The following Fedora 23 Security updates need testing: Age URL 115 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12739 python-kdcproxy-0.3.2-1.fc23 97 https://bodhi.fedoraproject.org/updates/FEDORA-2015-5eb2131441 conntrack-tools-1.4.2-9.fc23 68 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23 55 https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1 python-pymongo-3.0.3-1.fc23 55 https://bodhi.fedoraproject.org/updates/FEDORA-2015-c76c1c84cf mod_nss-1.0.12-1.fc23 42 https://bodhi.fedoraproject.org/updates/FEDORA-2015-66439aa9e2 openstack-glance-2015.1.2-1.fc23 26 https://bodhi.fedoraproject.org/updates/FEDORA-2015-84a95e39d4 perl-HTML-Scrubber-0.15-1.fc23 26 https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe miniupnpc-1.9-6.fc23 17 https://bodhi.fedoraproject.org/updates/FEDORA-2015-3d17682c15 putty-0.66-1.fc23 12 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7852ea201b potrace-1.13-2.fc23 9 https://bodhi.fedoraproject.org/updates/FEDORA-2015-28e56e52e7 seamonkey-2.39-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-8b5ea2dc53 rubygem-flexmock-2.0.2-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-4ad4998d00 libpng-1.6.17-3.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-1943310658 libpng15-1.5.22-3.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-5d1f935811 imapsync-1.644-2.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-e3ec4cbf8f lxdm-0.5.3-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2015-a8c8f60fbd python-django-1.8.7-1.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2015-df0f324367 knot-2.0.2-1.fc23 1 https://bodhi.fedoraproject.org/updates/FEDORA-2015-0efcb5fbc5 php-symfony-2.7.7-2.fc23 php-twig-1.23.1-2.fc23
The following Fedora 23 Critical Path updates have yet to be approved: Age URL 14 https://bodhi.fedoraproject.org/updates/FEDORA-2015-37706c9c35 mash-0.6.19-1.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-cf51e6b9dc evolution-data-server-3.18.2-2.fc23 8 https://bodhi.fedoraproject.org/updates/FEDORA-2015-4ad4998d00 libpng-1.6.17-3.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2015-82bc055b3f perl-PathTools-3.60-1.fc23 7 https://bodhi.fedoraproject.org/updates/FEDORA-2015-22dbc37884 perl-Socket-2.021-1.fc23 4 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9b1b3e9a5c xkeyboard-config-2.16-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2ae867c402 NetworkManager-vpnc-1.0.8-1.fc23 NetworkManager-openconnect-1.0.8-1.fc23 NetworkManager-openvpn-1.0.8-1.fc23 NetworkManager-openswan-1.0.8-1.fc23 NetworkManager-fortisslvpn-1.0.8-1.fc23 NetworkManager-1.0.8-1.fc23 3 https://bodhi.fedoraproject.org/updates/FEDORA-2015-3e75abf2a3 krb5-1.14-2.fc23 2 https://bodhi.fedoraproject.org/updates/FEDORA-2015-498b25667e perl-BSD-Resource-1.290.900-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-eef23ceb81 PackageKit-1.0.11-1.fc23 0 https://bodhi.fedoraproject.org/updates/FEDORA-2015-e185ec1a6a pcre-8.38-2.fc23
The following builds have been pushed to Fedora 23 updates-testing
PackageKit-1.0.11-1.fc23 cscppc-1.3.1-1.fc23 cups-filters-1.2.0-1.fc23 dnf-1.1.4-2.fc23 git-remote-hg-0.2-7.fc23 gluegen2-2.2.4-4.fc23 gnome-chemistry-utils-0.14.10-11.fc23 golang-github-opencontainers-specs-0-0.2.gitcf8dd12.fc23 hgsvn-0.3.12-1.fc23 ibus-table-1.9.11-1.fc23 latexmk-4.43a-1.fc23 mathgl-2.3.3-4.fc23 mkvtoolnix-8.5.2-1.fc23 mosquitto-1.4.5-1.fc23 mozilla-noscript-2.7-1.fc23 nipy-data-0.2-1.fc23 nodejs-ansi-font-0.0.2-1.fc23 nodejs-parse-json-2.2.0-2.fc23 nodejs-test-0.6.0-1.fc23 ocaml-zarith-1.4.1-1.fc23 pcre-8.38-2.fc23 perl-Sereal-Decoder-3.007-2.fc23 python-aiohttp-0.19.0-1.fc23 python-django-simple-captcha-0.4.5-1.fc23 python-nibabel-2.0.2-1.fc23 python-pyeclib-1.1.0-2.fc23 python-pyspf-2.0.11-3.fc23 python-pyxid-1.1-0.1.gitc84afe9.fc23 python-weakrefmethod-1.0.2-1.fc23 rubygem-openscap-0.4.4-1.fc23 scotch-6.0.4-7.fc23 sigul-0.102-1.fc23
Details about builds:
================================================================================ PackageKit-1.0.11-1.fc23 (FEDORA-2015-eef23ceb81) Package management service -------------------------------------------------------------------------------- Update Information:
- Add support for HTTP proxy - Allow the use of variadic functions in vala - By popular demand, reintroduce the UpgradeSystem method - Improve RefreshCache progress updates - New upstream release --------------------------------------------------------------------------------
================================================================================ cscppc-1.3.1-1.fc23 (FEDORA-2015-b2c61fe975) A compiler wrapper that runs cppcheck in background -------------------------------------------------------------------------------- Update Information:
- update to latest upstream (1.3.1) --------------------------------------------------------------------------------
================================================================================ cups-filters-1.2.0-1.fc23 (FEDORA-2015-d5088893e9) OpenPrinting CUPS filters and backends -------------------------------------------------------------------------------- Update Information:
New upstream release. --------------------------------------------------------------------------------
================================================================================ dnf-1.1.4-2.fc23 (FEDORA-2015-93db5cd342) Package manager forked from Yum, using libsolv as a dependency resolver -------------------------------------------------------------------------------- Update Information:
This update fixes issues with DNF inside virtual environment (libguestfs). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1278382 - DNF python programming error when run from virt-builder https://bugzilla.redhat.com/show_bug.cgi?id=1278382 --------------------------------------------------------------------------------
================================================================================ git-remote-hg-0.2-7.fc23 (FEDORA-2015-45c6241f40) Mercurial wrapper for git -------------------------------------------------------------------------------- Update Information:
- Mercurial v3.5 has changed API - function context.memfilectx requires object repo as first parameter - changed requires to mercurial >= 3.5 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1265115 - Git fails to export to hg repo from which it was cloned https://bugzilla.redhat.com/show_bug.cgi?id=1265115 --------------------------------------------------------------------------------
================================================================================ gluegen2-2.2.4-4.fc23 (FEDORA-2015-59f9624c7d) Java/JNI glue code generator to call out to ANSI C -------------------------------------------------------------------------------- Update Information:
fix build on ppc arches -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1267269 - gluegen2: fix compilation on ppc64 and ppc64le https://bugzilla.redhat.com/show_bug.cgi?id=1267269 --------------------------------------------------------------------------------
================================================================================ gnome-chemistry-utils-0.14.10-11.fc23 (FEDORA-2015-e629922473) A set of chemical utilities -------------------------------------------------------------------------------- Update Information:
Fixed crash when importing an invalid string -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1285154 - [abrt] gchempaint: gcpStandaloneApp::CatchSignals(): gchempaint-0.14 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1285154 --------------------------------------------------------------------------------
================================================================================ golang-github-opencontainers-specs-0-0.2.gitcf8dd12.fc23 (FEDORA-2015-ecf54b296e) Open Container Specification -------------------------------------------------------------------------------- Update Information:
Update -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1286185 - Tracker for golang-github-opencontainers-specs https://bugzilla.redhat.com/show_bug.cgi?id=1286185 --------------------------------------------------------------------------------
================================================================================ hgsvn-0.3.12-1.fc23 (FEDORA-2015-272c165213) A set of scripts to work locally on subversion checkouts using mercurial -------------------------------------------------------------------------------- Update Information:
Update to latest upstream releage hgsvn 0.3.12. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1285568 - hgsvn-0.3.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=1285568 --------------------------------------------------------------------------------
================================================================================ ibus-table-1.9.11-1.fc23 (FEDORA-2015-67b99c3223) The Table engine for IBus platform -------------------------------------------------------------------------------- Update Information:
Fix bug in Unihan_Variants.txt, U+9762 and U+7CFB are both simplified *and* traditional Chinese ---- Fix bug in Unihan_Variants.txt, U+8868 and U+6770 are both simplified *and* traditional Chinese ---- Fix hotkey matching -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1285379 - ��� and ��� are used both in simplified *and* traditional Chinese, ibus-table classifies them as simplified Chinese only https://bugzilla.redhat.com/show_bug.cgi?id=1285379 [ 2 ] Bug #1284749 - ��� and ��� are used both in simplified *and* traditional Chinese, ibus-table classifies them as simplified Chinese only https://bugzilla.redhat.com/show_bug.cgi?id=1284749 [ 3 ] Bug #1282683 - Some keyboard shortcuts in ibus-table do not work https://bugzilla.redhat.com/show_bug.cgi?id=1282683 --------------------------------------------------------------------------------
