Fedora 23 updates-testing report
by updates@fedoraproject.org
The following Fedora 23 Security updates need testing:
Age URL
223 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23
181 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23
154 https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324 jbig2dec-0.12-2.fc23
104 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23
104 https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8 thttpd-2.25b-37.fc23
69 https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4 mingw-nsis-2.50-1.fc23
24 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b8f91621c7 optipng-0.7.6-1.fc23
24 https://bodhi.fedoraproject.org/updates/FEDORA-2016-dffdc981ff squid-3.5.10-2.fc23
6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7c48036d73 community-mysql-5.6.30-1.fc23
5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a8e2be0fe6 cacti-0.8.8g-1.fc23
2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5733ad20f5 pgpdump-0.30-1.fc23
2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f1d98cf017 php-5.6.21-1.fc23
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-afdedc8da9 openvas-cli-1.4.4-1.fc23 openvas-gsa-6.0.10-3.fc23 openvas-libraries-8.0.7-2.fc23 openvas-manager-6.0.8-2.fc23 openvas-scanner-5.0.5-3.fc23
The following Fedora 23 Critical Path updates have yet to be approved:
Age URL
10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-88778482ea lorax-23.21-1.fc23
2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-df52942a2f selinux-policy-3.13.1-158.15.fc23
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-afa56613ca lxsession-0.5.2-9.fc23
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a1b48953d4 pungi-4.0.15-1.fc23
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0a2ca2016e xulrunner-44.0-6.fc23
0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5587c0678e phonon-4.9.0-2.fc23 phonon-backend-gstreamer-4.9.0-1.fc23
The following builds have been pushed to Fedora 23 updates-testing
composer-1.0.3-1.fc23
ddrescue-1.21-1.fc23
gimpfx-foundry-2.6.1-5.fc23
lxsession-0.5.2-9.fc23
openvas-cli-1.4.4-1.fc23
openvas-gsa-6.0.10-3.fc23
openvas-libraries-8.0.7-2.fc23
openvas-manager-6.0.8-2.fc23
openvas-scanner-5.0.5-3.fc23
os-autoinst-4.3-10.20160408gitff760a3.fc23
phonon-4.9.0-2.fc23
phonon-backend-gstreamer-4.9.0-1.fc23
pungi-4.0.15-1.fc23
re2-20160401-2.fc23
tilda-1.3.3-1.fc23
Details about builds:
================================================================================
composer-1.0.3-1.fc23 (FEDORA-2016-803db284c9)
Dependency Manager for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 1.0.3** - 2016-04-29 * Security: Fixed possible command injection
from the env vars into our sudo detection * Fixed interactive authentication
with gitlab * Fixed class name replacement in plugins * Fixed classmap
generation mistakenly detecting anonymous classes * Fixed auto-detection of
stability flags in complex constraints like `2.0-dev || ^1.5` * Fixed content-
length handling when redirecting to very small responses ---- **Version
1.0.2** * Fixed regression in 1.0.1 on systems with mbstring.func_overload
enabled * Fixed regression in 1.0.1 that made dev packages update to the
latest reference even if not whitelisted in a partial update * Fixed init
command ignoring the COMPOSER env var for choosing the json file name * Fixed
error reporting bug when the dependency resolution fails * Fixed handling of
$ sign in composer config command in some cases it could corrupt the json file
---- **Version 1.0.1** * Fixed URL updating when a package's URL changes,
composer.lock now contains the right URL including correct reference * Fixed URL
updating of the origin git remote as well for packages installed as git clone *
Fixed binary .bat files generated from linux being incompatible with windows cmd
* Fixed handling of paths with trailing slashes in path repository * Fixed
create-project not using platform config when selecting a package * Fixed self-
update not showing the channel it uses to perform the update * Fixed file
downloads not failing loudly when the content does not match the Content-Length
header * Fixed secure-http detecting some malformed URLs as insecure * Updated
CA bundle Notice system CA is always preferred, bundled copy is only used as a
last chance fallback.
