The following Fedora 23 Security updates need testing:
Age URL
157
https://bodhi.fedoraproject.org/updates/FEDORA-2015-12739
python-kdcproxy-0.3.2-1.fc23
111
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23
97
https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1
python-pymongo-3.0.3-1.fc23
85
https://bodhi.fedoraproject.org/updates/FEDORA-2015-66439aa9e2
openstack-glance-2015.1.2-1.fc23
68
https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe
miniupnpc-1.9-6.fc23
41
https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324
jbig2dec-0.12-2.fc23
40
https://bodhi.fedoraproject.org/updates/FEDORA-2015-28076d0830
thttpd-2.25b-35.fc23
40
https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8
thttpd-2.25b-36.fc23
32
https://bodhi.fedoraproject.org/updates/FEDORA-2015-abf9659276
php-PHPMailer-5.2.14-1.fc23
7
https://bodhi.fedoraproject.org/updates/FEDORA-2015-aa3a69bdc3 kea-1.0.0-1.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6f20fac744
lighttpd-1.4.39-1.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-105b3b8804
salt-2015.5.8-1.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c82e5c322c
gajim-0.16.5-1.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-64c69ec297
libxmp-4.3.10-1.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3509d27585
nodejs-ws-1.0.1-1.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-902a2b18d8
shotwell-0.23.0-0.1.20160105gitf2fb1f7.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f048c43393
radicale-1.1-1.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6ce812a1e0
kernel-4.3.3-300.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-558167a417 php-5.6.17-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-21f5261525
wordpress-4.4.1-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-971f4f3a50
wireshark-1.12.9-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4aec7860d8 rsync-3.1.1-8.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-38e48069f8
prosody-0.9.9-1.fc23
The following Fedora 23 Critical Path updates have yet to be approved:
Age URL
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6ce812a1e0
kernel-4.3.3-300.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-59825bca79 krb5-1.14-5.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7ca7599efc
dracut-043-63.git20151211.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-aae4b3b916
systemd-222-12.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-678f6610dd
librsvg2-2.40.13-1.fc23
The following builds have been pushed to Fedora 23 updates-testing
MUMPS-5.0.1-10.fc23
atoum-2.5.0-1.fc23
beanstalkd-1.10-1.fc23
djview4-4.10.5-1.fc23
fbzx-3.1.0-1.fc23
gap-pkg-genss-1.6.3-1.fc23
gap-pkg-nq-2.5.2-1.fc23
gap-pkg-orb-4.7.4-1.fc23
gnome-shell-extensions-3.18.3-1.fc23
keepassx-2.0.0-1.fc23
kf5-kwallet-5.18.0-2.fc23
krb5-1.14-5.fc23
libndn-cxx-0.4.0-1.fc23
mgarepo-1.11.6-1.fc23
pdf-stapler-0.3.3-5.fc23
perl-Spreadsheet-XLSX-0.15-1.fc23
php-bartlett-php-compatinfo-db-1.4.0-1.fc23
piglit-1.0.20151124-1.git72e5518.fc23
prosody-0.9.9-1.fc23
python-flower-0.8.3-4.fc23
python-matplotlib-1.4.3-10.fc23
python-nsdf-0.0-2.git9621ced.fc23
python-prompt_toolkit-0.57-1.fc23
python-rhsm-1.16.5-1.fc23
python-sqlalchemy-1.0.11-1.fc23
python-wcwidth-0.1.6-1.fc23
subscription-manager-1.16.7-1.fc23
tito-0.6.3-1.fc23
tktable-2.10-10.fc23
waf-1.8.18-1.fc23
Details about builds:
================================================================================
MUMPS-5.0.1-10.fc23 (FEDORA-2016-efc5150750)
A MUltifrontal Massively Parallel sparse direct Solver
--------------------------------------------------------------------------------
Update Information:
- Built MPICH libraries on EPEL (bz#1296387) - Exclude OpenMPI on s390 arches -
Exclude MPICH on PPC arches - Built MPICH libraries (bz#1296387) - Removed
useless Requires packages
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1296387 - Build for mpich, drop requires environment-modules
https://bugzilla.redhat.com/show_bug.cgi?id=1296387
--------------------------------------------------------------------------------
