The following Fedora 23 Security updates need testing: Age URL 455 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 413 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 386 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 336 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 336 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 132 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c2ec9c716e redis-3.2.3-1.fc23 125 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23 109 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3a6435b14 dhcpcd-6.11.3-1.fc23 74 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0 ca-certificates-2016.2.10-1.0.fc23 66 https://bodhi.fedoraproject.org/updates/FEDORA-2016-17ea599651 compat-guile18-1.8.8-14.fc23 51 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b89e991e63 nodejs-0.10.48-1.fc23 41 https://bodhi.fedoraproject.org/updates/FEDORA-2016-272fa6b96e dracut-043-67.fc23 29 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5afe06026b jenkins-1.625.3-5.fc23 jenkins-remoting-2.62.3-1.fc23 15 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a400e4cd90 thunderbird-45.5.1-1.fc23 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-30077d1b37 ipsilon-2.0.2-2.fc23 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3c01772ff6 httpd-2.4.23-5.fc23 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cad9307ce0 gd-2.1.1-11.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ad82c71a1b dovecot-2.2.27-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-98aed7ae50 libgsf-1.14.33-3.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8a0533d057 firewalld-0.4.4.2-2.fc23 selinux-policy-3.13.1-158.25.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1b64186cbd botan-1.10.14-3.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b69734181b kernel-4.8.14-100.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b0dcb9cab6 chromium-55.0.2883.87-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3ec9fcf8e4 FlightGear-3.4.0-9.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b1b98ddd9b game-music-emu-0.6.1-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-41820f4930 python-wikitcms-2.1.10-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8ada3d2a1f nagios-plugins-2.1.4-2.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-127d587a08 openjpeg2-2.1.2-3.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4255dec54b mingw-openjpeg2-2.1.2-3.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 152 https://bodhi.fedoraproject.org/updates/FEDORA-2016-98a7a1b6e0 abrt-2.8.0-6.fc23 libreport-2.6.4-3.fc23 125 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23 86 https://bodhi.fedoraproject.org/updates/FEDORA-2016-79072fd70e python-virtkey-0.63.0-1.fc23 79 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d26923757a koji-1.10.1-13.fc23 74 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0 ca-certificates-2016.2.10-1.0.fc23 58 https://bodhi.fedoraproject.org/updates/FEDORA-2016-86a2119f42 nspr-4.13.1-1.fc23 43 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0906f64ec8 rpm-4.13.0-1.fc23 41 https://bodhi.fedoraproject.org/updates/FEDORA-2016-272fa6b96e dracut-043-67.fc23 32 https://bodhi.fedoraproject.org/updates/FEDORA-2016-03d76071b6 nss-3.27.0-1.3.fc23 15 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6064f86234 vim-8.0.118-1.fc23 15 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a400e4cd90 thunderbird-45.5.1-1.fc23 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cad9307ce0 gd-2.1.1-11.fc23 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3c01772ff6 httpd-2.4.23-5.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-09abe47360 boost-1.58.0-12.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6ecaf251f6 poppler-data-0.4.7-5.fc23 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8a0533d057 firewalld-0.4.4.2-2.fc23 selinux-policy-3.13.1-158.25.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b69734181b kernel-4.8.14-100.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7eebc08556 libvorbis-1.3.5-1.fc23 The following builds have been pushed to Fedora 23 updates-testing gegl-0.2.0-29.fc23 gimp-lensfun-0.2.3-4.fc23.1 libebur128-1.2.0-1.fc23 lxqt-wallet-3.0.0-2.fc23 mingw-openjpeg2-2.1.2-3.fc23 nagios-plugins-2.1.4-2.fc23 openjpeg2-2.1.2-3.fc23 python-wikitcms-2.1.10-1.fc23 subdownloader-2.0.18-8.fc23 zulucrypt-5.0.2-2.fc23 Details about builds: ================================================================================ gegl-0.2.0-29.fc23 (FEDORA-2016-da3bdc6966) A graph based image processing framework -------------------------------------------------------------------------------- Update Information: A rebuild of gegl against the latest lensfun in F23 updates, fixing the broken dependency in gegl-operations-workshop. Additionally, the one-line fix for gegl missing Requires: dcraw was backported from F24/F25. (The package is now built from the exact same specfile as the current F24 and F25 stable updates.) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1279143 - gegl missing Requires: dcraw https://bugzilla.redhat.com/show_bug.cgi?id=1279143 [ 2 ] Bug #1405582 - gegl-operations-workshop needs be rebuild against new lensfun version https://bugzilla.redhat.com/show_bug.cgi?id=1405582 -------------------------------------------------------------------------------- ================================================================================ gimp-lensfun-0.2.3-4.fc23.1 (FEDORA-2016-22ea400216) Gimp plugin to correct lens distortion -------------------------------------------------------------------------------- Update Information: A rebuild of gimp-lensfun against the latest lensfun in F23 updates, fixing the broken dependency. (Note that complaints from the Taskotron automated tests about upgrade path failure are expected because the upgrade path was unfortunately already broken by the previous stable F23 update of gimp-lensfun. (It should have used -3.fc23.1, not -4.fc23.) The Release will have to be bumped in F24+ to address that.) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1405581 - gimp-lensfun need rebuild against new lensfun version https://bugzilla.redhat.com/show_bug.cgi?id=1405581 -------------------------------------------------------------------------------- ================================================================================ libebur128-1.2.0-1.fc23 (FEDORA-2016-08ea08d4d3) A library that implements the EBU R 128 standard for loudness normalization -------------------------------------------------------------------------------- Update Information: Update to 1.2.0 after unretiring the package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1396406 - Review Request: libebur128 - A library that implements the EBU R 128 standard for loudness normalization https://bugzilla.redhat.com/show_bug.cgi?id=1396406 [ 2 ] Bug #1260813 - libebur128-v1.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1260813 -------------------------------------------------------------------------------- ================================================================================ lxqt-wallet-3.0.0-2.fc23 (FEDORA-2016-7060852a63) Create a kwallet like functionality for LXQt -------------------------------------------------------------------------------- Update Information: lxqt_wallet 3.0.0-2 - - rebuilt for latest Qt5 zuluCrypt 5.0.2-2 - - rebuilt for latest Qt5 - add support for unlocking ecryptfs volumes in zuluMount-gui (ecryptfs-simple[1] tool must already be installed) [1] https://github.com/mhogomchungu/ecryptfs-simple Review Request: rhbz#1402590 - solved a problem that caused a hang when creating/unlocking volumes some users were experiencing. - embedded support for PolicyKit -------------------------------------------------------------------------------- References: [ 1 ] Bug #1400754 - zulucrypt-5.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1400754 -------------------------------------------------------------------------------- ================================================================================ mingw-openjpeg2-2.1.2-3.fc23 (FEDORA-2016-4255dec54b) MinGW Windows openjpeg2 library -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2016-9580 and CVE-2016-9581. ---- This update adds a patch to fix CVE-2016-9573 and CVE-2016-9572. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1405128 - CVE-2016-9580 openjpeg2: Integer overflow in tiftoimage causes heap buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1405128 [ 2 ] Bug #1405135 - CVE-2016-9581 openjpeg2: Infinite loop in tiftoimage resulting into heap buffer overflow in convert_32s_C1P1 https://bugzilla.redhat.com/show_bug.cgi?id=1405135 -------------------------------------------------------------------------------- ================================================================================ nagios-plugins-2.1.4-2.fc23 (FEDORA-2016-8ada3d2a1f) Host/service/network monitoring program plugins for Nagios -------------------------------------------------------------------------------- Update Information: Updated to 2.1.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #752949 - ldap_bind: Can't contact LDAP server via SSL https://bugzilla.redhat.com/show_bug.cgi?id=752949 [ 2 ] Bug #1368089 - check_file_age broken https://bugzilla.redhat.com/show_bug.cgi?id=1368089 [ 3 ] Bug #1335245 - check_mailq fails with syntax error https://bugzilla.redhat.com/show_bug.cgi?id=1335245 [ 4 ] Bug #1362322 - nagios-plugins-2.1.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1362322 -------------------------------------------------------------------------------- ================================================================================ openjpeg2-2.1.2-3.fc23 (FEDORA-2016-127d587a08) C-Library for JPEG 2000 -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2016-9580 and CVE-2016-9581. ---- This updates adds a patch to fix CVE-2016-9573 and CVE-2016-9572. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1405128 - CVE-2016-9580 openjpeg2: Integer overflow in tiftoimage causes heap buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1405128 [ 2 ] Bug #1405135 - CVE-2016-9581 openjpeg2: Infinite loop in tiftoimage resulting into heap buffer overflow in convert_32s_C1P1 https://bugzilla.redhat.com/show_bug.cgi?id=1405135 -------------------------------------------------------------------------------- ================================================================================ python-wikitcms-2.1.10-1.fc23 (FEDORA-2016-41820f4930) Fedora QA wiki test management Python library -------------------------------------------------------------------------------- Update Information: This update contains a **SECURITY** fix for an issue with potentially serious consequences but very limited scope. If an administrator of a wiki you talked to using python-wikitcms were malicious, they could cause arbitrary code execution as the user running wikitcms. No-one besides a wiki administrator could do this, as it requires crafting the wiki's response to an edit request to include a malicious payload. It also drops some now useless or unneeded code (due to changes in mediawiki and mwclient). -------------------------------------------------------------------------------- ================================================================================ subdownloader-2.0.18-8.fc23 (FEDORA-2016-f5f462fba2) Program for download/upload subtitles for video files and DVDs -------------------------------------------------------------------------------- Update Information: Copy some scripts from opensuse rpm [1], use gui/images/subdownloader.png instead -------------------------------------------------------------------------------- References: [ 1 ] Bug #1282270 - package has subdownloader dir in / https://bugzilla.redhat.com/show_bug.cgi?id=1282270 [ 2 ] Bug #1299172 - Download of subtitle failed https://bugzilla.redhat.com/show_bug.cgi?id=1299172 -------------------------------------------------------------------------------- ================================================================================ zulucrypt-5.0.2-2.fc23 (FEDORA-2016-7060852a63) Qt GUI front end to cryptsetup -------------------------------------------------------------------------------- Update Information: lxqt_wallet 3.0.0-2 - - rebuilt for latest Qt5 zuluCrypt 5.0.2-2 - - rebuilt for latest Qt5 - add support for unlocking ecryptfs volumes in zuluMount-gui (ecryptfs-simple[1] tool must already be installed) [1] https://github.com/mhogomchungu/ecryptfs-simple Review Request: rhbz#1402590 - solved a problem that caused a hang when creating/unlocking volumes some users were experiencing. - embedded support for PolicyKit -------------------------------------------------------------------------------- References: [ 1 ] Bug #1400754 - zulucrypt-5.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1400754 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
