The following Fedora 23 Security updates need testing:
Age URL
445
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23
402
https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe
miniupnpc-1.9-6.fc23
375
https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324
jbig2dec-0.12-2.fc23
326
https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1
python-pymongo-3.0.3-1.fc23
326
https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8
thttpd-2.25b-37.fc23
132
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d79ade826 flex-2.6.0-2.fc23
121
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c2ec9c716e redis-3.2.3-1.fc23
114
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c
libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23
98
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3a6435b14
dhcpcd-6.11.3-1.fc23
64
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0
ca-certificates-2016.2.10-1.0.fc23
56
https://bodhi.fedoraproject.org/updates/FEDORA-2016-17ea599651
compat-guile18-1.8.8-14.fc23
41
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b89e991e63
nodejs-0.10.48-1.fc23
30
https://bodhi.fedoraproject.org/updates/FEDORA-2016-272fa6b96e dracut-043-67.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5afe06026b
jenkins-1.625.3-5.fc23 jenkins-remoting-2.62.3-1.fc23
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b4896f20b3
roundcubemail-1.2.3-1.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-bf6c3ea62c
perl-DBD-MySQL-4.033-4.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7da97a3914
mcabber-1.0.4-1.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c33466fbb
tomcat-8.0.39-1.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a400e4cd90
thunderbird-45.5.1-1.fc23
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5c32bae671
php-simplesamlphp-saml2-2.3.3-1.fc23 php-simplesamlphp-saml2_1-1.10.3-1.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-30077d1b37
ipsilon-2.0.2-2.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e5ff0ed40c lxc-2.0.6-2.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c17cb9648
kernel-4.8.12-100.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3c01772ff6
httpd-2.4.23-5.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-cad9307ce0 gd-2.1.1-11.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7eea952041
golang-1.5.4-5.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-570c603276
openjpeg2-2.1.2-2.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5f5d42d2d8
mingw-openjpeg2-2.1.2-2.fc23
The following Fedora 23 Critical Path updates have yet to be approved:
Age URL
141
https://bodhi.fedoraproject.org/updates/FEDORA-2016-98a7a1b6e0 abrt-2.8.0-6.fc23
libreport-2.6.4-3.fc23
114
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c
libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23
75
https://bodhi.fedoraproject.org/updates/FEDORA-2016-79072fd70e
python-virtkey-0.63.0-1.fc23
69
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d26923757a
koji-1.10.1-13.fc23
64
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0
ca-certificates-2016.2.10-1.0.fc23
47
https://bodhi.fedoraproject.org/updates/FEDORA-2016-86a2119f42 nspr-4.13.1-1.fc23
32
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0906f64ec8 rpm-4.13.0-1.fc23
30
https://bodhi.fedoraproject.org/updates/FEDORA-2016-272fa6b96e dracut-043-67.fc23
23
https://bodhi.fedoraproject.org/updates/FEDORA-2016-62b8930463
pciutils-3.5.2-1.fc23
21
https://bodhi.fedoraproject.org/updates/FEDORA-2016-03d76071b6
nss-3.27.0-1.3.fc23
13
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b5b28b69e2
mod_perl-2.0.10-1.fc23
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8ec81aeba6
dbus-1.10.14-1.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-bf6c3ea62c
perl-DBD-MySQL-4.033-4.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6064f86234 vim-8.0.118-1.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a400e4cd90
thunderbird-45.5.1-1.fc23
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ac1042dfcc
libbluray-0.9.3-3.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c17cb9648
kernel-4.8.12-100.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-cad9307ce0 gd-2.1.1-11.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3c01772ff6
httpd-2.4.23-5.fc23
The following builds have been pushed to Fedora 23 updates-testing
drupal7-7.53-1.fc23
fedpkg-minimal-1.1.0-4.fc23
homebank-5.1.2-1.fc23
layla-fonts-1.7-1.fc23
libxsmm-1.6.1-1.fc23
mingw-openjpeg2-2.1.2-2.fc23
openjpeg2-2.1.2-2.fc23
php-5.6.29-1.fc23
php-akamai-open-edgegrid-client-0.6.1-1.fc23
php-guzzlehttp-promises-1.3.0-1.fc23
php-mtdowling-jmespath-php-2.4.0-1.fc23
pywbem-0.9.1-1.fc23
qt5-qtstyleplugins-5.0.0-12.fc23
Details about builds:
================================================================================
drupal7-7.53-1.fc23 (FEDORA-2016-413fcb54d2)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
https://www.drupal.org/project/drupal/releases/7.53
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1402612 - drupal7-7.53 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1402612
--------------------------------------------------------------------------------
================================================================================
fedpkg-minimal-1.1.0-4.fc23 (FEDORA-2016-e865b37cff)
Script to allow fedpkg fetch to work
--------------------------------------------------------------------------------
Update Information:
This update provides handling for the new sources format created as part of the
flag day changes.