================================================================================
atoum-2.5.0-1.fc23 (FEDORA-2016-3188b2293d)
PHP Unit Testing framework
--------------------------------------------------------------------------------
Update Information:
**Version 2.5.0** - 2016-01-08 * 539 Add a newMockInstance helper method on
test class Grummfy * 548 The dateTime asserter now supports
\dateTimeImmutable (jubianchi) * 540 Assert on child arrays using the
phpArray asserter (jubianchi) * 541 New toArray (along with toArray method on
phpString and object asserters) and iterator asserters (jubianchi) * 535 New
resource asserter group (with isOfType or is* wildcard like isStream) (hywan) *
529 Allow extensions to define configuration (jubianchi) * 496 Mock generator
supports variadic arguments passed by reference (jubianchi) * 496 Auto
generate and inject mocks in test methods (jubianchi) **Bugfix** * 350 PHAR
can be built on Windows (kao98) * 530 Extracted mocked method signature
generation to make it work with visibility extension (jubianchi) * 537
exception asserter handles PHP 7 throwables (jubianchi)
--------------------------------------------------------------------------------
================================================================================
beanstalkd-1.10-1.fc23 (FEDORA-2016-2f34bfc9e3)
A simple, fast work-queue service
--------------------------------------------------------------------------------
Update Information:
new upstream release
--------------------------------------------------------------------------------
================================================================================
djview4-4.10.5-1.fc23 (FEDORA-2016-76a5a80be4)
DjVu viewer
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release djview 4.10.5.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1296527 - djview4-4.10.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1296527
--------------------------------------------------------------------------------
================================================================================
fbzx-3.1.0-1.fc23 (FEDORA-2016-900844ac61)
A ZX Spectrum emulator for FrameBuffer
--------------------------------------------------------------------------------
Update Information:
* Added Kempston Mouse emulation * Added block 30 support for TZX files
--------------------------------------------------------------------------------
================================================================================
gap-pkg-genss-1.6.3-1.fc23 (FEDORA-2016-48a79d2a32)
Randomized Schreier-Sims algorithm
--------------------------------------------------------------------------------
Update Information:
gap-pkg-genss-1.6.3-1.fc23: - Fix a bug in SetwiseStabilizer (see issue #5) -
Move website to
http://gap-packages.github.io/genss/
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1296720 - gap-pkg-genss-v1.6.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1296720
--------------------------------------------------------------------------------
================================================================================
gap-pkg-nq-2.5.2-1.fc23 (FEDORA-2016-dab1e1e958)
Nilpotent Quotients of finitely presented groups
--------------------------------------------------------------------------------
Update Information:
Update URLs for the new website. Minor documentation fixes.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1296735 - gap-pkg-nq-v2.5.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1296735
--------------------------------------------------------------------------------
================================================================================
gap-pkg-orb-4.7.4-1.fc23 (FEDORA-2016-b40a7ed967)
Methods to enumerate orbits in GAP
--------------------------------------------------------------------------------
Update Information:
gap-pkg-orb-4.7.4-1.fc23: - Show an error when the user tries to compute
orbits of objects for which no ChooseHashFunction method is available.
