The following Fedora 24 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4738cb1a2c mingw-gnutls-3.4.14-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4701636a74 breeze-icon-theme-5.24.0-1.fc24 extra-cmake-modules-5.24.0-1.fc24 kf5-5.24.0-1.fc24 kf5-attica-5.24.0-1.fc24 kf5-baloo-5.24.0-1.fc24 kf5-bluez-qt-5.24.0-1.fc24 kf5-frameworkintegration-5.24.0-1.fc24 kf5-kactivities-5.24.0-1.fc24 kf5-kactivities-stats-5.24.0-1.fc24 kf5-kapidox-5.24.0-1.fc24 kf5-karchive-5.24.0-1.fc24 kf5-kauth-5.24.0-1.fc24 kf5-kbookmarks-5.24.0-1.fc24 kf5-kcmutils-5.24.0-1.fc24 kf5-kcodecs-5.24.0-1.fc24 kf5-kcompletion-5.24.0-1.fc24 kf5-kconfig-5.24.0-1.fc24 kf5-kconfigwidgets-5.24.0-1.fc24 kf5-kcoreaddons-5.24.0-1.fc24 kf5-kcrash-5.24.0-1.fc24 kf5-kdbusaddons-5.24.0-1.fc24 kf5-kdeclarative-5.24.0-1.fc24 kf5-kded-5.24.0-1.fc24 kf5-kdelibs4support-5.24.0-1.fc24 kf5-kdesignerplugin-5.24.0-1.fc24 kf5-kdesu-5.24.0-1.fc24 kf5-kdewebkit-5.24.0-1.fc24 kf5-kdnssd-5.24.0-1.fc24 kf5-kdoctools-5.24.0-1.fc24 kf5-kemoticons-5.24.0-1.fc24 kf5-kfilemetadata-5.24.0-1.fc24 kf5-kglobalaccel-5.24.0-1.fc24 kf5-kguiad dons-5.24.0-1.fc24 kf5-khtml-5.24.0-1.fc24 kf5-ki18n-5.24.0-1.fc24 kf5-kiconthemes-5.24.0-1.fc24 kf5-kidletime-5.24.0-1.fc24 kf5-kimageformats-5.24.0-1.fc24 kf5-kinit-5.24.0-1.fc24 kf5-kio-5.24.0-1.fc24 kf5-kitemmodels-5.24.0-1.fc24 kf5-kitemviews-5.24.0-1.fc24 kf5-kjobwidgets-5.24.0-1.fc24 kf5-kjs-5.24.0-1.fc24 kf5-kjsembed-5.24.0-1.fc24 kf5-kmediaplayer-5.24.0-1.fc24 kf5-knewstuff-5.24.0-1.fc24 kf5-knotifications-5.24.0-1.fc24 kf5-knotifyconfig-5.24.0-1.fc24 kf5-kpackage-5.24.0-1.fc24 kf5-kparts-5.24.0-1.fc24 kf5-kpeople-5.24.0-1.fc24 kf5-kplotting-5.24.0-1.fc24 kf5-kpty-5.24.0-1.fc24 kf5-kross-5.24.0-1.fc24 kf5-krunner-5.24.0-1.fc24 kf5-kservice-5.24.0-1.fc24 kf5-ktexteditor-5.24.0-1.fc24 kf5-ktextwidgets-5.24.0-1.fc24 kf5-kunitconversion-5.24.0-1.fc24 kf5-kwallet-5.24.0-1.fc24 kf5-kwayland-5.24.0-1.fc24 kf5-kwidgetsaddons-5.24.0-1.fc24 kf5-kwindowsystem-5.24.0-1.fc24 kf5-kxmlgui-5.24.0-1.fc24 kf5-kxmlrpcclient-5.24.0-1.fc24 kf5-modemmanager-qt-5.24.0-1.fc24 kf5-networkmanager-qt -5.24.0-1.fc24 kf5-plasma-5.24.0-1.fc24 kf5-solid-5.24.0-1.fc24 kf5-sonnet-5.24.0-1.fc24 kf5-threadweaver-5.24.0-1.fc24 oxygen-icon-theme-5.24.0-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7440fa5ce2 openssh-7.2p2-10.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4373f7d32a pulp-2.8.6-1.fc24 pulp-docker-2.0.2-1.fc24 pulp-ostree-1.1.2-1.fc24 pulp-puppet-2.8.6-1.fc24 pulp-python-1.1.2-1.fc24 pulp-rpm-2.8.6-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4e7db3d437 php-guzzlehttp-guzzle6-6.2.1-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9fd9bfab9e httpd-2.4.23-4.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-341c83dbd3 gsi-openssh-7.2p2-6.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-aef8a45afe php-guzzlehttp-guzzle-5.3.1-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-65cc608ebe libvirt-1.3.3.2-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2a33a2c9df glpi-0.90.4-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7527145931 ca-certificates-2016.2.8-1.0.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8aabc73dbf xorg-x11-drv-intel-2.99.917-24.20160712.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7440fa5ce2 openssh-7.2p2-10.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-62bf019d71 thunderbird-45.2.0-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7527145931 ca-certificates-2016.2.8-1.0.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-03e5b363ac ncurses-6.0-6.20160709.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-57644ed626 abrt-2.8.2-1.fc24 libreport-2.7.2-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-17d7436e77 koji-1.10.1-10.fc24 The following builds have been pushed to Fedora 24 updates-testing abrt-2.8.2-1.fc24 bacula-7.4.3-1.fc24 bacula-docs-7.4.3-1.fc24 ca-certificates-2016.2.8-1.0.fc24 clufter-0.58.0-1.fc24 composer-1.2.0-1.fc24 glpi-0.90.4-1.fc24 gsi-openssh-7.2p2-6.fc24 gtkd-3.2.2-3.fc24 httpd-2.4.23-4.fc24 jboss-ejb-3.2-api-1.0.0-1.fc24 jboss-invocation-1.4.1-1.fc24 jboss-jsp-2.3-api-1.0.1-1.fc24 jboss-msc-1.2.6-1.fc24 jboss-remoting-4.0.18-1.fc24 koji-1.10.1-10.fc24 libreport-2.7.2-1.fc24 libvirt-1.3.3.2-1.fc24 lighttpd-1.4.40-1.fc24 metamath-0.132-1.fc24 ming-0.4.7-1.fc24 ncurses-6.0-6.20160709.fc24 nettle-3.2-3.fc24 netty-xnio-transport-0.1.1-1.fc24 