The following Fedora 24 Security updates need testing: Age URL 33 https://bodhi.fedoraproject.org/updates/FEDORA-2016-95edf19d8a squid-3.5.19-2.fc24 28 https://bodhi.fedoraproject.org/updates/FEDORA-2016-dfa325d31b community-mysql-5.7.12-1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b38938aa8e haproxy-1.6.5-3.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-372b6f936e xguest-1.0.10-34.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-105b80d1be python3-3.5.1-9.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8b19472a3c squidGuard-1.4-26.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7db496f6f2 wordpress-4.5.3-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d717fdcf74 struts-1.3.10-18.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a80eab65ba qemu-2.6.0-4.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ec372bddb9 php-5.6.23-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-79ac80a0d5 php-pecl-zip-1.13.3-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e84b809c4b mirrormanager-1.4.4-5.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 22 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3d4c0d27b6 clementine-1.3.1-2.fc24 sqlite-3.12.2-1.fc24 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3a7f36c0c1 vim-7.4.1868-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-122f332493 audit-2.6-3.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7553eb6439 selinux-policy-3.13.1-191.fc24.2 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8675db6984 libfm-1.2.4-4.D20160618gitb22c0995e7.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-852ae00fd6 lxsession-0.5.2-10.D20160417git9f8d613332.fc24 The following builds have been pushed to Fedora 24 updates-testing aiccu-2007.01.15-26.fc24 ansible-lint-3.0.0-1.fc24 audit-2.6-3.fc24 courier-unicode-1.4-2.fc24 heketi-2.0.2-3.fc24 keepassx0-0.4.4-5.fc24 mirrormanager-1.4.4-5.fc24 pacemaker-1.1.15-1.fc24 perl-Test-Moose-More-0.038-1.fc24 perl-autobox-Junctions-0.002-1.fc24 php-5.6.23-1.fc24 php-pecl-zip-1.13.3-1.fc24 php-zendframework-zend-validator-2.8.1-1.fc24 pidgin-2.11.0-1.fc24 python-matplotlib-1.5.2-0.1.rc2.fc24 python-represent-1.5.1-1.fc24 python-sphinxcontrib-spelling-2.1.2-1.fc24 suricata-3.1-1.fc24 zanata-api-3.9.1-1.fc24 zanata-common-3.9.1-1.fc24 Details about builds: ================================================================================ aiccu-2007.01.15-26.fc24 (FEDORA-2016-29cdf7384e) SixXS Automatic IPv6 Connectivity Client Utility -------------------------------------------------------------------------------- Update Information: Enhancement update. -------------------------------------------------------------------------------- ================================================================================ ansible-lint-3.0.0-1.fc24 (FEDORA-2016-31724783eb) Best practices checker for Ansible -------------------------------------------------------------------------------- Update Information: Update to 3.0.0 release -------------------------------------------------------------------------------- ================================================================================ audit-2.6-3.fc24 (FEDORA-2016-122f332493) User space tools for 2.6 kernel auditing -------------------------------------------------------------------------------- Update Information: This update to the audit system adds a new enriched data format. This will help in reporting when multiple system's audit logs are aggregated on a central server. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1334850 - audit.rules is readable by all https://bugzilla.redhat.com/show_bug.cgi?id=1334850 [ 2 ] Bug #1334772 - ausearch results depend on order of parameters https://bugzilla.redhat.com/show_bug.cgi?id=1334772 [ 3 ] Bug #1344268 - autrace destroys all audit rules, despite what manpage says https://bugzilla.redhat.com/show_bug.cgi?id=1344268 -------------------------------------------------------------------------------- ================================================================================ courier-unicode-1.4-2.fc24 (FEDORA-2016-a54db2124f) A library implementing algorithms related to the Unicode Standard -------------------------------------------------------------------------------- Update Information: Update package description -------------------------------------------------------------------------------- References: [ 1 ] Bug #1349416 - Package description out of date https://bugzilla.redhat.com/show_bug.cgi?id=1349416 -------------------------------------------------------------------------------- ================================================================================ heketi-2.0.2-3.fc24 (FEDORA-2016-f957602508) RESTful based volume management framework for GlusterFS -------------------------------------------------------------------------------- Update Information: Fixed glusterfs templates -------------------------------------------------------------------------------- ================================================================================ keepassx0-0.4.4-5.fc24 (FEDORA-2016-1a52942890) Cross-platform password manager -------------------------------------------------------------------------------- Update Information: Correct icon. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1349348 - missing applicaton icon https://bugzilla.redhat.com/show_bug.cgi?id=1349348 -------------------------------------------------------------------------------- ================================================================================ mirrormanager-1.4.4-5.fc24 (FEDORA-2016-e84b809c4b) Fedora mirror management system -------------------------------------------------------------------------------- Update Information: Added a patch to move the mirrormanager client from pickle to json (related to CVE-2016-1000003). -------------------------------------------------------------------------------- ================================================================================ pacemaker-1.1.15-1.fc24 (FEDORA-2016-0c6fdb563e) Scalable High-Availability cluster resource manager -------------------------------------------------------------------------------- Update Information: * Update for new upstream tarball: Pacemaker-1.1.15, for full details, see included `ChangeLog` file or https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-1.1.15 * Adapt spec file more akin to upstream version: - move xml schema files + `PCMK- MIB.txt` (81ef956), logrotate configuration file (ce576cf; drop it from `-remote` package as well), `attrd_updater` (aff80ae), the normal resource agents (1fc7287), and common directories under `/var/lib/pacemaker` (3492794) from main package under `-cli` - simplify `docdir` build parameter passing and drop as of now redundant `chmod` invocations (e91769e) -------------------------------------------------------------------------------- ================================================================================ perl-Test-Moose-More-0.038-1.fc24 (FEDORA-2016-1429d7e101) More tools for testing Moose packages -------------------------------------------------------------------------------- Update Information: This release silents warnings about a redundancy. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1349212 - perl-Test-Moose-More-0.038 is available https://bugzilla.redhat.com/show_bug.cgi?id=1349212 -------------------------------------------------------------------------------- ================================================================================ perl-autobox-Junctions-0.002-1.fc24 (FEDORA-2016-40fdd4aeae) Autoboxified junction-style operators -------------------------------------------------------------------------------- Update Information: This release updates documentation. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1349202 - perl-autobox-Junctions-0.002 is available https://bugzilla.redhat.com/show_bug.cgi?id=1349202 -------------------------------------------------------------------------------- ================================================================================ php-5.6.23-1.fc24 (FEDORA-2016-ec372bddb9) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: 23 Jun 2016, **PHP 5.6.23** **Core:** * Fixed bug php#72275 (Integer Overflow in json_encode()/json_decode()/json_utf8_to_utf16()). (Stas) * Fixed bug php#72400 (Integer Overflow in addcslashes/addslashes). (Stas) * Fixed bug php#72403 (Integer Overflow in Length of String-typed ZVAL). (Stas) **GD:** * Fixed bug php#72298 (pass2_no_dither out-of-bounds access). (Stas) * Fixed bug php#72337 (invalid dimensions can lead to crash) (Pierre) * Fixed bug php#72339 (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (Pierre) * Fixed bug php#72407 (NULL Pointer Dereference at _gdScaleVert). (Stas) * Fixed bug php#72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow). (Pierre) **Intl:** * Fixed bug php#70484 (selectordinal doesn't work with named parameters). (Anatol) **mbstring:** * Fixed bug php#72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas) **mcrypt:** * Fixed bug php#72455 (Heap Overflow due to integer overflows). (Stas) **Phar:** * Fixed bug php#72321 (invalid free in phar_extract_file()). (hji at dyntopia dot com) **SPL:** * Fixed bug php#72262 (int/size_t confusion in SplFileObject::fread). (Stas) * Fixed bug php#72433 (Use After Free Vulnerability in PHP's GC algorithm and unserialize). (Dmitry) **OpenSSL:** * Fixed bug php#72140 (segfault after calling ERR_free_strings()). (Jakub Zelenka) **WDDX:** * Fixed bug php#72340 (Double Free Courruption in wddx_deserialize). (Stas) -------------------------------------------------------------------------------- ================================================================================ php-pecl-zip-1.13.3-1.fc24 (FEDORA-2016-79ac80a0d5) A ZIP archive management extension -------------------------------------------------------------------------------- Update Information: **Version 1.13.3** - Fixed bug php#71923 (integer overflow in ZipArchive::getFrom*). (CVE-2016-3078) (Stas) - Fixed bug php#72258 (ZipArchive converts filenames to unrecoverable form). (Anatol) - Fixed bug php#72434 (ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize). (Dmitry) -------------------------------------------------------------------------------- ================================================================================ php-zendframework-zend-validator-2.8.1-1.fc24 (FEDORA-2016-18a994698a) Zend Framework Validator component -------------------------------------------------------------------------------- Update Information: **zend-validator2.8.1** - 2016-06-23 - [#92](https://github.com/zendframework /zend-validator/pull/92) adds message templates to the `ExcludeMimeType` validator, to allow differentiating validation error messages from the `MimeType` validator. -------------------------------------------------------------------------------- ================================================================================ pidgin-2.11.0-1.fc24 (FEDORA-2016-1154e4ee1c) A Gtk+ based multiprotocol instant messaging client -------------------------------------------------------------------------------- Update Information: Update to 2.11.0 (#1348545) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1348545 - pidgin-2.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1348545 -------------------------------------------------------------------------------- ================================================================================ python-matplotlib-1.5.2-0.1.rc2.fc24 (FEDORA-2016-50c1adda5a) Python 2D plotting library -------------------------------------------------------------------------------- Update Information: This is the latest release candidate in the stable 1.5.x series, which includes an overhaul of the Tk linking to enable manylinux wheels. python-six has been unbundled in favor of the (newer) system version and a couple of upstream patches have been backported. Also, the test suite is now executed as part of the build process. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1336740 - python-matplotlib bundles python-six 1.9.0 which tries to import winreg module and fails https://bugzilla.redhat.com/show_bug.cgi?id=1336740 -------------------------------------------------------------------------------- ================================================================================ python-represent-1.5.1-1.fc24 (FEDORA-2016-e750a8e708) Create __repr__ automatically or declaratively -------------------------------------------------------------------------------- Update Information: A Python package which creates __repr__ automatically or declaratively. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1348207 - Review Request: python-represent - create __repr__ automatically or declaratively https://bugzilla.redhat.com/show_bug.cgi?id=1348207 -------------------------------------------------------------------------------- ================================================================================ python-sphinxcontrib-spelling-2.1.2-1.fc24 (FEDORA-2016-00f7684349) A spelling checker for Sphinx-based documentation -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1347006 - Review Request: python-sphinxcontrib-spelling - A spelling checker for Sphinx-based documentation https://bugzilla.redhat.com/show_bug.cgi?id=1347006 -------------------------------------------------------------------------------- ================================================================================ suricata-3.1-1.fc24 (FEDORA-2016-820ff73ed7) Intrusion Detection System -------------------------------------------------------------------------------- Update Information: New upstream bugfix release. -------------------------------------------------------------------------------- ================================================================================ zanata-api-3.9.1-1.fc24 (FEDORA-2016-f25cfdfad1) Zanata API modules -------------------------------------------------------------------------------- Update Information: - Upstream update to version 3.9.1 -------------------------------------------------------------------------------- ================================================================================ zanata-common-3.9.1-1.fc24 (FEDORA-2016-2ba6d32541) Zanata common modules -------------------------------------------------------------------------------- Update Information: - Upstream update to version 3.9.1 - Add BuildRequires findbugs and mvn(org.jboss.resteasy:resteasy-bom:pom:) -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
