The following Fedora 23 Security updates need testing:
Age URL
191
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16240 nagios-4.0.8-1.fc23
149
https://bodhi.fedoraproject.org/updates/FEDORA-2015-81ded368fe
miniupnpc-1.9-6.fc23
122
https://bodhi.fedoraproject.org/updates/FEDORA-2015-27392b3324
jbig2dec-0.12-2.fc23
72
https://bodhi.fedoraproject.org/updates/FEDORA-2015-dd52a54fa1
python-pymongo-3.0.3-1.fc23
72
https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8
thttpd-2.25b-37.fc23
61
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554
xulrunner-44.0-1.fc23
37
https://bodhi.fedoraproject.org/updates/FEDORA-2016-637618fcd4
mingw-nsis-2.50-1.fc23
26
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3e4408f350
squid-3.5.10-1.fc23
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d7dafbf27f
python-tgcaptcha2-0.3.1-1.fc23
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-403715aaec
moodle-2.9.5-1.fc23
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0fb6577f07 vtun-3.0.3-15.fc23
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0c5838abc5
apache-commons-collections-3.2.2-3.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-df2529c86c
python-rsa-3.4.1-1.fc23
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b05672c54f
libmaxminddb-1.2.0-1.fc23
The following Fedora 23 Critical Path updates have yet to be approved:
Age URL
61
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a69ee02554
xulrunner-44.0-1.fc23
17
https://bodhi.fedoraproject.org/updates/FEDORA-2016-910ddbf4c8 lorax-23.19-1.fc23
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d8dbbc4b73
kde-settings-23-11.fc23.1
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5d2823c643
breeze-icon-theme-5.20.0-1.fc23 extra-cmake-modules-5.20.0-1.fc23
kactivitymanagerd-5.5.0-1.fc23 kf5-5.20.0-1.fc23 kf5-attica-5.20.0-1.fc23
kf5-baloo-5.20.0-1.fc23 kf5-bluez-qt-5.20.0-1.fc23 kf5-frameworkintegration-5.20.0-2.fc23
kf5-kactivities-5.20.0-2.fc23 kf5-kapidox-5.20.0-1.fc23 kf5-karchive-5.20.0-1.fc23
kf5-kauth-5.20.0-1.fc23 kf5-kbookmarks-5.20.0-1.fc23 kf5-kcmutils-5.20.0-1.fc23
kf5-kcodecs-5.20.0-1.fc23 kf5-kcompletion-5.20.0-1.fc23 kf5-kconfig-5.20.0-1.fc23
kf5-kconfigwidgets-5.20.0-1.fc23 kf5-kcoreaddons-5.20.0-1.fc23 kf5-kcrash-5.20.0-1.fc23
kf5-kdbusaddons-5.20.0-1.fc23 kf5-kdeclarative-5.20.0-1.fc23 kf5-kded-5.20.0-1.fc23
kf5-kdelibs4support-5.20.0-1.fc23 kf5-kdesignerplugin-5.20.0-1.fc23
kf5-kdesu-5.20.0-1.fc23 kf5-kdewebkit-5.20.0-1.fc23 kf5-kdnssd-5.20.0-1.fc23
kf5-kdoctools-5.20.0-1.fc23 kf5-kemoticons-5.20.0-1.fc23 kf5-kfilemetadata-5.20.0-1.fc23
kf5-kglobalaccel-5.20.0-1.fc23 kf5-kgu
iaddons-
5.20.0-1.fc23 kf5-khtml-5.20.0-1.fc23 kf5-ki18n-5.20.0-1.fc23
kf5-kiconthemes-5.20.0-1.fc23 kf5-kidletime-5.20.0-1.fc23 kf5-kimageformats-5.20.0-1.fc23
kf5-kinit-5.20.0-1.fc23 kf5-kio-5.20.0-1.fc23 kf5-kitemmodels-5.20.0-1.fc23
kf5-kitemviews-5.20.0-1.fc23 kf5-kjobwidgets-5.20.0-1.fc23 kf5-kjs-5.20.0-1.fc23
kf5-kjsembed-5.20.0-1.fc23 kf5-kmediaplayer-5.20.0-1.fc23 kf5-knewstuff-5.20.0-1.fc23
kf5-knotifications-5.20.0-2.fc23 kf5-knotifyconfig-5.20.0-1.fc23
kf5-kpackage-5.20.0-1.fc23 kf5-kparts-5.20.0-1.fc23 kf5-kpeople-5.20.0-1.fc23
kf5-kplotting-5.20.0-1.fc23 kf5-kpty-5.20.0-1.fc23 kf5-kross-5.20.0-1.fc23
kf5-krunner-5.20.0-1.fc23 kf5-kservice-5.20.0-1.fc23 kf5-ktexteditor-5.20.0-2.fc23
kf5-ktextwidgets-5.20.0-1.fc23 kf5-kunitconversion-5.20.0-1.fc23 kf5-kwallet-5.20.0-1.fc23
kf5-kwidgetsaddons-5.20.0-1.fc23 kf5-kwindowsystem-5.20.0-1.fc23 kf5-kxmlgui-5.20.0-1.fc23
kf5-kxmlrpcclient-5.20.0-1.fc23 kf5-modemmanager-qt-5.20.0-1.fc23
kf5-networkmanager-qt-5.20.0-1.fc23 kf5-plasm
a-5.20.0
-1.fc23 kf5-solid-5.20.0-1.fc23 kf5-sonnet-5.20.0-1.fc23 kf5-threadweaver-5.20.0-1.fc23
oxygen-icon-theme-5.20.0-1.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2d3f58db88
systemtap-3.0-2.fc23
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6d6d4d8f8
ntfs-3g-2016.2.22-1.fc23 testdisk-7.0-7.fc23
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-86fd9bc8c4
pungi-4.0.11-1.fc23
The following builds have been pushed to Fedora 23 updates-testing
compiz-0.8.12.2-1.fc23
composer-1.0.0-0.22.beta2.fc23
eclipse-abrt-0.0.1-1.fc23
fontawesome-fonts-4.5.0-1.fc23
mariadb-java-client-1.3.7-1.fc23
mozilla-noscript-2.9.0.10-1.fc23
