The following Fedora 23 Security updates need testing:
Age URL
443
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23
401
https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe
miniupnpc-1.9-6.fc23
374
https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324
jbig2dec-0.12-2.fc23
324
https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1
python-pymongo-3.0.3-1.fc23
324
https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8
thttpd-2.25b-37.fc23
130
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d79ade826 flex-2.6.0-2.fc23
120
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c2ec9c716e redis-3.2.3-1.fc23
113
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c
libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23
96
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3a6435b14
dhcpcd-6.11.3-1.fc23
62
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0
ca-certificates-2016.2.10-1.0.fc23
54
https://bodhi.fedoraproject.org/updates/FEDORA-2016-17ea599651
compat-guile18-1.8.8-14.fc23
39
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b89e991e63
nodejs-0.10.48-1.fc23
29
https://bodhi.fedoraproject.org/updates/FEDORA-2016-272fa6b96e dracut-043-67.fc23
17
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5afe06026b
jenkins-1.625.3-5.fc23 jenkins-remoting-2.62.3-1.fc23
14
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e8a8561ee7
ntp-4.2.6p5-43.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7fc142da66
phpMyAdmin-4.6.5.1-2.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a571b97ebb
php-php-gettext-1.0.12-1.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b4896f20b3
roundcubemail-1.2.3-1.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-bf6c3ea62c
perl-DBD-MySQL-4.033-4.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7da97a3914
mcabber-1.0.4-1.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c33466fbb
tomcat-8.0.39-1.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a400e4cd90
thunderbird-45.5.1-1.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5c32bae671
php-simplesamlphp-saml2-2.3.3-1.fc23 php-simplesamlphp-saml2_1-1.10.3-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-30077d1b37
ipsilon-2.0.2-2.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e5ff0ed40c lxc-2.0.6-2.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c17cb9648
kernel-4.8.12-100.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3c01772ff6
httpd-2.4.23-5.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-cad9307ce0 gd-2.1.1-11.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7eea952041
golang-1.5.4-5.fc23
The following Fedora 23 Critical Path updates have yet to be approved:
Age URL
140
https://bodhi.fedoraproject.org/updates/FEDORA-2016-98a7a1b6e0 abrt-2.8.0-6.fc23
libreport-2.6.4-3.fc23
113
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6288f555c
libarchive-3.2.1-3.fc23 python-libarchive-c-2.5-1.fc23
74
https://bodhi.fedoraproject.org/updates/FEDORA-2016-79072fd70e
python-virtkey-0.63.0-1.fc23
67
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d26923757a
koji-1.10.1-13.fc23
62
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1649cc31e0
ca-certificates-2016.2.10-1.0.fc23
46
https://bodhi.fedoraproject.org/updates/FEDORA-2016-86a2119f42 nspr-4.13.1-1.fc23
31
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0906f64ec8 rpm-4.13.0-1.fc23
29
https://bodhi.fedoraproject.org/updates/FEDORA-2016-272fa6b96e dracut-043-67.fc23
22
https://bodhi.fedoraproject.org/updates/FEDORA-2016-62b8930463
pciutils-3.5.2-1.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-03d76071b6
nss-3.27.0-1.3.fc23
12
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b5b28b69e2
mod_perl-2.0.10-1.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8ec81aeba6
dbus-1.10.14-1.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-bf6c3ea62c
perl-DBD-MySQL-4.033-4.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6064f86234 vim-8.0.118-1.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a400e4cd90
thunderbird-45.5.1-1.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ac1042dfcc