--------------------------------------------------------------------------------
================================================================================
ddrescue-1.21-1.fc23 (FEDORA-2016-a7f55a7649)
Data recovery tool trying hard to rescue data in case of read errors
--------------------------------------------------------------------------------
Update Information:
Bump to new upstream bigfix release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1319360 - ddrescue-1.21 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1319360
--------------------------------------------------------------------------------
================================================================================
gimpfx-foundry-2.6.1-5.fc23 (FEDORA-2016-170517de6b)
Additional GIMP plugins
--------------------------------------------------------------------------------
Update Information:
gimpfx-foundry plugin for GIMP returns in the repository
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1327929 - Review Request: gimpfx-foundry - Additional plugins for GIMP
https://bugzilla.redhat.com/show_bug.cgi?id=1327929
--------------------------------------------------------------------------------
================================================================================
lxsession-0.5.2-9.fc23 (FEDORA-2016-afa56613ca)
Lightweight X11 session manager
--------------------------------------------------------------------------------
Update Information:
A bug was reported that editing LXDE desktop.conf can cause CPU exhaustion by
lxsession process. This new rpm should fix this issue.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1294579 - lxsession Consumes 100% CPU
https://bugzilla.redhat.com/show_bug.cgi?id=1294579
--------------------------------------------------------------------------------
================================================================================
openvas-cli-1.4.4-1.fc23 (FEDORA-2016-afdedc8da9)
Command-line tool to drive OpenVAS Manager
--------------------------------------------------------------------------------
Update Information:
Bump to latest upstream bugfix releases. Contains Security fix for CVE-2016-1926
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1300683 - CVE-2016-1926 openvas-gsa: XSS vulnerability due to improper handling of the parameters of get_aggregate command
https://bugzilla.redhat.com/show_bug.cgi?id=1300683
--------------------------------------------------------------------------------
================================================================================
openvas-gsa-6.0.10-3.fc23 (FEDORA-2016-afdedc8da9)
Greenbone Security Assistant (GSA) is GUI to the OpenVAS
--------------------------------------------------------------------------------
Update Information:
Bump to latest upstream bugfix releases. Contains Security fix for CVE-2016-1926
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1300683 - CVE-2016-1926 openvas-gsa: XSS vulnerability due to improper handling of the parameters of get_aggregate command
https://bugzilla.redhat.com/show_bug.cgi?id=1300683
--------------------------------------------------------------------------------
================================================================================
openvas-libraries-8.0.7-2.fc23 (FEDORA-2016-afdedc8da9)
Support libraries for Open Vulnerability Assessment (OpenVAS) Scanner
--------------------------------------------------------------------------------
Update Information:
Bump to latest upstream bugfix releases. Contains Security fix for CVE-2016-1926
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1300683 - CVE-2016-1926 openvas-gsa: XSS vulnerability due to improper handling of the parameters of get_aggregate command
https://bugzilla.redhat.com/show_bug.cgi?id=1300683
--------------------------------------------------------------------------------
================================================================================
openvas-manager-6.0.8-2.fc23 (FEDORA-2016-afdedc8da9)
Manager Module for the Open Vulnerability Assessment System (OpenVAS)
--------------------------------------------------------------------------------
Update Information:
Bump to latest upstream bugfix releases. Contains Security fix for CVE-2016-1926
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1300683 - CVE-2016-1926 openvas-gsa: XSS vulnerability due to improper handling of the parameters of get_aggregate command
https://bugzilla.redhat.com/show_bug.cgi?id=1300683
--------------------------------------------------------------------------------
================================================================================
openvas-scanner-5.0.5-3.fc23 (FEDORA-2016-afdedc8da9)
Open Vulnerability Assessment (OpenVAS) Scanner
--------------------------------------------------------------------------------
Update Information:
Bump to latest upstream bugfix releases. Contains Security fix for CVE-2016-1926
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1300683 - CVE-2016-1926 openvas-gsa: XSS vulnerability due to improper handling of the parameters of get_aggregate command
https://bugzilla.redhat.com/show_bug.cgi?id=1300683
--------------------------------------------------------------------------------
================================================================================
os-autoinst-4.3-10.20160408gitff760a3.fc23 (FEDORA-2016-f00239a7d2)
OS-level test automation
--------------------------------------------------------------------------------
Update Information:
This update corrects the path to the `os-autoinst-openvswitch` binary in the
systemd service file; this prevented the service from running correctly. It also
makes it possible to pass an optional argument to the `upload_logs` subroutine
to make it tolerate a failed upload.
--------------------------------------------------------------------------------
================================================================================
phonon-4.9.0-2.fc23 (FEDORA-2016-5587c0678e)
Multimedia framework api
--------------------------------------------------------------------------------
Update Information:
New phonon release, see also https://www.mail-archive.com/kde-
announce(a)kde.org/msg00174.html
--------------------------------------------------------------------------------
================================================================================
phonon-backend-gstreamer-4.9.0-1.fc23 (FEDORA-2016-5587c0678e)
Gstreamer phonon backend
--------------------------------------------------------------------------------
Update Information:
New phonon release, see also https://www.mail-archive.com/kde-
announce(a)kde.org/msg00174.html
--------------------------------------------------------------------------------
================================================================================
pungi-4.0.15-1.fc23 (FEDORA-2016-a1b48953d4)
Distribution compose tool
--------------------------------------------------------------------------------
Update Information:
[createiso] Add back running isohybrid on x86 disk images (dennis) [createiso]
Remove chdir() (lsedlar) Pungi should log when it tries to publish
notifications. (rbean) [createrepo] Use more verbose output (lsedlar) [ostree-
installer] Drop filename setting (lsedlar) [ostree] Set each repo to point to
current compose (lsedlar) [ostree-installer] Install ostree in runroot (lsedlar)
[pkgset] Print more detailed logs when rpm is not found (lsedlar) [ostree-
installer] Clone repo with templates (lsedlar)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1331317 - Server-dvd doesn't boot from flash drive created by dd
https://bugzilla.redhat.com/show_bug.cgi?id=1331317
--------------------------------------------------------------------------------
================================================================================
re2-20160401-2.fc23 (FEDORA-2016-8faede3567)
C++ fast alternative to backtracking RE engines
--------------------------------------------------------------------------------
Update Information:
Update to 20160401, primarily for chromium.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1307988 - re2: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1307988
--------------------------------------------------------------------------------
================================================================================
tilda-1.3.3-1.fc23 (FEDORA-2016-d8a17599ce)
A Gtk based drop down terminal for Linux and Unix
--------------------------------------------------------------------------------
Update Information:
- update to 1.3.3
--------------------------------------------------------------------------------
7 years, 12 months