The following Fedora 23 Security updates need testing:
Age URL
138
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23
96
https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe
miniupnpc-1.9-6.fc23
69
https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324
jbig2dec-0.12-2.fc23
59
https://bodhi.fedoraproject.org/updates/FEDORA-2015-abf9659276
php-PHPMailer-5.2.14-1.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1
python-pymongo-3.0.3-1.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8
thttpd-2.25b-37.fc23
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b02ad4e424
ecryptfs-utils-109-1.fc23
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554
xulrunner-44.0-1.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2ec7f779f2
claws-mail-3.13.2-1.fc23
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-97002ad37b
rubygem-actionview-4.2.3-3.fc23
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f486068393
rubygem-actionpack-4.2.3-4.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4509765b4b
gsi-openssh-7.1p2-3.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-eb4d6e8aab
rubygem-activemodel-4.2.3-2.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3ede04cd79
rubygem-activesupport-4.2.3-3.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-cc465a34df
rubygem-activerecord-4.2.3-2.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-50abc3e885
python-pymongo-2.5.2-8.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b61929db9e
wordpress-4.4.2-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-aa00f0631d
mingw-nettle-3.2-1.fc23 mingw-gnutls-3.4.9-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-46a34efa06 php-5.6.18-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-153eed2bb8
asterisk-13.7.1-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4b06195979
python-pillow-3.0.0-2.fc23
The following Fedora 23 Critical Path updates have yet to be approved:
Age URL
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554
xulrunner-44.0-1.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-fd30ad26a9
kernel-4.3.5-300.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d52084f03e
linux-firmware-20160204-61.git91d5dd13.fc23
The following builds have been pushed to Fedora 23 updates-testing
asterisk-13.7.1-1.fc23
cmark-0.24.1-1.fc23
docker-compose-1.6.0-1.fc23
eclipse-cdt-8.8.0-6.fc23
eclipse-remote-2.0.1-2.fc23
engauge-digitizer-6.2-4.20160204gitb6ad5b.fc23
gammu-1.37.0-2.fc23
gdal-2.0.2-1.fc23
gimp-separate+-0.5.8-15.fc23
kamera-15.08.3-2.fc23
libinput-1.1.6-1.fc23
libreadline-java-0.8.0-42.fc23
linux-firmware-20160204-61.git91d5dd13.fc23
mbuffer-20151002-1.fc23
mpop-1.2.4-1.fc23
plasma-workspace-5.5.4-2.fc23
platform-2.0.1-1.fc23
pssh-2.3.1-12.fc23
python-pillow-3.0.0-2.fc23
rubygem-plist-3.2.0-1.fc23
springframework-amqp-1.3.9-3.fc23
testcloud-0.1.8-1.fc23
tzdata-2016a-1.fc23
wammu-0.40-3.fc23
xsd-4.0.0-14.fc23
Details about builds:
================================================================================
asterisk-13.7.1-1.fc23 (FEDORA-2016-153eed2bb8)
The Open Source PBX
--------------------------------------------------------------------------------
Update Information:
Update to upstream 13.7.1 release for security fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1304670 - asterisk: File descriptor exhaustion in chan_sip
https://bugzilla.redhat.com/show_bug.cgi?id=1304670
--------------------------------------------------------------------------------
================================================================================
cmark-0.24.1-1.fc23 (FEDORA-2016-3fe60c0718)
CommonMark parsing and rendering
--------------------------------------------------------------------------------
Update Information:
Update to latest 0.24.1
--------------------------------------------------------------------------------
================================================================================
docker-compose-1.6.0-1.fc23 (FEDORA-2016-9ed4d853f0)
Multi-container orchestration for Docker
--------------------------------------------------------------------------------
Update Information:
Update to upstream 1.6.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1300106 - docker-compose-1.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1300106
--------------------------------------------------------------------------------
================================================================================
eclipse-cdt-8.8.0-6.fc23 (FEDORA-2016-b836b8a61b)
Eclipse C/C++ Development Tools (CDT) plugin
--------------------------------------------------------------------------------
Update Information:
* The updated version of eclipse-cdt fixes eclipse-cdt-arduino to get resolved
properly. * The updated version of eclipse-remote removes an unnecessary
dependency from eclipse-remote to eclipse-pde, which was causing, as an example,
eclipse-cdt-arduino to require the JDT and PDE. To test this, just confirm that
installing eclipse-cdt-arduino (or eclipse-remote) doesn't also bring in