libbluray-0.9.3-3.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-cad9307ce0 gd-2.1.1-11.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3c01772ff6
httpd-2.4.23-5.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c17cb9648
kernel-4.8.12-100.fc23
The following builds have been pushed to Fedora 23 updates-testing
copr-backend-1.95-1.fc23
copr-dist-git-0.23-1.fc23
copr-frontend-1.104-1.fc23
dmlite-0.8.5-1.fc23
easytag-2.4.3-1.fc23
fedfind-3.1.3-2.fc23
fedpkg-copr-0.10-1.fc23
gd-2.1.1-11.fc23
golang-1.5.4-5.fc23
httpd-2.4.23-5.fc23
libmediainfo-0.7.91-1.fc23
libzen-0.4.34-1.fc23
lilypond-2.19.52-1.fc23
lilypond-doc-2.19.52-1.fc23
mediainfo-0.7.91-1.fc23
ophcrack-3.6.1-1.fc23
owncloud-9.1.2-1.fc23
python-mwclient-0.8.3-1.fc23
Details about builds:
================================================================================
copr-backend-1.95-1.fc23 (FEDORA-2016-8abd50b960)
Backend for Copr
--------------------------------------------------------------------------------
Update Information:
- use buildroot_pkgs substitution type according to job.chroot - use timeout
command to respect timeout param coming from frontend - don't ship unitfiles in
%%bindir - move createrepo to the end of the rawhide_to_release handler -
modulemd 1.0.2 compatibility - Bug 1397119 - Error reading SSH protocol banner -
added auto-prune project's option - Bug 1086139 - [RFE] provide UI to cancel a
build - Fix misleading debug statement - fix exception logging in
ensure_dir_exists helper - Fix chroot_setup_cmd regex for custom chroot ---- -
fix NameError: global name 'result' is not defined - fix exception logging -
Modularity support - Bug 1357564 - RFE: allow downloading of mock profiles
(reproducible builds) - "safer" exception handling for actions - also provide
default version and release for generated modules.json ---- - wrap feedback
about actions to frontend into try-except - log even the traceback from forking
- use makedirs instead of mkpath in fork action - if anything bad happens, log
exception in generate_gpg_key action - also restart copr-backend-vmm and copr-
backend-log when (re)installing - Bug 1361344 - RFE: Allow denial of build
deletion and resubmitting at project or group level - catch errors in fork
action - set action result for comps.xml and module_md.yaml file deletion -
backend fork action now takes care of new gpg-key generation instead of frontend
- removed no longer supported --api-version=0.8 arg from appstream-builder
command line - specify module_md as module type - fix saving comps.xml and
module_md.yaml into empty copr (with no build) - module_md.yaml is added to
repodata now similarly to appstream.xml - support for generation of module dist
tags - module_md.yaml uploading for a chroot - simplified build and action task
workflow - use copy of the mock (chroot) config, not the original in /etc/mock/
---- Only minor changes compared to copr-backend-1.89.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1397119 - Error reading SSH protocol banner
https://bugzilla.redhat.com/show_bug.cgi?id=1397119
[ 2 ] Bug #1086139 - [RFE] provide UI to cancel a build
https://bugzilla.redhat.com/show_bug.cgi?id=1086139
[ 3 ] Bug #1399094 - copr-backend contains systemd unit files under /usr/bin
https://bugzilla.redhat.com/show_bug.cgi?id=1399094
--------------------------------------------------------------------------------
================================================================================
copr-dist-git-0.23-1.fc23 (FEDORA-2016-16dfb6e0d2)
Copr services for Dist Git server
--------------------------------------------------------------------------------
Update Information:
- use other than epel chroot for scm building - use newest mock - run mock-scm
inside of docker - add README information about how docker image is built -
stripped down impl of building from dist-git - fixed unittests - refactor VM.run
method - remove exited containers - add possibility to run dist-git in single
thread - refactor lookaside my_upload slightly - Bug 1377780 - Multiple failed
tasks with: Importing SRPM into Dist Git failed.
--------------------------------------------------------------------------------
================================================================================
copr-frontend-1.104-1.fc23 (FEDORA-2016-a03ee135c5)
Frontend for Copr
--------------------------------------------------------------------------------
Update Information:
- set default build timeout to 18 hours - allow hiding "quick enable" helper -
login should not be required for viewing modules - (cli) inform user about build
links - create backend_rawhide_to_release command - adding chroot repos
implemented - group_add: make group in breadcrumb menu clickable - create
status/order functions by 'create_db' - modularize design files - spec: allow
'rpmbuild --without check' - use "Suggests" tag only in Fedora - add api
method
for translating module NVR to DNF repo url - promptly generate mock profiles -
added auto-prune project's option - Bug 1393361 - get_project_details returns
incorrect yum_repos - Bug 1086139 - [RFE] provide UI to cancel a build - group
support for modules - modularity 1.0.2 support - create proper module table - by
pagure fedmsgs induced auto-rebuilds - Bug 1384923 - Ignore push events to other
branches when one is selected - stripped down impl of building from dist-git -
fix unit tests - Bug 1377854 - provide functional URL when asking to renew token
- Bug 1382243 - Multiple rows were found for one() - add link to all BZs to
footer - Bug 1335168 - Delete build(s) from CLI - Bug 1380810 - [RFE] Show
original repo when forking - Bug 1368458 - Resubmit does not work on forked
projects. - FAS groups need re-login, inform user - Bug 1381790 - rename Rawhide
to F26 in Copr and create F27 when Fedora branches instead - use 'debug' level
for krb debug message - fix krb auth for services - fork only successful builds
- check user permissions when building module - implement methods for querying
multiple modules - Bug 1361641 - Status in build table shows wrong values - show
html code for build badge - speed up querying for recent builds - modularity UI
improvements - do not fork created_on from previous project - fix Bug 1376703 -
Cannot cancel build and now explain
--------------------------------------------------------------------------------
================================================================================
dmlite-0.8.5-1.fc23 (FEDORA-2016-d206a5fd2e)
Lcgdm grid data management and storage framework
--------------------------------------------------------------------------------
Update Information:
* new upstream release ---- * new upstrem release ---- * new upstream
release ---- * new upstream release ---- * bug fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1384305 - dnf upgrade produces error msgs
https://bugzilla.redhat.com/show_bug.cgi?id=1384305
--------------------------------------------------------------------------------
================================================================================
easytag-2.4.3-1.fc23 (FEDORA-2016-26739641ff)
Tag editor for MP3, Ogg, FLAC and other music files
--------------------------------------------------------------------------------
Update Information:
Update to 2.4.3 * Fix two crashes in the dialog to load filenames from a file *
Avoid a crash when adding an image and no files are selected * Avoid a crash
when saving ID3v2.4 tags and no audio is present * Fix a crash when applying
CDDB results * Fix saving of ID3v1 genres when also using ID3v2.4 * Fix Ogg tag
writing on Windows * Ensure that a selected path in the browser is shown in the
path list * Open the online version of the help if Yelp is not available * Fix
handling of MP4 files with empty tag fields * Fix the artist/album toolbar icon
* Eckhard M. J��ger���s Adwaita-style artist/album icons * Add support for MP4
files with the .aac file extension * Anders Jonsson���s Swedish translation update
* Bal��zs ��r���s Hungarian translation update * Charles Monzat���s French translation
update * C��dric Valmary���s Occitan translation * Walter Cheuk���s Chinese (Taiwan)
translation update * Jobava���s Romanian translation update * Jordi Mas���s Catalan
translation updates * Piotr Dr��g���s Polish translation updates * Rafael
Fontanelle���s Brazilian Portuguese translation update * Tiago Santos��� Portuguese
translation update * Daniel Mustieles��� and M��nica Canizo���s Spanish translation
updates * gogo���s Croation translation
--------------------------------------------------------------------------------
================================================================================
fedfind-3.1.3-2.fc23 (FEDORA-2016-3988743f76)
Fedora Finder finds Fedora
--------------------------------------------------------------------------------
Update Information:
fedfind 3.1 changes how fedfind handles metadata for composes which were
originally created by Pungi 4 and had real metadata, but were then modified in
some ways and had their metadata removed. This includes milestone and stable
releases for Fedora 24 and later: when these are placed in their 'final'
locations on the mirrors, some contents are split into different locations and
some deliverables are removed. Previously, fedfind would simply synthesize
metadata for these composes, as it does for pre-Pungi 4 composes. Now, it first
attempts to find the original metadata (from
[
PDC](https://pdc.fedoraproject.org/)) and adjust it for the modified image
locations, while preserving all the other image attributes from the original
metadata (including ones it could not synthesize). It will only fall back to
synthesizing the metadata if it cannot find corresponding metadata from PDC. The
practical result of this is that you should get more reliable and complete
metadata for these composes.
