The following Fedora 23 Security updates need testing: Age URL 390 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 347 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 320 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 271 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 271 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 236 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 111 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fcccb0a547 nodejs-0.10.46-1.fc23 90 https://bodhi.fedoraproject.org/updates/FEDORA-2016-70b5173c05 ecryptfs-utils-111-1.fc23 77 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d79ade826 flex-2.6.0-2.fc23 66 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c2ec9c716e redis-3.2.3-1.fc23 59 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23 57 https://bodhi.fedoraproject.org/updates/FEDORA-2016-47dc2b203f firewalld-0.4.3.3-1.fc23 43 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3a6435b14 dhcpcd-6.11.3-1.fc23 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3af8b344f1 bind-9.10.4-2.P3.fc23 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cbef6c8619 bind99-9.9.9-2.P3.fc23 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bb007a4097 openssh-7.2p2-6.fc23 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8e4e733bef systemd-222-17.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c0f589bd32 perl-DBD-MySQL-4.033-3.fc23 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0 ca-certificates-2016.2.10-1.0.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0e7694c456 libXfixes-5.0.3-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d045c2c7b3 libXrandr-1.5.1-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b26b497381 libXtst-1.2.3-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-49d560da23 libXrender-0.9.10-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d286ffb801 libXvMC-1.0.10-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b41a9eaa8 libXv-1.0.11-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f8fd3891f8 perl-Image-Info-1.38-6.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1c13825502 ghostscript-9.20-2.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-95407a836f libass-0.13.4-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-616a35205b libgit2-0.23.4-2.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b4c1b24a74 glibc-arm-linux-gnu-2.24-2.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-17ea599651 compat-guile18-1.8.8-14.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ee56c530fa epiphany-3.18.8-1.fc23 webkitgtk4-2.14.1-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1bb366e5b dbus-1.10.12-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e0d0c86afe jasper-1.900.3-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a47bf58beb guile-2.0.13-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c065db2c1 libXi-1.7.7-2.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0729e59542 php-5.6.27-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0312cf1dcd php-pecl-zip-1.13.5-1.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 86 https://bodhi.fedoraproject.org/updates/FEDORA-2016-98a7a1b6e0 abrt-2.8.0-6.fc23 libreport-2.6.4-3.fc23 59 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-79072fd70e python-virtkey-0.63.0-1.fc23 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3af8b344f1 bind-9.10.4-2.P3.fc23 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d26923757a koji-1.10.1-13.fc23 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bb007a4097 openssh-7.2p2-6.fc23 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8e4e733bef systemd-222-17.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fdf15e65fd hwdata-0.293-1.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c0f589bd32 perl-DBD-MySQL-4.033-3.fc23 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0 ca-certificates-2016.2.10-1.0.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3646279587 libgdata-0.17.5-2.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b41a9eaa8 libXv-1.0.11-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d286ffb801 libXvMC-1.0.10-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-49d560da23 libXrender-0.9.10-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b26b497381 libXtst-1.2.3-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d045c2c7b3 libXrandr-1.5.1-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0e7694c456 libXfixes-5.0.3-1.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3da7667d60 sane-backends-1.0.25-3.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-95407a836f libass-0.13.4-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4386e437a4 pcre-8.39-4.