Previously, it would fall back to a "trivial" hash function, which led to
worst-
case performance. - Require GAP >= 4.6 - Remove Jenkins hash in favor of the
Murmur hash built into GAP - Clarify that the code is licensed under GPL v3. -
Document that MakeSchreierTreeShallow only works for orbits with log. - Move
website to
http://gap-packages.github.io/orb/
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1296736 - gap-pkg-orb-v4.7.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1296736
--------------------------------------------------------------------------------
================================================================================
gnome-shell-extensions-3.18.3-1.fc23 (FEDORA-2016-8d466dc1df)
Modify and extend GNOME Shell functionality and behavior
--------------------------------------------------------------------------------
Update Information:
Fix regression in handling .desktop entries in subdirectories
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1278366 - After F22->F23 upgrade, some menus no longer work in the
application menu
https://bugzilla.redhat.com/show_bug.cgi?id=1278366
--------------------------------------------------------------------------------
================================================================================
keepassx-2.0.0-1.fc23 (FEDORA-2016-d5cca74851)
Cross-platform password manager
--------------------------------------------------------------------------------
Update Information:
Version bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1282825 - update keepassx to 2.0.0 (was: KeePassX 2.0 is coming!)
https://bugzilla.redhat.com/show_bug.cgi?id=1282825
--------------------------------------------------------------------------------
================================================================================
kf5-kwallet-5.18.0-2.fc23 (FEDORA-2016-87a1fc173b)
KDE Frameworks 5 Tier 3 solution for password management
--------------------------------------------------------------------------------
Update Information:
Pull in upstream fix for kwallet possibly blocking (when opened via pam-
kwallet).
--------------------------------------------------------------------------------
================================================================================
krb5-1.14-5.fc23 (FEDORA-2016-59825bca79)
The Kerberos network authentication system
--------------------------------------------------------------------------------
Update Information:
Fix for a Chrome crash in spnego_gss_inquire_context()
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1295893 - Chrome crash in spnego_gss_inquire_context()
https://bugzilla.redhat.com/show_bug.cgi?id=1295893
--------------------------------------------------------------------------------
================================================================================
libndn-cxx-0.4.0-1.fc23 (FEDORA-2016-71a706c9e3)
C++ library implementing Named Data Networking primitives
--------------------------------------------------------------------------------
Update Information:
Package for 0.4.0 release
--------------------------------------------------------------------------------
================================================================================
mgarepo-1.11.6-1.fc23 (FEDORA-2016-0fa55ff076)
Tools for Mageia repository access and management
--------------------------------------------------------------------------------
Update Information:
Update to 1.11.6 (switches to Python 3)
--------------------------------------------------------------------------------
================================================================================
pdf-stapler-0.3.3-5.fc23 (FEDORA-2016-aa0c4facc9)
Tool for manipulating PDF documents from the command line
--------------------------------------------------------------------------------
Update Information:
pdf-stapler is the Fedora package for stapler, the opensource python project
which provides a commandline tool that staples, deletes, concatenates and
shuffles documents in the Portable Document Format (PDF). It is an alternative
to PDFtk which was discontinued from Fedora 21. It is therefore an important new
package to be introduced to Fedora for many users.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1234210 - Review Request: pdf-stapler - tool for manipulating PDF documents
from the command line
https://bugzilla.redhat.com/show_bug.cgi?id=1234210
--------------------------------------------------------------------------------
================================================================================
perl-Spreadsheet-XLSX-0.15-1.fc23 (FEDORA-2016-f4ecb68b44)
Perl extension for reading Microsoft Excel 2007 files
--------------------------------------------------------------------------------
Update Information:
Spreadsheet::XLSX 0.15 ====================== * Revert a numeric formatting
change which caused isssues with Spreadsheet::Read. Spreadsheet::XLSX 0.14
====================== * Change default date format to yyyy-mm-dd. This
matches Spreadsheet::ParseExcel. * Handle xml tag attributes in varying order
(RT #86667, et.al.)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1285437 - Upgrade perl-Spreadsheet-XLSX to 0.15
https://bugzilla.redhat.com/show_bug.cgi?id=1285437
--------------------------------------------------------------------------------
================================================================================
php-bartlett-php-compatinfo-db-1.4.0-1.fc23 (FEDORA-2016-3c3766e602)
Reference Database to be used with php-compatinfo library
--------------------------------------------------------------------------------
Update Information:
**Version 1.4.0** - 2016-01-09 Added * Support to PHP 7.0.2 * Support to
PHP 5.6.17 * Support to PHP 5.5.31 Changed * Stomp reference updated to