eclipse-pde or eclipse-jdt.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1302131 - eclipse-cdt-arduino entirely non-functional
https://bugzilla.redhat.com/show_bug.cgi?id=1302131
--------------------------------------------------------------------------------
================================================================================
eclipse-remote-2.0.1-2.fc23 (FEDORA-2016-b836b8a61b)
Eclipse Remote Services plug-in
--------------------------------------------------------------------------------
Update Information:
* The updated version of eclipse-cdt fixes eclipse-cdt-arduino to get resolved
properly. * The updated version of eclipse-remote removes an unnecessary
dependency from eclipse-remote to eclipse-pde, which was causing, as an example,
eclipse-cdt-arduino to require the JDT and PDE. To test this, just confirm that
installing eclipse-cdt-arduino (or eclipse-remote) doesn't also bring in
eclipse-pde or eclipse-jdt.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1302131 - eclipse-cdt-arduino entirely non-functional
https://bugzilla.redhat.com/show_bug.cgi?id=1302131
--------------------------------------------------------------------------------
================================================================================
engauge-digitizer-6.2-4.20160204gitb6ad5b.fc23 (FEDORA-2016-3a05e24521)
Convert graphs or map files into numbers
--------------------------------------------------------------------------------
Update Information:
- Update to commit #b6ad5b
--------------------------------------------------------------------------------
================================================================================
gammu-1.37.0-2.fc23 (FEDORA-2016-f22eb4f4d4)
Command Line utility to work with mobile phones
--------------------------------------------------------------------------------
Update Information:
Add BR:libdbi-dbd-sqlite and also require it because drive sqlite is used by
---- Update to 1.37.0 (#1304358)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1304358 - gammu-1.37.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1304358
--------------------------------------------------------------------------------
================================================================================
gdal-2.0.2-1.fc23 (FEDORA-2016-7cb5cee691)
GIS file format library
--------------------------------------------------------------------------------
Update Information:
*
https://trac.osgeo.org/gdal/wiki/Release/2.0.2-News
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1303398 - gdal-2.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1303398
[ 2 ] Bug #1284714 - GDAL is build without GEOS support
https://bugzilla.redhat.com/show_bug.cgi?id=1284714
--------------------------------------------------------------------------------
================================================================================
gimp-separate+-0.5.8-15.fc23 (FEDORA-2016-bbfe53b2a6)
Rudimentary CMYK support for The GIMP
--------------------------------------------------------------------------------
Update Information:
Added metainfo.xml from Luya Tshimbalanga <luya(a)fedoraproject.org>
--------------------------------------------------------------------------------
================================================================================
kamera-15.08.3-2.fc23 (FEDORA-2016-110764bc4a)
Digital camera support for KDE
--------------------------------------------------------------------------------
Update Information:
Update to latest (kde4-based) version, add support for kf5 actions.
--------------------------------------------------------------------------------
================================================================================
libinput-1.1.6-1.fc23 (FEDORA-2016-52a8eb51be)
Input device library
--------------------------------------------------------------------------------
Update Information:
libinput 1.1.6, smoother pointer motion on small touchpad motions and two-finger
scrolling ---- Drop default motion hysteresis, disable mode button on Cyborg
RAT 5
--------------------------------------------------------------------------------
================================================================================
libreadline-java-0.8.0-42.fc23 (FEDORA-2016-5acd868ee7)
Java wrapper for the EditLine library
--------------------------------------------------------------------------------
Update Information:
fix jar file symlink (rhbz#1304865)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1304865 - /usr/lib64/libreadline-java/libreadline-java.jar is a stale
symbolic link
https://bugzilla.redhat.com/show_bug.cgi?id=1304865
--------------------------------------------------------------------------------
================================================================================
linux-firmware-20160204-61.git91d5dd13.fc23 (FEDORA-2016-d52084f03e)
Firmware files used by the Linux kernel
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream git snapshot. Includes updates for rtlwifi, iwlwifi,
Intel bluetooth, and Intel Skylake audio.