owl-lisp-0.1.12-1.fc24 pagure-2.3.3-1.fc24 pgadmin3-1.22.1-2.fc24 php-guzzlehttp-guzzle-5.3.1-1.fc24 php-guzzlehttp-guzzle6-6.2.1-1.fc24 php-league-flysystem-1.0.25-1.fc24 php-mikey179-vfsstream-1.6.4-1.fc24 php-pecl-mongodb-1.1.8-3.fc24 pulp-2.8.6-1.fc24 pulp-docker-2.0.2-1.fc24 pulp-ostree-1.1.2-1.fc24 pulp-puppet-2.8.6-1.fc24 pulp-python-1.1.2-1.fc24 pulp-rpm-2.8.6-1.fc24 python-numexpr-2.6.1-1.fc24 qgnomeplatform-0.2-9.20160718git.fc24 root-6.06.06-2.fc24 rubygem-github-linguist-4.8.8-1.fc24 sc-7.16-4.fc24 shotwell-0.23.2-1.fc24 tcsh-6.19.00-10.fc24 testcloud-0.1.9-1.fc24 tuned-2.7.0-1.fc24 undertow-1.3.19-2.fc24 xorg-x11-drv-libinput-0.19.0-2.fc24 Details about builds: ================================================================================ abrt-2.8.2-1.fc24 (FEDORA-2016-57644ed626) Automatic bug detection and reporting tool -------------------------------------------------------------------------------- Update Information: ABRT ==== - Translation updates - Allow selinux to be optional at build time - vmcore: fix finding partitions by UUID and LABEL - a-a-install-debuginfo: Exception may not have an argument errno - Add ARM specific oops backtrace processing. - Add oops processing for kernel panics caused by hung tasks. - Resolves: #1341305 libreport ====== - Translation updates - do not create reproducible if complex_detail == no - dd: do not log missing uid file when creating new dump dir - build: update searched pkg names for systemd -------------------------------------------------------------------------------- References: [ 1 ] Bug #1341305 - [abrt] abrt-addon-ccpp: abrt-action-install-debuginfo:244:<module>:AttributeError: 'TypeError' object has no attribute 'errno' https://bugzilla.redhat.com/show_bug.cgi?id=1341305 -------------------------------------------------------------------------------- ================================================================================ bacula-7.4.3-1.fc24 (FEDORA-2016-6105a01a1b) Cross platform network backup for Linux, Unix, Mac and Windows -------------------------------------------------------------------------------- Update Information: 7.4.3 -------------------------------------------------------------------------------- ================================================================================ bacula-docs-7.4.3-1.fc24 (FEDORA-2016-6105a01a1b) Bacula documentation -------------------------------------------------------------------------------- Update Information: 7.4.3 -------------------------------------------------------------------------------- ================================================================================ ca-certificates-2016.2.8-1.0.fc24 (FEDORA-2016-7527145931) The Mozilla CA root certificate bundle -------------------------------------------------------------------------------- Update Information: This is an update to the Mozilla CA certificates list version 2.8, which has been published as part of Mozilla NSS 3.25. As in previous versions of the ca- certificates package, the CA list has been modified to keep several legacy CAs still trusted for compatibility reasons. Please refer to https://fedoraproject.org/wiki/CA-Certificates for details. If you prefer to use the unchanged list provided by Mozilla, and if you accept any compatibility issues it may cause, an administrator may configure the system by executing the "ca-legacy disable" command. Please refer to the manual page of the ca-legacy command for additional details. -------------------------------------------------------------------------------- ================================================================================ clufter-0.58.0-1.fc24 (FEDORA-2016-38a24a7b2e) Tool/library for transforming/analyzing cluster configuration formats -------------------------------------------------------------------------------- Update Information: - bump upstream package, see https://pagure.io/clufter/releases -------------------------------------------------------------------------------- ================================================================================ composer-1.2.0-1.fc24 (FEDORA-2016-67ecf2a5ca) Dependency Manager for PHP -------------------------------------------------------------------------------- Update Information: **Version 1.2.0** - 2016-07-19 * Security: Fixed [httpoxy](https://httpoxy.org/) vulnerability * Fixed `home` command to avoid rogue