The following Fedora 23 Security updates need testing:
Age URL
278
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23
236
https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe
miniupnpc-1.9-6.fc23
209
https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324
jbig2dec-0.12-2.fc23
159
https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1
python-pymongo-3.0.3-1.fc23
159
https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8
thttpd-2.25b-37.fc23
124
https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4
mingw-nsis-2.50-1.fc23
43
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3b9407940
squid-3.5.10-4.fc23
21
https://bodhi.fedoraproject.org/updates/FEDORA-2016-89e0874533
ntp-4.2.6p5-41.fc23
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3a05803486
drupal7-7.44-1.fc23
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2a66f41200
xguest-1.0.10-33.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-031aa4a6b6
python3-3.4.3-8.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f8a01aa629
squidGuard-1.4-26.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f2493c754a
setroubleshoot-3.3.9.1-1.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e538b11379
python-django-horizon-2015.1.4-1.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a5e392ef01
wordpress-4.5.3-1.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-21bd6a33af
struts-1.3.10-18.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b68f69b086
setroubleshoot-plugins-3.3.5.1-1.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-73853a7a16 qemu-2.4.1-11.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-34a6b65583 php-5.6.23-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4f3c77ef90
php-pecl-zip-1.13.3-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-9df3915036
phpMyAdmin-4.6.3-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0b966047e1 krb5-1.14.1-7.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d126bb1b74 gd-2.1.1-7.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3093027736
mediawiki-1.26.3-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-fcccb0a547
nodejs-0.10.46-1.fc23
The following Fedora 23 Critical Path updates have yet to be approved:
Age URL
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-28873e4832
vim-7.4.1868-1.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-fad11727bf
PackageKit-1.1.1-2.fc23 appstream-data-23-11.fc23 fwupd-0.7.1-1.fc23
gnome-software-3.20.3-1.fc23.1 json-glib-1.2.0-1.fc23 libappstream-glib-0.5.14-1.fc23
libgusb-0.2.9-1.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c9c2badcb
selinux-policy-3.13.1-158.20.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e9bc854cca texinfo-6.0-3.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-641487b5a4
hwdata-0.290-1.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-001588074b
libfm-1.2.4-4.D20160618gitb22c0995e7.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-06b36c0134
lxsession-0.5.2-10.D20160417git9f8d613332.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7722e39e8c
mesa-11.1.0-4.20151218.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f637b89dda
samba-4.3.10-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4f6589e252 audit-2.6-3.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d126bb1b74 gd-2.1.1-7.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6fc93cb14c
findutils-4.5.16-4.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0b966047e1 krb5-1.14.1-7.fc23
The following builds have been pushed to Fedora 23 updates-testing
ansible-lint-3.0.1-2.fc23
arc-gui-clients-0.4.6-9.fc23
cairo-dock-plug-ins-3.4.1-8.fc23
ding-libs-0.6.0-29.fc23
findutils-4.5.16-4.fc23
fox-1.6.51-1.fc23
gd-2.1.1-7.fc23
guayadeque-0.4.1-0.11.beta1git1bc65f9.fc23
java-1.8.0-openjdk-1.8.0.92-4.b14.fc23
krb5-1.14.1-7.fc23
latex2rtf-2.3.11-1.fc23
libvirt-1.2.18.3-2.fc23
mediawiki-1.26.3-1.fc23
microcode_ctl-2.1-12.fc23
nodejs-0.10.46-1.fc23
osgearth-2.7-10.fc23
perl-generators-1.06-2.fc23
phpMyAdmin-4.6.3-1.fc23
qgit-2.6-1.fc23
rpmdevtools-8.7-1.fc23
rubygem-byebug-9.0.5-1.fc23
rubygem-hoe-3.15.1-1.fc23
rubygem-test-unit-3.2.0-100.fc23
safekeep-1.4.3-1.fc23
tracker-1.6.1-2.fc23
vex-0.0.18-1.fc23
xcircuit-3.9.48-2.fc23
yamllint-1.2.2-1.fc23
Details about builds:
================================================================================
ansible-lint-3.0.1-2.fc23 (FEDORA-2016-5bc4134f5e)
Best practices checker for Ansible
--------------------------------------------------------------------------------
Update Information:
Fixed typo in previous changelog entry ---- Update to 3.0.0 release
--------------------------------------------------------------------------------
================================================================================
arc-gui-clients-0.4.6-9.fc23 (FEDORA-2016-c3df38b60c)
ARC Graphical Clients
--------------------------------------------------------------------------------
Update Information:
Adapt to ARC 5.1
--------------------------------------------------------------------------------
================================================================================
cairo-dock-plug-ins-3.4.1-8.fc23 (FEDORA-2016-6f0f99eaab)
Plug-ins files for Cairo-Dock
--------------------------------------------------------------------------------
Update Information:
Currently weather forcast plugin does not work becase the URL where the
information is retrieved changed. This new rpm applies the upstream patch to
make weather plugin work again.
