The following Fedora 24 Security updates need testing: Age URL 32 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2e339a7779 optipng-0.7.6-1.fc24 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f3b40fcbc3 jenkins-mailer-plugin-1.17-1.fc24 jenkins-credentials-plugin-1.27-1.fc24 jenkins-script-security-plugin-1.18.1-1.fc24 jenkins-junit-plugin-1.12-1.fc24 jenkins-1.651.1-1.fc24 stapler-1.242-1.fc24 tiger-types-2.2-1.fc24 owasp-java-html-sanitizer-20160422.1-1.fc24 jenkins-remoting-2.57-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4a4d504509 obs-signd-2.2.1-8.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-60156622e1 squid-3.5.17-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-13b4cae9df jackson-dataformat-xml-2.6.3-3.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cfa7b58c7e owncloud-8.2.4-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ad6005ba92 imlib2-1.4.9-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ce259a07cc ioprocess-0.15.1-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f36c5935e5 libdwarf-20160507-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-20cc04ac50 subversion-1.9.4-1.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5e070dcb15 lorax-24.18-1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2f1d9fb2cf lxsession-0.5.2-9.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-34a172b2cf syslinux-6.03-8.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-16c46e44e1 livecd-tools-23.3-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ad6005ba92 imlib2-1.4.9-1.fc24 The following builds have been pushed to Fedora 24 updates-testing Macaulay2-1.6-27.fc24 R-multcomp-1.4.5-2.fc24 Singular-3.1.7-4.fc24 eclib-20160206-3.fc24 erlang-bitcask-1.7.4-2.fc24 esc-1.1.0-30.fc24 esorex-3.10.2-6.fc24 flint-2.5.2-8.fc24 gnome-clocks-3.20.1-1.fc24 knot-2.2.0-2.fc24 latte-integrale-1.7.3-11.fc24 libdwarf-20160507-1.fc24 linbox-1.4.1-2.fc24 lyra-0.5.2-1.fc24 mingw-cairo-1.14.6-1.fc24 mingw-crt-5.0-0.1.rc2.fc24 mingw-gcc-6.1.0-1.fc24 mingw-gettext-0.19.7-1.fc24 mingw-harfbuzz-1.2.7-1.fc24 mingw-headers-5.0-0.1.rc2.fc24 mingw-winpthreads-5.0-0.1.rc2.fc24 netresolve-0.0.1-0.15.20160317git.fc24 nfspy-1.0-7.fc24 nginx-1.10.0-3.fc24 ntl-9.8.0-1.fc24 openvas-scanner-5.0.5-3.fc24 ostree-2016.5-3.fc24 petpvc-0.0.0-0.4.git8b28893.fc24 polybori-0.8.3-33.fc24 polymake-3.0r1-3.fc24 pyparsing-2.1.1-1.fc24 python-django-1.9.6-2.fc24 python-os-client-config-1.16.0-2.fc24 python-parse_type-0.3.4-9.fc24 python-scp-0.10.2-1.fc24 python-trollius-redis-0.1.4-6.fc24 rubygem-atk-3.0.8-1.fc24 sagemath-6.8-10.fc24 subversion-1.9.4-1.fc24 Details about builds: ================================================================================ Macaulay2-1.6-27.fc24 (FEDORA-2016-a47884843f) System for algebraic geometry and commutative algebra -------------------------------------------------------------------------------- Update Information: See http://shoup.net/ntl/doc/tour-changes.html for changes in ntl 9.8.0. Now that nauty is available in Fedora, polymake, Macaulay2, and sagemath have been rebuilt with nauty support. All other builds are rebuilds due to the ntl update. -------------------------------------------------------------------------------- ================================================================================ R-multcomp-1.4.5-2.fc24 (FEDORA-2016-f1fe84c808) Simultaneous inference for general linear hypotheses R Package -------------------------------------------------------------------------------- Update Information: Update to latest stable release. The following fixes are included: * fix bug in linfct specified as a character (aka expression). Coefficients of main effects may have been incorrect in the presence of interaction terms; * make cftest() a little more flexible with parm and test arguments. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1300121 - R-multcomp-1.4-5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1300121 -------------------------------------------------------------------------------- ================================================================================ Singular-3.1.7-4.fc24 (FEDORA-2016-a47884843f) Computer Algebra System for polynomial computations -------------------------------------------------------------------------------- Update Information: See http://shoup.net/ntl/doc/tour-changes.html for changes in ntl 9.8.0. Now that nauty is available in Fedora, polymake, Macaulay2, and sagemath have been rebuilt with nauty support. All other builds are rebuilds due to the ntl update. -------------------------------------------------------------------------------- ================================================================================ eclib-20160206-3.fc24 (FEDORA-2016-a47884843f) Library for Computations on Elliptic Curves -------------------------------------------------------------------------------- Update Information: See http://shoup.net/ntl/doc/tour-changes.html for changes in ntl 9.8.0. Now that nauty is available in Fedora, polymake, Macaulay2, and sagemath have been rebuilt with nauty support. All other builds are rebuilds due to the ntl update. -------------------------------------------------------------------------------- ================================================================================ erlang-bitcask-1.7.4-2.fc24 (FEDORA-2016-8e810c84bb) Eric Brewer-inspired key/value store -------------------------------------------------------------------------------- Update Information: * Ver. 1.7.4 -------------------------------------------------------------------------------- ================================================================================ esc-1.1.0-30.fc24 (FEDORA-2016-72eb2da26a) Enterprise Security Client Smart Card Client -------------------------------------------------------------------------------- Update Information: Secondary arch fixes, Use %license -------------------------------------------------------------------------------- ================================================================================ esorex-3.10.2-6.fc24 (FEDORA-2016-8a70758e95) Recipe Execution Tool of the European Southern Observatory -------------------------------------------------------------------------------- Update Information: Rebuild (cpl 7.0) -------------------------------------------------------------------------------- ================================================================================ flint-2.5.2-8.fc24 (FEDORA-2016-a47884843f) Fast Library for Number Theory -------------------------------------------------------------------------------- Update Information: See http://shoup.net/ntl/doc/tour-changes.html for changes in ntl 9.8.0. Now that nauty is available in Fedora, polymake, Macaulay2, and sagemath have been rebuilt with nauty support. All other builds are rebuilds due to the ntl update. -------------------------------------------------------------------------------- ================================================================================ gnome-clocks-3.20.1-1.fc24 (FEDORA-2016-f89a35a17e) Clock application designed for GNOME 3 -------------------------------------------------------------------------------- Update Information: Update to 3.20.1 -------------------------------------------------------------------------------- ================================================================================ knot-2.2.0-2.fc24 (FEDORA-2016-f40d81b8b9) High-performance authoritative DNS server -------------------------------------------------------------------------------- Update Information: fix service startup -------------------------------------------------------------------------------- ================================================================================ latte-integrale-1.7.3-11.fc24 (FEDORA-2016-a47884843f) Lattice point enumeration -------------------------------------------------------------------------------- Update Information: See http://shoup.net/ntl/doc/tour-changes.html for changes in ntl 9.8.0. Now that nauty is available in Fedora, polymake, Macaulay2, and sagemath have been rebuilt with nauty support. All other builds are rebuilds due to the ntl update. -------------------------------------------------------------------------------- ================================================================================ libdwarf-20160507-1.fc24 (FEDORA-2016-f36c5935e5) Library to access the DWARF Debugging file format -------------------------------------------------------------------------------- Update Information: Update to 20160507 release - fixes many outstanding crash bugs -------------------------------------------------------------------------------- References: [ 1 ] Bug #1299966 - CVE-2016-2091 libdwarf: Out-of-bounds read in dwarf_frame2.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1299966 [ 2 ] Bug #1300332 - CVE-2016-2050 libdwarf: Out-of-bounds write in get_abbrev_array_info [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1300332 [ 3 ] Bug #1334068 - libdwarf-20160507 is available https://bugzilla.redhat.com/show_bug.cgi?id=1334068 [ 4 ] Bug #1332149 - Null dereference bug in READ_AREA_LENGTH() https://bugzilla.redhat.com/show_bug.cgi?id=1332149 [ 5 ] Bug #1332148 - Null dereference bug in _dwarf_file_name_is_full_path() https://bugzilla.redhat.com/show_bug.cgi?id=1332148 [ 6 ] Bug #1332145 - A approximate infinite loop bugs in dwarf_get_aranges_list() https://bugzilla.redhat.com/show_bug.cgi?id=1332145 [ 7 ] Bug #1332144 - Out of bound read bug in dwarf_dealloc() https://bugzilla.redhat.com/show_bug.cgi?id=1332144 [ 8 ] Bug #1332141 - Heap Overflow bug in update_entry(). https://bugzilla.redhat.com/show_bug.cgi?id=1332141 [ 9 ] Bug #1330237 - NULL dereference bug in _dwarf_decode_s_leb128 https://bugzilla.redhat.com/show_bug.cgi?id=1330237 [ 10 ] Bug #1316695 - libdwarf not checking whether error is null before attempting to use it for dwarf_srcfiles https://bugzilla.redhat.com/show_bug.cgi?id=1316695 -------------------------------------------------------------------------------- ================================================================================ linbox-1.4.1-2.fc24 (FEDORA-2016-a47884843f) C++ Library for High-Performance Exact Linear Algebra -------------------------------------------------------------------------------- Update Information: See http://shoup.net/ntl/doc/tour-changes.html for changes in ntl 9.8.0. Now that nauty is available in Fedora, polymake, Macaulay2, and sagemath have been rebuilt with nauty support. All other builds are rebuilds due to the ntl update. -------------------------------------------------------------------------------- ================================================================================ lyra-0.5.2-1.fc24 (FEDORA-2016-78e6fb6dbd) High availability RabbitMQ client -------------------------------------------------------------------------------- Update Information: initial package, rhbz#1305547 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1305547 - Review Request: lyra - High availability RabbitMQ client https://bugzilla.redhat.com/show_bug.cgi?id=1305547 -------------------------------------------------------------------------------- ================================================================================ mingw-cairo-1.14.6-1.fc24 (FEDORA-2016-70604ce190) MinGW Windows Cairo library -------------------------------------------------------------------------------- Update Information: MinGW cross compiled cairo 1.14.6 release. -------------------------------------------------------------------------------- ================================================================================ mingw-crt-5.0-0.1.rc2.fc24 (FEDORA-2016-1c2d2df2ff) MinGW Windows cross-compiler runtime -------------------------------------------------------------------------------- Update Information: Latest releases of the MinGW cross compiler toolchain packages. -------------------------------------------------------------------------------- ================================================================================ mingw-gcc-6.1.0-1.fc24 (FEDORA-2016-1c2d2df2ff) MinGW Windows cross-compiler (GCC) for C -------------------------------------------------------------------------------- Update Information: Latest releases of the MinGW cross compiler toolchain packages. -------------------------------------------------------------------------------- ================================================================================ mingw-gettext-0.19.7-1.fc24 (FEDORA-2016-2d9fc08d56) GNU libraries and utilities for producing multi-lingual messages -------------------------------------------------------------------------------- Update Information: MinGW cross compiled release of gettext 0.19.7. -------------------------------------------------------------------------------- ================================================================================ mingw-harfbuzz-1.2.7-1.fc24 (FEDORA-2016-d4f1283e34) MinGW Windows Harfbuzz library -------------------------------------------------------------------------------- Update Information: MinGW cross compiled harfbuzz 1.2.7 release. -------------------------------------------------------------------------------- ================================================================================ mingw-headers-5.0-0.1.rc2.fc24 (FEDORA-2016-1c2d2df2ff) Win32/Win64 header files -------------------------------------------------------------------------------- Update Information: Latest releases of the MinGW cross compiler toolchain packages. -------------------------------------------------------------------------------- ================================================================================ mingw-winpthreads-5.0-0.1.rc2.fc24 (FEDORA-2016-1c2d2df2ff) MinGW pthread library -------------------------------------------------------------------------------- Update Information: Latest releases of the MinGW cross compiler toolchain packages. -------------------------------------------------------------------------------- ================================================================================ netresolve-0.0.1-0.15.20160317git.fc24 (FEDORA-2016-ed7666ab57) Generic name resolution library -------------------------------------------------------------------------------- Update Information: buildable on rhel, updated from git master, fix FTBFS on F-24 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1307795 - netresolve: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1307795 -------------------------------------------------------------------------------- ================================================================================ nfspy-1.0-7.fc24 (FEDORA-2016-e7bcd61be7) An ID-spoofing NFS client -------------------------------------------------------------------------------- Update Information: Actually fix FTBFS -------------------------------------------------------------------------------- References: [ 1 ] Bug #1307797 - nfspy: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1307797 -------------------------------------------------------------------------------- ================================================================================ nginx-1.10.0-3.fc24 (FEDORA-2016-d7f20e326d) A high performance web server and reverse proxy server -------------------------------------------------------------------------------- Update Information: Enable AIO on aarch64, build with gperftools on ppc64le ---- Update to 1.10.0 and split dynamic modules into subpackages -------------------------------------------------------------------------------- References: [ 1 ] Bug #1258414 - Enable AIO support in nginx for AArch64 https://bugzilla.redhat.com/show_bug.cgi?id=1258414 -------------------------------------------------------------------------------- ================================================================================ ntl-9.8.0-1.fc24 (FEDORA-2016-a47884843f) High-performance algorithms for vectors, matrices, and polynomials -------------------------------------------------------------------------------- Update Information: See http://shoup.net/ntl/doc/tour-changes.html for changes in ntl 9.8.0. Now that nauty is available in Fedora, polymake, Macaulay2, and sagemath have been rebuilt with nauty support. All other builds are rebuilds due to the ntl update. -------------------------------------------------------------------------------- ================================================================================ openvas-scanner-5.0.5-3.fc24 (FEDORA-2016-ffd62a84e8) Open Vulnerability Assessment (OpenVAS) Scanner -------------------------------------------------------------------------------- Update Information: Just to fix the release number in F24 to be same as in the other release branches and not lower. -------------------------------------------------------------------------------- ================================================================================ ostree-2016.5-3.fc24 (FEDORA-2016-99f589f985) Tool for managing bootable, immutable filesystem trees -------------------------------------------------------------------------------- Update Information: aarch64 only has grub2-efi -------------------------------------------------------------------------------- ================================================================================ petpvc-0.0.0-0.4.git8b28893.fc24 (FEDORA-2016-0edf06d120) Tools for partial volume correction (PVC) in positron emission tomography (PET) -------------------------------------------------------------------------------- Update Information: Build with gnu++98 until dependencies support c++11 (fix FTBFS) -------------------------------------------------------------------------------- ================================================================================ polybori-0.8.3-33.fc24 (FEDORA-2016-a47884843f) Framework for Boolean Rings -------------------------------------------------------------------------------- Update Information: See http://shoup.net/ntl/doc/tour-changes.html for changes in ntl 9.8.0. Now that nauty is available in Fedora, polymake, Macaulay2, and sagemath have been rebuilt with nauty support. All other builds are rebuilds due to the ntl update. -------------------------------------------------------------------------------- ================================================================================ polymake-3.0r1-3.fc24 (FEDORA-2016-a47884843f) Algorithms on convex polytopes and polyhedra -------------------------------------------------------------------------------- Update Information: See http://shoup.net/ntl/doc/tour-changes.html for changes in ntl 9.8.0. Now that nauty is available in Fedora, polymake, Macaulay2, and sagemath have been rebuilt with nauty support. All other builds are rebuilds due to the ntl update. -------------------------------------------------------------------------------- ================================================================================ pyparsing-2.1.1-1.fc24 (FEDORA-2016-dd279e66bf) Python package with an object-oriented approach to text processing -------------------------------------------------------------------------------- Update Information: Update to latest stable release with the following list of changes: - Fixed bug in `ParseResults.toDict()`, in which `dict` values were always converted to dicts, even if they were just unkeyed lists of tokens. - Fixed bug in `SkipTo` when using `failOn`. - Fixed bug in `Each` introduced in 2.1.0. - Removed use of `functools.partial` in `replaceWith`, as this creates an ambiguous signature for the generated parse action, which fails in PyPy. - Added support for assigning to `ParseResults` using slices. - Added default behavior to `QuotedString` to convert embedded '\t', '\n', etc. characters to their whitespace counterparts. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1320353 - pyparsing-2.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1320353 -------------------------------------------------------------------------------- ================================================================================ python-django-1.9.6-2.fc24 (FEDORA-2016-4274cb8b4e) A high-level Python Web framework -------------------------------------------------------------------------------- Update Information: Put the provives/obsoletes in the right spot for new python naming ---- update to 1.9.6 (rhbz#1323374) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1323374 - python-django-1.9.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1323374 -------------------------------------------------------------------------------- ================================================================================ python-os-client-config-1.16.0-2.fc24 (FEDORA-2016-a32ab10274) OpenStack Client Configuration Library -------------------------------------------------------------------------------- Update Information: Also supply Provides for old python package -------------------------------------------------------------------------------- ================================================================================ python-parse_type-0.3.4-9.fc24 (FEDORA-2016-74903e5c86) Simplifies to build parse types based on the parse module -------------------------------------------------------------------------------- Update Information: Provide/Obsolete python-parse_type for upgrade paths -------------------------------------------------------------------------------- ================================================================================ python-scp-0.10.2-1.fc24 (FEDORA-2016-d37fe3df7e) Scp module for paramiko -------------------------------------------------------------------------------- Update Information: Updated package to latest upstream version. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1332371 - python-scp is out of date and should be updated to 0.10.2 https://bugzilla.redhat.com/show_bug.cgi?id=1332371 -------------------------------------------------------------------------------- ================================================================================ python-trollius-redis-0.1.4-6.fc24 (FEDORA-2016-38e5a1ed6b) Redis client for the Python event loop PEP3156 for Trollius. -------------------------------------------------------------------------------- Update Information: Provide/Obsolete old python package name to provide upgrade path -------------------------------------------------------------------------------- ================================================================================ rubygem-atk-3.0.8-1.fc24 (FEDORA-2016-fba2fc1a4c) Ruby binding of ATK-1.0.x -------------------------------------------------------------------------------- Update Information: Missing from ruby-gnome2 3.0.8 release -------------------------------------------------------------------------------- ================================================================================ sagemath-6.8-10.fc24 (FEDORA-2016-a47884843f) A free open-source mathematics software system -------------------------------------------------------------------------------- Update Information: See http://shoup.net/ntl/doc/tour-changes.html for changes in ntl 9.8.0. Now that nauty is available in Fedora, polymake, Macaulay2, and sagemath have been rebuilt with nauty support. All other builds are rebuilds due to the ntl update. -------------------------------------------------------------------------------- ================================================================================ subversion-1.9.4-1.fc24 (FEDORA-2016-20cc04ac50) A Modern Concurrent Version Control System -------------------------------------------------------------------------------- Update Information: - Update to 1.9.4 (#1331222) CVE-2016-2167 CVE-2016-2168 - Move tools in docs to tools subpackage (rhbz 1171757 1199761) - Disable make check to work around FTBFS -------------------------------------------------------------------------------- References: [ 1 ] Bug #1331222 - subversion-1.9.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1331222 [ 2 ] Bug #1171757 - Subversion should not require Python https://bugzilla.redhat.com/show_bug.cgi?id=1171757 [ 3 ] Bug #1199761 - Subversion should not require Perl https://bugzilla.redhat.com/show_bug.cgi?id=1199761 [ 4 ] Bug #1331687 - CVE-2016-2167 CVE-2016-2168 subversion: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1331687 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
