The following Fedora 23 Security updates need testing: Age URL 389 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 347 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 320 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 270 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 270 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 235 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 111 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fcccb0a547 nodejs-0.10.46-1.fc23 89 https://bodhi.fedoraproject.org/updates/FEDORA-2016-70b5173c05 ecryptfs-utils-111-1.fc23 76 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d79ade826 flex-2.6.0-2.fc23 66 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c2ec9c716e redis-3.2.3-1.fc23 59 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23 57 https://bodhi.fedoraproject.org/updates/FEDORA-2016-47dc2b203f firewalld-0.4.3.3-1.fc23 42 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3a6435b14 dhcpcd-6.11.3-1.fc23 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3af8b344f1 bind-9.10.4-2.P3.fc23 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cbef6c8619 bind99-9.9.9-2.P3.fc23 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bb007a4097 openssh-7.2p2-6.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8e4e733bef systemd-222-17.fc23 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c0f589bd32 perl-DBD-MySQL-4.033-3.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0 ca-certificates-2016.2.10-1.0.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0e7694c456 libXfixes-5.0.3-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d045c2c7b3 libXrandr-1.5.1-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b26b497381 libXtst-1.2.3-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-49d560da23 libXrender-0.9.10-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d286ffb801 libXvMC-1.0.10-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b41a9eaa8 libXv-1.0.11-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f8fd3891f8 perl-Image-Info-1.38-6.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1c13825502 ghostscript-9.20-2.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-95407a836f libass-0.13.4-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-616a35205b libgit2-0.23.4-2.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b4c1b24a74 glibc-arm-linux-gnu-2.24-2.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ee56c530fa epiphany-3.18.8-1.fc23 webkitgtk4-2.14.1-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-17ea599651 compat-guile18-1.8.8-14.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1bb366e5b dbus-1.10.12-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e0d0c86afe jasper-1.900.3-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a47bf58beb guile-2.0.13-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c065db2c1 libXi-1.7.7-2.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 86 https://bodhi.fedoraproject.org/updates/FEDORA-2016-98a7a1b6e0 abrt-2.8.0-6.fc23 libreport-2.6.4-3.fc23 59 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-79072fd70e python-virtkey-0.63.0-1.fc23 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3af8b344f1 bind-9.10.4-2.P3.fc23 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d26923757a koji-1.10.1-13.fc23 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bb007a4097 openssh-7.2p2-6.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8e4e733bef systemd-222-17.fc23 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fdf15e65fd hwdata-0.293-1.fc23 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c0f589bd32 perl-DBD-MySQL-4.033-3.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3646279587 libgdata-0.17.5-2.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b41a9eaa8 libXv-1.0.11-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d286ffb801 libXvMC-1.0.10-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-49d560da23 libXrender-0.9.10-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b26b497381 libXtst-1.2.3-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d045c2c7b3 libXrandr-1.5.1-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0e7694c456 libXfixes-5.0.3-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0 ca-certificates-2016.2.10-1.0.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3da7667d60 sane-backends-1.0.25-3.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-95407a836f libass-0.13.4-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bfbee6c038 kernel-4.7.7-100.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2a91644580 thunderbird-45.4.0-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c065db2c1 libXi-1.7.7-2.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e0d0c86afe jasper-1.900.3-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1bb366e5b dbus-1.10.12-1.fc23 The following builds have been pushed to Fedora 23 updates-testing GeoIP-GeoLite-data-2016.10-1.fc23 abi-compliance-checker-1.99.25-1.fc23 abi-tracker-1.9-1.fc23 ansible-inventory-grapher-2.3.2-1.fc23 bzflag-2.4.8-1.fc23 collectl-4.1.0-1.fc23 dbus-1.10.12-1.fc23 epiphany-3.18.8-1.fc23 fprintd-0.7.0-1.fc23 guile-2.0.13-1.fc23 hawaii-shell-0.6.90-2.20160430git4cd524e9e3fd8.fc23 jasper-1.900.3-1.fc23 libXi-1.7.7-2.fc23 libbson-1.3.5-3.fc23 libfaketime-0.9.6-3.fc23 mate-applet-softupd-0.4.3-1.fc23 php-pear-phing-2.15.2-1.fc23 shinken-2.4.3-3.fc23 sway-0.10-0.1.rc3.fc23 thunderbird-45.4.0-1.fc23 webkitgtk4-2.14.1-1.fc23 xapps-1.0.0-0.2.git0f28d18.fc23 zeal-0.3.1-1.fc23 Details about builds: ================================================================================ GeoIP-GeoLite-data-2016.10-1.fc23 (FEDORA-2016-0cdbab4b26) Free GeoLite IP geolocation country database -------------------------------------------------------------------------------- Update Information: Update to current databases. -------------------------------------------------------------------------------- ================================================================================ abi-compliance-checker-1.99.25-1.fc23 (FEDORA-2016-bc3dce7a84) An ABI Compliance Checker -------------------------------------------------------------------------------- Update Information: 97ddab2 Added CheckObjects and SkipTypedefUncover options of the profile. 25c10ed Fixed GraphShortXTics option. Fixed detection of SO-version. Fixed style of the report. b69c4a4 Move to secure HTTPS. 576863c Described cron job. Generate compact headers diff. 8400069 (HEAD -> master, tag: 1.9, origin/master, origin/HEAD) Released 1.9. Improved support for ABI Viewer and ABI Dumper EE. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1384258 - None https://bugzilla.redhat.com/show_bug.cgi?id=1384258 -------------------------------------------------------------------------------- ================================================================================ abi-tracker-1.9-1.fc23 (FEDORA-2016-bc3dce7a84) Tool to visualize ABI changes timeline of a C/C++ library -------------------------------------------------------------------------------- Update Information: 97ddab2 Added CheckObjects and SkipTypedefUncover options of the profile. 25c10ed Fixed GraphShortXTics option. Fixed detection of SO-version. Fixed style of the report. b69c4a4 Move to secure HTTPS. 576863c Described cron job. Generate compact headers diff. 8400069 (HEAD -> master, tag: 1.9, origin/master, origin/HEAD) Released 1.9. Improved support for ABI Viewer and ABI Dumper EE. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1384258 - None https://bugzilla.redhat.com/show_bug.cgi?id=1384258 -------------------------------------------------------------------------------- ================================================================================ ansible-inventory-grapher-2.3.2-1.fc23 (FEDORA-2016-1dd52ec96a) Creates graphs representing ansible inventory -------------------------------------------------------------------------------- Update Information: Update to 2.3.2 -------------------------------------------------------------------------------- ================================================================================ bzflag-2.4.8-1.fc23 (FEDORA-2016-1148c721e1) 3D multi-player tank battle game -------------------------------------------------------------------------------- Update Information: 2.4.8 https://github.com/BZFlag-Dev/bzflag/releases -------------------------------------------------------------------------------- ================================================================================ collectl-4.1.0-1.fc23 (FEDORA-2016-42277c9177) A utility to collect various Linux performance data -------------------------------------------------------------------------------- Update Information: updated to 4.1.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1383847 - None https://bugzilla.redhat.com/show_bug.cgi?id=1383847 -------------------------------------------------------------------------------- ================================================================================ dbus-1.10.12-1.fc23 (FEDORA-2016-c1bb366e5b) D-BUS message bus -------------------------------------------------------------------------------- Update Information: Update to 1.10.12 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1383657 - dbus: Format string vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1383657 -------------------------------------------------------------------------------- ================================================================================ epiphany-3.18.8-1.fc23 (FEDORA-2016-ee56c530fa) Web browser for GNOME -------------------------------------------------------------------------------- Update Information: Update WebKitGTK+ package to 2.14.1: * Threaded compositor is enabled by default in both X11 and Wayland. * Accelerated compositing is now supported in Wayland. * Clipboard works in Wayland too. * Memory pressure handler always works even when cgroups is not present or not configured. * The HTTP disk cache implements speculative revalidation of resources. * DRI3 is no longer a problem when using the modesetting intel driver. * The amount of file descriptors that are kept open has been drastically reduced. * MiniBrowser and jsc binaries are now installed in pkglibexecdir instead of bindir. * Improve performance when resizing a window with multiple web views in X11. * Check whether