================================================================================ latexmk-4.43a-1.fc23 (FEDORA-2015-c297d901d7) A make-like utility for LaTeX files -------------------------------------------------------------------------------- Update Information:
latexmk-4.43a-1.fc23: - Source files in directories with non-ASCII names are not correctly detected under MiKTeX - On cleanup, synctex.gz files are deleted only by -C, not by -c --------------------------------------------------------------------------------
================================================================================ mathgl-2.3.3-4.fc23 (FEDORA-2015-880ca5ffed) Cross-platform library for making high-quality scientific graphics -------------------------------------------------------------------------------- Update Information:
Update to new 2.3.3. version. Support for coming gsl-2 added as well. --------------------------------------------------------------------------------
================================================================================ mkvtoolnix-8.5.2-1.fc23 (FEDORA-2015-7f96674763) Matroska container manipulation utilities -------------------------------------------------------------------------------- Update Information:
* MKVToolNix GUI: bug fix: the file/track columns aren't resized to fit their content when expanding/collapsing tree nodes anymore. Such expansion also happened when moving entries with the "move up/down" buttons. Fixes #1492. * mkvmerge: bug fix: fixed the values of the "previous/next segment UID" elements when splitting by parts with segment linking enabled. Fixes #1497. * mkvmerge: bug fix: mkvmerge no longer creates a "next segment UID" field in the last file when splitting and segment linking is active. * mkvpropedit, MKVToolNix GUI header editor: enhancement: added the "codec delay" track header field as an editable property. * mkvmerge: bug fix: fixed an endless loop when updating track headers caused by the fix for "Re-rendering track headers: data_size != 0 not implemented yet". Fixes #1485. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1279856 - mkvtoolnix-8.5.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1279856 --------------------------------------------------------------------------------
================================================================================ mosquitto-1.4.5-1.fc23 (FEDORA-2015-aebd8f00e4) An Open Source MQTT v3.1/v3.1.1 Broker -------------------------------------------------------------------------------- Update Information:
Update to new upstream version 1.4.5 --------------------------------------------------------------------------------
================================================================================ mozilla-noscript-2.7-1.fc23 (FEDORA-2015-245e390fa5) JavaScript white list extension for Mozilla Firefox -------------------------------------------------------------------------------- Update Information:
v 2.7 ============================================================= - Removed informaction.com, flashgot.net and maone.net from the default whitelist to reduce the potential attack surface - Removed vestigial noscript.forbidData preference * Fixed shorthands not checked for ftp(s) sites (thanks Leon Winter for patch) * [Surrogate] Fixed googletag replacement (thanks barbaz) * Fixed incompatibility with importScript() from workers breaking new reCaptcha implementation (thanks Mr_KrzYch00 for reporting) v 2.6.9.39 ============================================================= * Work-around for a XSS "false positive" caused by nwolb.com passing Javascript code across subdomains in window.name (thanks Sagiv Masvari for reporting) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1284465 - mozilla-noscript-2.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1284465 --------------------------------------------------------------------------------
================================================================================ nipy-data-0.2-1.fc23 (FEDORA-2015-eed9fc358f) Test data and brain templates for nipy -------------------------------------------------------------------------------- Update Information:
Data and templates for nipy -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1276926 - Review Request: nipy-data - Test data and brain templates for nipy https://bugzilla.redhat.com/show_bug.cgi?id=1276926 --------------------------------------------------------------------------------