output on unix * Fixed output of git clones to clearly state when clones are from cache * Added caching of git repositories if you have git 2.3+ installed. Repositories will now be cached once and then cloned from local cache so subsequent installs should be faster * Added detection of HEAD changes to the `status` command. If you `git checkout X` in a vendor directory for example it will tell you that it is not at the version that was installed * Added a virtual `php-ipv6` extension to require PHP compiled with IPv6 support * Added `--no-suggest` to `install` and `update` commands to skip output of suggestions at the end * Added `--type` to the `search` command to restrict to a given package type * Added fossil support as alternative to git/svn/.. for package downloads * Improved BitBucket OAuth support * Added support for blocking cache operations using COMPOSER_CACHE_DIR=/dev/null (or NUL on windows) * Added support for using declare(strict_types=1) in plugins * Added `--prefer- stable` and `--prefer-lowest` to the `require` command * Added `--no-scripts` to the `require` and `remove` commands * Added `_comment` top level key to the schema to endorse using it as a place to store comments (it can be a string or array of strings) * Added support for justinrainbow/json-schema 2.0 * Fixed binaries not being re-installed if deleted by users or the bin-dir changes. `update` and `install` will now re-install them * Many minor UX and docs improvements -------------------------------------------------------------------------------- ================================================================================ glpi-0.90.4-1.fc24 (FEDORA-2016-2a33a2c9df) Free IT asset management software -------------------------------------------------------------------------------- Update Information: **Version 0.90.4** Important fixes : * security update to prevent vulnerabilities in ajax files * loading of user pictures with ldap_mass_sync script * users of parent entities are now displayed in sub entities (in read only) * better html clean of collected tickets * deletion of ticket's documents * deletion of bookmarks in self-service See [changelog](https://github.com/glpi-project/glpi/issues?q=milestone:0.90.4) for more and details -------------------------------------------------------------------------------- ================================================================================ gsi-openssh-7.2p2-6.fc24 (FEDORA-2016-341c83dbd3) An implementation of the SSH protocol with GSI authentication -------------------------------------------------------------------------------- Update Information: Synch with openssh package -------------------------------------------------------------------------------- ================================================================================ gtkd-3.2.2-3.fc24 (FEDORA-2016-e8eba6aeee) D binding and OO wrapper of GTK+ -------------------------------------------------------------------------------- Update Information: Remove bogus glade3 dependency -------------------------------------------------------------------------------- References: [ 1 ] Bug #1294369 - gtkd has several incorrect Requires https://bugzilla.redhat.com/show_bug.cgi?id=1294369 -------------------------------------------------------------------------------- ================================================================================ httpd-2.4.23-4.fc24 (FEDORA-2016-9fd9bfab9e) Apache HTTP Server -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-5387 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1353755 - CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header https://bugzilla.redhat.com/show_bug.cgi?id=1353755 -------------------------------------------------------------------------------- ================================================================================ jboss-ejb-3.2-api-1.0.0-1.fc24 (FEDORA-2016-4a7e8ae7cf) Enterprise JavaBeans 3.2 API -------------------------------------------------------------------------------- Update Information: update to 1.0.0.Final -------------------------------------------------------------------------------- ================================================================================ jboss-invocation-1.4.1-1.fc24 (FEDORA-2016-fdb7e880db) JBoss Invocation API -------------------------------------------------------------------------------- Update Information: update to 1.4.1.Final -------------------------------------------------------------------------------- ================================================================================ jboss-jsp-2.3-api-1.0.1-1.fc24 (FEDORA-2016-5544c81e12) JavaServer Pages 2.3 API (JSP) -------------------------------------------------------------------------------- Update Information: update to 1.0.1.Final -------------------------------------------------------------------------------- ================================================================================ jboss-msc-1.2.6-1.fc24 (FEDORA-2016-ac0ef58617) JBoss Modular Service Container -------------------------------------------------------------------------------- Update Information: update to 1.2.6.Final -------------------------------------------------------------------------------- ================================================================================ jboss-remoting-4.0.18-1.fc24 (FEDORA-2016-b41d31a5f4) JBoss Remoting -------------------------------------------------------------------------------- Update Information: update to 4.0.18.Final -------------------------------------------------------------------------------- ================================================================================ koji-1.10.1-10.fc24 (FEDORA-2016-17d7436e77) Build system tools -------------------------------------------------------------------------------- Update Information: update to git master upstream, add lmc cosmetic fixes add patch to disable login in koji-web add patch to enable dns in runroot chroots ---- update to git master upstream, add lmc cosmetic fixes add patch to disable login in koji-web -------------------------------------------------------------------------------- ================================================================================ libreport-2.7.2-1.fc24 (FEDORA-2016-57644ed626) Generic library for reporting various problems -------------------------------------------------------------------------------- Update Information: ABRT ==== - Translation updates - Allow selinux to be optional at build time - vmcore: fix finding partitions by UUID and LABEL - a-a-install-debuginfo: Exception may not have an argument errno - Add ARM specific oops backtrace processing. - Add oops processing for kernel panics caused by hung tasks. - Resolves: #1341305 libreport ====== - Translation updates - do not create reproducible if complex_detail == no - dd: do not log missing uid file when creating new dump dir - build: update searched pkg names for systemd -------------------------------------------------------------------------------- References: [ 1 ] Bug #1341305 - [abrt] abrt-addon-ccpp: abrt-action-install-debuginfo:244:<module>:AttributeError: 'TypeError' object has no attribute 'errno' https://bugzilla.redhat.com/show_bug.cgi?id=1341305 -------------------------------------------------------------------------------- ================================================================================ libvirt-1.3.3.2-1.fc24 (FEDORA-2016-65cc608ebe) Library providing a simple virtualization API -------------------------------------------------------------------------------- Update Information: * Rebased to version 1.3.3.2 * Fix xen default video device config (bz #1336629) * Don't reject duplicate disk serials (bz #1349895) * Fix LXC cgroup name mismatch (bz #1350139) * Fix managed save/restore with VM USB Keyboard (bz #1353222) * Missing dep on systemd-container (bz #1355784) * CVE-2016-5008: Setting empty VNC password allows access to unauthorized users (bz #1351516) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1351514 - CVE-2016-5008 libvirt: Setting empty VNC password allows access to unauthorized users https://bugzilla.redhat.com/show_bug.cgi?id=1351514 -------------------------------------------------------------------------------- ================================================================================ lighttpd-1.4.40-1.fc24 (FEDORA-2016-84000b80ce) Lightning fast webserver with light system requirements -------------------------------------------------------------------------------- Update Information: 1.4.40 https://www.lighttpd.net/2016/7/16/1.4.40/ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1357238 - lighttpd-1.4.40 is available https://bugzilla.redhat.com/show_bug.cgi?id=1357238 -------------------------------------------------------------------------------- ================================================================================ metamath-0.132-1.fc24 (FEDORA-2016-837089497d) Construct mathematics from basic axioms -------------------------------------------------------------------------------- Update Information: Changes in version 0.132: - Change "restricted" to "discouraged" to match set.mm markup tags; add SET DISCOURAGEMENT OFF|ON (default ON) to turn off blocking for convenience of advanced users -------------------------------------------------------------------------------- References: [ 1 ] Bug #1357710 - metamath-0.132 is available https://bugzilla.redhat.com/show_bug.cgi?id=1357710 -------------------------------------------------------------------------------- ================================================================================ ming-0.4.7-1.fc24 (FEDORA-2016-3b68df262a) A library for generating Macromedia Flash files -------------------------------------------------------------------------------- Update Information: >From upstream changelog: * Restore support for giflib 4.1.x * Add support for building against giflib 5.1.1+ (PR #47). * Fix support for bison 2.6+ (Issue #38, PR #40). * Fix possible buffer overflow in makeswf * Change php bindings license from PHP to LGPL-2.1+ (Issue #42) * Fix build of python binding with libgif (rather than libungif) -------------------------------------------------------------------------------- ================================================================================ ncurses-6.0-6.20160709.fc24 (FEDORA-2016-03e5b363ac) Ncurses support utilities -------------------------------------------------------------------------------- Update Information: Update to the latest ncurses version, which fixes several bugs. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1355914 - aspell crashes on terminal resize https://bugzilla.redhat.com/show_bug.cgi?id=1355914 -------------------------------------------------------------------------------- ================================================================================ nettle-3.2-3.fc24 (FEDORA-2016-592c36ab2d) A low-level cryptographic library -------------------------------------------------------------------------------- Update Information: Backported a fix for more cache silence on RSA and DSA. -------------------------------------------------------------------------------- ================================================================================ netty-xnio-transport-0.1.1-1.fc24 (FEDORA-2016-897a3d4c72) Netty Transport powered by XNIO -------------------------------------------------------------------------------- Update Information: updated to 0.1.1.Final -------------------------------------------------------------------------------- ================================================================================ owl-lisp-0.1.12-1.fc24 (FEDORA-2016-56a2735bc3) Owl Lisp is a purely functional dialect of Scheme -------------------------------------------------------------------------------- Update Information: Update owl-lisp to v0.1.12 -------------------------------------------------------------------------------- ================================================================================ pagure-2.3.3-1.fc24 (FEDORA-2016-3a158dd572) A git-centered forge -------------------------------------------------------------------------------- Update Information: Update to 2.3.3 Be sure to read UPGRADING.rst -------------------------------------------------------------------------------- ================================================================================ pgadmin3-1.22.1-2.fc24 (FEDORA-2016-b790e4139a) Graphical client for PostgreSQL -------------------------------------------------------------------------------- Update Information: Compile with --no-delete-null-pointer-checks, bz#1335043 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1335043 - [abrt] pgadmin3: pgConn::GetStatus(): pgadmin3 killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1335043 -------------------------------------------------------------------------------- ================================================================================ php-guzzlehttp-guzzle-5.3.1-1.fc24 (FEDORA-2016-aef8a45afe) PHP HTTP client and webservice framework -------------------------------------------------------------------------------- Update Information: ## 5.3.1 - 2016-07-18 * Address HTTP_PROXY security vulnerability, CVE-2016-5385: https://httpoxy.org/ * Event name fix: https://github.com/guzzle/guzzle/commit/fcae91ff31de41e312fe113ec3acbcda31b2622e * Response header case sensitivity fix: https://github.com/guzzle/guzzle/commit/043eeadf20ee40ddc6712faee4d3957a91f2b041 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1357580 - php-guzzlehttp-guzzle-5.3.