php-doctrine-dbal-2.5.4-1.fc23
php-sabre-xml-1.4.1-1.fc23
plasma-desktop-5.5.5-5.fc23
pungi-4.0.11-1.fc23
python-justbytes-0.6-2.fc23
python-pygments-markdown-lexer-0.1.0.dev39-2.fc23
rfcdiff-1.45-1.fc23
rtl-sdr-0.5.3-6.fc23
rubygem-github-linguist-4.8.1-1.fc23
webkitgtk4-2.12.0-1.fc23
wine-1.9.6-1.fc23
Details about builds:
================================================================================
compiz-0.8.12.2-1.fc23 (FEDORA-2016-4361574184)
OpenGL window and compositing manager
--------------------------------------------------------------------------------
Update Information:
latest update from Compiz Reloaded project
--------------------------------------------------------------------------------
================================================================================
composer-1.0.0-0.22.beta2.fc23 (FEDORA-2016-6a8de906c5)
Dependency Manager for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 1.0.0-beta2** * Break: The install command now turns into an
update command automatically if you have no composer.lock. This was done only
half-way before which caused inconsistencies * Break: By default the remove
command now removes dependencies as well, and --update-with-dependencies is
deprecated. Use --no-update-with-dependencies to get old behavior * Added
support for SSL_CERT_DIR env var and openssl.capath ini value * Added some
conflict detection in why-not command * Added suggestion of root package's
suggests in create-project command * Fixed create-project ignoring --ignore-
platform-reqs when choosing a version of the package * Fixed search command
in a directory without composer.json * Fixed path repository handling of
symlinks on windows * Fixed PEAR repo handling to prefer HTTPS mirrors over
HTTP ones * Fixed handling of Path env var on Windows, only PATH was accepted
before * Small error reporting and docs improvements
--------------------------------------------------------------------------------
================================================================================
eclipse-abrt-0.0.1-1.fc23 (FEDORA-2016-3a6efa9e19)
Eclipse ABRT plugin
--------------------------------------------------------------------------------
Update Information:
Initial upload
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1321300 - Review Request: eclipse-abrt - Eclipse ABRT Plugin
https://bugzilla.redhat.com/show_bug.cgi?id=1321300
--------------------------------------------------------------------------------
================================================================================
fontawesome-fonts-4.5.0-1.fc23 (FEDORA-2016-d3a46fc041)
Iconic font set
--------------------------------------------------------------------------------
Update Information:
Update to current release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1284709 - fontawesome-fonts-v4.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1284709
--------------------------------------------------------------------------------
================================================================================
mariadb-java-client-1.3.7-1.fc23 (FEDORA-2016-e2af160b9b)
Connects applications developed in Java to MariaDB and MySQL databases
--------------------------------------------------------------------------------
Update Information:
packaged MariaDB connector for java
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1291558 - Review Request: mariadb-java-client - MariaDB connector for java
https://bugzilla.redhat.com/show_bug.cgi?id=1291558
--------------------------------------------------------------------------------
================================================================================
mozilla-noscript-2.9.0.10-1.fc23 (FEDORA-2016-967c6ee9d3)
JavaScript white list extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:
Changes since 2.9.0.5: * Fixed placeholder activation in Gecko 45 and above *
[XSS] Compatibility exception for the Printfriendly add-on * Removed
msn.com
from the default whitelist, since it seems to be unable to support HTTPS
consistently * Fixed incompatibility with Firefox below version 38 * Tentative
fix for an issue with explicit ports in HTTPS upgraded URLs * [HTTPS] Removed
legacy redirection methods when redirectTo() is available in HTTP channels,
fixing YouTube embedding problem * Replaced newChannel() with newChannel2() on
Gecko 48 * [HTTPS] Limit httpsDefWhitelist effect to document loads * [XSS]
Reduced eval aliasing checks false positives
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1319364 - mozilla-noscript-2.9.0.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1319364
--------------------------------------------------------------------------------
================================================================================
php-doctrine-dbal-2.5.4-1.fc23 (FEDORA-2016-cef7dbd0ee)
Doctrine Database Abstraction Layer (DBAL)
--------------------------------------------------------------------------------
Update Information:
### v2.5.4 * 2249: Compatibility mis-match? PGSQL_ATTR_DISABLE_PREPARES in
v2.5.2 (in a PHP 5.6.16 envt) * 2272: [DBAL-1779] Fix string column type
declarations with whitespace on SQLite * 2273: Fix usage of
PDO::PGSQL_ATTR_DISABLE_PREPARES for edge case pdo_pgsql setups ### v2.5.3 *
818: Rebuild SQLServerPlatform::doModifyLimitQuery again to use a CTE * 2268:
#2260 - loosening doctrine/common requirement: allowing 2.6.x ### v2.5.2 ####
Bug * [DBAL-1115] - [GH-773] Fix quoted identifiers for database creation SQL
on SQL Anywhere * [DBAL-1121] - [GH-777] Make host and server connection
parameters optional for sqlanywhere driver * [DBAL-1128] - [GH-782] Fix: SQLite
offset with no limit support * [DBAL-1132] - [GH-786] Fix removing autoincrement
column from a primary key * [DBAL-1137] - Infinite recursion on non-unique
table/join alias in QueryBuilder * [DBAL-1154] - [GH-806] Fix broken functional
test for SQL server * [DBAL-1169] - [GH-815] Fix for inconsistent use of
getSQLDeclaration * [DBAL-1181] - [GH-822] Fix for bad profiling data, showing
an indefinitely long query * [DBAL-1183] - [GH-823] fix client_encoding setting
to support pgbouncer * [DBAL-1186] - [GH-826] fix incorrect ordering of columns
in clustered indexes on sql server * [DBAL-1189] - [GH-828] rehashed charset
implementation to support old versions of postgresql * [DBAL-1192] - [GH-831]
allow hhvm/mysqli failure so poor travis can feel better * [DBAL-1215] -
[GH-844] template1 as default database for PostgreSQL * [DBAL-1217] - [GH-846]
Fix retrieving the database name connected to for SQL Server * [DBAL-1218] -
[GH-847] [DBAL-1217] Fix retrieving the database name connected to for SQL
Anywhere * [DBAL-1220] - [GH-849] Fix dropping database with active connection
on PostgreSQL * [DBAL-1233] - TEXT type in MSSQL should be NVARCHAR(MAX) not
VARCHAR(MAX) * [DBAL-1240] - [GH-864] Fix undefined notices within
MasterSlaveConnection * [DBAL-1260] - [GH-878] Fix call on non-object in ping()
with PDO wrapper * [DBAL-1296] - [GH-903] Override methods for sharding
connection #### Documentation * [DBAL-1174] - [GH-817] Fixed a minor typo
#### Improvement * [DBAL-1159] - [GH-809] travis: PHP 7.0 nightly added *
[DBAL-1270] - [GH-886] Add test for MariaDB 5.5, 10.0 and 10.1 on Travis ####
Task * [DBAL-1299] - [GH-906] [2.5] Fix allowed failures for HHVM + MariaDB
builds on Travis
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1153987 - php-doctrine-dbal-2.5.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1153987
--------------------------------------------------------------------------------
================================================================================
php-sabre-xml-1.4.1-1.fc23 (FEDORA-2016-a0c414b049)
XML library that you may not hate
--------------------------------------------------------------------------------
Update Information:
The sabre/xml library is a specialized XML reader and writer. Autoloader:
/usr/share/php/Sabre/Xml/autoload.php
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1316912 - Review Request: php-sabre-xml - XML library that you may not hate
https://bugzilla.redhat.com/show_bug.cgi?id=1316912
--------------------------------------------------------------------------------
================================================================================
plasma-desktop-5.5.5-5.fc23 (FEDORA-2016-a94eaa3c7b)
Plasma Desktop shell
--------------------------------------------------------------------------------
Update Information:
Fix plasma update script that can cause kickoff favorites to be empty on initial
login.