================================================================================ nodejs-ansi-font-0.0.2-1.fc23 (FEDORA-2015-0b337bb35f) ANSI font styling utils -------------------------------------------------------------------------------- Update Information:
Initial package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1285074 - Review Request: nodejs-ansi-font - ANSI font styling utils https://bugzilla.redhat.com/show_bug.cgi?id=1285074 --------------------------------------------------------------------------------
================================================================================ nodejs-parse-json-2.2.0-2.fc23 (FEDORA-2015-65e996193d) Parse JSON with more helpful errors -------------------------------------------------------------------------------- Update Information:
Fix license tag -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1265329 - Review Request: nodejs-parse-json - Parse JSON with more helpful errors https://bugzilla.redhat.com/show_bug.cgi?id=1265329 --------------------------------------------------------------------------------
================================================================================ nodejs-test-0.6.0-1.fc23 (FEDORA-2015-2c604b9386) (Un)CommonJS test runner -------------------------------------------------------------------------------- Update Information:
Initial package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1285077 - Review Request: nodejs-test - (Un)CommonJS test runner https://bugzilla.redhat.com/show_bug.cgi?id=1285077 --------------------------------------------------------------------------------
================================================================================ ocaml-zarith-1.4.1-1.fc23 (FEDORA-2015-1706e6b2e4) OCaml interface to GMP -------------------------------------------------------------------------------- Update Information:
Changes in ocaml-zarith 1.4: - Improvements to Q (using divexact) [Bertrand Jeannet] - Fixed div_2exp bug [Bertrand Jeannet] - Improvements for divexact [Bertrand Jeannet] - Added of_substring, with fast path for native integers [Thomas Braibant] - Added Z.powm_sec (constant-time modular exponentiation) - Reimplemented Z.to_float, now produces correctly rounded FP numbers - Added Z.trailing_zeros. - Added Z.testbit, Z.is_even, Z.is_odd. - Added Z.numbits, Z.log2 and Z.log2up. - PR$1467: Z.hash is declared as "noalloc" [Fran��ois Bobot] - PR#1451: configure fix [Spiros Eliopoulos] - PR#1436: disable "(void)" trick for unused variables on Windows [Bernhard Schommer] - PR#1434: removed dependencies on printf & co when Z_PERFORM_CHECK is 0 [Hannes Mehnert] - PR#1462: issues with Z.to_float and large numbers. Changes in ocaml-zarith 1.4.1: - Fixed ml_z_of_substring_base and Z.of_substring [Thomas Braibant] - Integrated Opam fix for Perl scripts [Thomas Braibant] alt-ergo, frama-c, ocaml-tplib, and why3 updates are rebuilds for the new ocaml-zarith. --------------------------------------------------------------------------------
================================================================================ pcre-8.38-2.fc23 (FEDORA-2015-e185ec1a6a) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information:
This release fixes compiling expressions with embedded comments when auto- callout feature is enabled. --------------------------------------------------------------------------------
================================================================================ perl-Sereal-Decoder-3.007-2.fc23 (FEDORA-2015-af7f2e07c2) Perl deserialization for Sereal format -------------------------------------------------------------------------------- Update Information:
This release fixes incremental parsing of UTF-8 strings. It also improves build script. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1285914 - perl-Sereal-Decoder-3.007 is available https://bugzilla.redhat.com/show_bug.cgi?id=1285914 --------------------------------------------------------------------------------
================================================================================ python-aiohttp-0.19.0-1.fc23 (FEDORA-2015-82adfb3713) A Python HTTP client/server for asyncio -------------------------------------------------------------------------------- Update Information:
Update py3 --------------------------------------------------------------------------------
================================================================================ python-django-simple-captcha-0.4.5-1.fc23 (FEDORA-2015-16f75e1b16) Django application to add captcha images to any Django form -------------------------------------------------------------------------------- Update Information:
update to 0.4.5 (with Django migrations) --------------------------------------------------------------------------------
================================================================================ python-nibabel-2.0.2-1.fc23 (FEDORA-2015-89b5359814) Python package to access a cacophony of neuro-imaging file formats -------------------------------------------------------------------------------- Update Information:
New package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1276871 - Review Request: python-nibabel - Python package to access a cacophony of neuro-imaging file formats https://bugzilla.redhat.com/show_bug.cgi?id=1276871 --------------------------------------------------------------------------------
================================================================================ python-pyeclib-1.1.0-2.fc23 (FEDORA-2015-b6622efd91) Python interface to erasure codes -------------------------------------------------------------------------------- Update Information:
This update permits to run OpenStack Swift 2.5.0, which offers significant improvements in its Erasure Coding back-end. --------------------------------------------------------------------------------
================================================================================ python-pyspf-2.0.11-3.fc23 (FEDORA-2015-05de62603f) Python module and programs for SPF (Sender Policy Framework) -------------------------------------------------------------------------------- Update Information:
This update provides a complete/correct fix for [bug #1232595](https://bugzilla.redhat.com/show_bug.cgi?id=1232595), from Bojan Smojver. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1232595 - Improper use of python's ipaddress https://bugzilla.redhat.com/show_bug.cgi?id=1232595 --------------------------------------------------------------------------------
================================================================================ python-pyxid-1.1-0.1.gitc84afe9.fc23 (FEDORA-2015-3bf0ebf1dc) Python library for interfacing with Cedrus XID and StimTracker devices -------------------------------------------------------------------------------- Update Information:
New package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1285067 - Review Request: python-pyxid - Python library for interfacing with Cedrus XID and StimTracker devices https://bugzilla.redhat.com/show_bug.cgi?id=1285067 --------------------------------------------------------------------------------
================================================================================ python-weakrefmethod-1.0.2-1.fc23 (FEDORA-2015-842872e318) A WeakMethod class for storing bound methods using weak references -------------------------------------------------------------------------------- Update Information:
Added LICENSE -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1269039 - Review Request: python-weakrefmethod - A WeakMethod class for storing bound methods using weak references https://bugzilla.redhat.com/show_bug.cgi?id=1269039 --------------------------------------------------------------------------------
================================================================================ rubygem-openscap-0.4.4-1.fc23 (FEDORA-2015-fc1d830ee4) A FFI wrapper around the OpenSCAP library -------------------------------------------------------------------------------- Update Information:
upgrade to the latest upstream release --------------------------------------------------------------------------------
================================================================================ scotch-6.0.4-7.fc23 (FEDORA-2015-69ad47e247) Graph, mesh and hypergraph partitioning library -------------------------------------------------------------------------------- Update Information:
This update adds the parmetis.h header to ptscotch-openmpi-devel and ptscotch- mpich-devel. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1286243 - parmetis.h should be installed https://bugzilla.redhat.com/show_bug.cgi?id=1286243 --------------------------------------------------------------------------------
================================================================================ sigul-0.102-1.fc23 (FEDORA-2015-90039a8cc5) A signing server and related software client -------------------------------------------------------------------------------- Update Information:
Update to 0.102, fixing hangs in (sigul sign-rpms) processing. ---- - Update to sigul-0.101. Improves #1272535. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1283364 - utils.run_worker_threads can hang if a consumer thread crashes https://bugzilla.redhat.com/show_bug.cgi?id=1283364 --------------------------------------------------------------------------------