--------------------------------------------------------------------------------
================================================================================
ding-libs-0.6.0-29.fc23 (FEDORA-2016-6ebcf1d210)
"Ding is not GLib" assorted utility libraries
--------------------------------------------------------------------------------
Update Information:
New upstream release (0.6.0) is backward compatible (only adds new functions).
--------------------------------------------------------------------------------
================================================================================
findutils-4.5.16-4.fc23 (FEDORA-2016-6fc93cb14c)
The GNU versions of find utilities (find and xargs)
--------------------------------------------------------------------------------
Update Information:
- disable leaf optimization for NFS (#1299169)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1299169 - [abrt] find explicitly aborts suspiciously enumerating nfs-ganesha
NFS mount
https://bugzilla.redhat.com/show_bug.cgi?id=1299169
--------------------------------------------------------------------------------
================================================================================
fox-1.6.51-1.fc23 (FEDORA-2016-188a3cc291)
C++ based Toolkit for developing Graphical User Interfaces
--------------------------------------------------------------------------------
Update Information:
New version 1.6.51 is released.
--------------------------------------------------------------------------------
================================================================================
gd-2.1.1-7.fc23 (FEDORA-2016-d126bb1b74)
A graphics library for quick creation of PNG or JPEG images
--------------------------------------------------------------------------------
Update Information:
Fix for stack overflow with gdImageFillToBorder (CVE-2015-8874)
--------------------------------------------------------------------------------
================================================================================
guayadeque-0.4.1-0.11.beta1git1bc65f9.fc23 (FEDORA-2016-38b282845a)
Music player
--------------------------------------------------------------------------------
Update Information:
- Update to 0.4.1-0.11.beta1git1bc65f9 - Added BR libappstream-glib - Added
appdata.xml file - Spec file cleanup ---- Update to 0.4.1-0.10.beta1git2420c01
---- - Dropped Provides: bundled(wxcurl) = wxcurl_version wxcurl was replaced
by libcurl library directly - Update to 0.4.1-0.9.beta1gitf6b11ba ---- * Wed
Jun 08 2016 Martin Gansser <martinkg(a)fedoraproject.org> -
0.4.1-0.8.beta1gitce1ab15 - Update to 0.4.1-0.8.beta1gitce1ab15 * Sun Jun 05
2016 Martin Gansser <martinkg(a)fedoraproject.org> - 0.4.1-0.7.beta1git79b6383 -
Documented licensing breakdown - Added Provides: bundled(wxcurl) =
wxcurl_version * Sat Jun 04 2016 Martin Gansser <martinkg(a)fedoraproject.org> -
0.4.1-0.6.beta1git79b6383 - Update to 0.4.1-0.6.beta1git79b6383 - Added
wxWidgets to License tag - Added %%dir %%{_datadir}/%%{name} because it's owned
by the package - modified macro for l10n subpackage * Mon May 30 2016 Martin
Gansser <martinkg(a)fedoraproject.org> - 0.4.1-0.5.beta1git26eaf8d - Update to
0.4.1-0.5.beta1git26eaf8d * Wed May 25 2016 Martin Gansser
<martinkg(a)fedoraproject.org> - 0.4.1-0.4.beta1git13013ff - Update to
0.4.1-0.4.beta1git13013ff - Split locales into a l10n subpackage * Sun May 22
2016 Martin Gansser <martinkg(a)fedoraproject.org> - 0.4.1-0.3.beta1git35561f6 -
Update to 0.4.1-0.3.beta1git35561f6 - Dropped BR subversion-devel - Removed
Group tag, it's obsolete - Addes %%{name}-desktop.patch - Dropped
-DCMAKE_INSTALL_PREFIX='%%{_prefix}' because it's already in %%cmake macro -
Changed -DCMAKE_BUILD_TYPE='Release' to -DCMAKE_BUILD_TYPE='Debug' * Sun
May 22
2016 Martin Gansser <martinkg(a)fedoraproject.org> - 0.4.1-0.2.beta1gitd2c0281 -
Update to 0.4.1-0.2.beta1gitd2c0281 - Mark license files as %%license where
available - Cleanup spec file * Sat May 21 2016 Martin Gansser
<martinkg(a)fedoraproject.org> - 0.4.1-0.1.beta1git65f759c - Update to
0.4.1-0.1.beta1git65f759c
--------------------------------------------------------------------------------
================================================================================
java-1.8.0-openjdk-1.8.0.92-4.b14.fc23 (FEDORA-2016-26fc52d0a1)
OpenJDK Runtime Environment
--------------------------------------------------------------------------------
Update Information:
family restricted by arch - note this may = in rare cases of multiple jdks
instaled and non standart selcted to reset of alternatives.