GDK can use GL before using gdk_cairo_draw_from_gl() in Wayland. * Updated default UserAgent string or better compatibility. * Fix a crash on github.com in IntlDateTimeFormat::resolvedOptions when using the C locale. * Fix BadDamage X errors when closing the web view in X11. * Fix UIProcess crash when using Japanese input method. * Fix build with clang due to missing header includes. * Fix the build with USE_REDIRECTED_XCOMPOSITE_WINDOW disabled. * Fix several crashes and rendering issues. * Translation updates: German. Update Epiphany to be compatible with the new WebKitGTK+ package. -------------------------------------------------------------------------------- ================================================================================ fprintd-0.7.0-1.fc23 (FEDORA-2016-27f89b92de) D-Bus service for Fingerprint reader access -------------------------------------------------------------------------------- Update Information: This new version fixes a crash when fingerprint authentication is enabled. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1317152 - None https://bugzilla.redhat.com/show_bug.cgi?id=1317152 -------------------------------------------------------------------------------- ================================================================================ guile-2.0.13-1.fc23 (FEDORA-2016-a47bf58beb) A GNU implementation of Scheme for application extensibility -------------------------------------------------------------------------------- Update Information: Update to the latest stable release, which fixes CVE-2016-8605 and CVE-2016-8606. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1383966 - CVE-2016-8605 guile: Thread-unsafe umask modification https://bugzilla.redhat.com/show_bug.cgi?id=1383966 [ 2 ] Bug #1383972 - CVE-2016-8606 guile: REPL server vulnerable to HTTP inter-protocol attacks https://bugzilla.redhat.com/show_bug.cgi?id=1383972 -------------------------------------------------------------------------------- ================================================================================ hawaii-shell-0.6.90-2.20160430git4cd524e9e3fd8.fc23 (FEDORA-2016-c4b12f2b11) Hawaii shell for desktop, netbook and tablet -------------------------------------------------------------------------------- Update Information: Rebuild for libqtxdg soname bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1381436 - None https://bugzilla.redhat.com/show_bug.cgi?id=1381436 -------------------------------------------------------------------------------- ================================================================================ jasper-1.900.3-1.fc23 (FEDORA-2016-e0d0c86afe) Implementation of the JPEG-2000 standard, Part 1 -------------------------------------------------------------------------------- Update Information: New version of jasper is available (1.900.3) ---- Security fix for CVE-2016-2089 ---- New version of jasper is available. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1302636 - CVE-2016-2089 jasper: matrix rows_ NULL pointer dereference in jas_matrix_clip() https://bugzilla.redhat.com/show_bug.cgi?id=1302636 -------------------------------------------------------------------------------- ================================================================================ libXi-1.7.7-2.fc23 (FEDORA-2016-9c065db2c1) X.Org X11 libXi runtime library -------------------------------------------------------------------------------- Update Information: Fix crash when calling XListInputDevices on devices without classes ---- Security fix for CVE-2016-7945, CVE-2016-7946 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1381868 - CVE-2016-7945 libXi: Insufficient validation of server responses result in Integer overflows https://bugzilla.redhat.com/show_bug.cgi?id=1381868 [ 2 ] Bug #1381869 - CVE-2016-7946 libXi: Insufficient validation of server responses result in various data mishandlings https://bugzilla.redhat.com/show_bug.cgi?id=1381869 -------------------------------------------------------------------------------- ================================================================================ libbson-1.3.5-3.fc23 (FEDORA-2016-5c78399ef2) Building, parsing, and iterating BSON documents -------------------------------------------------------------------------------- Update Information: This release fixes allocating zero bytes that could lead to an execution abort. -------------------------------------------------------------------------------- ================================================================================ libfaketime-0.9.6-3.fc23 (FEDORA-2016-e1d2f4b6e9) Manipulate system time per process for testing purposes -------------------------------------------------------------------------------- Update Information: Add support for CLOCK_BOOTTIME (patch by Mario Pareja <pareja.mario@xxxxxxxxx>) -------------------------------------------------------------------------------- ================================================================================ mate-applet-softupd-0.4.3-1.fc23 (FEDORA-2016-549f275f24) MATE Software Update Applet -------------------------------------------------------------------------------- Update Information: New upstream release. Use dnf backend when available. Use gtk3 for >= f25. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1384318 - None https://bugzilla.redhat.com/show_bug.cgi?id=1384318 -------------------------------------------------------------------------------- ================================================================================ php-pear-phing-2.15.2-1.fc23 (FEDORA-2016-cc28a6cacf) A project build system based on Apache Ant -------------------------------------------------------------------------------- Update Information: Oct. 13, 2016 - **Phing 2.15.2** This release fixes a regression introduced in 2.15.1: * [#593](https://github.com/phingofficial/phing/issues/593) - Changed behavior in fileset filtering in 2.15.1 ---- Oct. 11, 2016 - **Phing 2.15.1** This release fixes a missing include and two bugs: * [#1264](https://www.phing.info/trac/ticket/1264) delete fileset /foo.php deletes /baz.foo.php * [#1038](https://www.phing.info/trac/ticket/1038) PhingFile getPathWithoutBase does not work for files outside basedir -------------------------------------------------------------------------------- ================================================================================ shinken-2.4.3-3.fc23 (FEDORA-2016-997f4d603b) Python Monitoring tool -------------------------------------------------------------------------------- Update Information: Add doc directory. -------------------------------------------------------------------------------- ================================================================================ sway-0.10-0.1.rc3.fc23 (FEDORA-2016-326c573bda) i3-compatible window manager for Wayland -------------------------------------------------------------------------------- Update Information: update to rc3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1380075 - None https://bugzilla.redhat.com/show_bug.cgi?id=1380075 -------------------------------------------------------------------------------- ================================================================================ thunderbird-45.4.0-1.fc23 (FEDORA-2016-2a91644580) Mozilla Thunderbird mail/newsgroup client -------------------------------------------------------------------------------- Update Information: For changes see: https://www.mozilla.org/en-US/thunderbird/45.4.0/releasenotes/ ---- For more info see: https://www.mozilla.org/en- US/thunderbird/45.3.0/releasenotes/ -------------------------------------------------------------------------------- ================================================================================ webkitgtk4-2.14.1-1.fc23 (FEDORA-2016-ee56c530fa) GTK+ Web content engine library -------------------------------------------------------------------------------- Update Information: Update WebKitGTK+ package to 2.14.1: * Threaded compositor is enabled by default in both X11 and Wayland. * Accelerated compositing is now supported in Wayland. * Clipboard works in Wayland too. * Memory pressure handler always works even when cgroups is not present or not configured. * The HTTP disk cache implements speculative revalidation of resources. * DRI3 is no longer a problem when using the modesetting intel driver. * The amount of file descriptors that are kept open has been drastically reduced. * MiniBrowser and jsc binaries are now installed in pkglibexecdir instead of bindir. * Improve performance when resizing a window with multiple web views in X11. * Check whether GDK can use GL before using gdk_cairo_draw_from_gl() in Wayland. * Updated default UserAgent string or better compatibility. * Fix a crash on github.com in IntlDateTimeFormat::resolvedOptions when using the C locale. * Fix BadDamage X errors when closing the web view in X11. * Fix UIProcess crash when using Japanese input method. * Fix build with clang due to missing header includes. * Fix the build with USE_REDIRECTED_XCOMPOSITE_WINDOW disabled. * Fix several crashes and rendering issues. * Translation updates: German. Update Epiphany to be compatible with the new WebKitGTK+ package. -------------------------------------------------------------------------------- ================================================================================ xapps-1.0.0-0.2.git0f28d18.fc23 (FEDORA-2016-0a16083673) Common files for XApp desktop apps -------------------------------------------------------------------------------- Update Information: New package providing common components for cinnamon. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1382908 - None https://bugzilla.redhat.com/show_bug.cgi?id=1382908 -------------------------------------------------------------------------------- ================================================================================ zeal-0.3.1-1.fc23 (FEDORA-2016-0b2eec6ee9) Offline documentation browser inspired by Dash -------------------------------------------------------------------------------- Update Information: New features and fixes; see https://github.com/zealdocs/zeal/releases for details -------------------------------------------------------------------------------- References: [ 1 ] Bug #1381134 - None https://bugzilla.redhat.com/show_bug.cgi?id=1381134 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