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2a91644580 thunderbird-45.4.0-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c065db2c1 libXi-1.7.7-2.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e0d0c86afe jasper-1.900.3-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1bb366e5b dbus-1.10.12-1.fc23 The following builds have been pushed to Fedora 23 updates-testing atomic-reactor-1.6.17-1.fc23 certbot-0.9.2-1.fc23 dmlite-0.8.1-1.fc23 dpm-dsi-1.9.10-1.fc23 dpm-xrootd-3.6.2-1.fc23 foomatic-4.0.12-6.fc23 gimagereader-3.1.99-1.fc23 heketi-3.0.0-1.fc23 magic-8.0.213-1.fc23 pcre-8.39-4.fc23 perl-Time-Local-1.240-1.fc23 php-5.6.27-1.fc23 php-doctrine-cache-1.6.0-1.fc23 php-pecl-zip-1.13.5-1.fc23 pymol-1.8.4-1.20161007svn4162.fc23 python-acme-0.9.2-1.fc23 python-certbot-apache-0.9.2-1.fc23 python-moksha-hub-1.4.7-1.fc23 python-pyroute2-0.4.10-1.fc23 taskotron-trigger-0.4.1-1.fc23 xcircuit-3.9.56-1.fc23 Details about builds: ================================================================================ atomic-reactor-1.6.17-1.fc23 (FEDORA-2016-b645467281) Improved builder for Docker images -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1376236 - None https://bugzilla.redhat.com/show_bug.cgi?id=1376236 -------------------------------------------------------------------------------- ================================================================================ certbot-0.9.2-1.fc23 (FEDORA-2016-3ed692c93a) A free, automated certificate authority client -------------------------------------------------------------------------------- Update Information: Update to 0.9.2 of certbot -------------------------------------------------------------------------------- References: [ 1 ] Bug #1343915 - None https://bugzilla.redhat.com/show_bug.cgi?id=1343915 [ 2 ] Bug #1382183 - None https://bugzilla.redhat.com/show_bug.cgi?id=1382183 -------------------------------------------------------------------------------- ================================================================================ dmlite-0.8.1-1.fc23 (FEDORA-2016-bc6112c0e5) Lcgdm grid data management and storage framework -------------------------------------------------------------------------------- Update Information: * bug fixes -------------------------------------------------------------------------------- ================================================================================ dpm-dsi-1.9.10-1.fc23 (FEDORA-2016-d13c20f68f) Disk Pool Manager (DPM) plugin for the Globus GridFTP server -------------------------------------------------------------------------------- Update Information: * new upstream release ---- * new upstream release -------------------------------------------------------------------------------- ================================================================================ dpm-xrootd-3.6.2-1.fc23 (FEDORA-2016-05b5141840) XROOT interface to the Disk Pool Manager (DPM) -------------------------------------------------------------------------------- Update Information: * bug fixes ---- - fix wrong dependency to dmlite ---- * new upstream release -------------------------------------------------------------------------------- ================================================================================ foomatic-4.0.12-6.fc23 (FEDORA-2016-2a4df8b8ff) Tools for using the foomatic database of printers and printer drivers -------------------------------------------------------------------------------- Update Information: Rebuild for ghostscript-9.20. -------------------------------------------------------------------------------- ================================================================================ gimagereader-3.1.99-1.fc23 (FEDORA-2016-368675fafa) A front-end to tesseract-ocr -------------------------------------------------------------------------------- Update Information: Update to 3.1.99, see https://github.com/manisandro/gImageReader/releases/tag/v3.1.99 for details. -------------------------------------------------------------------------------- ================================================================================ heketi-3.0.0-1.fc23 (FEDORA-2016-f1e94cd3a9) RESTful based volume management framework for GlusterFS -------------------------------------------------------------------------------- Update Information: Release 3 Final -------------------------------------------------------------------------------- ================================================================================ magic-8.0.213-1.fc23 (FEDORA-2016-b23021c383) A very capable VLSI layout tool -------------------------------------------------------------------------------- Update Information: New version 8.0.213 is released. -------------------------------------------------------------------------------- ================================================================================ pcre-8.39-4.fc23 (FEDORA-2016-4386e437a4) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release fixes compilation of conditionals whena group name starts with "R". It also corrects displaying a callout position in pcretest output if an escape sequence is greater than \x{ff}. It also corrects misspelllings in pcrepattern(3) manual page. -------------------------------------------------------------------------------- ================================================================================ perl-Time-Local-1.240-1.fc23 (FEDORA-2016-6b007eb938) Efficiently compute time from local and GMT time -------------------------------------------------------------------------------- Update Information: This release improves tests, a build script and code legibility. Ve deliver it mainly to provide up-to-date version string. -------------------------------------------------------------------------------- ================================================================================ php-5.6.27-1.fc23 (FEDORA-2016-0729e59542) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: 13 Oct 2016 - **PHP version 5.6.27** **Core:** * Fixed bug php#73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c). (cmb) * Fixed bug php#73058 (crypt broken when salt is 'too' long). (Anatol) * Fixed bug php#72703 (Out of bounds global memory read in BF_crypt triggered by password_verify). (Anatol) * Fixed bug php#73189 (Memcpy negative size parameter php_resolve_path). (Stas) * Fixed bug php#73147 (Use After Free in unserialize()). (Stas) **BCmath:** * Fixed bug php#73190 (memcpy negative parameter _bc_new_num_ex). (Stas) **DOM:** * Fixed bug php#73150 (missing NULL check in dom_document_save_html). (Stas) **Ereg:** * Fixed bug php#73284 (heap overflow in php_ereg_replace function). (Stas) **Filter:** * Fixed bug php#72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE). (julien) * Fixed bug php#67167 (Wrong return value from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE). (levim, cmb) * Fixed bug php#73054 (default option ignored when object passed to int filter). (cmb) **GD:** * Fixed bug php#67325 (imagetruecolortopalette: white is duplicated in palette). (cmb) * Fixed bug php#50194 (imagettftext broken on transparent background w/o alphablending). (cmb) * Fixed bug php#73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c). (trylab, cmb) * Fixed bug php#53504 (imagettfbbox gives incorrect values for bounding box). (Mark Plomer, cmb) * Fixed bug php#73157 (imagegd2() ignores 3rd param if 4 are given). (cmb) * Fixed bug php#73155 (imagegd2() writes wrong chunk sizes on boundaries). (cmb) * Fixed bug php#73159 (imagegd2(): unrecognized formats may result in corrupted files). (cmb) * Fixed bug php#73161 (imagecreatefromgd2() may leak memory). (cmb) **Intl:** * Fixed bug php#73218 (add mitigation for ICU int overflow). (Stas) **Imap:** * Fixed bug php#73208 (integer overflow in imap_8bit caused heap corruption). (Stas) **Mbstring:** * Fixed bug php#72994 (mbc_to_code() out of bounds read). (Laruence, cmb) * Fixed bug php#66964 (mb_convert_variables() cannot detect recursion). (Yasuo) * Fixed bug php#72992 (mbstring.internal_encoding doesn't inherit default_charset). (Yasuo) * Fixed bug php#73082 (string length overflow in mb_encode_* function). (Stas) **PCRE:** * Fixed bug php#73174 (heap overflow in php_pcre_replace_impl). (Stas) **Opcache:** * Fixed bug php#72590 (Opcache restart with kill_all_lockers does not work). (Keyur) (julien backport) **OpenSSL:** * Fixed bug php#73072 (Invalid path SNI_server_certs causes segfault). (Jakub Zelenka) * Fixed bug php#73275 (crash in openssl_encrypt function). (Stas) * Fixed bug php#73276 (crash in openssl_random_pseudo_bytes function). (Stas) **Session:** * Fixed bug php#68015 (Session does not report invalid uid for files save handler). (Yasuo) * Fixed bug php#73100 (session_destroy null dereference in ps_files_path_create). (cmb) **SimpleXML:** * Fixed bug php#73293 (NULL pointer dereference in SimpleXMLElement::asXML()). (Stas) **SPL:** * Fixed bug php#73073 (CachingIterator null dereference when convert to string). (Stas) **Standard:** * Fixed bug php#73240 (Write out of bounds at number_format). (Stas) * Fixed bug php#73017 (memory corruption in wordwrap function). (Stas) **Stream:** * Fixed bug php#73069 (readfile() mangles files larger than 2G). (Laruence) -------------------------------------------------------------------------------- ================================================================================ php-doctrine-cache-1.6.0-1.fc23 (FEDORA-2016-8a3ae1e028) Doctrine Cache -------------------------------------------------------------------------------- Update Information: ### v1.6.0 * 109: Cleanup: drop unsupported php versions * 112: Native APCu support * 115: Add APCu cache