--------------------------------------------------------------------------------
================================================================================
fedpkg-copr-0.10-1.fc23 (FEDORA-2016-72238a350a)
Fedpkg modified to work with copr dist git
--------------------------------------------------------------------------------
Update Information:
- Bug 1393460 - Copr chokes on %%mageia conditional in spec files for rebuilding
SRPM - Add Mageia branches to the regex ---- New package to interact with
copr-dist-git
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1378341 - Review Request: fedpkg-copr - copr dist-git client
https://bugzilla.redhat.com/show_bug.cgi?id=1378341
--------------------------------------------------------------------------------
================================================================================
gd-2.1.1-11.fc23 (FEDORA-2016-cad9307ce0)
A graphics library for quick creation of PNG or JPEG images
--------------------------------------------------------------------------------
Update Information:
- Security fix for CVE-2016-8670 - Security fix for CVE-2016-6911 - Security fix
for CVE-2016-7568 - For Fedora 26 disabled two tests - they are failing because
of freetype 2.7 (
https://github.com/libgd/libgd/issues/302,
https://github.com/libgd/libgd/issues/217)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1380450 - CVE-2016-7568 gd, php: Integer overflow in gdImageWebpCtx
https://bugzilla.redhat.com/show_bug.cgi?id=1380450
[ 2 ] Bug #1388787 - CVE-2016-6911 gd, php: Missing check for OOB read in
dynamicGetbuf()
https://bugzilla.redhat.com/show_bug.cgi?id=1388787
[ 3 ] Bug #1391068 - CVE-2016-8670 gd, php: Stack based buffer overflow in
dynamicGetbuf
https://bugzilla.redhat.com/show_bug.cgi?id=1391068
--------------------------------------------------------------------------------
================================================================================
golang-1.5.4-5.fc23 (FEDORA-2016-7eea952041)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
Security fix for BZ#1401985
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1401985 - golang: net/http: multipart ReadForm close file after copy
https://bugzilla.redhat.com/show_bug.cgi?id=1401985
--------------------------------------------------------------------------------
================================================================================
httpd-2.4.23-5.fc23 (FEDORA-2016-3c01772ff6)
Apache HTTP Server
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-8740
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1401528 - CVE-2016-8740 httpd: Incomplete handling of LimitRequestFields
directive in mod_http2
https://bugzilla.redhat.com/show_bug.cgi?id=1401528
--------------------------------------------------------------------------------
================================================================================
libmediainfo-0.7.91-1.fc23 (FEDORA-2016-fe897bb180)
Library for supplies technical and tag information about a video or audio file
--------------------------------------------------------------------------------
Update Information:
Update to last version.
--------------------------------------------------------------------------------
================================================================================
libzen-0.4.34-1.fc23 (FEDORA-2016-fe897bb180)
Shared library for libmediainfo and medianfo*
--------------------------------------------------------------------------------
Update Information:
Update to last version.
--------------------------------------------------------------------------------
================================================================================
lilypond-2.19.52-1.fc23 (FEDORA-2016-8eab355ce7)
A typesetting system for music notation
--------------------------------------------------------------------------------
Update Information:
2.19.52
--------------------------------------------------------------------------------
================================================================================
lilypond-doc-2.19.52-1.fc23 (FEDORA-2016-8eab355ce7)
HTML documentation for LilyPond
--------------------------------------------------------------------------------
Update Information:
2.19.52
--------------------------------------------------------------------------------
================================================================================
mediainfo-0.7.91-1.fc23 (FEDORA-2016-fe897bb180)
Supplies technical and tag information about a video or audio file (CLI)
--------------------------------------------------------------------------------
Update Information:
Update to last version.
--------------------------------------------------------------------------------
================================================================================
ophcrack-3.6.1-1.fc23 (FEDORA-2016-abca14a66a)
Free Windows password cracker based on rainbow tables
--------------------------------------------------------------------------------
Update Information:
- Rebuilt for new upstream release 3.6.1, fixes rhbz #1365143
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1365143 - ophcrack-3.6.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1365143
--------------------------------------------------------------------------------
================================================================================
owncloud-9.1.2-1.fc23 (FEDORA-2016-054af780f1)
Private file sync and share server
--------------------------------------------------------------------------------
Update Information:
New release 9.1.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1393164 - owncloud-9.1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1393164
--------------------------------------------------------------------------------
================================================================================
python-mwclient-0.8.3-1.fc23 (FEDORA-2016-8110297ab7)
Mwclient is a client to the MediaWiki API
--------------------------------------------------------------------------------
Update Information:
This update provides the latest upstream release of mwclient, with various
bugfixes and improvements. It should be fully backward compatible with previous
0.8 releases, but Python 2.6 support has been dropped upstream, so no EPEL 6
build is provided.
--------------------------------------------------------------------------------