version 1.0.9 (stable) Fixed * Issue 3 : Json Failed test
--------------------------------------------------------------------------------
================================================================================
piglit-1.0.20151124-1.git72e5518.fc23 (FEDORA-2016-03d8391955)
Collection of automated tests for OpenGL implementations
--------------------------------------------------------------------------------
Update Information:
Add dependency on python-mako
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1296987 - Missing dependency for piglit: python-mako
https://bugzilla.redhat.com/show_bug.cgi?id=1296987
--------------------------------------------------------------------------------
================================================================================
prosody-0.9.9-1.fc23 (FEDORA-2016-38e48069f8)
Flexible communications server for Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:
Prosody 0.9.9 ============= A summary of changes: Security fixes
-------------- * Fix path traversal vulnerability in mod_http_files
(CVE-2016-1231) * Fix use of weak PRNG in generation of dialback secrets
(CVE-2016-1232) Bugs ---- * Improve handling of CNAME records in DNS * Fix
traceback when deleting a user in some configurations (issue #496) * MUC:
restrict_room_creation could prevent users from joining rooms (issue #458) *
MUC: fix occasional dropping of iq stanzas sent privately between occupants *
Fix a potential memory leak in mod_pep Additions --------- * Add http:list()
command to telnet to view active HTTP services * Simplify IPv4/v6 address
selection code for outgoing s2s * Add support for importing SCRAM hashes from
ejabberd
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1296984 - CVE-2016-1232 prosody: Use of weak PRNG in generation of dialback
secrets
https://bugzilla.redhat.com/show_bug.cgi?id=1296984
[ 2 ] Bug #1296983 - CVE-2016-1231 prosody: Path traversal vulnerability in
mod_http_files
https://bugzilla.redhat.com/show_bug.cgi?id=1296983
--------------------------------------------------------------------------------
================================================================================
python-flower-0.8.3-4.fc23 (FEDORA-2016-6a09ffb1a8)
A web based tool for monitoring and administrating Celery clusters
--------------------------------------------------------------------------------
Update Information:
Initial release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1285941 - Review Request: python-flower - A web based tool for monitoring and
administrating Celery clusters
https://bugzilla.redhat.com/show_bug.cgi?id=1285941
--------------------------------------------------------------------------------
================================================================================
python-matplotlib-1.4.3-10.fc23 (FEDORA-2016-499e21bb8a)
Python 2D plotting library
--------------------------------------------------------------------------------
Update Information:
Add patch to fix GDK backend and remove problematic image from the tarball and
final installation
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1231748 - NameError: global name 'cbook' is not defined
https://bugzilla.redhat.com/show_bug.cgi?id=1231748
[ 2 ] Bug #1295174 - python-matplotlib contain problematic content
https://bugzilla.redhat.com/show_bug.cgi?id=1295174
--------------------------------------------------------------------------------
================================================================================
python-nsdf-0.0-2.git9621ced.fc23 (FEDORA-2016-69d7ede8aa)
Support library for the Neuroscience Simulation Data Format
--------------------------------------------------------------------------------
Update Information:
New package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1292209 - Review Request: python-nsdf - Support library for the Neuroscience
Simulation Data Format
https://bugzilla.redhat.com/show_bug.cgi?id=1292209
--------------------------------------------------------------------------------
================================================================================
python-prompt_toolkit-0.57-1.fc23 (FEDORA-2016-f10735fb0a)
Library for building powerful interactive command lines in Python
--------------------------------------------------------------------------------
Update Information:
Align to upstream
--------------------------------------------------------------------------------
================================================================================
python-rhsm-1.16.5-1.fc23 (FEDORA-2016-40c503e426)
A Python library to communicate with a Red Hat Unified Entitlement Platform
--------------------------------------------------------------------------------
Update Information:
* 1263037: Change RHSM Icon reporting of unregistered system * 1283749: Upgrade
the dialogs to error when required fields are blank. * 1222627: Allows removal
of product certs with no active repos, given temp_disabled_repos * 1163398:
Modify icon-rhsm man page to reflect the help text * Install docs with mode 644
* 1288626: Does not report pool ids as serial numbers, ignore duplicates *
1061407: Avoid unwanted translations for subscription-manager by string
substitutions * Output of errors now goes to stderr * Highlight the field(s)
containing the search string
--------------------------------------------------------------------------------
================================================================================
python-sqlalchemy-1.0.11-1.fc23 (FEDORA-2016-f3df7c3250)
Modular and flexible ORM library for python
--------------------------------------------------------------------------------
Update Information:
This update contains a new upstream bugfix release. The upstream [changelog](h
ttp://docs.sqlalchemy.org/en/latest/changelog/changelog_10.html#change-1....)
