Fedora 23 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Wed Sep 16 17:53:22 UTC 2015
The following Fedora 23 Security updates need testing:
Age URL
42 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12739 python-kdcproxy-0.3.2-1.fc23
26 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13824 python-django-1.8.4-1.fc23
25 https://bodhi.fedoraproject.org/updates/conntrack-tools-1.4.2-9.fc23 conntrack-tools-1.4.2-9.fc23
21 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14197 sblim-sfcb-1.4.9-4.fc23
21 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14213 ntp-4.2.6p5-33.fc23
13 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14900 ipython-3.2.1-2.fc23
12 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14951 pdns-3.4.6-1.fc23
8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13919 ipsilon-1.0.0-5.fc23
8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15291 ipsilon-1.1.0-1.fc23
5 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15273 php-pecl-zip-1.13.1-1.fc23
3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15590 jakarta-commons-httpclient-3.1-23.fc23
2 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15769 bugzilla-4.4.10-1.fc23
2 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15830 seamonkey-2.35-1.fc23
1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15860 unzip-6.0-23.fc23
1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15899 groovy-2.4.4-1.fc23
0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15929 openjpeg2-2.1.0-6.fc23
0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15934 libvpx-1.4.0-5.fc23
0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15943 xen-4.5.1-8.fc23
0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15983 wordpress-4.3.1-1.fc23
0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16025 xpra-0.15.6-1.fc23
0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16033 php-ZendFramework2-2.4.8-1.fc23
The following Fedora 23 Critical Path updates have yet to be approved:
Age URL
9 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15127 nautilus-3.17.91-1.fc23
8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15358 cryptsetup-1.6.8-2.fc23
8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15336 attr-2.4.47-13.fc23 acl-2.2.52-10.fc23
8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15262 python-pycurl-7.19.5.1-3.fc23
6 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15487 xdg-user-dirs-0.15-7.fc23
6 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15477 libgcrypt-1.6.4-1.fc23
6 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15462 polkit-gnome-0.105-9.fc23
6 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15456 openssh-7.1p1-2.fc23
6 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15412 gdb-7.10-18.fc23
6 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15394 python-2.7.10-8.fc23
6 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13372 lvm2-2.02.130-1.fc23
5 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15563 enca-1.16-1.fc23
5 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15515 perl-HTTP-Message-6.11-1.fc23
3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15703 xfce4-session-4.12.1-6.fc23
3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15675 lorax-23.18-1.fc23
3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15661 krb5-1.13.2-7.fc23
3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15644 perl-Glib-1.313-1.fc23
3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15623 gmp-6.0.0-12.fc23
3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15601 pinentry-0.9.6-1.fc23
3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15596 hunspell-1.3.3-8.fc23
2 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15812 attr-2.4.47-14.fc23
2 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15804 selinux-policy-3.13.1-147.fc23
2 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15797 gnutls-3.4.5-1.fc23
1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15911 phonon-4.8.3-7.fc23
1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15905 NetworkManager-1.0.6-5.fc23
1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15860 unzip-6.0-23.fc23
1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15846 python-blivet-1.12.4-1.fc23 anaconda-23.19.4-1.fc23
0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16016 audit-2.4.4-2.fc23
0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15972 exo-0.10.7-1.fc23
0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15934 libvpx-1.4.0-5.fc23
0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15922 net-tools-2.0-0.35.20150915git.fc23
0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-15840 kde-baseapps-15.08.1-1.fc23 kde-runtime-15.08.1-1.fc23 kdelibs-4.14.12-1.fc23