--------------------------------------------------------------------------------
================================================================================
homebank-5.1.2-1.fc23 (FEDORA-2016-1d16fdcda8)
Free easy personal accounting for all
--------------------------------------------------------------------------------
Update Information:
- Rebuilt for new upstream version 5.1.2 2016-12-08 Maxime Doyen Made 5.1.2
release. * wish : #1645126 remember the size of columns in the main window *
wish : #1639862 multiple edit transactions date * wish : #1638023 remind
scheduled listview column width * wish : #916690 qif option (info to desc;
payee to desc) * wish : #462919 option to choose to import OFX name to payee
or memo * bugfix: import, new account don't have currency, result display NaN
* bugfix: import, amount was not displaying decimal part * bugfix: import,
dialog to choose child xfer was popup when no match found * bugfix: txn dialog,
after input a split amount/category widget were not disabled * bugfix: #1645001
import shows rounded amount but import correctly * bugfix: #1640885 txn changes
in detail list cannot be saved * bugfix: #1638064 balance report may show wrong
values
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1402616 - homebank-5.1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1402616
--------------------------------------------------------------------------------
================================================================================
layla-fonts-1.7-1.fc23 (FEDORA-2016-807b136d7e)
A collection of traditional Arabic fonts
--------------------------------------------------------------------------------
Update Information:
Fixed the font lookup tables
--------------------------------------------------------------------------------
================================================================================
libxsmm-1.6.1-1.fc23 (FEDORA-2016-1d69950d26)
Small dense or sparse matrix multiplications and convolutions for x86_64
--------------------------------------------------------------------------------
Update Information:
New release ---- New package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1400167 - libxsmm-1.6.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1400167
[ 2 ] Bug #1389016 - Review Request: libxsmm - Library for small matrix-matrix
multiplications on Intel x86_64 (e.g. for cp2k)
https://bugzilla.redhat.com/show_bug.cgi?id=1389016
--------------------------------------------------------------------------------
================================================================================
mingw-openjpeg2-2.1.2-2.fc23 (FEDORA-2016-5f5d42d2d8)
MinGW Windows openjpeg2 library
--------------------------------------------------------------------------------
Update Information:
This update adds a patch to fix CVE-2016-9573 and CVE-2016-9572.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1402720 - CVE-2016-9573 CVE-2016-9572 mingw-openjpeg2: various flaws
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1402720
--------------------------------------------------------------------------------
================================================================================
openjpeg2-2.1.2-2.fc23 (FEDORA-2016-570c603276)
C-Library for JPEG 2000
--------------------------------------------------------------------------------
Update Information:
This updates adds a patch to fix CVE-2016-9573 and CVE-2016-9572.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1402718 - CVE-2016-9573 CVE-2016-9572 openjpeg2: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1402718
--------------------------------------------------------------------------------
================================================================================
php-5.6.29-1.fc23 (FEDORA-2016-d741684e43)
PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:
08 Dec 2016 - **PHP version 5.6.29** **Mysqlnd:** * Fixed bug php#64526 (Add
missing mysqlnd.* parameters to php.ini-*). (cmb) **Opcache:** * Fixed bug
php#73402 (Opcache segfault when using class constant to call a method).