provider * 117: Added MultiPutCache interface and implementations for drivers that support it * 130: Added support for stats and ttl on ArrayCache -------------------------------------------------------------------------------- References: [ 1 ] Bug #1295634 - None https://bugzilla.redhat.com/show_bug.cgi?id=1295634 -------------------------------------------------------------------------------- ================================================================================ php-pecl-zip-1.13.5-1.fc23 (FEDORA-2016-0312cf1dcd) A ZIP archive management extension -------------------------------------------------------------------------------- Update Information: **Version 1.13.5** - Fixed bug php#72660 (NULL Pointer dereference in zend_virtual_cwd). (Laruence) - Fixed bug php#68302 (impossible to compile php with zip support). (cmb) - Fixed bug php#70752 (Depacking with wrong password leaves 0 length files). (cmb) -------------------------------------------------------------------------------- ================================================================================ pymol-1.8.4-1.20161007svn4162.fc23 (FEDORA-2016-ca4675a1cc) PyMOL Molecular Graphics System -------------------------------------------------------------------------------- Update Information: - update to 1.8.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1382199 - None https://bugzilla.redhat.com/show_bug.cgi?id=1382199 -------------------------------------------------------------------------------- ================================================================================ python-acme-0.9.2-1.fc23 (FEDORA-2016-3ed692c93a) Python library for the ACME protocol -------------------------------------------------------------------------------- Update Information: Update to 0.9.2 of certbot -------------------------------------------------------------------------------- References: [ 1 ] Bug #1343915 - None https://bugzilla.redhat.com/show_bug.cgi?id=1343915 [ 2 ] Bug #1382183 - None https://bugzilla.redhat.com/show_bug.cgi?id=1382183 -------------------------------------------------------------------------------- ================================================================================ python-certbot-apache-0.9.2-1.fc23 (FEDORA-2016-3ed692c93a) The apache plugin for certbot -------------------------------------------------------------------------------- Update Information: Update to 0.9.2 of certbot -------------------------------------------------------------------------------- References: [ 1 ] Bug #1343915 - None https://bugzilla.redhat.com/show_bug.cgi?id=1343915 [ 2 ] Bug #1382183 - None https://bugzilla.redhat.com/show_bug.cgi?id=1382183 -------------------------------------------------------------------------------- ================================================================================ python-moksha-hub-1.4.7-1.fc23 (FEDORA-2016-98ae54626b) Hub components for Moksha -------------------------------------------------------------------------------- Update Information: Enhancements and bugfixes to the STOMP backend. -------------------------------------------------------------------------------- ================================================================================ python-pyroute2-0.4.10-1.fc23 (FEDORA-2016-a38471e55c) Pure Python netlink library -------------------------------------------------------------------------------- Update Information: devlink fd leak fix ---- critical fd leak fix ---- uplift to 0.4.x ---- separate Python2 and Python3 packages -------------------------------------------------------------------------------- References: [ 1 ] Bug #1309389 - python-pyroute2: Provide a Python 3 subpackage https://bugzilla.redhat.com/show_bug.cgi?id=1309389 -------------------------------------------------------------------------------- ================================================================================ taskotron-trigger-0.4.1-1.fc23 (FEDORA-2016-8cc8f5a18a) Triggering Taskotron jobs via fedmsg -------------------------------------------------------------------------------- Update Information: Add docker support. Remove mongoquery bundle. ---- Initial build of taskotron- trigger in Fedora repos -------------------------------------------------------------------------------- References: [ 1 ] Bug #1341099 - None https://bugzilla.redhat.com/show_bug.cgi?id=1341099 -------------------------------------------------------------------------------- ================================================================================ xcircuit-3.9.56-1.fc23 (FEDORA-2016-3b92274408) Electronic circuit schematic drawing program -------------------------------------------------------------------------------- Update Information: New version 3.9.56 is released. -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