--------------------------------------------------------------------------------
================================================================================
mbuffer-20151002-1.fc23 (FEDORA-2016-956449cda6)
Measuring Buffer is an enhanced version of buffer
--------------------------------------------------------------------------------
Update Information:
Update to new upstream version 20151002
--------------------------------------------------------------------------------
================================================================================
mpop-1.2.4-1.fc23 (FEDORA-2016-b6579d59ad)
A POP3 client for recieving mail from POP3 mailboxes
--------------------------------------------------------------------------------
Update Information:
Updated to new upstream version 1.2.4 (rhbz#1179320)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1179320 - Utilize system-wide crypto-policies
https://bugzilla.redhat.com/show_bug.cgi?id=1179320
--------------------------------------------------------------------------------
================================================================================
plasma-workspace-5.5.4-2.fc23 (FEDORA-2016-45c3f5e30a)
Plasma workspace, applications and applets
--------------------------------------------------------------------------------
Update Information:
Backport workaround for systray applets sometimes not showing properly on login,
see also upstream bug
http://bugs.kde.org/352055
--------------------------------------------------------------------------------
================================================================================
platform-2.0.1-1.fc23 (FEDORA-2016-d888539bbd)
Platform support library used by libCEC and binary add-ons for Kodi
--------------------------------------------------------------------------------
Update Information:
Update to 2.0.1
--------------------------------------------------------------------------------
================================================================================
pssh-2.3.1-12.fc23 (FEDORA-2016-686a320694)
Parallel SSH tools
--------------------------------------------------------------------------------
Update Information:
Handling of aborted pssh process was not correct.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1294454 - [abrt] pssh: pssh:93:do_pssh:ValueError: min() arg is an empty
sequence
https://bugzilla.redhat.com/show_bug.cgi?id=1294454
--------------------------------------------------------------------------------
================================================================================
python-pillow-3.0.0-2.fc23 (FEDORA-2016-4b06195979)
Python image processing library
--------------------------------------------------------------------------------
Update Information:
This update fixes for security vulnerabilities, including CVE-2016-0775,
CVE-2016-0740.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1305004 - python-pillow: Buffer overflow in PcdDecode.c
https://bugzilla.redhat.com/show_bug.cgi?id=1305004
--------------------------------------------------------------------------------
================================================================================
rubygem-plist-3.2.0-1.fc23 (FEDORA-2016-5fe471a2cc)
All-purpose Property List manipulation library
--------------------------------------------------------------------------------
Update Information:
update to plist 3.2.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1302703 - rubygem-plist-3.2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1302703
--------------------------------------------------------------------------------
================================================================================
springframework-amqp-1.3.9-3.fc23 (FEDORA-2016-5be3c02ef2)
Support for Spring programming model with AMQP
--------------------------------------------------------------------------------
Update Information:
add rabbitmq-java-client 3.6.x support
--------------------------------------------------------------------------------
================================================================================
testcloud-0.1.8-1.fc23 (FEDORA-2016-8f11fc365d)
Tool for running cloud images locally
--------------------------------------------------------------------------------
Update Information:
Small update to fix docs and implicit crash when IP address is not found after
boot
--------------------------------------------------------------------------------
================================================================================
tzdata-2016a-1.fc23 (FEDORA-2016-aaf362201c)
Timezone data
--------------------------------------------------------------------------------
Update Information:
Resolves: #1302497 - Rebase to 2016a - America/Cayman will not
observe daylight saving this year after all. Revert our guess that
it would. - Asia/Chita switches from +0800 to +0900 on 2016-03-27 at
02:00. - Asia/Tehran now has DST predictions for the year 2038 and
later, to be March 21 00:00 to September 21 00:00. This is likely
better than predicting no DST, albeit off by a day every now and
then.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1302497 - tzdata-2016a is available
https://bugzilla.redhat.com/show_bug.cgi?id=1302497
--------------------------------------------------------------------------------
================================================================================
wammu-0.40-3.fc23 (FEDORA-2016-0c970c2e9e)
Mobile Phone Manager - Gammu GUI
--------------------------------------------------------------------------------
Update Information:
Fix
github.com/gammu/wammu/issues/21 .
--------------------------------------------------------------------------------
================================================================================
xsd-4.0.0-14.fc23 (FEDORA-2016-4f71504d22)
W3C XML schema to C++ data binding compiler
--------------------------------------------------------------------------------
Update Information:
- Rebuilt for Boost 1.60 - Set flags for hardened builds
--------------------------------------------------------------------------------