--------------------------------------------------------------------------------
================================================================================
krb5-1.14.1-7.fc23 (FEDORA-2016-0b966047e1)
The Kerberos network authentication system
--------------------------------------------------------------------------------
Update Information:
Fix length check for recv() in libkrad
--------------------------------------------------------------------------------
================================================================================
latex2rtf-2.3.11-1.fc23 (FEDORA-2016-41784bbe16)
LaTeX to RTF converter that handles equations, figures, and cross-references
--------------------------------------------------------------------------------
Update Information:
Update to 2.3.11
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1346517 - latex2rtf-2.3.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1346517
--------------------------------------------------------------------------------
================================================================================
libvirt-1.2.18.3-2.fc23 (FEDORA-2016-1453ac5f30)
Library providing a simple virtualization API
--------------------------------------------------------------------------------
Update Information:
* Advertise fedora edk2 firmware builds to apps (bz #1335395)
--------------------------------------------------------------------------------
================================================================================
mediawiki-1.26.3-1.fc23 (FEDORA-2016-3093027736)
A wiki engine
--------------------------------------------------------------------------------
Update Information:
https://www.mediawiki.org/wiki/Release_notes/1.26#MediaWiki_1.26.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1338413 - mediawiki-1.26.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1338413
[ 2 ] Bug #1338658 - mediawiki: Multiple vulnerabilities fixed in 1.26.3, 1.25.6 and
1.23.14 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1338658
--------------------------------------------------------------------------------
================================================================================
microcode_ctl-2.1-12.fc23 (FEDORA-2016-d2ea0d3ae6)
Tool to transform and deploy CPU microcode update for x86
--------------------------------------------------------------------------------
Update Information:
Update to upstream 2.1-9. 20160607
--------------------------------------------------------------------------------
================================================================================
nodejs-0.10.46-1.fc23 (FEDORA-2016-fcccb0a547)
JavaScript runtime
--------------------------------------------------------------------------------
Update Information:
Update to 0.10.46(security fix)
--------------------------------------------------------------------------------
================================================================================
osgearth-2.7-10.fc23 (FEDORA-2016-372290ad62)
Dynamic map generation toolkit for OpenSceneGraph
--------------------------------------------------------------------------------
Update Information:
This update backports a patch to increase the performance of the GDAL driver
when building heightfields, see
https://github.com/gwaldron/osgearth/pull/744.