contains a list of all changes in version 1.0.11.
--------------------------------------------------------------------------------
================================================================================
python-wcwidth-0.1.6-1.fc23 (FEDORA-2016-48fc1ecbed)
Measures number of Terminal column cells of wide-character codes
--------------------------------------------------------------------------------
Update Information:
Upstream update
--------------------------------------------------------------------------------
================================================================================
subscription-manager-1.16.7-1.fc23 (FEDORA-2016-40c503e426)
Tools and libraries for subscription and repository management
--------------------------------------------------------------------------------
Update Information:
* 1263037: Change RHSM Icon reporting of unregistered system * 1283749: Upgrade
the dialogs to error when required fields are blank. * 1222627: Allows removal
of product certs with no active repos, given temp_disabled_repos * 1163398:
Modify icon-rhsm man page to reflect the help text * Install docs with mode 644
* 1288626: Does not report pool ids as serial numbers, ignore duplicates *
1061407: Avoid unwanted translations for subscription-manager by string
substitutions * Output of errors now goes to stderr * Highlight the field(s)
containing the search string
--------------------------------------------------------------------------------
================================================================================
tito-0.6.3-1.fc23 (FEDORA-2016-1ae987dd76)
A tool for managing rpm based git projects
--------------------------------------------------------------------------------
Update Information:
Added ability to pass extra copr-cli build options to the copr releaser.
(twiest(a)redhat.com) Fix changelog format function name (araszka(a)redhat.com)
fix mock link (glen(a)delfi.ee) Set non-zero exit code when copr-cli fails
(frostyx(a)email.cz) Add possibility to upload SRPM directly to Copr
(frostyx(a)email.cz) Determine correct package manager DNF is now prefered on
Fedora, but it is not installed on EL6 or EL7 (frostyx(a)email.cz) Ask user to
run DNF instead of YUM (frostyx(a)email.cz) Add tito tag --use-version argument
to man page (dcleal(a)redhat.com) Fix upstream/distribution builder failure to
copy spec. (dgoodwin(a)redhat.com) Allow a user specific Copr remote SRPM URL.
(awood(a)redhat.com)
--------------------------------------------------------------------------------
================================================================================
tktable-2.10-10.fc23 (FEDORA-2016-38e86607af)
Table/matrix widget extension to Tcl/Tk
--------------------------------------------------------------------------------
Update Information:
- Defined relro flags for EPEL
--------------------------------------------------------------------------------
================================================================================
waf-1.8.18-1.fc23 (FEDORA-2016-7da00ed7d2)
A Python-based build system
--------------------------------------------------------------------------------
Update Information:
Update to the latest release. New in WAF 1.8.17: * Fixed a regression in
exec_cfg() introduced in 1fbac66 #1670 * Added a new option --clear-failed to
unit test builds #1678 * Added support for scriptlet expressions of the form
${FOO:SRC[0].abspath()} * Added define comments to configuration headers:
conf.define(.., commment='') * Added experimental Wix and Satellizer tools #1666
* Added backslash replacement to resx processing
--------------------------------------------------------------------------------