The following builds have been pushed to Fedora 23 updates-testing
audit-2.4.4-2.fc23
compat-libvpx1-1.3.0-3.fc23
duplicity-0.7.05-1.fc23
glpi-0.85.5-1.fc23
golang-github-AdRoll-goamz-0-0.1.gitf8c4952.fc23
golang-github-Azure-azure-sdk-for-go-1.2-0.1.git97d9593.fc23
golang-github-denverdino-aliyungo-0-0.1.git0e0f322.fc23
golang-github-go-fsnotify-fsnotify-1.2.0-0.1.git96c060f.fc23
golang-github-gorilla-handlers-0-0.1.git60c7bfd.fc23
golang-github-ncw-swift-0-0.1.git22c8fa9.fc23
golang-github-noahdesu-go-ceph-0.3.0-0.1.gitb15639c.fc23
golang-github-stevvooe-resumable-0-0.1.git51ad441.fc23
gpaste-3.16.3-1.fc23
jnr-constants-0.9.0-1.fc23
kchildlock-0.91.1-1.fc23
libdwarf-20150915-1.fc23
nghttp2-1.3.2-1.fc23
perl-Encode-2.77-1.fc23
perl-Net-SSH-Perl-1.39-1.fc23
php-ZendFramework2-2.4.8-1.fc23
reposurgeon-3.29-1.fc23
texstudio-2.10.0-1.fc23
wayland-1.8.93-1.fc23
weston-1.8.93-1.fc23
woffTools-0.1-0.10.684svn.fc23
wordpress-4.3.1-1.fc23
xpra-0.15.6-1.fc23
Details about builds:
================================================================================
audit-2.4.4-2.fc23 (FEDORA-2015-16016)
User space tools for 2.6 kernel auditing
--------------------------------------------------------------------------------
Update Information:
Fix FTBFS with hardened flags by using the distro CFLAGS, Tighten deps with the
_isa macro, Use goarches macro to define supported GO architectures, Minor
cleanups
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1263235 - audit in F23 is older than in F22, breaks upgrade
https://bugzilla.redhat.com/show_bug.cgi?id=1263235
--------------------------------------------------------------------------------
================================================================================
compat-libvpx1-1.3.0-3.fc23 (FEDORA-2015-16017)
Compat package with libvpx libraries
--------------------------------------------------------------------------------
Update Information:
This update fixes CVE-2015-1258.
--------------------------------------------------------------------------------
================================================================================
duplicity-0.7.05-1.fc23 (FEDORA-2015-16019)
Encrypted bandwidth-efficient backup using rsync algorithm
--------------------------------------------------------------------------------
Update Information:
duplicity-0.7.05-1.fc23 - 0.7.05, BZ 1263488.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1263488 - duplicity-0.7.05 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1263488
--------------------------------------------------------------------------------
================================================================================
glpi-0.85.5-1.fc23 (FEDORA-2015-16012)
Free IT asset management software
--------------------------------------------------------------------------------
Update Information:
**GLPI version 0.85.5** From upstream [changelog](https://github.com/glpi-
project/glpi/issues?q=milestone:0.85.5): * Missing project in total spent on
budget bug * Fix queuemail is case MySQL server in not in same timezone as glpi
* Notes are not deleted on item purge * Tickets/Pbs : wrong display of column
'Associated item types' when plugin * Dozens of sql errors at profile creation
* Error PHP when adding a contract to an item, and contract is already linked to
this item * Pb with massive action 'Remove a contract' on an asset * Error
with Contract, massive action 'Remove item', 'Remove all at once' * Project
task template * Collector : blacklisted email address generates php errors *
Mailcollector if multi "To" in header * URL in notification for reservation *
Values not corrects in glpi_events * In 'project tasks' tab of a project, type
(of task) doesn't take into account available translations * In Setup >
General, tab Assets, autom update elts related to computers : some fields are
inverted * 0.85 and above : Child Entities, tab Notifications, pb with field
'Enable notifs by default' Packaging changes: - update to 0.85.5 - use system
ircmaxell/password-compat - switch from eZ component to Zeta component
--------------------------------------------------------------------------------
================================================================================
golang-github-AdRoll-goamz-0-0.1.gitf8c4952.fc23 (FEDORA-2015-15987)
Fork of the GOAMZ with additional functionality with DynamoDB
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1262714 - Review Request: golang-github-AdRoll-goamz - Fork of the GOAMZ with additional functionality with DynamoDB
https://bugzilla.redhat.com/show_bug.cgi?id=1262714
--------------------------------------------------------------------------------
================================================================================
golang-github-Azure-azure-sdk-for-go-1.2-0.1.git97d9593.fc23 (FEDORA-2015-15994)
Microsoft Azure SDK for Go
--------------------------------------------------------------------------------
Update Information:
needed by docker/distribution
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1262716 - Review Request: golang-github-Azure-azure-sdk-for-go - Microsoft Azure SDK for Go
https://bugzilla.redhat.com/show_bug.cgi?id=1262716
--------------------------------------------------------------------------------
================================================================================
golang-github-denverdino-aliyungo-0-0.1.git0e0f322.fc23 (FEDORA-2015-16002)
Go SDK for Aliyun Services
--------------------------------------------------------------------------------
Update Information:
needed by docker/distribution
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1262704 - Review Request: golang-github-denverdino-aliyungo - Go SDK for Aliyun Services
https://bugzilla.redhat.com/show_bug.cgi?id=1262704
--------------------------------------------------------------------------------
================================================================================
golang-github-go-fsnotify-fsnotify-1.2.0-0.1.git96c060f.fc23 (FEDORA-2015-15977)
File system notifications for Go
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1262426 - Review Request: golang-github-go-fsnotify-fsnotify - File system notifications for Go
https://bugzilla.redhat.com/show_bug.cgi?id=1262426
--------------------------------------------------------------------------------
================================================================================
golang-github-gorilla-handlers-0-0.1.git60c7bfd.fc23 (FEDORA-2015-16001)
A collection of useful handlers for Go's net/http package
--------------------------------------------------------------------------------
Update Information:
needed by docker/distribution
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1262705 - Review Request: golang-github-gorilla-handlers - A collection of useful handlers for Go's net/http package
https://bugzilla.redhat.com/show_bug.cgi?id=1262705
--------------------------------------------------------------------------------
================================================================================
golang-github-ncw-swift-0-0.1.git22c8fa9.fc23 (FEDORA-2015-15995)
Go language interface to Swift
--------------------------------------------------------------------------------
Update Information:
needed by docker/distribution
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1262710 - Review Request: golang-github-ncw-swift - Go language interface to Swift
https://bugzilla.redhat.com/show_bug.cgi?id=1262710
--------------------------------------------------------------------------------
================================================================================
golang-github-noahdesu-go-ceph-0.3.0-0.1.gitb15639c.fc23 (FEDORA-2015-15986)
Go bindings for RADOS, RBD, and CephFS
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1262711 - Review Request: golang-github-noahdesu-go-ceph - Go bindings for RADOS, RBD, and CephFS
https://bugzilla.redhat.com/show_bug.cgi?id=1262711
--------------------------------------------------------------------------------
================================================================================
golang-github-stevvooe-resumable-0-0.1.git51ad441.fc23 (FEDORA-2015-16006)
Subset of the Go `crypto` Package with a Resumable Hash Interface
--------------------------------------------------------------------------------
Update Information:
needed by docker/distribution
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1262709 - Review Request: golang-github-stevvooe-resumable - Subset of the Go `crypto` Package with a Resumable Hash Interface
https://bugzilla.redhat.com/show_bug.cgi?id=1262709
--------------------------------------------------------------------------------
================================================================================
gpaste-3.16.3-1.fc23 (FEDORA-2015-16008)
Clipboard management system
--------------------------------------------------------------------------------
Update Information:
* various gnome-shell extension fixes * prevent potential crash from external
library users
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1260322 - gpaste-v3.16.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1260322
--------------------------------------------------------------------------------
================================================================================
jnr-constants-0.9.0-1.fc23 (FEDORA-2015-16014)
Java Native Runtime constants
--------------------------------------------------------------------------------
Update Information:
Update to upstream 0.9.0 release.
--------------------------------------------------------------------------------
================================================================================
kchildlock-0.91.1-1.fc23 (FEDORA-2015-16022)
KDE Parental Control Application
--------------------------------------------------------------------------------
Update Information:
kchildlock-0.91.1-1.fc21 - Update to 0.91.1 kchildlock-0.91.1-1.fc22 -
Update to 0.91.1 kchildlock-0.91.1-1.fc23 - Update to 0.91.1
--------------------------------------------------------------------------------
================================================================================
libdwarf-20150915-1.fc23 (FEDORA-2015-15826)
Library to access the DWARF Debugging file format
--------------------------------------------------------------------------------
Update Information:
Update to latest release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1263681 - libdwarf-20150915 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1263681
[ 2 ] Bug #1262816 - libdwarf-20150913 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1262816
--------------------------------------------------------------------------------
================================================================================
nghttp2-1.3.2-1.fc23 (FEDORA-2015-16026)
Experimental HTTP/2 client, server and proxy
--------------------------------------------------------------------------------
Update Information:
nghttp2-1.3.2-1.fc23 - update to the latest upstream release ----
nghttp2-1.3.1-1.fc23 - update to the latest upstream release
--------------------------------------------------------------------------------
================================================================================
perl-Encode-2.77-1.fc23 (FEDORA-2015-16029)
Character encodings in Perl
--------------------------------------------------------------------------------
Update Information:
This release accepts UTF-16 encoding identifier and defaults to big endian
variant as dictated by Unicode 8.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1263486 - perl-Encode-2.77 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1263486
--------------------------------------------------------------------------------
================================================================================
perl-Net-SSH-Perl-1.39-1.fc23 (FEDORA-2015-16015)
SSH (Secure Shell) client
--------------------------------------------------------------------------------
Update Information:
Current upstream maintenance release.
--------------------------------------------------------------------------------
================================================================================
php-ZendFramework2-2.4.8-1.fc23 (FEDORA-2015-16033)
Zend Framework 2
--------------------------------------------------------------------------------
Update Information:
**Zend Framework 2.4.8** **Security Update** * **ZF2015-07**: The filesystem
storage adapter of Zend\Cache was creating directories with a liberal umask that
could lead to local arbitrary code execution and/or local privilege escalation.
This release contains a patch that ensures the directories are created using
permissions of 0775 and files using 0664 (essentially umask 0002). **Bug
fixed** from upstream [Changelog](http://framework.zend.com/changelog/2.4.8) *
validate against DateTimeImmutable instead of DateTimeInterface * treat 0.0 as
non-empty, restoring pre-2.4 behavior * deprecate "magic" logic for auto-
attaching NonEmpty validators in favor of explicit attachment * ensure fallback
values work as per pre-2.4 behavior * update the InputFilterInterface::add()
docblock to match implementations * Fix how missing optoinal fields are
validated to match pre 2.4.0 behavior * deprecate AllowEmpty and ContinueIfEmpty
annotations, per zend-inputfilter#26 * fix typos in aria attribute names of
AbstractHelper * fixes the ContentType header to properly handle encoded
parameter values * fixes the Sender header to allow mailbox addresses without
TLDs * fixes parsing of messages that contain an initial blank line before
headers * fixes the SetCookie header to allow multiline values (as they are
always encoded * fixes DefaultRenderingStrategy errors due to controllers
returning non-view model results
--------------------------------------------------------------------------------
================================================================================
reposurgeon-3.29-1.fc23 (FEDORA-2015-16009)
SCM Repository Manipulation Tool
--------------------------------------------------------------------------------
Update Information:
# 3.29: 2015-09-02 * Now included: git aliases that allow git to work with
action stamps. * **The new `repomapper` tool helps prepare contributor maps.** *
Use of branchify/branchify_map is now less likely to produce invalid resets. *
`branchify_map` has been changed to handle subdirectories better. `branchify_map
