The following Fedora 23 Security updates need testing: Age URL 157 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 114 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 87 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23 38 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 38 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23 27 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554 xulrunner-44.0-1.fc23 23 https://bodhi.fedoraproject.org/updates/FEDORA-2016-97002ad37b rubygem-actionview-4.2.3-3.fc23 23 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f486068393 rubygem-actionpack-4.2.3-4.fc23 22 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eb4d6e8aab rubygem-activemodel-4.2.3-2.fc23 22 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3ede04cd79 rubygem-activesupport-4.2.3-3.fc23 22 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cc465a34df rubygem-activerecord-4.2.3-2.fc23 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-59ce8b61dd rubygem-rails-html-sanitizer-1.0.3-1.fc23 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-40401300ed 389-ds-base-1.3.4.8-1.fc23 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-65a1f22818 community-mysql-5.6.29-1.fc23 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-94b0b50351 gummi-0.6.6-1.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ba6fd98830 jabberd-2.3.3-7.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-65b7608d8b okhttp-2.7.4-1.fc23 okio-1.6.0-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e48f4bd14f xen-4.5.2-8.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cdd4228cc7 pcs-0.9.149-2.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5e0bb2f21a tomcat-8.0.32-3.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-215a2219b1 libssh2-1.6.0-4.fc23
The following Fedora 23 Critical Path updates have yet to be approved: Age URL 27 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554 xulrunner-44.0-1.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-054e18a33d htdig-3.2.0-0.23.b6.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9ce8624a6c selinux-policy-3.13.1-158.7.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8dde5e377c lxsession-0.5.2-8.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2400dcd3d1 virtuoso-opensource-6.1.6-10.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f24b72ecbd gvfs-1.26.3-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-215a2219b1 libssh2-1.6.0-4.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-59c9fbaf94 gamin-0.1.10-22.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3fb652d988 krb5-1.14-9.fc23 The following builds have been pushed to Fedora 23 updates-testing ardour4-4.7.0-1.fc23 blivet-gui-1.0.4-1.fc23 cherrytree-0.36.5-1.fc23 docker-1.10.2-3.git0f5ac89.fc23 gamin-0.1.10-22.fc23 gdouros-avdira-fonts-6.31-1.fc23 gerrymander-1.5-1.fc23 gitolite3-3.6.5-2.fc23 gvfs-1.26.3-1.fc23 krb5-1.14-9.fc23 libssh2-1.6.0-4.fc23 libusbx-1.0.21-0.1.git448584a.fc23 mingw-gstreamer1-plugins-bad-free-1.6.0-2.fc23 mock-1.2.15-1.fc23 mod_auth_gssapi-1.3.2-1.fc23 msitools-0.95-2.fc23 pam_yubico-2.21-1.fc23 pcs-0.9.149-2.fc23 php-pdepend-PHP-Depend-2.2.3-1.fc23 pngquant-2.6.0-1.fc23 python-django-markdown2-0.3.0-2.fc23 python-django-tables2-0.10.0-7.fc23 python-mysql-1.3.7-4.fc23 python-qpid-0.32-13.fc23 qutebrowser-0.5.1-1.fc23 retrace-server-1.14-2.fc23 sipp-3.5.0-3.fc23 tomcat-8.0.32-3.fc23 wine-1.9.4-1.fc23 wxGTK3-3.0.2-14.fc23 zeal-0.2.1-1.fc23 Details about builds: ================================================================================ ardour4-4.7.0-1.fc23 (FEDORA-2016-eb9c56ff0f) Digital Audio Workstation -------------------------------------------------------------------------------- Update Information: New upstream bugfix and enhancement release. For details refer to the [upstream release announcement](https://community.ardour.org/node/13365). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1289349 - ardour4 startup script needs nm command from binutils https://bugzilla.redhat.com/show_bug.cgi?id=1289349 -------------------------------------------------------------------------------- ================================================================================ blivet-gui-1.0.4-1.fc23 (FEDORA-2016-6d0b744b24) Tool for data storage configuration -------------------------------------------------------------------------------- Update Information: Fix adding devices on DASD and zFCP disks (#1305495) (vtrefny) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1305495 - Unable to create new partition on s390x: KeyError: 'dasd' https://bugzilla.redhat.com/show_bug.cgi?id=1305495 -------------------------------------------------------------------------------- ================================================================================ cherrytree-0.36.5-1.fc23 (FEDORA-2016-1ec5b7341a) Hierarchical note taking application -------------------------------------------------------------------------------- Update Information: update to 0.36.5 ---- Update to 0.36.4 ---- update to cherrytree 0.36.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1309140 - cherrytree-0.36.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1309140 [ 2 ] Bug #1160249 - cherrytree-0.36.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1160249 [ 3 ] Bug #1301941 - cherrytree-0.36.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1301941 -------------------------------------------------------------------------------- ================================================================================ docker-1.10.2-3.git0f5ac89.fc23 (FEDORA-2016-8215edf228) Automates deployment of containerized applications -------------------------------------------------------------------------------- Update Information: built docker @projectatomic/fedora-1.10.2 commit#0f5ac89 -------------------------------------------------------------------------------- ================================================================================ gamin-0.1.10-22.fc23 (FEDORA-2016-59c9fbaf94) Library providing the FAM File Alteration Monitor API -------------------------------------------------------------------------------- Update Information: Pull in slightly different upstream fix to avoid a possible deadlock condition. -------------------------------------------------------------------------------- References: [ 1 ] Bug #917848 - gam_server deadlocks, leading to all KDE applications hanging https://bugzilla.redhat.com/show_bug.cgi?id=917848 -------------------------------------------------------------------------------- ================================================================================ gdouros-avdira-fonts-6.31-1.fc23 (FEDORA-2016-5ab85da278) A font based on elements created by Demetrios Damilas (late 15th c.) -------------------------------------------------------------------------------- Update Information: First release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1307238 - Review Request: gdouros-avdira-fonts - A font based on elements created by Demetrios Damilas (late 15th c.) https://bugzilla.redhat.com/show_bug.cgi?id=1307238 -------------------------------------------------------------------------------- ================================================================================ gerrymander-1.5-1.fc23 (FEDORA-2016-9bdfef6c5b) The gerrit client tools -------------------------------------------------------------------------------- Update Information: New upstream release 1.5 ---- Add 'python-prettytable' to 'Requires'; fixes rhbz# 1307167 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1307167 - gerrymander should require: python-prettytable https://bugzilla.redhat.com/show_bug.cgi?id=1307167 -------------------------------------------------------------------------------- ================================================================================ gitolite3-3.6.5-2.fc23 (FEDORA-2016-647420a708) Highly flexible server for git directory version tracker -------------------------------------------------------------------------------- Update Information: Latest upstream. -------------------------------------------------------------------------------- ================================================================================ gvfs-1.26.3-1.fc23 (FEDORA-2016-f24b72ecbd) Backends for the gio framework in GLib -------------------------------------------------------------------------------- Update Information: Update to 1.26.3 -------------------------------------------------------------------------------- ================================================================================ krb5-1.14-9.fc23 (FEDORA-2016-3fb652d988) The Kerberos network authentication system -------------------------------------------------------------------------------- Update Information: Fix selinux issue on kadmin.log when created by kadmin.local. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1309421 - kadmin creates kadmind.log with bad SELinux context https://bugzilla.redhat.com/show_bug.cgi?id=1309421 -------------------------------------------------------------------------------- ================================================================================ libssh2-1.6.0-4.fc23 (FEDORA-2016-215a2219b1) A library implementing the SSH2 protocol -------------------------------------------------------------------------------- Update Information: During the SSHv2 handshake when libssh2 is to get a suitable value for 'group order' in the Diffle Hellman negotiation, it would pass in number of bytes to a function that expected number of bits. This would result in the library generating numbers using only an 8th the number of random bits than what were intended: 128 or 256 bits instead of 1023 or 2047 Using such drastically reduced amount of random bits for Diffie Hellman weakened the handshake security significantly. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2016-0787 to this issue. -------------------------------------------------------------------------------- ================================================================================ libusbx-1.0.21-0.1.git448584a.fc23 (FEDORA-2016-ebace1242a) Library for accessing USB devices -------------------------------------------------------------------------------- Update Information: - Update to a pre 1.0.21 git snapshot to bring in libusb_interrupt_event_handler which chromium needs -------------------------------------------------------------------------------- References: [ 1 ] Bug #1270324 - Chromium needs libusb_interrupt_handle_event exposed https://bugzilla.redhat.com/show_bug.cgi?id=1270324 -------------------------------------------------------------------------------- ================================================================================ mingw-gstreamer1-plugins-bad-free-1.6.0-2.fc23 (FEDORA-2016-896100c13d) Cross compiled GStreamer1 plug-ins "bad" -------------------------------------------------------------------------------- Update Information: Rebuild due to a mingw-nettle update -------------------------------------------------------------------------------- ================================================================================ mock-1.2.15-1.fc23 (FEDORA-2016-327a55296a) Builds packages inside chroots -------------------------------------------------------------------------------- Update Information: - ccache plugin disabled by default - F21 configs removed - F24 configs added - read user config from ~/.config/mock.cfg too -------------------------------------------------------------------------------- References: [ 1 ] Bug #1294979 - [abrt] mock: shutil.py:420:_rmtree_safe_fd:PermissionError: [Errno 13] Permission denied: 'nosync.so' https://bugzilla.redhat.com/show_bug.cgi?id=1294979 [ 2 ] Bug #1264215 - python-dnf-plugins-extras-local together with mock can be dangerous https://bugzilla.redhat.com/show_bug.cgi?id=1264215 [ 3 ] Bug #1285630 - typo in site-defaults.cfg https://bugzilla.redhat.com/show_bug.cgi?id=1285630 -------------------------------------------------------------------------------- ================================================================================ mod_auth_gssapi-1.3.2-1.fc23 (FEDORA-2016-61412d3773) A GSSAPI Authentication module for Apache -------------------------------------------------------------------------------- Update Information: New features to report named extensions as environment variables and to stop offering the negotiate header if negotiation fails. -------------------------------------------------------------------------------- ================================================================================ msitools-0.95-2.fc23 (FEDORA-2016-b9b7e9c7a1) Windows Installer tools -------------------------------------------------------------------------------- Update Information: Add libvirt-glib.wxi -------------------------------------------------------------------------------- ================================================================================ pam_yubico-2.21-1.fc23 (FEDORA-2016-cdcd67be0d) A Pluggable Authentication Module for yubikeys -------------------------------------------------------------------------------- Update Information: update to 2.21 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1265220 - pam_yubico-2.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1265220 -------------------------------------------------------------------------------- ================================================================================ pcs-0.9.149-2.fc23 (FEDORA-2016-cdd4228cc7) Pacemaker Configuration System -------------------------------------------------------------------------------- Update Information: * Re-synced to upstream sources * Security fix for CVE-2016-0720, CVE-2016-0721 * Rubygems built with RELRO * Spec file cleanup * Fixed multilib .pyc/.pyo issue ---- * Re-synced to upstream sources * Security fix for CVE-2016-0720, CVE-2016-0721 * Rubygems built with RELRO * Spec file cleanup * Fixed multilib .pyc/.pyo issue -------------------------------------------------------------------------------- References: [ 1 ] Bug #1299614 - CVE-2016-0720 pcs: Cross-Site Request Forgery in web UI https://bugzilla.redhat.com/show_bug.cgi?id=1299614 [ 2 ] Bug #1299615 - CVE-2016-0721 pcs: cookies are not invalidated upon logout https://bugzilla.redhat.com/show_bug.cgi?id=1299615 -------------------------------------------------------------------------------- ================================================================================ php-pdepend-PHP-Depend-2.2.3-1.fc23 (FEDORA-2016-c8198b4b6e) PHP_Depend design quality metrics for PHP package -------------------------------------------------------------------------------- Update Information: **pdepend-2.2.3** (2016/02/22) This release includes several pending pull requests from GitHub. Beside that this release adds support for complex expressions in property, constant and parameter declarations, introduced with PHP 5.6. - Fixed #226: Fixed division by zero issue. Fixed in commit #fb46614. - Fixed #227: Fix support to files filters. Fixed in commit #4e150db. - Fixed #230: Fix handling cygwin home folder location. Fixed in commit #126c38a. - Implemented #221: Add --quiet option. Implemented in commit #9a710f7. - Implemented #236: Switch to PSR-4 for autoloading Implemented in commit #57b54bd. - Implemented #238: Unexpected token errors for 5.6 "constant expression" initializers. Implemented in commit #0087c94. -------------------------------------------------------------------------------- ================================================================================ pngquant-2.6.0-1.fc23 (FEDORA-2016-e80651537e) PNG quantization tool for reducing image file size -------------------------------------------------------------------------------- Update Information: Update to 2.6.0 (#1310413) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1310413 - pngquant-2.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1310413 -------------------------------------------------------------------------------- ================================================================================ python-django-markdown2-0.3.0-2.fc23 (FEDORA-2016-0858d66635) Simple Django app, which supplies a single template tag for markdown markup -------------------------------------------------------------------------------- Update Information: update to 0.3.0, add python2- subpackage -------------------------------------------------------------------------------- ================================================================================ python-django-tables2-0.10.0-7.fc23 (FEDORA-2016-f0492f8a3d) Table framework for Django -------------------------------------------------------------------------------- Update Information: fix django dependency -------------------------------------------------------------------------------- ================================================================================ python-mysql-1.3.7-4.fc23 (FEDORA-2016-eca3958656) An interface to MySQL -------------------------------------------------------------------------------- Update Information: Provide python2-* packages ---- Provide python2-* packages -------------------------------------------------------------------------------- References: [ 1 ] Bug #1306026 - python-mysql: nothing provides python2-mysql https://bugzilla.redhat.com/show_bug.cgi?id=1306026 [ 2 ] Bug #1294321 - Unowned mysqlclient-*.egg-info dirs https://bugzilla.redhat.com/show_bug.cgi?id=1294321 -------------------------------------------------------------------------------- ================================================================================ python-qpid-0.32-13.fc23 (FEDORA-2016-a172eb2efe) Python client library for AMQP -------------------------------------------------------------------------------- Update Information: Added a fix for QPID-7053. -------------------------------------------------------------------------------- ================================================================================ qutebrowser-0.5.1-1.fc23 (FEDORA-2016-258c9a3a47) A keyboard-driven, vim-like browser based on PyQt5 and QtWebKit -------------------------------------------------------------------------------- Update Information: First update of the package. -------------------------------------------------------------------------------- ================================================================================ retrace-server-1.14-2.fc23 (FEDORA-2016-57aeb6095f) Application for remote coredump analysis -------------------------------------------------------------------------------- Update Information: - Introduce AllowVMCoreTask and AllowUserCoreTask configuration options ---- New upstream release 1.14 that fixes build & packaging issues. ---- New upstream release that fixes several usability issues. -------------------------------------------------------------------------------- ================================================================================ sipp-3.5.0-3.fc23 (FEDORA-2016-ac41e446b4) SIP test tool / traffic generator -------------------------------------------------------------------------------- Update Information: - Fix qop parameter in auth Digest. ---- * Ver. 3.5.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1306382 - epel7 sipp-3.4.1 FTBFS on aarch64 https://bugzilla.redhat.com/show_bug.cgi?id=1306382 -------------------------------------------------------------------------------- ================================================================================ tomcat-8.0.32-3.fc23 (FEDORA-2016-5e0bb2f21a) Apache Servlet/JSP Engine, RI for Servlet 3.1/JSP 2.3 API -------------------------------------------------------------------------------- Update Information: - Updated to 8.0.32 - Fix symlinks from $CATALINA_HOME/lib perspective, resolves: rhbz#1308685 - Remove log4j support. It has never been working actually. See rhbz#1236297 - Move shipped config to /etc/sysconfig/tomcat. /etc/tomcat/tomcat.conf can now be used to override it with shell expansion, resolves rhbz#1293636 - Recommend tomcat-native, resolves: rhbz#1243132 - Resolves: rhbz#1286800 Failed to start component due to wrong allowLinking="true" in context.xml - Program /bin/nologin does not exist (#1302718) - Security fix for CVE-2016-0763 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1311093 - CVE-2016-0763 tomcat: security manager bypass via setGlobalContext() https://bugzilla.redhat.com/show_bug.cgi?id=1311093 -------------------------------------------------------------------------------- ================================================================================ wine-1.9.4-1.fc23 (FEDORA-2016-89c0c7e50b) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information: Support for color glyphs and font fallbacks in DirectWrite. Improvements to the WebServices reader. Support for more formats in Direct3D 11. Simplified syntax and clean up of tests marked todo. Various bug fixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1310285 - wine-1.9.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1310285 -------------------------------------------------------------------------------- ================================================================================ wxGTK3-3.0.2-14.fc23 (FEDORA-2016-f389037f2c) GTK port of the wxWidgets GUI library -------------------------------------------------------------------------------- Update Information: Removes python bytecode from devel file (fixes #1294712) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1294712 - conflict between wxGTK3-devel-3.0.2-11.fc23.i686.rpm and wxGTK3-devel-3.0.2-11.fc23.x86_64 https://bugzilla.redhat.com/show_bug.cgi?id=1294712 -------------------------------------------------------------------------------- ================================================================================ zeal-0.2.1-1.fc23 (FEDORA-2016-5fd8488c20) Offline documentation browser inspired by Dash -------------------------------------------------------------------------------- Update Information: Upstream bugfix release, see https://github.com/zealdocs/zeal/releases for details -------------------------------------------------------------------------------- References: [ 1 ] Bug #1280293 - zeal-0.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1280293 -------------------------------------------------------------------------------- -- test mailing list test@lists.fedoraproject.org To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@lists.fedoraproject.org
