The following Fedora 23 Security updates need testing:
Age URL
162
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23
120
https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe
miniupnpc-1.9-6.fc23
93
https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324
jbig2dec-0.12-2.fc23
43
https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1
python-pymongo-3.0.3-1.fc23
43
https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8
thttpd-2.25b-37.fc23
32
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554
xulrunner-44.0-1.fc23
14
https://bodhi.fedoraproject.org/updates/FEDORA-2016-40401300ed
389-ds-base-1.3.4.8-1.fc23
14
https://bodhi.fedoraproject.org/updates/FEDORA-2016-65a1f22818
community-mysql-5.6.29-1.fc23
14
https://bodhi.fedoraproject.org/updates/FEDORA-2016-94b0b50351 gummi-0.6.6-1.fc23
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4
mingw-nsis-2.50-1.fc23
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-cdd4228cc7 pcs-0.9.149-2.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f12be382f4 mote-0.5.1-3.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8411497132
drupal6-6.38-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-eeb0f0c94f
drupal7-7.43-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ae14784e4e
libmodbus-3.0.6-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-120b194a75
qpid-cpp-0.34-6.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1642a20327
kernel-4.4.3-300.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-65833b5dbc pcre-8.38-6.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-dec1faadc5
graphite2-1.3.6-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f802cade15 exiv2-0.25-3.fc23
The following Fedora 23 Critical Path updates have yet to be approved:
Age URL
32
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554
xulrunner-44.0-1.fc23
12
https://bodhi.fedoraproject.org/updates/FEDORA-2016-054e18a33d
htdig-3.2.0-0.23.b6.fc23
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8dde5e377c
lxsession-0.5.2-8.fc23
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2400dcd3d1
virtuoso-opensource-6.1.6-10.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ffbae3a870
selinux-policy-3.13.1-158.9.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1642a20327
kernel-4.4.3-300.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e10d786768 pungi-4.0.6-1.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f802cade15 exiv2-0.25-3.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d360559a79
rpm-4.13.0-0.rc1.12.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-65833b5dbc pcre-8.38-6.fc23
The following builds have been pushed to Fedora 23 updates-testing
3dprinter-udev-rules-0.1-1.fc23
bugyou_plugins-0.1-1.fc23
cherrytree-0.36.6-1.fc23
djview4-4.10.6-1.fc23
easytag-2.4.2-2.fc23
exiv2-0.25-3.fc23
gerrymander-1.5-2.fc23
gkrellm-2.3.6-0.1.rc1.git20160226.fc23
gkrellm-sun-1.0.0-20.fc23
graphite2-1.3.6-1.fc23
kubernetes-1.2.0-0.12.alpha6.gitf0cd09a.fc23
lilypond-2.19.37-1.fc23
lilypond-doc-2.19.37-1.fc23
nacl-arm-newlib-2.1.0-3.git373135e.fc23
oz-0.15.0-1.fc23
pcre-8.38-6.fc23
pcre2-10.21-3.fc23
perl-App-a2p-1.009-2.fc23
perl-CBOR-XS-1.4.1-1.fc23
python-behave-1.2.5-9.fc23
python-zanata2fedmsg-0.2-1.fc23
rpm-4.13.0-0.rc1.12.fc23
skopeo-0.1.9-1.fc23
transmission-2.90-1.fc23
xfig-3.2.5-48.c.fc23
yad-0.34.2-1.fc23
Details about builds:
================================================================================
3dprinter-udev-rules-0.1-1.fc23 (FEDORA-2016-739a9100da)
Rules for udev to give regular users access to operate 3D printers
--------------------------------------------------------------------------------
Update Information:
Rules for udev to give regular users access to operate 3D printers
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1312296 - Review Request: 3dprinter-udev-rules - Rules for udev to give
regular users access to operate 3D printers
https://bugzilla.redhat.com/show_bug.cgi?id=1312296
--------------------------------------------------------------------------------
================================================================================
bugyou_plugins-0.1-1.fc23 (FEDORA-2016-18eaad36f3)
Plugins for Bugyou
--------------------------------------------------------------------------------
Update Information:
Initial packaging.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1309782 - Review Request: bugyou_plugins - Plugins and Services for Bugyou
https://bugzilla.redhat.com/show_bug.cgi?id=1309782
--------------------------------------------------------------------------------
================================================================================
cherrytree-0.36.6-1.fc23 (FEDORA-2016-a44b7aea31)
Hierarchical note taking application
--------------------------------------------------------------------------------
Update Information:
update to cherrytree-0.36.6 ---- update to 0.36.5 ---- Update to 0.36.4
---- update to cherrytree 0.36.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1311778 - cherrytree-0.36.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1311778
[ 2 ] Bug #1309140 - cherrytree-0.36.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1309140
[ 3 ] Bug #1160249 - cherrytree-0.36.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1160249
[ 4 ] Bug #1301941 - cherrytree-0.36.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1301941
--------------------------------------------------------------------------------
================================================================================
djview4-4.10.6-1.fc23 (FEDORA-2016-a0ef29f987)
DjVu viewer
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release djview 4.10.6.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1312984 - djview4-4.10.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1312984
--------------------------------------------------------------------------------
================================================================================
easytag-2.4.2-2.fc23 (FEDORA-2016-893ed9bec1)
Tag editor for MP3, Ogg, FLAC and other music files
--------------------------------------------------------------------------------
Update Information:
Fix crash in the load filenames dialog (#1312163)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1312163 - [abrt] easytag: g_type_check_instance_cast(): easytag killed by
SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1312163
--------------------------------------------------------------------------------
================================================================================
exiv2-0.25-3.fc23 (FEDORA-2016-f802cade15)
Exif and Iptc metadata manipulation library
--------------------------------------------------------------------------------
Update Information:
Avoid possible XML entity expansion security issue.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #888769 - exiv2: embedded copy of exempi should be compiled with
BanAllEntityUsage
https://bugzilla.redhat.com/show_bug.cgi?id=888769
--------------------------------------------------------------------------------
================================================================================
gerrymander-1.5-2.fc23 (FEDORA-2016-48a5138e81)
The gerrit client tools
--------------------------------------------------------------------------------
Update Information:
Add the Python PrettyTable dependency to relevant sub-packages ---- New
upstream release 1.5 ---- Add 'python-prettytable' to 'Requires'; fixes
rhbz#
1307167
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1307167 - gerrymander should require: python-prettytable
https://bugzilla.redhat.com/show_bug.cgi?id=1307167
--------------------------------------------------------------------------------
================================================================================
gkrellm-2.3.6-0.1.rc1.git20160226.fc23 (FEDORA-2016-e10fd8290e)
Multiple stacked system monitors in one process
--------------------------------------------------------------------------------
Update Information:
- Update to a gkrellm-2.3.6-rc git snapshot bringing in various fixes - Fix
crash after sun-plugin has been disabled (rhbz#1231394) - Add appdata
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1231394 - [abrt] gkrellm: exit(): gkrellm killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1231394
[ 2 ] Bug #1312561 - Review Request: gkrellm-sun - Sun clock plugin for GKrellM
https://bugzilla.redhat.com/show_bug.cgi?id=1312561
--------------------------------------------------------------------------------
================================================================================
gkrellm-sun-1.0.0-20.fc23 (FEDORA-2016-e10fd8290e)
Sun clock plugin for GKrellM
--------------------------------------------------------------------------------
Update Information:
- Update to a gkrellm-2.3.6-rc git snapshot bringing in various fixes - Fix
crash after sun-plugin has been disabled (rhbz#1231394) - Add appdata
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1231394 - [abrt] gkrellm: exit(): gkrellm killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1231394
[ 2 ] Bug #1312561 - Review Request: gkrellm-sun - Sun clock plugin for GKrellM
https://bugzilla.redhat.com/show_bug.cgi?id=1312561
--------------------------------------------------------------------------------
================================================================================
graphite2-1.3.6-1.fc23 (FEDORA-2016-dec1faadc5)
Font rendering capabilities for complex non-Roman writing systems
--------------------------------------------------------------------------------
Update Information:
Unspecified security fixes
--------------------------------------------------------------------------------
================================================================================
kubernetes-1.2.0-0.12.alpha6.gitf0cd09a.fc23 (FEDORA-2016-5a203fd7ac)
Container cluster management
--------------------------------------------------------------------------------
Update Information:
Update to origin 1.1.3, disable v1beta1, v1beta3, fix application/json content
type ---- A lot of changes here: rebase to origin based kubernetes from 1.0.3
to 1.2.0. This will need a lot of testing to discover regressions and new issues
introduced by the rebase.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1311861 - kubectl exec is broken in kubernetes-1.2.0-0.4.alpha1
https://bugzilla.redhat.com/show_bug.cgi?id=1311861
[ 2 ] Bug #1291860 - Packaged old version (1.06) of kubernetes in most recent release.
kubernetes rpm labeled 1.1xxxx
https://bugzilla.redhat.com/show_bug.cgi?id=1291860
--------------------------------------------------------------------------------
================================================================================
lilypond-2.19.37-1.fc23 (FEDORA-2016-0c83c25c39)
A typesetting system for music notation
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
--------------------------------------------------------------------------------
================================================================================
lilypond-doc-2.19.37-1.fc23 (FEDORA-2016-0c83c25c39)
HTML documentation for LilyPond
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
--------------------------------------------------------------------------------
================================================================================
nacl-arm-newlib-2.1.0-3.git373135e.fc23 (FEDORA-2016-86e9d3f14a)
C library intended for use on embedded systems
--------------------------------------------------------------------------------
Update Information:
New package: nacl-arm-newlib - C library intended for use on embedded systems
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1270375 - Review Request: nacl-arm-newlib - C library intended for use on
embedded systems
https://bugzilla.redhat.com/show_bug.cgi?id=1270375
--------------------------------------------------------------------------------
================================================================================
oz-0.15.0-1.fc23 (FEDORA-2016-7586e24a5e)
Library and utilities for automated guest OS installs
--------------------------------------------------------------------------------
Update Information:
Release 0.15.0
--------------------------------------------------------------------------------
================================================================================
pcre-8.38-6.fc23 (FEDORA-2016-65833b5dbc)
Perl-compatible regular expression library
--------------------------------------------------------------------------------
Update Information:
This release fixes a heap buffer overflow in handling of nested duplicate named
groups with a nested back reference and a heap buffer overflow in pcretest
causing infinite loop when matching globally with an ovector less than 2.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1295385 - CVE-2016-1283 pcre: heap buffer overflow in handling of duplicate
named groups (8.39/14)
https://bugzilla.redhat.com/show_bug.cgi?id=1295385
[ 2 ] Bug #1312782 - pcre: Heap buffer overflow in pcretest causing infinite loop
https://bugzilla.redhat.com/show_bug.cgi?id=1312782
--------------------------------------------------------------------------------
================================================================================
pcre2-10.21-3.fc23 (FEDORA-2016-55953d3cc5)
Perl-compatible regular expression library
--------------------------------------------------------------------------------
Update Information:
This release fixes a typo in pcre2_study().
--------------------------------------------------------------------------------
================================================================================
perl-App-a2p-1.009-2.fc23 (FEDORA-2016-b4bc777e25)
Awk to Perl translator
--------------------------------------------------------------------------------
Update Information:
This release fixes a buffer overflow when parsing long enough -n argument.
--------------------------------------------------------------------------------
================================================================================
perl-CBOR-XS-1.4.1-1.fc23 (FEDORA-2016-f9a1de2ff9)
Concise Binary Object Representation (CBOR)
--------------------------------------------------------------------------------
Update Information:
This release fixes nested FREEZE and THAW calls.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1312516 - perl-CBOR-XS-1.41 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1312516
--------------------------------------------------------------------------------
================================================================================
python-behave-1.2.5-9.fc23 (FEDORA-2016-9e381832b8)
Tools for the behavior-driven development, Python style
--------------------------------------------------------------------------------
Update Information:
Fixed managing python3 builds.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1216989 - Please upgrade to 1.2.5 in F21+
https://bugzilla.redhat.com/show_bug.cgi?id=1216989
[ 2 ] Bug #1276923 - provide Python3 version of the package
https://bugzilla.redhat.com/show_bug.cgi?id=1276923
--------------------------------------------------------------------------------
================================================================================
python-zanata2fedmsg-0.2-1.fc23 (FEDORA-2016-d19b3fd12c)
A web app bridging zanata webhooks to fedmsg
--------------------------------------------------------------------------------
Update Information:
Initial packaging.
--------------------------------------------------------------------------------
================================================================================
rpm-4.13.0-0.rc1.12.fc23 (FEDORA-2016-d360559a79)
The RPM package management system
--------------------------------------------------------------------------------
Update Information:
- Remove size limit when expanding macros (#1303034)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1303034 - rpm macro expansion works incorrectly when looping over a long list
using lua
https://bugzilla.redhat.com/show_bug.cgi?id=1303034
--------------------------------------------------------------------------------
================================================================================
skopeo-0.1.9-1.fc23 (FEDORA-2016-02cc4cb057)
Inspect Docker images and repositories on registries
--------------------------------------------------------------------------------
Update Information:
update to v0.1.9 ---- update to v0.1.8
--------------------------------------------------------------------------------
================================================================================
transmission-2.90-1.fc23 (FEDORA-2016-99d6679320)
A lightweight GTK+ BitTorrent client
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
http://www.transmissionbt.com/
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1312701 - transmission-2.90 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1312701
--------------------------------------------------------------------------------
================================================================================
xfig-3.2.5-48.c.fc23 (FEDORA-2016-a23c447f3e)
An X Window System tool for drawing basic vector graphics
--------------------------------------------------------------------------------
Update Information:
- Bring in various bugfixes from Debian - Convert icons to png - Add appdata
--------------------------------------------------------------------------------
================================================================================
yad-0.34.2-1.fc23 (FEDORA-2016-380e55dae6)
Display graphical dialogs from shell scripts or command line
--------------------------------------------------------------------------------
Update Information:
update to 0.34.2 ---- update to yad-0.34.1 ---- update to 0.34.0 ----
Update to yad-0.33.1 ---- update to 0.33.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1312645 - yad-0.34.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1312645
[ 2 ] Bug #1310485 - yad-0.34.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1310485
[ 3 ] Bug #1297601 - yad-0.33.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1297601
[ 4 ] Bug #1296780 - yad-0.33.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1296780
--------------------------------------------------------------------------------