The following Fedora 24 Security updates need testing: Age URL 23 https://bodhi.fedoraproject.org/updates/FEDORA-2016-71b4804526 imlib2-1.4.8-1.fc24 21 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2e339a7779 optipng-0.7.6-1.fc24 21 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c3387a7dad squid-3.5.16-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-679c4ddd3c ansible-2.0.2.0-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-aff691237e roundcubemail-1.1.5-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-852a39e085 cacti-0.8.8g-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f3b40fcbc3 jenkins-mailer-plugin-1.17-1.fc24 jenkins-credentials-plugin-1.27-1.fc24 jenkins-script-security-plugin-1.18.1-1.fc24 jenkins-junit-plugin-1.12-1.fc24 jenkins-1.651.1-1.fc24 stapler-1.242-1.fc24 tiger-types-2.2-1.fc24 owasp-java-html-sanitizer-20160422.1-1.fc24 jenkins-remoting-2.57-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8f4b54b005 pgpdump-0.30-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f4e73663f4 php-5.6.21-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0c57b12c7b gd-2.1.1-7.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 23 https://bodhi.fedoraproject.org/updates/FEDORA-2016-71b4804526 imlib2-1.4.8-1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5e070dcb15 lorax-24.18-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e9df4ff923 libdrm-2.4.68-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-83d227000d libtdb-1.3.9-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bb42aec129 selinux-policy-3.13.1-183.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d0e6f02aea kernel-4.5.2-302.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0f939ef633 firefox-46.0-4.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f104225abc evolution-data-server-3.20.1-2.fc24 evolution-ews-3.20.1-3.fc24 libsoup-2.54.1-1.fc24 The following builds have been pushed to Fedora 24 updates-testing RBTools-0.7.6-1.fc24 atomic-devmode-0.3.2-1.fc24 cockpit-0.104-1.fc24 csmock-1.9.2-1.fc24 eclipse-dtp-1.12.0-7.fc24 eclipse-moreunit-3.1.0-2.fc24 erlang-18.3.2-1.fc24 evolution-data-server-3.20.1-2.fc24 evolution-ews-3.20.1-3.fc24 f24-backgrounds-24.1.1-1.fc24 fedora-motd-0.1.2-1.fc24 firefox-46.0-4.fc24 gd-2.1.1-7.fc24 gimagereader-3.1.90-1.fc24 gnome-builder-3.20.2-1.fc24 gnome-sound-recorder-3.19.92-1.fc24 gnome-todo-3.20.1-1.fc24 gperftools-2.5-2.fc24 ibus-typing-booster-1.4.3-1.fc24 jabberpy-0.5-0.31.fc24 jenkins-1.651.1-1.fc24 jenkins-credentials-plugin-1.27-1.fc24 jenkins-junit-plugin-1.12-1.fc24 jenkins-mailer-plugin-1.17-1.fc24 jenkins-remoting-2.57-1.fc24 jenkins-script-security-plugin-1.18.1-1.fc24 kernel-4.5.2-302.fc24 libdrm-2.4.68-1.fc24 libhif-0.2.2-3.fc24 libocrdma-1.0.8-3.fc24 libsoup-2.54.1-1.fc24 libtdb-1.3.9-1.fc24 logwatch-7.4.3-1.fc24 lxc-2.0.0-1.fc24 nodejs-4.4.3-1.fc24 nodejs-buffertools-2.1.3-12.fc24.1 nodejs-fs-ext-0.5.0-9.fc24.1 nodejs-gdal-0.9.0-1.fc24.1 nodejs-i2c-0.2.1-6.fc24.1 nodejs-iconv-2.1.11-8.fc24.1 nodejs-libxmljs-0.17.1-4.fc24.1 nodejs-mapnik-3.5.6-2.fc24.1 nodejs-node-expat-2.3.11-8.fc24.1 nodejs-node-stringprep-0.7.3-9.fc24.1 nodejs-sqlite3-3.1.2-3.fc24.1 nodejs-zipfile-0.5.9-7.fc24.1 owasp-java-html-sanitizer-20160422.1-1.fc24 pencil-2.0.18-1.fc24 perl-CPAN-Perl-Releases-2.68-1.fc24 pgpdump-0.30-1.fc24 php-5.6.21-1.fc24 php-league-flysystem-1.0.22-1.fc24 php-zendframework-zend-servicemanager-2.7.6-1.fc24 primitive-1.2.2-2.fc24 python-astroid-1.4.5-2.fc24 python-eventlet-0.18.4-1.fc24 python-ldap-2.4.25-1.fc24 python-pyldap-2.4.25.1-1.fc24 quassel-0.12.4-1.fc24 scanmem-0.15.7-1.fc24 selinux-policy-3.13.1-183.fc24 shotwell-0.23.0-1.fc24 spyder-2.3.9-1.fc24 stapler-1.242-1.fc24 tiger-types-2.2-1.fc24 traceroute-2.1.0-2.fc24 tripwire-2.4.3.1-10.fc24 vdsm-4.17.9-18.git1379158.fc24 webkitgtk4-2.12.2-1.fc24 wireshark-2.0.3-1.fc24 Details about builds: ================================================================================ RBTools-0.7.6-1.fc24 (FEDORA-2016-6c1818d558) Tools for use with ReviewBoard -------------------------------------------------------------------------------- Update Information: https://www.reviewboard.org/docs/releasenotes/rbtools/0.7.6/ -------------------------------------------------------------------------------- ================================================================================ atomic-devmode-0.3.2-1.fc24 (FEDORA-2016-13608a33ba) Atomic Developer Mode -------------------------------------------------------------------------------- Update Information: - Add a new `showpasswd` alias to easily recall the randomly-generated root password. - Make sure cloud-init doesn't create the default `fedora` user when running devmode. - Make sure cloud-init doesn't remember anything about this boot so that per-instance modules are rerun even if the instance-id is the same (which can happen if a drive with cloud-init metadata is attached; cloud-init mistakenly merges the drive config info the devmode config and overwrites our instance-id). -------------------------------------------------------------------------------- ================================================================================ cockpit-0.104-1.fc24 (FEDORA-2016-e5ac6ff0bb) A user interface for Linux servers -------------------------------------------------------------------------------- Update Information: - * Show errors correctly when deleting or modifying user accounts - * Add support for iSCSI cluster volumes - * Strict Content-Security-Policy in the dashboard, sosreport and realmd code - * Better list expansion and navigation behavior across Cockpit - * Don't show 'Computer OU' field when leaving a domain - * Remove usage of bootstrap-select - * Show errors properly in performance profile dialog - * Fix Cluster sidebar to react to window size - * Allow specifying specific tags in registry image streams - * Make registry project access policy more visible -------------------------------------------------------------------------------- ================================================================================ csmock-1.9.2-1.fc24 (FEDORA-2016-94edac9199) A mock wrapper for Static Analysis tools -------------------------------------------------------------------------------- Update Information: - update to the latest upstream bugfix release -------------------------------------------------------------------------------- ================================================================================ eclipse-dtp-1.12.0-7.fc24 (FEDORA-2016-9287b54ead) Eclipse Data Tools Platform -------------------------------------------------------------------------------- Update Information: Enable more documentation bundles during the build so as to be more in line with what is distributed by upstream. Also contains packaging changes to build as a droplet instead of a dropin on Fedora releases that support that (this helps with improving Eclipse startup speed.) -------------------------------------------------------------------------------- ================================================================================ eclipse-moreunit-3.1.0-2.fc24 (FEDORA-2016-f7509b46c8) An Eclipse plugin that assists with writing more unit tests -------------------------------------------------------------------------------- Update Information: Patch added to allow building/running on Eclipse Neon. -------------------------------------------------------------------------------- ================================================================================ erlang-18.3.2-1.fc24 (FEDORA-2016-bc253885a7) General-purpose programming language and runtime environment -------------------------------------------------------------------------------- Update Information: * Ver. 18.3.2 -------------------------------------------------------------------------------- ================================================================================ evolution-data-server-3.20.1-2.fc24 (FEDORA-2016-f104225abc) Backend data server for Evolution -------------------------------------------------------------------------------- Update Information: Update to the latest upstream release. -------------------------------------------------------------------------------- ================================================================================ evolution-ews-3.20.1-3.fc24 (FEDORA-2016-f104225abc) Evolution extension for Exchange Web Services -------------------------------------------------------------------------------- Update Information: Update to the latest upstream release. -------------------------------------------------------------------------------- ================================================================================ f24-backgrounds-24.1.1-1.fc24 (FEDORA-2016-b5b1c46d5f) Fedora 24 default desktop background -------------------------------------------------------------------------------- Update Information: New version of default wallpaper and its supplements for Fedora 24 are now available. To use those supplemental wallpapers, install f24-backgrounds- extras-base and its derivate depending of the desktop environment i.e. f24 -backgrounds-extras-gnome f24-backgrounds-extras-kde f24-backgrounds- extras-mate f24-backgrounds-extras-xfce -------------------------------------------------------------------------------- References: [ 1 ] Bug #1329891 - f24-backgrounds-24.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1329891 [ 2 ] Bug #1331122 - f24-backgrounds-24.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1331122 -------------------------------------------------------------------------------- ================================================================================ fedora-motd-0.1.2-1.fc24 (FEDORA-2016-7764c675d9) Fedora MOTD -------------------------------------------------------------------------------- Update Information: - Fix detecting rpm-ostree based system - Don't use predicatable name in /tmp - Cache updateinfo in background on first login post fedora-motd installation - Don't wait for background jobs to complete in motdgen scripts -------------------------------------------------------------------------------- ================================================================================ firefox-46.0-4.fc24 (FEDORA-2016-0f939ef633) Mozilla Firefox Web browser -------------------------------------------------------------------------------- Update Information: Fix locales Fix builds on secondary arches ---- - New upstream version (46.0) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1315225 - firefox build failure on ppc64le/arm64 https://bugzilla.redhat.com/show_bug.cgi?id=1315225 -------------------------------------------------------------------------------- ================================================================================ gd-2.1.1-7.fc24 (FEDORA-2016-0c57b12c7b) A graphics library for quick creation of PNG or JPEG images -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-3074 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1321893 - CVE-2016-3074 php: Signedness vulnerability causing heap overflow in libgd https://bugzilla.redhat.com/show_bug.cgi?id=1321893 -------------------------------------------------------------------------------- ================================================================================ gimagereader-3.1.90-1.fc24 (FEDORA-2016-e7a087ea88) A front-end to tesseract-ocr -------------------------------------------------------------------------------- Update Information: Update to version 3.1.90, see https://github.com/manisandro/gImageReader/releases/tag/v3.1.90 for details. -------------------------------------------------------------------------------- ================================================================================ gnome-builder-3.20.2-1.fc24 (FEDORA-2016-df21d65a46) IDE for writing GNOME-based software -------------------------------------------------------------------------------- Update Information: Update to 3.20.2 -------------------------------------------------------------------------------- ================================================================================ gnome-sound-recorder-3.19.92-1.fc24 (FEDORA-2016-8c877aa197) Make simple recordings from your desktop -------------------------------------------------------------------------------- Update Information: Update to 3.19.92 (#1331379) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1331379 - gnome-sound-recorder-3.19.92 is available https://bugzilla.redhat.com/show_bug.cgi?id=1331379 -------------------------------------------------------------------------------- ================================================================================ gnome-todo-3.20.1-1.fc24 (FEDORA-2016-db729be3e1) Personal task manager for GNOME -------------------------------------------------------------------------------- Update Information: Update to 3.20.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1330531 - gnome-todo-3.20.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1330531 -------------------------------------------------------------------------------- ================================================================================ gperftools-2.5-2.fc24 (FEDORA-2016-35905c1b42) Very fast malloc and performance analysis tools -------------------------------------------------------------------------------- Update Information: Power64 has libunwind now ---- Update to 2.5 final. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1317206 - gperftools-2.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1317206 -------------------------------------------------------------------------------- ================================================================================ ibus-typing-booster-1.4.3-1.fc24 (FEDORA-2016-362d994af3) A typing booster engine for the IBus platform -------------------------------------------------------------------------------- Update Information: update to 1.4.3 ---- update to 1.4.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1331338 - [abrt] ibus-typing-booster: hunspell_table.py:1278:_process_key_event:AttributeError: 'editor' object has no attribute 'trans' https://bugzilla.redhat.com/show_bug.cgi?id=1331338 [ 2 ] Bug #1330461 - [abrt] ibus-typing-booster: hunspell_table.py:444:update_candidates:AttributeError: 'editor' object has no attribute '_transliterated_string' https://bugzilla.redhat.com/show_bug.cgi?id=1330461 -------------------------------------------------------------------------------- ================================================================================ jabberpy-0.5-0.31.fc24 (FEDORA-2016-f2860eeeda) Python xmlstream and jabber IM protocol libs -------------------------------------------------------------------------------- Update Information: * provide python3 subpackage * rename jabberpy to python2-jabberpy -------------------------------------------------------------------------------- ================================================================================ jenkins-1.651.1-1.fc24 (FEDORA-2016-f3b40fcbc3) An extendable open source continuous integration server -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-3102. Update to 1.651.1. Fix dangling symlink (rhbz#1330472) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1326403 - CVE-2016-3102 jenkins: Groovy sandbox protection incomplete in Script Security Plugin (SECURITY-258) https://bugzilla.redhat.com/show_bug.cgi?id=1326403 -------------------------------------------------------------------------------- ================================================================================ jenkins-credentials-plugin-1.27-1.fc24 (FEDORA-2016-f3b40fcbc3) Jenkins Credentials Plugin -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-3102. Update to 1.651.1. Fix dangling symlink (rhbz#1330472) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1326403 - CVE-2016-3102 jenkins: Groovy sandbox protection incomplete in Script Security Plugin (SECURITY-258) https://bugzilla.redhat.com/show_bug.cgi?id=1326403 -------------------------------------------------------------------------------- ================================================================================ jenkins-junit-plugin-1.12-1.fc24 (FEDORA-2016-f3b40fcbc3) Jenkins JUnit Plugin -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-3102. Update to 1.651.1. Fix dangling symlink (rhbz#1330472) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1326403 - CVE-2016-3102 jenkins: Groovy sandbox protection incomplete in Script Security Plugin (SECURITY-258) https://bugzilla.redhat.com/show_bug.cgi?id=1326403 -------------------------------------------------------------------------------- ================================================================================ jenkins-mailer-plugin-1.17-1.fc24 (FEDORA-2016-f3b40fcbc3) Jenkins Mailer Plugin -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-3102. Update to 1.651.1. Fix dangling symlink (rhbz#1330472) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1326403 - CVE-2016-3102 jenkins: Groovy sandbox protection incomplete in Script Security Plugin (SECURITY-258) https://bugzilla.redhat.com/show_bug.cgi?id=1326403 -------------------------------------------------------------------------------- ================================================================================ jenkins-remoting-2.57-1.fc24 (FEDORA-2016-f3b40fcbc3) Jenkins remoting module -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-3102. Update to 1.651.1. Fix dangling symlink (rhbz#1330472) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1326403 - CVE-2016-3102 jenkins: Groovy sandbox protection incomplete in Script Security Plugin (SECURITY-258) https://bugzilla.redhat.com/show_bug.cgi?id=1326403 -------------------------------------------------------------------------------- ================================================================================ jenkins-script-security-plugin-1.18.1-1.fc24 (FEDORA-2016-f3b40fcbc3) Jenkins Script Security Plugin -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-3102. Update to 1.651.1. Fix dangling symlink (rhbz#1330472) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1326403 - CVE-2016-3102 jenkins: Groovy sandbox protection incomplete in Script Security Plugin (SECURITY-258) https://bugzilla.redhat.com/show_bug.cgi?id=1326403 -------------------------------------------------------------------------------- ================================================================================ kernel-4.5.2-302.fc24 (FEDORA-2016-d0e6f02aea) The Linux kernel -------------------------------------------------------------------------------- Update Information: fix imx-ipuv3-crtc module autoloading -------------------------------------------------------------------------------- References: [ 1 ] Bug #1321330 - on i.mx6 systems the console does not start correctly https://bugzilla.redhat.com/show_bug.cgi?id=1321330 -------------------------------------------------------------------------------- ================================================================================ libdrm-2.4.68-1.fc24 (FEDORA-2016-e9df4ff923) Direct Rendering Manager runtime library -------------------------------------------------------------------------------- Update Information: Update to 2.4.68 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1331381 - libdrm-2.4.68 is available https://bugzilla.redhat.com/show_bug.cgi?id=1331381 -------------------------------------------------------------------------------- ================================================================================ libhif-0.2.2-3.fc24 (FEDORA-2016-1f7048425f) Simple package library built on top of hawkey and librepo -------------------------------------------------------------------------------- Update Information: This update fixes an issue where installs / updates done through PackageKit incorrectly marked packages as dependencies where they should have been marked as user installed, causing 'dnf autoremove' to subsequently remove them. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1259865 - call `dnf mark install <pkgs...>`on packages installed from PK https://bugzilla.redhat.com/show_bug.cgi?id=1259865 -------------------------------------------------------------------------------- ================================================================================ libocrdma-1.0.8-3.fc24 (FEDORA-2016-c22b459394) User-space Library for Emulex ROCE Device -------------------------------------------------------------------------------- Update Information: Initial submission of user-space library for Emulex RoCE adapters -------------------------------------------------------------------------------- ================================================================================ libsoup-2.54.1-1.fc24 (FEDORA-2016-f104225abc) Soup, an HTTP library implementation -------------------------------------------------------------------------------- Update Information: Update to the latest upstream release. -------------------------------------------------------------------------------- ================================================================================ libtdb-1.3.9-1.fc24 (FEDORA-2016-83d227000d) The tdb library -------------------------------------------------------------------------------- Update Information: New tdb upstream release, required for samba-ad-dc work -------------------------------------------------------------------------------- ================================================================================ logwatch-7.4.3-1.fc24 (FEDORA-2016-0f06ad0395) A log file analysis program -------------------------------------------------------------------------------- Update Information: Update to 7.4.3 (#1331255) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1331255 - Update logwatch to 7.4.3 https://bugzilla.redhat.com/show_bug.cgi?id=1331255 -------------------------------------------------------------------------------- ================================================================================ lxc-2.0.0-1.fc24 (FEDORA-2016-a8d8b3db26) Linux Resource Containers -------------------------------------------------------------------------------- Update Information: Update LXC to the latest released version. -------------------------------------------------------------------------------- ================================================================================ nodejs-4.4.3-1.fc24 (FEDORA-2016-2d314bc898) JavaScript runtime -------------------------------------------------------------------------------- Update Information: The Fedora Project has elected to downgrade to the Node.js 4.x LTS release for its stable releases due to the short compatibility lifecycle of the 5.x feature releases. The Node.js 4.x release will be supported upstream for the full lifetime of Fedora 24. -------------------------------------------------------------------------------- ================================================================================ nodejs-buffertools-2.1.3-12.fc24.1 (FEDORA-2016-2d314bc898) Working with node.js buffers made easy -------------------------------------------------------------------------------- Update Information: The Fedora Project has elected to downgrade to the Node.js 4.x LTS release for its stable releases due to the short compatibility lifecycle of the 5.x feature releases. The Node.js 4.x release will be supported upstream for the full lifetime of Fedora 24. -------------------------------------------------------------------------------- ================================================================================ nodejs-fs-ext-0.5.0-9.fc24.1 (FEDORA-2016-2d314bc898) Extensions to core 'fs' module for Node.js -------------------------------------------------------------------------------- Update Information: The Fedora Project has elected to downgrade to the Node.js 4.x LTS release for its stable releases due to the short compatibility lifecycle of the 5.x feature releases. The Node.js 4.x release will be supported upstream for the full lifetime of Fedora 24. -------------------------------------------------------------------------------- ================================================================================ nodejs-gdal-0.9.0-1.fc24.1 (FEDORA-2016-2d314bc898) Node.js bindings to GDAL -------------------------------------------------------------------------------- Update Information: The Fedora Project has elected to downgrade to the Node.js 4.x LTS release for its stable releases due to the short compatibility lifecycle of the 5.x feature releases. The Node.js 4.x release will be supported upstream for the full lifetime of Fedora 24. -------------------------------------------------------------------------------- ================================================================================ nodejs-i2c-0.2.1-6.fc24.1 (FEDORA-2016-2d314bc898) Node.js native bindings for i2c-dev -------------------------------------------------------------------------------- Update Information: The Fedora Project has elected to downgrade to the Node.js 4.x LTS release for its stable releases due to the short compatibility lifecycle of the 5.x feature releases. The Node.js 4.x release will be supported upstream for the full lifetime of Fedora 24. -------------------------------------------------------------------------------- ================================================================================ nodejs-iconv-2.1.11-8.fc24.1 (FEDORA-2016-2d314bc898) Text recoding in JavaScript for fun and profit -------------------------------------------------------------------------------- Update Information: The Fedora Project has elected to downgrade to the Node.js 4.x LTS release for its stable releases due to the short compatibility lifecycle of the 5.x feature releases. The Node.js 4.x release will be supported upstream for the full lifetime of Fedora 24. -------------------------------------------------------------------------------- ================================================================================ nodejs-libxmljs-0.17.1-4.fc24.1 (FEDORA-2016-2d314bc898) Node.js module that provides libxml bindings for the v8 javascript engine -------------------------------------------------------------------------------- Update Information: The Fedora Project has elected to downgrade to the Node.js 4.x LTS release for its stable releases due to the short compatibility lifecycle of the 5.x feature releases. The Node.js 4.x release will be supported upstream for the full lifetime of Fedora 24. -------------------------------------------------------------------------------- ================================================================================ nodejs-mapnik-3.5.6-2.fc24.1 (FEDORA-2016-2d314bc898) Bindings to Mapnik tile rendering library for Node.js -------------------------------------------------------------------------------- Update Information: The Fedora Project has elected to downgrade to the Node.js 4.x LTS release for its stable releases due to the short compatibility lifecycle of the 5.x feature releases. The Node.js 4.x release will be supported upstream for the full lifetime of Fedora 24. -------------------------------------------------------------------------------- ================================================================================ nodejs-node-expat-2.3.11-8.fc24.1 (FEDORA-2016-2d314bc898) Fast libexpat XML SAX parser binding for Node.js -------------------------------------------------------------------------------- Update Information: The Fedora Project has elected to downgrade to the Node.js 4.x LTS release for its stable releases due to the short compatibility lifecycle of the 5.x feature releases. The Node.js 4.x release will be supported upstream for the full lifetime of Fedora 24. -------------------------------------------------------------------------------- ================================================================================ nodejs-node-stringprep-0.7.3-9.fc24.1 (FEDORA-2016-2d314bc898) ICU StringPrep profiles for Node.js -------------------------------------------------------------------------------- Update Information: The Fedora Project has elected to downgrade to the Node.js 4.x LTS release for its stable releases due to the short compatibility lifecycle of the 5.x feature releases. The Node.js 4.x release will be supported upstream for the full lifetime of Fedora 24. -------------------------------------------------------------------------------- ================================================================================ nodejs-sqlite3-3.1.2-3.fc24.1 (FEDORA-2016-2d314bc898) Asynchronous, non-blocking SQLite3 bindings for Node.js -------------------------------------------------------------------------------- Update Information: The Fedora Project has elected to downgrade to the Node.js 4.x LTS release for its stable releases due to the short compatibility lifecycle of the 5.x feature releases. The Node.js 4.x release will be supported upstream for the full lifetime of Fedora 24. -------------------------------------------------------------------------------- ================================================================================ nodejs-zipfile-0.5.9-7.fc24.1 (FEDORA-2016-2d314bc898) C++ library for handling zipfiles in Node.js -------------------------------------------------------------------------------- Update Information: The Fedora Project has elected to downgrade to the Node.js 4.x LTS release for its stable releases due to the short compatibility lifecycle of the 5.x feature releases. The Node.js 4.x release will be supported upstream for the full lifetime of Fedora 24. -------------------------------------------------------------------------------- ================================================================================ owasp-java-html-sanitizer-20160422.1-1.fc24 (FEDORA-2016-f3b40fcbc3) A fast HTML Sanitizer written in Java -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-3102. Update to 1.651.1. Fix dangling symlink (rhbz#1330472) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1326403 - CVE-2016-3102 jenkins: Groovy sandbox protection incomplete in Script Security Plugin (SECURITY-258) https://bugzilla.redhat.com/show_bug.cgi?id=1326403 -------------------------------------------------------------------------------- ================================================================================ pencil-2.0.18-1.fc24 (FEDORA-2016-ed4511dab5) A sketching and GUI prototyping tool -------------------------------------------------------------------------------- Update Information: New upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1327652 - Pencil continues under a new upstream maintainer https://bugzilla.redhat.com/show_bug.cgi?id=1327652 -------------------------------------------------------------------------------- ================================================================================ perl-CPAN-Perl-Releases-2.68-1.fc24 (FEDORA-2016-23bb741cf6) Mapping Perl releases on CPAN to the location of the tarballs -------------------------------------------------------------------------------- Update Information: Updated to the latest version ---- Updated to the latest version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1331193 - perl-CPAN-Perl-Releases-2.68 is available https://bugzilla.redhat.com/show_bug.cgi?id=1331193 [ 2 ] Bug #1329860 - perl-CPAN-Perl-Releases-2.66 is available https://bugzilla.redhat.com/show_bug.cgi?id=1329860 -------------------------------------------------------------------------------- ================================================================================ pgpdump-0.30-1.fc24 (FEDORA-2016-8f4b54b005) PGP packet visualizer -------------------------------------------------------------------------------- Update Information: CVE-2016-4021 pgpdump: endless loop parsing specially crafted input -------------------------------------------------------------------------------- References: [ 1 ] Bug #1328351 - CVE-2016-4021 pgpdump: endless loop parsing specially crafted input https://bugzilla.redhat.com/show_bug.cgi?id=1328351 -------------------------------------------------------------------------------- ================================================================================ php-5.6.21-1.fc24 (FEDORA-2016-f4e73663f4) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: 28 Apr 2016, **PHP 5.6.21** ** Core: ** * Fixed bug #69537 (__debugInfo with empty string for key gives error). (krakjoe) * Fixed bug #71841 (EG(error_zval) is not handled well). (Laruence) **BCmath:** * Fixed bug #72093 (bcpowmod accepts negative scale and corrupts _one_ definition). (Stas) **Curl:** * Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string). (Michael Sierks) **Date:** * Fixed bug #71889 (DateInterval::format Segmentation fault). (Thomas Punt) **EXIF:** * Fixed bug #72094 (Out of bounds heap read access in exif header processing). (Stas) **GD:** * Fixed bug #71952 (Corruption inside imageaffinematrixget). (Stas) * Fixed bug #71912 (libgd: signedness vulnerability). (Stas) **Intl:** * Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative offset). (Stas) **OCI8:** * Fixed bug #71422 (Fix ORA-01438: value larger than specified precision allowed for this column). (Chris Jones) **ODBC:** * Fixed bug #63171 (Script hangs after max_execution_time). (Remi) **Opcache:** * Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER). (Laruence) **PDO:** * Fixed bug #52098 (Own PDOStatement implementation ignore __call()). (Daniel Kalaspuffar, Julien) * Fixed bug #71447 (Quotes inside comments not properly handled). (Matteo) **Postgres:** * Fixed bug #71820 (pg_fetch_object binds parameters before call constructor). (Anatol) **SPL:** * Fixed bug #67582 (Cloned SplObjectStorage with overwritten getHash fails offsetExists()). (Nikita) **Standard:** * Fixed bug #71840 (Unserialize accepts wrongly data). (Ryat, Laruence) * Fixed bug #67512 (php_crypt() crashes if crypt_r() does not exist or _REENTRANT is not defined). (Nikita) **XML:** * Fixed bug #72099 (xml_parse_into_struct segmentation fault). (Stas) -------------------------------------------------------------------------------- ================================================================================ php-league-flysystem-1.0.22-1.fc24 (FEDORA-2016-405a29fec9) Filesystem abstraction: Many filesystems, one API -------------------------------------------------------------------------------- Update Information: **Version 1.0.22** - 2016-04-28 * Fix root directory creation problem #632 ---- **Version 1.0.21** - 2016-04-22 * Explicitly return false when a has call receives an empty filename. * MounManager copy and move operators now comply to the Filesystem's signature. -------------------------------------------------------------------------------- ================================================================================ php-zendframework-zend-servicemanager-2.7.6-1.fc24 (FEDORA-2016-1377c1fe6e) Zend Framework ServiceManager component -------------------------------------------------------------------------------- Update Information: ** zend-servicemanager 2.7.6 ** - [#116](https://github.com/zendframework/zend- servicemanager/pull/116) updates `ServiceLocatorInterface` to extend container- interop's `ContainerInterface`, as the definitions are compatible. This change will mean that implementing `ServiceLocatorInterface` will provide a `ContainerInterface` implementation. -------------------------------------------------------------------------------- ================================================================================ primitive-1.2.2-2.fc24 (FEDORA-2016-12700be6f6) Utility methods for Java's primitive types -------------------------------------------------------------------------------- Update Information: initial rpm package build required by cassandra -------------------------------------------------------------------------------- References: [ 1 ] Bug #1329201 - Review Request: primitive - Utility methods for Java's primitive types https://bugzilla.redhat.com/show_bug.cgi?id=1329201 -------------------------------------------------------------------------------- ================================================================================ python-astroid-1.4.5-2.fc24 (FEDORA-2016-78da3f97b6) Python Abstract Syntax Tree New Generation -------------------------------------------------------------------------------- Update Information: - Ignore PyGIWarning (#1330651) Upstream PR https://github.com/PyCQA/astroid/pull/333 -------------------------------------------------------------------------------- ================================================================================ python-eventlet-0.18.4-1.fc24 (FEDORA-2016-15997349a0) Highly concurrent networking library -------------------------------------------------------------------------------- Update Information: Version 0.18 update. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1329993 - python-eventlet 0.18 RPM is needed https://bugzilla.redhat.com/show_bug.cgi?id=1329993 -------------------------------------------------------------------------------- ================================================================================ python-ldap-2.4.25-1.fc24 (FEDORA-2016-b45dff8c30) An object-oriented API to access LDAP directory servers -------------------------------------------------------------------------------- Update Information: New upstream releases 2.4.25 -------------------------------------------------------------------------------- ================================================================================ python-pyldap-2.4.25.1-1.fc24 (FEDORA-2016-b45dff8c30) An object-oriented Python API to access LDAP directory servers -------------------------------------------------------------------------------- Update Information: New upstream releases 2.4.25 -------------------------------------------------------------------------------- ================================================================================ quassel-0.12.4-1.fc24 (FEDORA-2016-bf916bcc04) A modern distributed IRC system -------------------------------------------------------------------------------- Update Information: Update to latest upstream quassel release, 0.12.4 -------------------------------------------------------------------------------- ================================================================================ scanmem-0.15.7-1.fc24 (FEDORA-2016-6d99dcb21f) Memory scanner -------------------------------------------------------------------------------- Update Information: Update to 0.5.17 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1330792 - scanmem-v0.15.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1330792 -------------------------------------------------------------------------------- ================================================================================ selinux-policy-3.13.1-183.fc24 (FEDORA-2016-bb42aec129) SELinux policy configuration -------------------------------------------------------------------------------- Update Information: More info: http://koji.fedoraproject.org/koji/buildinfo?buildID=758087 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1306243 - None https://bugzilla.redhat.com/show_bug.cgi?id=1306243 [ 2 ] Bug #1313464 - None https://bugzilla.redhat.com/show_bug.cgi?id=1313464 [ 3 ] Bug #1323177 - None https://bugzilla.redhat.com/show_bug.cgi?id=1323177 [ 4 ] Bug #1327909 - None https://bugzilla.redhat.com/show_bug.cgi?id=1327909 [ 5 ] Bug #1330448 - None https://bugzilla.redhat.com/show_bug.cgi?id=1330448 [ 6 ] Bug #1330895 - None https://bugzilla.redhat.com/show_bug.cgi?id=1330895 [ 7 ] Bug #1330970 - None https://bugzilla.redhat.com/show_bug.cgi?id=1330970 [ 8 ] Bug #1324453 - None https://bugzilla.redhat.com/show_bug.cgi?id=1324453 -------------------------------------------------------------------------------- ================================================================================ shotwell-0.23.0-1.fc24 (FEDORA-2016-cad2916217) A photo organizer for the GNOME desktop -------------------------------------------------------------------------------- Update Information: Update Shotwell to the latest released version. -------------------------------------------------------------------------------- ================================================================================ spyder-2.3.9-1.fc24 (FEDORA-2016-fc6067c343) Scientific Python Development Environment -------------------------------------------------------------------------------- Update Information: Update to latest upstream version -------------------------------------------------------------------------------- ================================================================================ stapler-1.242-1.fc24 (FEDORA-2016-f3b40fcbc3) Stapler Java web framework -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-3102. Update to 1.651.1. Fix dangling symlink (rhbz#1330472) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1326403 - CVE-2016-3102 jenkins: Groovy sandbox protection incomplete in Script Security Plugin (SECURITY-258) https://bugzilla.redhat.com/show_bug.cgi?id=1326403 -------------------------------------------------------------------------------- ================================================================================ tiger-types-2.2-1.fc24 (FEDORA-2016-f3b40fcbc3) Type arithmetic library for Java5 -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-3102. Update to 1.651.1. Fix dangling symlink (rhbz#1330472) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1326403 - CVE-2016-3102 jenkins: Groovy sandbox protection incomplete in Script Security Plugin (SECURITY-258) https://bugzilla.redhat.com/show_bug.cgi?id=1326403 -------------------------------------------------------------------------------- ================================================================================ traceroute-2.1.0-2.fc24 (FEDORA-2016-3fba0b6c95) Traces the route taken by packets over an IPv4/IPv6 network -------------------------------------------------------------------------------- Update Information: Provide hardened build (#1330514) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1330514 - Harden all packages: traceroute executables should use PIE and have RELRO enabled https://bugzilla.redhat.com/show_bug.cgi?id=1330514 -------------------------------------------------------------------------------- ================================================================================ tripwire-2.4.3.1-10.fc24 (FEDORA-2016-9fd6c93cf9) IDS (Intrusion Detection System) -------------------------------------------------------------------------------- Update Information: update to 2.4.3.1 -------------------------------------------------------------------------------- ================================================================================ vdsm-4.17.9-18.git1379158.fc24 (FEDORA-2016-c6a6777690) Virtual Desktop Server Manager -------------------------------------------------------------------------------- Update Information: Spec cleanups to fix FTBFS -------------------------------------------------------------------------------- References: [ 1 ] Bug #1308224 - vdsm: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1308224 -------------------------------------------------------------------------------- ================================================================================ webkitgtk4-2.12.2-1.fc24 (FEDORA-2016-4340460762) GTK+ Web content engine library -------------------------------------------------------------------------------- Update Information: This update brings the following changes: - Fix rendering of scrollbars with GTK themes using stepper buttons. - Fix compatibility issue with 2.12.1 regarding local storage access from file URLs. - Make menu list buttons use the text color from the theme. - Do not show resize grip in non-resizable text fields. - Fix accessibility events causing Orca to echo key presses instead of speaking the inserted characters in password fields. - Fix an off by one error in hyphenation. - Fix several crashes and rendering issues. - Fix the build with libjpeg v9. - Translation updates: Bulgarian, Finnish, Greek, Italian, Turkish. -------------------------------------------------------------------------------- ================================================================================ wireshark-2.0.3-1.fc24 (FEDORA-2016-4c4fc9552b) Network traffic analyzer -------------------------------------------------------------------------------- Update Information: Ver. 2.0.3 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