--------------------------------------------------------------------------------
================================================================================
pungi-4.0.11-1.fc23 (FEDORA-2016-86fd9bc8c4)
Distribution compose tool
--------------------------------------------------------------------------------
Update Information:
make and install docs and manpage - Reuse helper in all tests (lsedlar) -
[atomic] Add atomic_installer phase (lsedlar) - [ostree] Add ostree phase
(lsedlar) - [atomic] Add a script to create ostree repo (lsedlar) - Add compose
type to release for images (lsedlar) - [image-build] Add traceback on failure
(lsedlar) - [image-build] Use subvariants in logging output (lsedlar) - [live-
media] Use subvariants in logging (lsedlar) - Add tracebacks to all failable
phases (lsedlar) - ppc no longer needs magic bits in the iso (pbrobinson) -
[buildinstall] Add more debugging output (lsedlar) - [metadata] Stop crashing on
empty path from .treeinfo (lsedlar) - [checksums] Add label to file name
(lsedlar) - image_build: fix subvariant handling (awilliam)
--------------------------------------------------------------------------------
================================================================================
python-justbytes-0.6-2.fc23 (FEDORA-2016-a72dc71d5b)
A library for handling computation with address ranges in bytes
--------------------------------------------------------------------------------
Update Information:
A library for handling computations with address ranges. The library also offers
a configurable way to extract the representation of a value.
--------------------------------------------------------------------------------
================================================================================
python-pygments-markdown-lexer-0.1.0.dev39-2.fc23 (FEDORA-2016-42a1e33490)
A Markdown lexer for Pygments to highlight Markdown code snippets
--------------------------------------------------------------------------------
Update Information:
Initial packaging.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1318781 - Review Request: python-pygments-markdown-lexer - A Markdown lexer
for Pygments to highlight Markdown code snippets.
https://bugzilla.redhat.com/show_bug.cgi?id=1318781
--------------------------------------------------------------------------------
================================================================================
rfcdiff-1.45-1.fc23 (FEDORA-2016-ebdd6d519f)
Compares two internet draft files and outputs the difference
--------------------------------------------------------------------------------
Update Information:
* Added javascript support for moving to next and previous diff chunk with the
'n' and 'p' keys, provided by ekr(a)rtfm.com. See repository at
https://github.com/ekr/rfcdiff . * Applied 2 patches from dev(a)spiessknafl.at,
which fixed a typo and updated the FSF address. ( Henrik Levkowetz
<henrik(a)levkowetz.com> 25 Mar 2016 15:37:55 +0100) ---- Applied 4 patches from
julian.reschke(a)greenbytes.de, which: * Added stripping of Byte Order Marks
(BOMs) * Changed many instances of <a name=...></a> to instead use id
attributes
on page content elements * Added fragment links from the page/line position text
at the start of each diff block
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1321489 - rfcdiff-1.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1321489
[ 2 ] Bug #1315035 - rfcdiff-1.44 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1315035
--------------------------------------------------------------------------------
================================================================================
rtl-sdr-0.5.3-6.fc23 (FEDORA-2016-d2a273c87d)
SDR utilities for Realtek RTL2832 based DVB-T dongles
--------------------------------------------------------------------------------
Update Information:
This is an update that re-introduces rtlsdr group which is useful for
daemons/services.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1321424 - root:root ownership of USB device prevents access by non-root
daemons
https://bugzilla.redhat.com/show_bug.cgi?id=1321424
--------------------------------------------------------------------------------
================================================================================
rubygem-github-linguist-4.8.1-1.fc23 (FEDORA-2016-a7b612a4d6)
GitHub Language detection
--------------------------------------------------------------------------------
Update Information:
New upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1318635 - rubygem-github-linguist-v4.8.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1318635
--------------------------------------------------------------------------------
================================================================================
webkitgtk4-2.12.0-1.fc23 (FEDORA-2016-cad1b688b1)
GTK+ Web content engine library
--------------------------------------------------------------------------------
Update Information:
Update to 2.12.0: * Enable FTL by default in JavaScriptCore for x86_64. *
Network process is now used unconditionally. The shared secondary process model
is now the same as using the multiple process model and setting a process limit
of 1. * Switch to use overlay scrollbars like all other GTK+ widgets and ensure
the behavior is consistent with GTK+ too. * Support for windowless NPAPI
plugins with no UI in non X11 platforms. * Enable GSS-Negotiate support when
available in libsoup. * Improved general performance by better handling glib
main loop sources. * New API to save and restore a WebView session.
--------------------------------------------------------------------------------
================================================================================
wine-1.9.6-1.fc23 (FEDORA-2016-a24b5dc68b)
A compatibility layer for windows applications
--------------------------------------------------------------------------------
Update Information:
Better video card detection when using Mesa. Support for Shader Model 5
shaders. C++ exception handling improvements. Various bug fixes.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1319367 - wine-1.9.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1319367
--------------------------------------------------------------------------------