(Laruence) * Fixed bug php#69090 (check cached files permissions) **OpenSSL**
* Fixed bug php#72776 (Invalid parameter in memcpy function trough
openssl_pbkdf2). (Jakub Zelenka) **Postgres:** * Fixed bug php#73498
(Incorrect SQL generated for pg_copy_to()). (Craig Duncan) **SOAP:** * Fixed
bug php#73452 (Segfault (Regression for php#69152)). (Dmitry) **SQLite3:** *
Fixed bug php#73530 (Unsetting result set may reset other result set). (cmb)
**Standard:** * Fixed bug php#73297 (HTTP stream wrapper should ignore HTTP 100
Continue). (rowan dot collins at gmail dot com) **WDDX:** * Fixed bug
php#73631 (Memory leak due to invalid wddx stack processing). (bughunter at
fosec dot vn).
--------------------------------------------------------------------------------
================================================================================
php-akamai-open-edgegrid-client-0.6.1-1.fc23 (FEDORA-2016-d55a6b97b4)
Implements the Akamai {OPEN} EdgeGrid Authentication
--------------------------------------------------------------------------------
Update Information:
### 0.6.1 [04 Nov, 2016] * Install bin/http using composer * Cleanup tools and
composer setup * Shrink PHAR from 5.6MB to 370KB * Add support for `-A` short
flag for `--auth-type` on CLI to match httpie * Update dependencies
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1392697 - php-akamai-open-edgegrid-client-0.6.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1392697
--------------------------------------------------------------------------------
================================================================================
php-guzzlehttp-promises-1.3.0-1.fc23 (FEDORA-2016-dd5b5175f3)
Guzzle promises library
--------------------------------------------------------------------------------
Update Information:
## 1.3.0 - 2016-11-18 * Adds support for custom task queues. * Fixed coroutine
promise memory leak.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1396687 - php-guzzlehttp-promises-1.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1396687
--------------------------------------------------------------------------------
================================================================================
php-mtdowling-jmespath-php-2.4.0-1.fc23 (FEDORA-2016-7b471327c1)
Declaratively specify how to extract elements from a JSON document
--------------------------------------------------------------------------------
Update Information:
## 2.4.0 - 2016-12-03 * Added support for floats when interpreting data. *
Added a function_exists check to work around redeclaration issues.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1401271 - php-mtdowling-jmespath-php-2.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1401271
--------------------------------------------------------------------------------
================================================================================
pywbem-0.9.1-1.fc23 (FEDORA-2016-4976cd80fa)
Python2 WBEM Client and Provider Interface
--------------------------------------------------------------------------------
Update Information:
*Upgrade to pywbem v0.9.1 * Enhancements * Added a section ���Prerequisite
operating system packages��� to the documentation that describes the prerequisite
packages by distribution. * Added git as an OS-level dependency for
development (it is used by GitPython when building the documentation). * Bug
fixes * Fixed the use of a variable before it was set in the
remove_destinations() method of class WBEMSubscriptionManager. * Fixed a
compatibility issue relative to pywbem 0.7.0, where the pywbem.Error class was
no longer available in the pywbem.cim_http namespace. It has been made available
in that namespace again, for compatibility reasons. Note that using sub-
namespaces of the pywbem namespace such as pywbem.cim_http has been deprecated
in pywbem 0.8.0. * Fixed a documentation issue where the description of
CIMError was not clear that the exception object itself can be accessed by index
and slice. * Fixed a documentation build error on Python 2.6, by pinning the
GitPython version to <=2.0.8, due to its use of unittest.case which is not
available on Python 2.6.
--------------------------------------------------------------------------------
================================================================================
qt5-qtstyleplugins-5.0.0-12.fc23 (FEDORA-2016-0c06631344)
Classic Qt widget styles
--------------------------------------------------------------------------------
Update Information:
Pull in latest upstream fixes, omit qgtk2 platform/style plugins that conflict
with qt5-qtbase
--------------------------------------------------------------------------------