--------------------------------------------------------------------------------
================================================================================
perl-generators-1.06-2.fc23 (FEDORA-2016-7744d5c531)
RPM Perl dependencies generators
--------------------------------------------------------------------------------
Update Information:
Fixed regression in parsing of heredoc
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-4.6.3-1.fc23 (FEDORA-2016-9df3915036)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.6.3 (2016-06-23) ============================= This version
includes many security fixes that are announced as PMASA-2016-17 through
PMASA-2016-28 which are posted at
https://www.phpmyadmin.net/security/
Furthermore, version 4.6.3 includes the regularly scheduled maintenance
improvements and bug fixes. In addition to bugs affecting particular version
combinations, some of the other bugs fixed include: * Fixing cookie path on
Windows * Fix MySQL SSL connections with some PHP versions * Fix listing of
routines for non-privileged user As well as several more. Complete details are
available in the ChangeLog.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1349500 - CVE-2016-5701 CVE-2016-5702 CVE-2016-5703 CVE-2016-5704
CVE-2016-5705 CVE-2016-5706 CVE-2016-5730 CVE-2016-5731 CVE-2016-5732 CVE-2016-5733
CVE-2016-5734 CVE-2016-5739 phpMyAdmin: 4.6.3, 4.4.15.7 and 4.0.10.16 security releases
https://bugzilla.redhat.com/show_bug.cgi?id=1349500
--------------------------------------------------------------------------------
================================================================================
qgit-2.6-1.fc23 (FEDORA-2016-52f9e7699b)
GUI browser for git repositories
--------------------------------------------------------------------------------
Update Information:
- updated to 2.6 - switched to Qt 5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1336144 - Build QGit v2.6 with Qt5
https://bugzilla.redhat.com/show_bug.cgi?id=1336144
--------------------------------------------------------------------------------
================================================================================
rpmdevtools-8.7-1.fc23 (FEDORA-2016-9a18dce7e1)
RPM Development Tools
--------------------------------------------------------------------------------
Update Information:
Update to 8.7,
https://git.fedorahosted.org/cgit/rpmdevtools.git/tree/NEWS
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1256815 - Update /etc/rpmdevtools/*.spec files
https://bugzilla.redhat.com/show_bug.cgi?id=1256815
[ 2 ] Bug #1290913 - rpmdev-newspec: remove obsolete stuff from the initial template
https://bugzilla.redhat.com/show_bug.cgi?id=1290913
[ 3 ] Bug #1348737 - rpmdev-checksig is not python3 compatible
https://bugzilla.redhat.com/show_bug.cgi?id=1348737
[ 4 ] Bug #1246273 - Add -f option to rpmdev-bumpspec [PATCH]
https://bugzilla.redhat.com/show_bug.cgi?id=1246273
[ 5 ] Bug #1311255 - [RFE] rpmdev-packager check git configuration
https://bugzilla.redhat.com/show_bug.cgi?id=1311255
[ 6 ] Bug #1259665 - rpmdev-bumpspec wrongly updates the release for new version in BIND
spec
https://bugzilla.redhat.com/show_bug.cgi?id=1259665
--------------------------------------------------------------------------------
================================================================================
rubygem-byebug-9.0.5-1.fc23 (FEDORA-2016-0ca40ca1b0)
Ruby 2.0 fast debugger - base + CLI
--------------------------------------------------------------------------------
Update Information:
New version 9.0.5 is released.
--------------------------------------------------------------------------------
================================================================================
rubygem-hoe-3.15.1-1.fc23 (FEDORA-2016-3a0ad0d8a7)
Hoe is a simple rake/rubygems helper for project Rakefiles
--------------------------------------------------------------------------------
Update Information:
New version 3.15.1 is released.
--------------------------------------------------------------------------------
================================================================================
rubygem-test-unit-3.2.0-100.fc23 (FEDORA-2016-a5b85c06d6)
Improved version of Test::Unit bundled in Ruby 1.8.x
--------------------------------------------------------------------------------
Update Information:
New version 3.2.0 is released.
--------------------------------------------------------------------------------
================================================================================
safekeep-1.4.3-1.fc23 (FEDORA-2016-ae6a252ec3)
The SafeKeep backup system
--------------------------------------------------------------------------------
Update Information:
Latest upstream release
--------------------------------------------------------------------------------
================================================================================
tracker-1.6.1-2.fc23 (FEDORA-2016-a47dfb12b8)
Desktop-neutral search tool and indexer
--------------------------------------------------------------------------------
Update Information:
Plug a memory leak.
--------------------------------------------------------------------------------
================================================================================
vex-0.0.18-1.fc23 (FEDORA-2016-62ac8b3576)
Run commands in a virtualenv
--------------------------------------------------------------------------------
Update Information:
Initial package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1344245 - Review Request: vex - Tool for executing commands in Python
virtualenv without activate/deactivate it
https://bugzilla.redhat.com/show_bug.cgi?id=1344245
--------------------------------------------------------------------------------
================================================================================
xcircuit-3.9.48-2.fc23 (FEDORA-2016-2cc0c081b2)
Electronic circuit schematic drawing program
--------------------------------------------------------------------------------
Update Information:
xcircuit currently shipped on Fedora was not compiled with Tk correctly. This
rpm should enable Tk support again. New version 3.9.48 is released.
--------------------------------------------------------------------------------
================================================================================
yamllint-1.2.2-1.fc23 (FEDORA-2016-c8430094ed)
A linter for YAML files
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream version
--------------------------------------------------------------------------------