The following Fedora 23 Security updates need testing: Age URL 402 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 359 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 332 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 283 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 282 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 248 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 123 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fcccb0a547 nodejs-0.10.46-1.fc23 102 https://bodhi.fedoraproject.org/updates/FEDORA-2016-70b5173c05 ecryptfs-utils-111-1.fc23 89 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d79ade826 flex-2.6.0-2.fc23 78 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c2ec9c716e redis-3.2.3-1.fc23 71 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23 69 https://bodhi.fedoraproject.org/updates/FEDORA-2016-47dc2b203f firewalld-0.4.3.3-1.fc23 55 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3a6435b14 dhcpcd-6.11.3-1.fc23 23 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8e4e733bef systemd-222-17.fc23 21 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0 ca-certificates-2016.2.10-1.0.fc23 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0e7694c456 libXfixes-5.0.3-1.fc23 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d045c2c7b3 libXrandr-1.5.1-1.fc23 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b26b497381 libXtst-1.2.3-1.fc23 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-49d560da23 libXrender-0.9.10-1.fc23 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d286ffb801 libXvMC-1.0.10-1.fc23 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b41a9eaa8 libXv-1.0.11-1.fc23 17 https://bodhi.fedoraproject.org/updates/FEDORA-2016-95407a836f libass-0.13.4-1.fc23 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-17ea599651 compat-guile18-1.8.8-14.fc23 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ee56c530fa epiphany-3.18.8-1.fc23 webkitgtk4-2.14.1-1.fc23 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1bb366e5b dbus-1.10.12-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b6393acdd tor-0.2.8.9-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6c789ba91d jasper-1.900.13-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4094bd4ad6 tomcat-8.0.38-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-21f0de504c libXi-1.7.8-2.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f7a079f775 kdepimlibs-4.14.10-15.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-568c7ff4f6 quagga-0.99.24.1-3.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 98 https://bodhi.fedoraproject.org/updates/FEDORA-2016-98a7a1b6e0 abrt-2.8.0-6.fc23 libreport-2.6.4-3.fc23 71 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23 32 https://bodhi.fedoraproject.org/updates/FEDORA-2016-79072fd70e python-virtkey-0.63.0-1.fc23 25 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d26923757a koji-1.10.1-13.fc23 23 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8e4e733bef systemd-222-17.fc23 21 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0 ca-certificates-2016.2.10-1.0.fc23 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3646279587 libgdata-0.17.5-2.fc23 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b41a9eaa8 libXv-1.0.11-1.fc23 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d286ffb801 libXvMC-1.0.10-1.fc23 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-49d560da23 libXrender-0.9.10-1.fc23 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b26b497381 libXtst-1.2.3-1.fc23 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d045c2c7b3 libXrandr-1.5.1-1.fc23 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0e7694c456 libXfixes-5.0.3-1.fc23 17 https://bodhi.fedoraproject.org/updates/FEDORA-2016-95407a836f libass-0.13.4-1.fc23 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2a91644580 thunderbird-45.4.0-1.fc23 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1bb366e5b dbus-1.10.12-1.fc23 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6e25f5418b gnome-settings-daemon-3.18.4-1.fc23 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-79669f13cf dmidecode-3.0-6.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3da7667d60 sane-backends-1.0.25-4.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-86a2119f42 nspr-4.13.1-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4379c6e6d6 libfm-1.2.4-8.D20161017git82b3a1a201.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4a8ab1b8bc menu-cache-1.0.1-3.D20161021git441f0ca9a1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b06386d473 pcre-8.39-6.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6c789ba91d jasper-1.900.13-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f7a079f775 kdepimlibs-4.14.10-15.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-21f0de504c libXi-1.7.8-2.fc23 The following builds have been pushed to Fedora 23 updates-testing kdepimlibs-4.14.10-15.fc23 libwmf-0.2.8.4-47.fc23 lighttpd-1.4.42-3.fc23 mycli-1.8.1-1.fc23 nordugrid-arc-5.2.0-1.fc23 nordugrid-arc-doc-2.0.10-1.fc23 perl-Dist-Zilla-Plugin-Test-Compile-2.055-1.fc23 perl-Unicode-Collate-1.16-1.fc23 python-boto-2.43.0-1.fc23 python-curtsies-0.2.11-1.fc23 python-visitor-0.1.3-1.fc23 quagga-0.99.24.1-3.fc23 smokeping-2.6.11-1.fc23 tomcat-8.0.38-1.fc23 zanata-python-client-1.5.1-1.fc23 Details about builds: ================================================================================ kdepimlibs-4.14.10-15.fc23 (FEDORA-2016-f7a079f775) KDE PIM Libraries -------------------------------------------------------------------------------- Update Information: the new package fixes the CVE-2016-7966. for more info please take a look at https://www.kde.org/info/security/advisory-20161006-1.txt -------------------------------------------------------------------------------- References: [ 1 ] Bug #1382298 - CVE-2016-7966 CVE-2016-7967 CVE-2016-7968 kdepim4: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1382298 -------------------------------------------------------------------------------- ================================================================================ libwmf-0.2.8.4-47.fc23 (FEDORA-2016-e37bab02ba) Windows MetaFile Library -------------------------------------------------------------------------------- Update Information: * Sanity check wmf max record size field claim against size of input file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1388451 - None https://bugzilla.redhat.com/show_bug.cgi?id=1388451 -------------------------------------------------------------------------------- ================================================================================ lighttpd-1.4.42-3.fc23 (FEDORA-2016-aa045e9dc7) Lightning fast webserver with light system requirements -------------------------------------------------------------------------------- Update Information: Split out mysql and gssapi authn modules. ---- 1.4.42, now with upstream mod_geoip. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1385640 - None https://bugzilla.redhat.com/show_bug.cgi?id=1385640 -------------------------------------------------------------------------------- ================================================================================ mycli-1.8.1-1.fc23 (FEDORA-2016-63139c7faf) Interactive CLI for MySQL Database with auto-completion and syntax highlighting -------------------------------------------------------------------------------- Update Information: Update to latest upstream release mycli 1.8.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1388279 - None https://bugzilla.redhat.com/show_bug.cgi?id=1388279 -------------------------------------------------------------------------------- ================================================================================ nordugrid-arc-5.2.0-1.fc23 (FEDORA-2016-d19503aefa) Advanced Resource Connector Grid Middleware -------------------------------------------------------------------------------- Update Information: ARC 5.2.0 -------------------------------------------------------------------------------- ================================================================================ nordugrid-arc-doc-2.0.10-1.fc23 (FEDORA-2016-d19503aefa) Advanced Resource Connector Documentation -------------------------------------------------------------------------------- Update Information: ARC 5.2.0 -------------------------------------------------------------------------------- ================================================================================ perl-Dist-Zilla-Plugin-Test-Compile-2.055-1.fc23 (FEDORA-2016-62230dac53) Common tests to check syntax of your modules, only using core modules -------------------------------------------------------------------------------- Update Information: A new version of Dist::Zilla::Plugin::Test::Compile is available. See http://cpansearch.perl.org/src/ETHER/Dist-Zilla-Plugin-Test- Compile-2.055/Changes for the summary of changes in this release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1388082 - None https://bugzilla.redhat.com/show_bug.cgi?id=1388082 -------------------------------------------------------------------------------- ================================================================================ perl-Unicode-Collate-1.16-1.fc23 (FEDORA-2016-93de4e2d67) Unicode Collation Algorithm -------------------------------------------------------------------------------- Update Information: This release corrects documentation. It also improves tests. ---- This release adds support for Uyghur cyrilic locale. It also corrects license declaration and improves tests. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1388282 - None https://bugzilla.redhat.com/show_bug.cgi?id=1388282 [ 2 ] Bug #1387849 - None https://bugzilla.redhat.com/show_bug.cgi?id=1387849 -------------------------------------------------------------------------------- ================================================================================ python-boto-2.43.0-1.fc23 (FEDORA-2016-a8bbdaf433) A simple, lightweight interface to Amazon Web Services -------------------------------------------------------------------------------- Update Information: This update adds support for the new us-east-2 region in Ohio, USA. -------------------------------------------------------------------------------- ================================================================================ python-curtsies-0.2.11-1.fc23 (FEDORA-2016-d5093b6812) Curses-like terminal wrapper, with colored strings -------------------------------------------------------------------------------- Update Information: Update to latest upstream release curtsies 0.2.11. ---- Update to latest upstream release curtsies 0.2.10. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1383532 - None https://bugzilla.redhat.com/show_bug.cgi?id=1383532 [ 2 ] Bug #1387879 - None https://bugzilla.redhat.com/show_bug.cgi?id=1387879 -------------------------------------------------------------------------------- ================================================================================ python-visitor-0.1.3-1.fc23 (FEDORA-2016-29501c3376) A tiny python visitor implementation -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1382935 - None https://bugzilla.redhat.com/show_bug.cgi?id=1382935 -------------------------------------------------------------------------------- ================================================================================ quagga-0.99.24.1-3.fc23 (FEDORA-2016-568c7ff4f6) Routing daemon -------------------------------------------------------------------------------- Update Information: This update addresses multiple security problems and fixes systemd dependencies. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1387654 - quagga daemons should pull in network.target into the boot transaction https://bugzilla.redhat.com/show_bug.cgi?id=1387654 [ 2 ] Bug #1386110 - CVE-2016-1245 quagga: Buffer Overflow in IPv6 RA handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1386110 [ 3 ] Bug #1331373 - CVE-2016-4049 quagga: denial of service vulnerability in BGP routing daemon [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1331373 [ 4 ] Bug #1316572 - CVE-2016-2342 quagga: VPNv4 NLRI parses memcpys to stack on unchecked length [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1316572 -------------------------------------------------------------------------------- ================================================================================ smokeping-2.6.11-1.fc23 (FEDORA-2016-12cfbb1af5) Latency Logging and Graphing System -------------------------------------------------------------------------------- Update Information: Update to latest upstream release smokeping 2.6.11 and fix an error caused by smokeping starting to soon during boot. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1388583 - None https://bugzilla.redhat.com/show_bug.cgi?id=1388583 [ 2 ] Bug #1163347 - None https://bugzilla.redhat.com/show_bug.cgi?id=1163347 -------------------------------------------------------------------------------- ================================================================================ tomcat-8.0.38-1.fc23 (FEDORA-2016-4094bd4ad6) Apache Servlet/JSP Engine, RI for Servlet 3.1/JSP 2.3 API -------------------------------------------------------------------------------- Update Information: This updates includes a rebase from tomcat 8.0.36 up to 8.0.38 which resolves one CVE and a problem that 8.0.37 introduces to freeipa: * rhbz#1375581 - CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header and includes two additional CVE fixes along with one bug fix: * rhbz#1383210 CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service * rhbz#1383216 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation * rhbz#1370262 - catalina.out is no longer in use in the main package, but still gets rotated -------------------------------------------------------------------------------- References: [ 1 ] Bug #1375581 - CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1375581 [ 2 ] Bug #1383216 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1383216 [ 3 ] Bug #1383210 - CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1383210 [ 4 ] Bug #1370262 - catalina.out is no longer in use in the main package, but still gets rotated https://bugzilla.redhat.com/show_bug.cgi?id=1370262 -------------------------------------------------------------------------------- ================================================================================ zanata-python-client-1.5.1-1.fc23 (FEDORA-2016-64949a022e) Python Client for Zanata Server -------------------------------------------------------------------------------- Update Information: Upstream update to 1.5.1-1 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx