcltk field day server application fdserver.tcl. - includes new dialog "fd_viewer" that provides a snapshot view of the state of the contest - add record to fdserver - automatically query fdserver for duplicates based on band, mode and call PSK IMD Emulator * Remove TX filtering unless testing for ALC emulation Wave file * Changed wave file read/write from monaural to stereo and/or manaural * Changed right channel PTT signal generator * Changed CW right channel QSK generator UTF8 file access * Change all occurrences of open(...) to fl_open(...) * Change all occurrences of fopen(...) to fl_fopen(...) * This should allow fldigi to reside in foreign language UTF8 directory structures logbook merge * Fix merger of foreign logbook adif record which does not contain a field for QSO_DATE_OFF. Initialize Macros * fixed initial display of macro file read NOAA wx access * NOAA changed access url to - http://tgftp.nws.noaa.gov/data/observations/metar/decoded Revert "logbook read" This reverts commit f02228e913a36a3930df2217b543802c60356fae. -------------------------------------------------------------------------------- ================================================================================ kde-connect-1.0.1-1.fc23.1 (FEDORA-2016-b44144a955) KDE Connect client for communication with smartphones -------------------------------------------------------------------------------- Update Information: Fix issue of incompatible libraries. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1381786 - None https://bugzilla.redhat.com/show_bug.cgi?id=1381786 [ 2 ] Bug #1374869 - None https://bugzilla.redhat.com/show_bug.cgi?id=1374869 -------------------------------------------------------------------------------- ================================================================================ libXfixes-5.0.3-1.fc23 (FEDORA-2016-0e7694c456) X Fixes library -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-7944 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1381865 - CVE-2016-7944 libXfixes: Insufficient validation of server responses results in Integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1381865 -------------------------------------------------------------------------------- ================================================================================ libXi-1.7.7-1.fc23 (FEDORA-2016-7abdfc5a52) X.Org X11 libXi runtime library -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-7945, CVE-2016-7946 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1381868 - CVE-2016-7945 libXi: Insufficient validation of server responses result in Integer overflows https://bugzilla.redhat.com/show_bug.cgi?id=1381868 [ 2 ] Bug #1381869 - CVE-2016-7946 libXi: Insufficient validation of server responses result in various data mishandlings https://bugzilla.redhat.com/show_bug.cgi?id=1381869 -------------------------------------------------------------------------------- ================================================================================ libXrandr-1.5.1-1.fc23 (FEDORA-2016-d045c2c7b3) X.Org X11 libXrandr runtime library -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-7947, CVE-2016-7948 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1381872 - CVE-2016-7947 libXrandr: Insufficient validation of server responses result in Integer overflows https://bugzilla.redhat.com/show_bug.cgi?id=1381872 [ 2 ] Bug #1381873 - CVE-2016-7948 libXrandr: Insufficient validation of server responses result in various data mishandlings https://bugzilla.redhat.com/show_bug.cgi?id=1381873 -------------------------------------------------------------------------------- ================================================================================ libXrender-0.9.10-1.fc23 (FEDORA-2016-49d560da23) X.Org X11 libXrender runtime library -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-7949, CVE-2016-7950 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1381927 - CVE-2016-7949 libXrender: Insufficient validation of server responses results in overflow of previously reserved memory https://bugzilla.redhat.com/show_bug.cgi?id=1381927 [ 2 ] Bug #1381928 - CVE-2016-7950 libXrender: Insufficient validation of server responses results out-of-bounds write in XRenderQueryFilters https://bugzilla.redhat.com/show_bug.cgi?id=1381928 -------------------------------------------------------------------------------- ================================================================================ libXtst-1.2.3-1.fc23 (FEDORA-2016-b26b497381) X.Org X11 libXtst runtime library -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-7951, CVE-2016-7952 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1381919 - CVE-2016-7951 libXtst: Insufficient validation of server responses result in Integer overflows https://bugzilla.redhat.com/show_bug.cgi?id=1381919 [ 2 ] Bug #1381922 - CVE-2016-7952 libXtst: Insufficient validation of server responses result in various data mishandlings https://bugzilla.redhat.com/show_bug.cgi?id=1381922 -------------------------------------------------------------------------------- ================================================================================ libXv-1.0.11-1.fc23 (FEDORA-2016-3b41a9eaa8) X.Org X11 libXv runtime library -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-5407 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1381931 - CVE-2016-5407 libXv: Insufficient validation of server responses results in out-of bounds accesses https://bugzilla.redhat.com/show_bug.cgi?id=1381931 -------------------------------------------------------------------------------- ================================================================================ libXvMC-1.0.10-1.fc23 (FEDORA-2016-d286ffb801) X.Org X11 libXvMC runtime library -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-7953 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1381933 - CVE-2016-7953 libXvMC: Insufficient validation of server responses results in buffer underflow https://bugzilla.redhat.com/show_bug.cgi?id=1381933 -------------------------------------------------------------------------------- ================================================================================ libgdata-0.17.5-2.fc23 (FEDORA-2016-3646279587) Library for the GData protocol -------------------------------------------------------------------------------- Update Information: Fix gvfsd-google crash when trying to open a zero-length file from Google Drive. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1364782 - [abrt] gvfs-goa: gdata_download_stream_read(): gvfsd-google killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1364782 -------------------------------------------------------------------------------- ================================================================================ libmediainfo-0.7.89-1.fc23 (FEDORA-2016-6bdf6e81c3) Library for supplies technical and tag information about a video or audio file -------------------------------------------------------------------------------- Update Information: Update to 0.7.89. -------------------------------------------------------------------------------- ================================================================================ mediainfo-0.7.89-1.fc23 (FEDORA-2016-6bdf6e81c3) Supplies technical and tag information about a video or audio file (CLI) -------------------------------------------------------------------------------- Update Information: Update to 0.7.89. -------------------------------------------------------------------------------- ================================================================================ perl-Image-Info-1.38-6.fc23 (FEDORA-2016-f8fd3891f8) Image meta information extraction module for Perl -------------------------------------------------------------------------------- Update Information: Security fix for XXE SVG issue. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1379556 - perl-Image-Info: XXE in SVG files https://bugzilla.redhat.com/show_bug.cgi?id=1379556 -------------------------------------------------------------------------------- ================================================================================ php-webmozart-assert-1.1.0-1.fc23 (FEDORA-2016-d6f1b38df0) Assertions to validate method input/output with nice error messages -------------------------------------------------------------------------------- Update Information: ## php-webmozart-assert This library contains efficient assertions to test the input and output of your methods. With these assertions, you can greatly reduce the amount of coding needed to write a safe implementation. All assertions in the Assert class throw an \InvalidArgumentException if they fail. ## php- webmozart-path-util This package provides robust, cross-platform utility functions for normalizing, comparing and modifying file paths and URLs. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1380155 - None https://bugzilla.redhat.com/show_bug.cgi?id=1380155 [ 2 ] Bug #1380156 - None https://bugzilla.redhat.com/show_bug.cgi?id=1380156 -------------------------------------------------------------------------------- ================================================================================ php-webmozart-path-util-2.3.0-1.fc23 (FEDORA-2016-d6f1b38df0) Cross-platform utilities for file paths -------------------------------------------------------------------------------- Update Information: ## php-webmozart-assert This library contains efficient assertions to test the input and output of your methods. With these assertions, you can greatly reduce the amount of coding needed to write a safe implementation. All assertions in the Assert class throw an \InvalidArgumentException if they fail. ## php- webmozart-path-util This package provides robust, cross-platform utility functions for normalizing, comparing and modifying file paths and URLs. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1380155 - None https://bugzilla.redhat.com/show_bug.cgi?id=1380155 [ 2 ] Bug #1380156 - None https://bugzilla.redhat.com/show_bug.cgi?id=1380156 -------------------------------------------------------------------------------- ================================================================================ python-asciitree-0.3.3-1.fc23 (FEDORA-2016-43f233d02a) Draws ASCII trees -------------------------------------------------------------------------------- Update Information: Initial packaging -------------------------------------------------------------------------------- References: [ 1 ] Bug #1375735 - None https://bugzilla.redhat.com/show_bug.cgi?id=1375735 -------------------------------------------------------------------------------- ================================================================================ wxGTK3-3.0.2-26.fc23 (FEDORA-2016-324dcf78ae) GTK port of the wxWidgets GUI library -------------------------------------------------------------------------------- Update Information: Fixes problems with files containing percent signs or non-ASCII characters. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1381767 - None https://bugzilla.redhat.com/show_bug.cgi?id=1381767 -------------------------------------------------------------------------------- ================================================================================ xrootd-4.4.1-1.fc23 (FEDORA-2016-f3d97d8a63) Extended ROOT file server -------------------------------------------------------------------------------- Update Information: Version 4.4.1 ------------- **Major bug fixes** * **[XrdCl]** Use posix semaphores for fedora >= 22. * **[XrdCl]** Disable omit-frame-pointer for gcc >= 4.9.3 (only if custom semaphores are being used). * **[XrdCl]** Fix deadlock in XrdCl::PollerBuiltIn during finalize. -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx