The following Fedora 23 Security updates need testing:
Age URL
199
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23
156
https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe
miniupnpc-1.9-6.fc23
129
https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324
jbig2dec-0.12-2.fc23
80
https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1
python-pymongo-3.0.3-1.fc23
79
https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8
thttpd-2.25b-37.fc23
68
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554
xulrunner-44.0-1.fc23
45
https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4
mingw-nsis-2.50-1.fc23
27
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d7dafbf27f
python-tgcaptcha2-0.3.1-1.fc23
9
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b05672c54f
libmaxminddb-1.2.0-1.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b7f1f8e3bf
mercurial-3.5.2-1.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-de909cc333
xstream-1.4.9-1.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e5432ca977 xen-4.5.3-1.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b9368247d4
latex2rtf-2.3.10-1.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1cf1b49047 php-5.6.20-1.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-858277b967
fuse-encfs-1.8.1-1.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7e602c0e5e
kernel-4.4.6-301.fc23
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-35700c5956
python-pillow-3.0.0-4.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-73eb29f890
parallel-20160222-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f8eee2e628
imlib2-1.4.8-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b8f91621c7
optipng-0.7.6-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-dffdc981ff
squid-3.5.10-2.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e6e8436b98
qpid-proton-0.12.1-1.fc23
The following Fedora 23 Critical Path updates have yet to be approved:
Age URL
68
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554
xulrunner-44.0-1.fc23
11
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d8dbbc4b73
kde-settings-23-11.fc23.1
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6d6d4d8f8
ntfs-3g-2016.2.22-1.fc23 testdisk-7.0-7.fc23
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-86fd9bc8c4
pungi-4.0.11-1.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7e602c0e5e
kernel-4.4.6-301.fc23
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-dcddcc1f06
python-2.7.11-3.fc23 python-rpm-macros-3-7.fc23 python3-3.4.3-6.fc23
redhat-rpm-config-36-1.fc23.1
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f8eee2e628
imlib2-1.4.8-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5d2823c643
breeze-icon-theme-5.20.0-1.fc23 extra-cmake-modules-5.20.0-1.fc23
kactivitymanagerd-5.5.0-2.fc23 kf5-5.20.0-1.fc23 kf5-attica-5.20.0-1.fc23
kf5-baloo-5.20.0-1.fc23 kf5-bluez-qt-5.20.0-1.fc23 kf5-frameworkintegration-5.20.0-2.fc23
kf5-kactivities-5.20.0-2.fc23 kf5-kapidox-5.20.0-1.fc23 kf5-karchive-5.20.0-1.fc23
kf5-kauth-5.20.0-1.fc23 kf5-kbookmarks-5.20.0-1.fc23 kf5-kcmutils-5.20.0-1.fc23
kf5-kcodecs-5.20.0-1.fc23 kf5-kcompletion-5.20.0-1.fc23 kf5-kconfig-5.20.0-1.fc23
kf5-kconfigwidgets-5.20.0-1.fc23 kf5-kcoreaddons-5.20.0-1.fc23 kf5-kcrash-5.20.0-1.fc23
kf5-kdbusaddons-5.20.0-1.fc23 kf5-kdeclarative-5.20.0-1.fc23 kf5-kded-5.20.0-1.fc23
kf5-kdelibs4support-5.20.0-1.fc23 kf5-kdesignerplugin-5.20.0-1.fc23
kf5-kdesu-5.20.0-1.fc23 kf5-kdewebkit-5.20.0-1.fc23 kf5-kdnssd-5.20.0-1.fc23
kf5-kdoctools-5.20.0-1.fc23 kf5-kemoticons-5.20.0-1.fc23 kf5-kfilemetadata-5.20.0-1.fc23
kf5-kglobalaccel-5.20.0-1.fc23 kf5-kgu
iaddons-
5.20.0-1.fc23 kf5-khtml-5.20.0-1.fc23 kf5-ki18n-5.20.0-1.fc23
kf5-kiconthemes-5.20.0-1.fc23 kf5-kidletime-5.20.0-1.fc23 kf5-kimageformats-5.20.0-1.fc23
kf5-kinit-5.20.0-1.fc23 kf5-kio-5.20.0-1.fc23 kf5-kitemmodels-5.20.0-1.fc23
kf5-kitemviews-5.20.0-1.fc23 kf5-kjobwidgets-5.20.0-1.fc23 kf5-kjs-5.20.0-1.fc23
kf5-kjsembed-5.20.0-1.fc23 kf5-kmediaplayer-5.20.0-1.fc23 kf5-knewstuff-5.20.0-1.fc23
kf5-knotifications-5.20.0-2.fc23 kf5-knotifyconfig-5.20.0-1.fc23
kf5-kpackage-5.20.0-1.fc23 kf5-kparts-5.20.0-1.fc23 kf5-kpeople-5.20.0-1.fc23
kf5-kplotting-5.20.0-1.fc23 kf5-kpty-5.20.0-1.fc23 kf5-kross-5.20.0-1.fc23
kf5-krunner-5.20.0-1.fc23 kf5-kservice-5.20.0-1.fc23 kf5-ktexteditor-5.20.0-2.fc23
kf5-ktextwidgets-5.20.0-1.fc23 kf5-kunitconversion-5.20.0-1.fc23 kf5-kwallet-5.20.0-1.fc23
kf5-kwidgetsaddons-5.20.0-1.fc23 kf5-kwindowsystem-5.20.0-1.fc23 kf5-kxmlgui-5.20.0-1.fc23
kf5-kxmlrpcclient-5.20.0-1.fc23 kf5-modemmanager-qt-5.20.0-1.fc23
kf5-networkmanager-qt-5.20.0-1.fc23 kf5-plasm
a-5.20.0
-1.fc23 kf5-solid-5.20.0-1.fc23 kf5-sonnet-5.20.0-1.fc23 kf5-threadweaver-5.20.0-1.fc23
oxygen-icon-theme-5.20.0-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-823415a5de
webkitgtk3-2.4.10-2.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d1b501db15 krb5-1.14.1-5.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-9ebdb3d44e
elfutils-0.166-1.fc23
The following builds have been pushed to Fedora 23 updates-testing
borgbackup-1.0.0-1.fc23
composer-1.0.0-1.fc23
copr-dist-git-0.15-1.fc23
elfutils-0.166-1.fc23
glusterfs-3.7.10-1.fc23
gtkspell3-3.0.8-1.fc23
gtkspellmm30-3.0.4-2.fc23
hawaii-workspace-0.6.90-0.2.20160301git.fc23
krb5-1.14.1-5.fc23
libguestfs-1.32.4-1.fc23
libmediainfo-0.7.84-1.fc23
liferea-1.10.19-1.fc23
mediainfo-0.7.84-1.fc23
mingw-gtkspell3-3.0.8-1.fc23
mingw-gtkspellmm30-3.0.4-2.fc23
optipng-0.7.6-1.fc23
ovirt-guest-agent-1.0.11-3.fc23
php-PHP-CSS-Parser-7.0.2-1.fc23
php-horde-Horde-Auth-2.1.12-1.fc23
php-horde-Horde-Crypt-2.7.3-1.fc23
php-horde-Horde-Css-Parser-1.0.9-1.fc23
php-horde-Horde-Dav-1.1.3-1.fc23
php-horde-Horde-Kolab-Storage-2.2.2-1.fc23
php-horde-Horde-ListHeaders-1.2.4-1.fc23
php-horde-Horde-Log-2.2.0-1.fc23
php-horde-Horde-Nls-2.2.0-1.fc23
php-horde-Horde-SyncMl-2.0.7-1.fc23
php-horde-imp-6.2.14-1.fc23
php-horde-ingo-3.2.10-1.fc23
php-horde-nag-4.2.9-1.fc23
php-horde-turba-4.2.14-1.fc23
php-paragonie-random-compat-1.4.1-1.fc23
php-symfony-2.7.11-2.fc23
python-pygraphviz-1.3-3.rc2.fc23
qpid-proton-0.12.1-1.fc23
rubygem-github-linguist-4.8.2-2.fc23
rubygem-qpid_proton-0.12.0-2.fc23
runc-0.0.9-0.2.git94dc520.fc23
squid-3.5.10-2.fc23
sysreporter-3.0.3-1.fc23
ugene-1.22.0-1.fc23
webkitgtk-2.4.10-2.fc23
webkitgtk3-2.4.10-2.fc23
Details about builds:
================================================================================
borgbackup-1.0.0-1.fc23 (FEDORA-2016-bd1515f44d)
A deduplicating backup program (attic fork)
--------------------------------------------------------------------------------
Update Information:
Upstream version 1.0.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1287837 - Review Request: borgbackup - A deduplicating backup program
https://bugzilla.redhat.com/show_bug.cgi?id=1287837
--------------------------------------------------------------------------------
================================================================================
composer-1.0.0-1.fc23 (FEDORA-2016-05f1dc7baa)
Dependency Manager for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 1.0.0** * Added support for bitbucket-oauth configuration *
Added warning when running composer as super user, set
COMPOSER_ALLOW_SUPERUSER=1 to hide the warning if you really must * Added
PluginManager::getGlobalComposer getter to retrieve the global instance (which
can be null!) * Fixed dependency solver error reporting in many cases it now
shows you proper errors instead of just saying a package does not exist *
Fixed output of failed downloads appearing as 100% done instead of Failed *
Fixed handling of empty directories when archiving, they are not skipped anymore
* Fixed installation of broken plugins corrupting the vendor state when
combined with symlinked path repositories ---- **Version 1.0.0-beta2** *
Break: The install command now turns into an update command automatically if you
have no composer.lock. This was done only half-way before which caused
inconsistencies * Break: By default the remove command now removes
dependencies as well, and --update-with-dependencies is deprecated. Use --no-
update-with-dependencies to get old behavior * Added support for SSL_CERT_DIR
env var and openssl.capath ini value * Added some conflict detection in why-
not command * Added suggestion of root package's suggests in create-project
command * Fixed create-project ignoring --ignore-platform-reqs when choosing
a version of the package * Fixed search command in a directory without
composer.json * Fixed path repository handling of symlinks on windows *
Fixed PEAR repo handling to prefer HTTPS mirrors over HTTP ones * Fixed
handling of Path env var on Windows, only PATH was accepted before * Small
error reporting and docs improvements
--------------------------------------------------------------------------------
================================================================================
copr-dist-git-0.15-1.fc23 (FEDORA-2016-49331c598d)
Copr services for Dist Git server
--------------------------------------------------------------------------------
Update Information:
new package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1318358 - Review Request: copr-dist-git - Copr services for Dist Git server
https://bugzilla.redhat.com/show_bug.cgi?id=1318358
--------------------------------------------------------------------------------
================================================================================
elfutils-0.166-1.fc23 (FEDORA-2016-9ebdb3d44e)
A collection of utilities and DSOs to handle compiled objects
--------------------------------------------------------------------------------
Update Information:
Upgrade to elfutils-0.166. Various bug fixes. ppc32 and sparc32 build/testsuite
fixes, better support for non-linux (kfreebsd/hurd), build fixes for older glibc
without ELF compression types, a fix for over-adjusting alignment of NOBITS
sections, bug fixes for issues found by gcc6, recognize some Go and ARM ELF
notes, addition of new i386/x86_64 relocation types and elfcompress -q would
erroneously imply --force.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1295951 - Unsupported/confusing golang notes
https://bugzilla.redhat.com/show_bug.cgi?id=1295951
[ 2 ] Bug #1285613 - Missing NT_ARM_SYSTEM_CALL
https://bugzilla.redhat.com/show_bug.cgi?id=1285613
--------------------------------------------------------------------------------
================================================================================
glusterfs-3.7.10-1.fc23 (FEDORA-2016-6bb9cfbdbd)
Distributed File System
--------------------------------------------------------------------------------
Update Information:
GlusterFS 3.7.10 GA
--------------------------------------------------------------------------------
================================================================================
gtkspell3-3.0.8-1.fc23 (FEDORA-2016-3c6431e054)
On-the-fly spell checking for GtkTextView widgets
--------------------------------------------------------------------------------
Update Information:
Update to version 3.0.8, see
http://gtkspell.sourceforge.net/ChangeLog for
details.
--------------------------------------------------------------------------------
================================================================================
gtkspellmm30-3.0.4-2.fc23 (FEDORA-2016-77fb11e5ed)
On-the-fly spell checking for GtkTextView widgets - C++ bindings
--------------------------------------------------------------------------------
Update Information:
Update to version 3.0.4, see
http://gtkspell.sourceforge.net/NEWS for details.
--------------------------------------------------------------------------------
================================================================================
hawaii-workspace-0.6.90-0.2.20160301git.fc23 (FEDORA-2016-79a9092639)
Hawaii workspace, applications and plugins
--------------------------------------------------------------------------------
Update Information:
Fix Hawaii applications menu that was showing only the Internet category.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1323498 - menu
https://bugzilla.redhat.com/show_bug.cgi?id=1323498
--------------------------------------------------------------------------------
================================================================================
krb5-1.14.1-5.fc23 (FEDORA-2016-d1b501db15)
The Kerberos network authentication system
--------------------------------------------------------------------------------
Update Information:
Add support for pre-send and post-receive KDC hooks. Includes tests.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1321135 - Please add the new pre send and post receive hooks to libkrb5
https://bugzilla.redhat.com/show_bug.cgi?id=1321135
--------------------------------------------------------------------------------
================================================================================
libguestfs-1.32.4-1.fc23 (FEDORA-2016-4114ba2de9)
Access and modify virtual machine disk images
--------------------------------------------------------------------------------
Update Information:
New upstream version 1.32.4.
--------------------------------------------------------------------------------
================================================================================
libmediainfo-0.7.84-1.fc23 (FEDORA-2016-d21301f720)
Library for supplies technical and tag information about a video or audio file
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.84.
--------------------------------------------------------------------------------
================================================================================
liferea-1.10.19-1.fc23 (FEDORA-2016-7e4883a46c)
An RSS/RDF feed reader
--------------------------------------------------------------------------------
Update Information:
This update updates liferea to 1.10.19 * it fixes compilation problems in
the 1.10.18 release * it also fixes a problem with updating favicons
--------------------------------------------------------------------------------
================================================================================
mediainfo-0.7.84-1.fc23 (FEDORA-2016-d21301f720)
Supplies technical and tag information about a video or audio file (CLI)
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.84.
--------------------------------------------------------------------------------
================================================================================
mingw-gtkspell3-3.0.8-1.fc23 (FEDORA-2016-0c297dbf90)
MinGW Windows GtkSpell3 library
--------------------------------------------------------------------------------
Update Information:
Update to version 3.0.8, see
http://gtkspell.sourceforge.net/ChangeLog for
details.
--------------------------------------------------------------------------------
================================================================================
mingw-gtkspellmm30-3.0.4-2.fc23 (FEDORA-2016-782e22720a)
MinGW Windows GtkSpellmm library
--------------------------------------------------------------------------------
Update Information:
Update to version 3.0.4, see
http://gtkspell.sourceforge.net/NEWS for details.
--------------------------------------------------------------------------------
================================================================================
optipng-0.7.6-1.fc23 (FEDORA-2016-b8f91621c7)
PNG optimizer and converter
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.6, security fix for CVE-2016-2191
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1308550 - CVE-2016-2191 optipng: Invalid write while processing delta escapes
without any boundary checking
https://bugzilla.redhat.com/show_bug.cgi?id=1308550
--------------------------------------------------------------------------------
================================================================================
ovirt-guest-agent-1.0.11-3.fc23 (FEDORA-2016-784c26e928)
The oVirt Guest Agent
--------------------------------------------------------------------------------
Update Information:
Bump to ovirt guest agent 1.0.11.3 release (ovirt 3.6.5)
--------------------------------------------------------------------------------
================================================================================
php-PHP-CSS-Parser-7.0.2-1.fc23 (FEDORA-2016-5fbdaff8d0)
A Parser for CSS Files
--------------------------------------------------------------------------------
Update Information:
**Horde_Css_Parser 1.0.9** * [jan] Update to PHP-CSS-Parser 7.0.2 (Request
#14297). --- **PHP-CSS-Parser 7.0.2** * Compatibility with PHP 7.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Auth-2.1.12-1.fc23 (FEDORA-2016-608ec9badd)
Horde Authentication API
--------------------------------------------------------------------------------
Update Information:
**Horde_Auth 2.1.12** * [mjr] Fix creating/removing mailbox in cyrsql driver
(Bug #14295, federico.mennite).
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Crypt-2.7.3-1.fc23 (FEDORA-2016-09a35f6ba2)
Horde Cryptography API
--------------------------------------------------------------------------------
Update Information:
**Horde_Crypt 2.7.3** * [jan] Work around broken PGP key servers.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Css-Parser-1.0.9-1.fc23 (FEDORA-2016-5fbdaff8d0)
Horde CSS Parser
--------------------------------------------------------------------------------
Update Information:
**Horde_Css_Parser 1.0.9** * [jan] Update to PHP-CSS-Parser 7.0.2 (Request
#14297). --- **PHP-CSS-Parser 7.0.2** * Compatibility with PHP 7.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Dav-1.1.3-1.fc23 (FEDORA-2016-e0c5bae4b9)
Horde library for WebDAV, CalDAV, CardDAV
--------------------------------------------------------------------------------
Update Information:
**Horde_Dav 1.1.3** * [jan] Fix down migration of database schema.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Kolab-Storage-2.2.2-1.fc23 (FEDORA-2016-90d8ac0592)
A package for handling Kolab data stored on an IMAP server
--------------------------------------------------------------------------------
Update Information:
**Horde_Kolab_Storage 2.2.2** * [jan] Update Greek translation (Limperis
Antonis).
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-ListHeaders-1.2.4-1.fc23 (FEDORA-2016-aa9ac235af)
Horde List Headers Parsing Library
--------------------------------------------------------------------------------
Update Information:
**Horde_ListHeaders 1.2.4** * [jan] Add Greek translation (Limperis Antonis).
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Log-2.2.0-1.fc23 (FEDORA-2016-049279e6be)
Horde Logging library
--------------------------------------------------------------------------------
Update Information:
**Horde_Log 2.2.0** * [jan] Add a few common aliases for the log level
constants. * [jan] Allow to have multiple log level names with the same value.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Nls-2.2.0-1.fc23 (FEDORA-2016-29380da66f)
Native Language Support (NLS)
--------------------------------------------------------------------------------
Update Information:
**Horde_Nls 2.2.0** * [jan] Add Horde_Nls::getTimezonesWithAbbreviations(). *
[jan] Update Greek translation (Limperis Antonis).
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-SyncMl-2.0.7-1.fc23 (FEDORA-2016-79883fce7c)
Horde_SyncMl provides an API for processing SyncML requests
--------------------------------------------------------------------------------
Update Information:
**Horde_SyncMl 2.0.7** * [jan] Update Greek translation (Limperis Antonis).
--------------------------------------------------------------------------------
================================================================================
php-horde-imp-6.2.14-1.fc23 (FEDORA-2016-2b0327fa11)
A web based webmail system
--------------------------------------------------------------------------------
Update Information:
**imp 6.2.14** * [mjr] Fix renaming subfolders in basic view (Bug #14254). *
[mjr] Fix display of mailbox sizes in basic view (Bug #14308). * [mjr] Fix fatal
error when deleting messages in basic view when IMAP server does not support
QRESYNC or CONDSTORE (Bug #14257).
--------------------------------------------------------------------------------
================================================================================
php-horde-ingo-3.2.10-1.fc23 (FEDORA-2016-86ab5143f5)
An email filter rules manager
--------------------------------------------------------------------------------
Update Information:
**ingo 3.2.10** * [jan] Don't duplicate messages in Procmail's vacation recipe
if excluding email addresses (Michael.Martin, Bug #14275). * [jan] Remove stop-
script feature from Procmail driver.
--------------------------------------------------------------------------------
================================================================================
php-horde-nag-4.2.9-1.fc23 (FEDORA-2016-384ea23b13)
A web based task list manager
--------------------------------------------------------------------------------
Update Information:
**nag 4.2.9** * [jan] Fix regression with date picker in tasks form (Bug
#14303). * [mjr] Fix handling EAS categories/tags.
--------------------------------------------------------------------------------
================================================================================
php-horde-turba-4.2.14-1.fc23 (FEDORA-2016-378eaae4f2)
A web based address book
--------------------------------------------------------------------------------
Update Information:
**turba 4.2.14** * [mjr] Fix persisting tags when moving or copying a contact
to another address book (Bug #14312). * [mjr] Fix resetting state when changing
sync_book prefs and device has forced multiplex. * [mjr] Fix synchronizing
contact notes via ActiveSync when no truncation value is requested by the client
(Bug #14307).
--------------------------------------------------------------------------------
================================================================================
php-paragonie-random-compat-1.4.1-1.fc23 (FEDORA-2016-83857c234f)
PHP 5.x polyfill for random_bytes() and random_int() from PHP 7
--------------------------------------------------------------------------------
Update Information:
### Version 1.4.1 - 2016-03-18 * Update comment in random.php ### Version
1.4.0 - 2016-03-18 * Restored OpenSSL in the version 1 branch in preparation to
remove OpenSSL in version 2. ### Version 1.3.1/1.2.3 - 2016-03-18 * Add more
possible values to `open_baseir` check. ### Version 1.3.0 - 2016-03-17 *
Removed `openssl_random_pseudo_bytes()` entirely. If you are using
random_compat in PHP on a Unix-like OS but cannot access `/dev/urandom`,
version 1.3+ will throw an `Exception`. If you want to trust OpenSSL, feel
free to write your own fallback code. e.g. ``` try { $bytes =
random_bytes(32); } catch (Exception $ex) { $strong = false;
$bytes = openssl_random_pseudo_bytes(32, $strong); if (!$strong) {
throw $ex; } } ```
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1318836 - php-paragonie-random-compat-2.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1318836
--------------------------------------------------------------------------------
================================================================================
php-symfony-2.7.11-2.fc23 (FEDORA-2016-ab4f4ade00)
PHP framework for web projects
--------------------------------------------------------------------------------
Update Information:
**Version 2.7.11** (2016-03-25) * bug #18255 [HttpFoundation] Fix support of
custom mime types with parameters (Ener-Getick) * bug #18272 [Bridge\PhpUnit]
Workaround old phpunit bug, no colors in weak mode, add tests (nicolas-grekas)
* bug #18259 [PropertyAccess] Backport fixes from 2.7 (nicolas-grekas) * bug
#18261 [PropertyAccess] Fix isPropertyWritable not using the reflection cache
(nicolas-grekas) * bug #18224 [PropertyAccess] Remove most ref mismatches to
improve perf (nicolas-grekas) * bug #18210 [PropertyAccess] Throw an
UnexpectedTypeException when the type do not match (dunglas, nicolas-grekas) *
bug #18216 [Intl] Fix invalid numeric literal on PHP 7 (nicolas-grekas) * bug
#18147 [Validator] EmailValidator cannot extract hostname if email contains
multiple @ symbols (natechicago) * bug #18023 [Process] getIncrementalOutput
should work without calling getOutput (romainneutron) * bug #18175
[Translation] Add support for fuzzy tags in PoFileLoader (nud) * bug #18179
[Form] Fix NumberToLocalizedStringTransformer::reverseTransform with big
integers (ovrflo, nicolas-grekas) * bug #18164 [HttpKernel] set s-maxage only
if all responses are cacheable (xabbuh) * bug #18150 [Process] Wait a bit less
on Windows (nicolas-grekas) * bug #18130 [Debug] Replaced logic for detecting
filesystem case sensitivity (Dan Blows) * bug #18080 [HttpFoundation] Set the
Content-Range header if the requested Range is unsatisfied (jakzal) * bug
#18084 [HttpFoundation] Avoid warnings when checking malicious IPs (jakzal) *
bug #18066 [Process] Fix pipes handling (nicolas-grekas) * bug #18078 [Console]
Fix an autocompletion question helper issue with non-sequentially indexed
choices (jakzal) * bug #18048 [HttpKernel] Fix mem usage when stripping the
prod container (nicolas-grekas) * bug #18065 [Finder] Partially revert #17134
to fix a regression (jakzal) * bug #18018 [HttpFoundation] exception when
registering bags for started sessions (xabbuh) * bug #18054 [Filesystem] Fix
false positive in ->remove() (nicolas-grekas) * bug #18049 [Validator] Fix the
locale validator so it treats a locale alias as a valid locale (jakzal) * bug
#18019 [Intl] Update ICU to version 55 (jakzal) * bug #18015 [Process] Fix
memory issue when using large input streams (romainneutron) * bug #16656
[HttpFoundation] automatically generate safe fallback filename (xabbuh) * bug
#15794 [Console] default to stderr in the console helpers (alcohol) * bug
#17984 Allow to normalize \Traversable when serializing xml (Ener-Getick) * bug
#17434 Improved the error message when a template is not found (rvanginneken,
javiereguiluz) * bug #17687 Improved the error message when using "@" in a
decorated service (javiereguiluz) * bug #17744 Improve error reporting in
router panel of web profiler (javiereguiluz) * bug #17894 [FrameworkBundle] Fix
a regression in handling absolute template paths (jakzal) * bug #17990
[DoctrineBridge][Form] Fix performance regression in EntityType (kimlai) * bug
#17595 [HttpKernel] Remove _path from query parameters when fragment is a
subrequest (cmenning) * bug #17986 [DomCrawler] Dont use LIBXML_PARSEHUGE by
default (nicolas-grekas) * bug #17668 add 'guid' to list of exception to filter
out (garak) * bug #17615 Ensure backend slashes for symlinks on Windows systems
(cpsitgmbh) * bug #17626 Try to delete broken symlinks (IchHabRecht) * bug
#17978 [Yaml] ensure dump indentation to be greather than zero (xabbuh) * bug
#16886 [Form] [ChoiceType] Prefer placeholder to empty_value (boite) * bug
#17976 [WebProfilerBundle] fix debug toolbar rendering by removing inadvertently
added links (craue) * bug #17971 Variadic controller params (NiR-, fabpot) *
bug #17568 Improved Bootstrap form theme for hidden fields (javiereguiluz) *
bug #17925 [Bridge] The WebProcessor now forwards the client IP (magnetik)
--------------------------------------------------------------------------------
================================================================================
python-pygraphviz-1.3-3.rc2.fc23 (FEDORA-2016-539f429b52)
Create and Manipulate Graphs and Networks
--------------------------------------------------------------------------------
Update Information:
* Rename python2 subpackage to python2-pygraphviz. * Fix Requires.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1324237 - python3-pygraphviz depends on Python 2
https://bugzilla.redhat.com/show_bug.cgi?id=1324237
--------------------------------------------------------------------------------
================================================================================
qpid-proton-0.12.1-1.fc23 (FEDORA-2016-e6e8436b98)
A high performance, lightweight messaging library
--------------------------------------------------------------------------------
Update Information:
Rebased to 0.12.1.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1320843 - CVE-2016-2166 qpid-proton: reactor sends messages in clear if ssl
is requested but not available [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1320843
--------------------------------------------------------------------------------
================================================================================
rubygem-github-linguist-4.8.2-2.fc23 (FEDORA-2016-b978faee31)
GitHub Language detection
--------------------------------------------------------------------------------
Update Information:
New upstream bug-fix release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1322182 - rubygem-github-linguist-v4.8.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1322182
--------------------------------------------------------------------------------
================================================================================
rubygem-qpid_proton-0.12.0-2.fc23 (FEDORA-2016-52e2e03511)
Ruby language bindings for the Qpid Proton messaging framework
--------------------------------------------------------------------------------
Update Information:
Revised dependencies.
--------------------------------------------------------------------------------
================================================================================
runc-0.0.9-0.2.git94dc520.fc23 (FEDORA-2016-82665d7a6c)
CLI for running Open Containers
--------------------------------------------------------------------------------
Update Information:
Rebase to 0.0.9
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1290943 - runc-v0.0.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1290943
--------------------------------------------------------------------------------
================================================================================
squid-3.5.10-2.fc23 (FEDORA-2016-dffdc981ff)
The Squid proxy caching server
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-3947 and CVE-2016-3948 ---- Security fix for
CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1323594 - CVE-2016-3948 squid: denial of service issue in HTTP response
processing
https://bugzilla.redhat.com/show_bug.cgi?id=1323594
[ 2 ] Bug #1323590 - CVE-2016-3947 squid: buffer overrun in Squid proxy pinger
https://bugzilla.redhat.com/show_bug.cgi?id=1323590
--------------------------------------------------------------------------------
================================================================================
sysreporter-3.0.3-1.fc23 (FEDORA-2016-92d50eb056)
Basic system reporter with emailing
--------------------------------------------------------------------------------
Update Information:
Update to 3.0.3
--------------------------------------------------------------------------------
================================================================================
ugene-1.22.0-1.fc23 (FEDORA-2016-cfe3ddde5b)
Integrated bioinformatics toolkit
--------------------------------------------------------------------------------
Update Information:
Major changes in this release include: In silico PCR: Degenerate primers were
supported. Sequence View: Annotations editing was improved. Configuration of
translation frames visibility was simplified. NGS: Extracting of an assembly
region in BAM/SAM/UGENE database formats was supported.
--------------------------------------------------------------------------------
================================================================================
webkitgtk-2.4.10-2.fc23 (FEDORA-2016-12ec741b0f)
GTK+ Web content engine library
--------------------------------------------------------------------------------
Update Information:
This update fixes a regression causing various crashes in various WebKitGTK+
consumers.
--------------------------------------------------------------------------------
================================================================================
webkitgtk3-2.4.10-2.fc23 (FEDORA-2016-823415a5de)
GTK+ Web content engine library
--------------------------------------------------------------------------------
Update Information:
This update fixes a regression causing various crashes in Evolution and other
WebKitGTK+ consumers.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1321722 - [abrt] evolution: WTF::StringImpl::startsWith(): SIGSEGV with
webkitgtk3-2.4.10
https://bugzilla.redhat.com/show_bug.cgi?id=1321722
--------------------------------------------------------------------------------