reset` actually works now. * Prevent a crash on empty SVN comments produced by
dumpfiltering. * `assign` command with no selection set or arguments lists
assignments. * New `--user-ignores` option on Subversion reads passes through
.gitignores. * `repotool initialize` now generates an easier-to-read conversion
makefile (Fedora: Used to be conversion.mk in /usr/share/doc/reposurgeon).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1259536 - reposurgeon-3.29 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1259536
--------------------------------------------------------------------------------
================================================================================
texstudio-2.10.0-1.fc23 (FEDORA-2015-15998)
A feature-rich editor for LaTeX documents
--------------------------------------------------------------------------------
Update Information:
- update to 2.10.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1262987 - [PATCH] ARM build of 2.10.0 fails
https://bugzilla.redhat.com/show_bug.cgi?id=1262987
--------------------------------------------------------------------------------
================================================================================
wayland-1.8.93-1.fc23 (FEDORA-2015-16028)
Wayland Compositor Infrastructure
--------------------------------------------------------------------------------
Update Information:
Wayland and Weston 1.8.93 releases. See http://lists.freedesktop.org/archives
/wayland-devel/2015-September/024226.html and
http://lists.freedesktop.org/archives/wayland-devel/2015-September/024227.html
for details.
--------------------------------------------------------------------------------
================================================================================
weston-1.8.93-1.fc23 (FEDORA-2015-16028)
Reference compositor for Wayland
--------------------------------------------------------------------------------
Update Information:
Wayland and Weston 1.8.93 releases. See http://lists.freedesktop.org/archives
/wayland-devel/2015-September/024226.html and
http://lists.freedesktop.org/archives/wayland-devel/2015-September/024227.html
for details.
--------------------------------------------------------------------------------
================================================================================
woffTools-0.1-0.10.684svn.fc23 (FEDORA-2015-15984)
Tool for manipulating and examining WOFF files
--------------------------------------------------------------------------------
Update Information:
Patch0 added, Release bumped
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1261384 - ImportError: No module named sstruct
https://bugzilla.redhat.com/show_bug.cgi?id=1261384
--------------------------------------------------------------------------------
================================================================================
wordpress-4.3.1-1.fc23 (FEDORA-2015-15983)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 4.3.1 Security and Maintenance Release** [Upstream
announcement](https://wordpress.org/news/2015/09/wordpress-4-3-1/): WordPress
4.3.1 is now available. This is a security release for all previous versions and
we strongly encourage you to update your sites immediately. This release
addresses three issues, including two cross-site scripting vulnerabilities and a
potential privilege escalation. * WordPress versions 4.3 and earlier are
vulnerable to a cross-site scripting vulnerability when processing shortcode
tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point. *
A separate cross-site scripting vulnerability was found in the user list table.
Reported by Ben Bidner of the WordPress security team. * Finally, in certain
cases, users without proper permissions could publish private posts and make
them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check
Point. WordPress 4.3.1 also fixes twenty-six bugs. For more information, see
the [release notes](https://codex.wordpress.org/Version_4.3.1) or consult the
[list of changes](https://core.trac.wordpress.org/log/branches/4.3/?rev=34199&st
op_rev=33647).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1263657 - CVE-2015-5714 CVE-2015-5715 wordpress: XSS and permission issue fixed in wordpress 4.3.1
https://bugzilla.redhat.com/show_bug.cgi?id=1263657
--------------------------------------------------------------------------------
================================================================================
xpra-0.15.6-1.fc23 (FEDORA-2015-16025)
Remote display server for applications and desktops
--------------------------------------------------------------------------------
Update Information:
This update fixes a critical bug with the Xdummy setup which allows local users
to access the virtual display used for the xpra sessions. xpra-0.15.6-1.fc21 -
Update to 0.15.6 xpra-0.15.6-1.fc22 - Update to 0.15.6 xpra-0.15.6-1.fc23
- Update to 0.15.6
--------------------------------------------------------------------------------
More information about the test
mailing list