The following Fedora 23 Security updates need testing: Age URL 400 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 358 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 331 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 281 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 281 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 246 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 122 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fcccb0a547 nodejs-0.10.46-1.fc23 100 https://bodhi.fedoraproject.org/updates/FEDORA-2016-70b5173c05 ecryptfs-utils-111-1.fc23 87 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d79ade826 flex-2.6.0-2.fc23 77 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c2ec9c716e redis-3.2.3-1.fc23 70 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23 68 https://bodhi.fedoraproject.org/updates/FEDORA-2016-47dc2b203f firewalld-0.4.3.3-1.fc23 53 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3a6435b14 dhcpcd-6.11.3-1.fc23 21 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8e4e733bef systemd-222-17.fc23 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0 ca-certificates-2016.2.10-1.0.fc23 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0e7694c456 libXfixes-5.0.3-1.fc23 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d045c2c7b3 libXrandr-1.5.1-1.fc23 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b26b497381 libXtst-1.2.3-1.fc23 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-49d560da23 libXrender-0.9.10-1.fc23 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d286ffb801 libXvMC-1.0.10-1.fc23 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b41a9eaa8 libXv-1.0.11-1.fc23 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f8fd3891f8 perl-Image-Info-1.38-6.fc23 15 https://bodhi.fedoraproject.org/updates/FEDORA-2016-95407a836f libass-0.13.4-1.fc23 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-17ea599651 compat-guile18-1.8.8-14.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ee56c530fa epiphany-3.18.8-1.fc23 webkitgtk4-2.14.1-1.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1bb366e5b dbus-1.10.12-1.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c065db2c1 libXi-1.7.7-2.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b6393acdd tor-0.2.8.9-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4094bd4ad6 tomcat-8.0.37-3.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6c789ba91d jasper-1.900.13-1.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 97 https://bodhi.fedoraproject.org/updates/FEDORA-2016-98a7a1b6e0 abrt-2.8.0-6.fc23 libreport-2.6.4-3.fc23 70 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23 31 https://bodhi.fedoraproject.org/updates/FEDORA-2016-79072fd70e python-virtkey-0.63.0-1.fc23 24 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d26923757a koji-1.10.1-13.fc23 21 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8e4e733bef systemd-222-17.fc23 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3646279587 libgdata-0.17.5-2.fc23 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b41a9eaa8 libXv-1.0.11-1.fc23 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d286ffb801 libXvMC-1.0.10-1.fc23 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-49d560da23 libXrender-0.9.10-1.fc23 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b26b497381 libXtst-1.2.3-1.fc23 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d045c2c7b3 libXrandr-1.5.1-1.fc23 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0e7694c456 libXfixes-5.0.3-1.fc23 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0 ca-certificates-2016.2.10-1.0.fc23 15 https://bodhi.fedoraproject.org/updates/FEDORA-2016-95407a836f libass-0.13.4-1.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2a91644580 thunderbird-45.4.0-1.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c065db2c1 libXi-1.7.7-2.fc23 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1bb366e5b dbus-1.10.12-1.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6e25f5418b gnome-settings-daemon-3.18.4-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-79669f13cf dmidecode-3.0-6.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3da7667d60 sane-backends-1.0.25-4.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-86a2119f42 nspr-4.13.1-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4379c6e6d6 libfm-1.2.4-8.D20161017git82b3a1a201.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b06386d473 pcre-8.39-6.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6c789ba91d jasper-1.900.13-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4a8ab1b8bc menu-cache-1.0.1-3.D20161021git441f0ca9a1.fc23 The following builds have been pushed to Fedora 23 updates-testing fstrm-0.3.0-1.fc23 jasper-1.900.13-1.fc23 mingw-taglib-1.11.1-1.fc23 notmuch-0.23.1-1.fc23 pcre-8.39-6.fc23 pcre2-10.21-8.fc23 perl-DateTime-TimeZone-2.01-4.fc23 perl-Tangerine-0.23-1.fc23 perl-Unicode-Collate-1.15-1.fc23 perl-WWW-Form-UrlEncoded-0.23-2.fc23 php-fedora-autoloader-0.1.2-1.fc23 python-ripe-atlas-cousteau-1.3-1.fc23 python-socketIO-client-0.7.0-1.fc23 ripe-atlas-tools-2.0.2-1.fc23 rpmdeplint-1.2-2.fc23 tomcat-8.0.37-3.fc23 xcircuit-3.9.57-1.fc23 Details about builds: ================================================================================ fstrm-0.3.0-1.fc23 (FEDORA-2016-acf0ad23d3) Frame Streams implementation in C -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1356981 - None https://bugzilla.redhat.com/show_bug.cgi?id=1356981 -------------------------------------------------------------------------------- ================================================================================ jasper-1.900.13-1.fc23 (FEDORA-2016-6c789ba91d) Implementation of the JPEG-2000 standard, Part 1 -------------------------------------------------------------------------------- Update Information: New version of jasper is available (jasper-1.900.13). Security fix for CVE-2016-8690, CVE-2016-8691, CVE-2016-8692, CVE-2016-8693. ---- New version of jasper is available (1.900.3) ---- Security fix for CVE-2016-2089 ---- New version of jasper is available. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1385507 - CVE-2016-8693 jasper: Double free vulnerability in mem_close https://bugzilla.redhat.com/show_bug.cgi?id=1385507 [ 2 ] Bug #1385503 - CVE-2016-8692 jasper: Divide by zero in jpc_dec_process_siz https://bugzilla.redhat.com/show_bug.cgi?id=1385503 [ 3 ] Bug #1385502 - CVE-2016-8691 jasper: Divide by zero in jpc_dec_process_siz https://bugzilla.redhat.com/show_bug.cgi?id=1385502 [ 4 ] Bug #1385499 - CVE-2016-8690 jasper: Null pointer dereference in bmp_getdata triggered by crafted BMP image https://bugzilla.redhat.com/show_bug.cgi?id=1385499 [ 5 ] Bug #1302636 - CVE-2016-2089 jasper: matrix rows_ NULL pointer dereference in jas_matrix_clip() https://bugzilla.redhat.com/show_bug.cgi?id=1302636 -------------------------------------------------------------------------------- ================================================================================ mingw-taglib-1.11.1-1.fc23 (FEDORA-2016-d2f9d6ba8d) Audio Meta-Data Library -------------------------------------------------------------------------------- Update Information: Update to 1.11.1 -------------------------------------------------------------------------------- ================================================================================ notmuch-0.23.1-1.fc23 (FEDORA-2016-1298b09ef9) System for indexing, searching, and tagging email -------------------------------------------------------------------------------- Update Information: Latest upstream. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1388085 - None https://bugzilla.redhat.com/show_bug.cgi?id=1388085 -------------------------------------------------------------------------------- ================================================================================ pcre-8.39-6.fc23 (FEDORA-2016-b06386d473) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release documents an existing assert capture limitation. ---- This release fixes optimization for patterns starting with lookaheads. It also corrects internal options documentation in pcrepattern(3). ---- This release fixes compilation of conditionals whena group name starts with "R". It also corrects displaying a callout position in pcretest output if an escape sequence is greater than \x{ff}. It also corrects misspelllings in pcrepattern(3) manual page. -------------------------------------------------------------------------------- ================================================================================ pcre2-10.21-8.fc23 (FEDORA-2016-b52c369c50) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release documents an existing assert capture limitination. ---- This release fixes compilation of conditionals when a group name starts with "R". It fixes optimization for patterns starting with lookaheads. It also corrects displaying a callout position in pcretest output if an escape sequence is greater than \x{ff}. It also corrects internal options documentation and misspelllings in pcrepattern(3) manual page. -------------------------------------------------------------------------------- ================================================================================ perl-DateTime-TimeZone-2.01-4.fc23 (FEDORA-2016-d90955a1ae) Time zone object base class and factory -------------------------------------------------------------------------------- Update Information: Updated to 2016h Olson database -------------------------------------------------------------------------------- References: [ 1 ] Bug #1387452 - None https://bugzilla.redhat.com/show_bug.cgi?id=1387452 -------------------------------------------------------------------------------- ================================================================================ perl-Tangerine-0.23-1.fc23 (FEDORA-2016-a8c32d2b9f) Analyse perl files and report module-related information -------------------------------------------------------------------------------- Update Information: A new version of Tangerine is available. This release introduces support for Test::Needs. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1387944 - None https://bugzilla.redhat.com/show_bug.cgi?id=1387944 -------------------------------------------------------------------------------- ================================================================================ perl-Unicode-Collate-1.15-1.fc23 (FEDORA-2016-7afe1b7357) Unicode Collation Algorithm -------------------------------------------------------------------------------- Update Information: This release adds support for Uyghur cyrilic locale. It also corrects license declaration and improves tests. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1387849 - None https://bugzilla.redhat.com/show_bug.cgi?id=1387849 -------------------------------------------------------------------------------- ================================================================================ perl-WWW-Form-UrlEncoded-0.23-2.fc23 (FEDORA-2016-47be4f58ae) Parser and builder for application/x-www-form-urlencoded -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1382922 - None https://bugzilla.redhat.com/show_bug.cgi?id=1382922 -------------------------------------------------------------------------------- ================================================================================ php-fedora-autoloader-0.1.2-1.fc23 (FEDORA-2016-1e758eff5c) Fedora Autoloader -------------------------------------------------------------------------------- Update Information: Static [PSR-4](http://www.php-fig.org/psr/psr-4/), [PSR-0](http://www.php- fig.org/psr/psr-0/), and classmap autoloader. Includes loader for required and optional dependencies. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1386735 - None https://bugzilla.redhat.com/show_bug.cgi?id=1386735 -------------------------------------------------------------------------------- ================================================================================ python-ripe-atlas-cousteau-1.3-1.fc23 (FEDORA-2016-3daa97675f) Python wrapper for RIPE Atlas API -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1387639 - None https://bugzilla.redhat.com/show_bug.cgi?id=1387639 [ 2 ] Bug #1387810 - None https://bugzilla.redhat.com/show_bug.cgi?id=1387810 -------------------------------------------------------------------------------- ================================================================================ python-socketIO-client-0.7.0-1.fc23 (FEDORA-2016-30e3f66103) A socket.io client library for Python -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1357170 - None https://bugzilla.redhat.com/show_bug.cgi?id=1357170 -------------------------------------------------------------------------------- ================================================================================ ripe-atlas-tools-2.0.2-1.fc23 (FEDORA-2016-3daa97675f) The official command line client for RIPE Atlas -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1387639 - None https://bugzilla.redhat.com/show_bug.cgi?id=1387639 [ 2 ] Bug #1387810 - None https://bugzilla.redhat.com/show_bug.cgi?id=1387810 -------------------------------------------------------------------------------- ================================================================================ rpmdeplint-1.2-2.fc23 (FEDORA-2016-81618719a7) Tool to find errors in RPM packages in the context of their dependency graph -------------------------------------------------------------------------------- Update Information: Rpmdeplint is a tool to find errors in RPM packages in the context of their dependency graph. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1385441 - None https://bugzilla.redhat.com/show_bug.cgi?id=1385441 -------------------------------------------------------------------------------- ================================================================================ tomcat-8.0.37-3.fc23 (FEDORA-2016-4094bd4ad6) Apache Servlet/JSP Engine, RI for Servlet 3.1/JSP 2.3 API -------------------------------------------------------------------------------- Update Information: This updates includes a rebase from tomcat 8.0.36 up to 8.0.37 which resolves one CVE: * rhbz#1375581 - CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header and includes two additional CVE fixes along with one bug fix: * rhbz#1383210 CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service * rhbz#1383216 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation * rhbz#1370262 - catalina.out is no longer in use in the main package, but still gets rotated -------------------------------------------------------------------------------- References: [ 1 ] Bug #1375581 - CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1375581 [ 2 ] Bug #1383216 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1383216 [ 3 ] Bug #1383210 - CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1383210 [ 4 ] Bug #1370262 - catalina.out is no longer in use in the main package, but still gets rotated https://bugzilla.redhat.com/show_bug.cgi?id=1370262 -------------------------------------------------------------------------------- ================================================================================ xcircuit-3.9.57-1.fc23 (FEDORA-2016-5a8b23d333) Electronic circuit schematic drawing program -------------------------------------------------------------------------------- Update Information: New version 3.9.57 is released. -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