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1357580 -------------------------------------------------------------------------------- ================================================================================ php-guzzlehttp-guzzle6-6.2.1-1.fc24 (FEDORA-2016-4e7db3d437) PHP HTTP client library -------------------------------------------------------------------------------- Update Information: ## 6.2.1 - 2016-07-18 * Address HTTP_PROXY security vulnerability, CVE-2016-5385: https://httpoxy.org/ * Fixing timeout bug with StreamHandler: https://github.com/guzzle/guzzle/pull/1488 * Only read up to `Content-Length` in PHP StreamHandler to avoid timeouts when a server does not honor `Connection: close`. * Ignore URI fragment when sending requests. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1357582 - php-guzzlehttp-guzzle6-6.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1357582 -------------------------------------------------------------------------------- ================================================================================ php-league-flysystem-1.0.25-1.fc24 (FEDORA-2016-8633920e2a) Filesystem abstraction: Many filesystems, one API -------------------------------------------------------------------------------- Update Information: **Version 1.0.25** - 2016-07-18 * [Local\Ftp] Streams opened with `fopen` now open in binary mode, which is better on Windows environments. -------------------------------------------------------------------------------- ================================================================================ php-mikey179-vfsstream-1.6.4-1.fc24 (FEDORA-2016-49e9d7b7e9) PHP stream wrapper for a virtual file system -------------------------------------------------------------------------------- Update Information: **Version 1.6.4** (2016-07-18) * fixed #134 type safe directory names, reported and fixed by Sebastian Hopfe -------------------------------------------------------------------------------- ================================================================================ php-pecl-mongodb-1.1.8-3.fc24 (FEDORA-2016-b855865eef) MongoDB driver for PHP -------------------------------------------------------------------------------- Update Information: The purpose of this driver is to provide exceptionally thin glue between MongoDB and PHP, implementing only fundemental and performance-critical components necessary to build a fully-functional MongoDB driver. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1269056 - Review Request: php-pecl-mongodb - MongoDB driver for PHP https://bugzilla.redhat.com/show_bug.cgi?id=1269056 -------------------------------------------------------------------------------- ================================================================================ pulp-2.8.6-1.fc24 (FEDORA-2016-4373f7d32a) An application for managing software repositories -------------------------------------------------------------------------------- Update Information: 2.8.6 is a security and bugfix release. Included in the list of fixed issues in 2.8.5 are two CVEs: CVE-2016-3696: Leakage of CA key in pulp-qpid-ssl-cfg CVE-2016-3704: Unsafe use of bash $RANDOM for NSS DB password and seed Several issues with database migrations are also addressed in this release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1330264 - CVE-2016-3704 Pulp: Unsafe use of bash $RANDOM for NSS DB password and seed https://bugzilla.redhat.com/show_bug.cgi?id=1330264 [ 2 ] Bug #1328930 - CVE-2016-3696 pulp: Leakage of CA key in pulp-qpid-ssl-cfg https://bugzilla.redhat.com/show_bug.cgi?id=1328930 -------------------------------------------------------------------------------- ================================================================================ pulp-docker-2.0.2-1.fc24 (FEDORA-2016-4373f7d32a) Support for Docker content in the Pulp platform -------------------------------------------------------------------------------- Update Information: 2.8.6 is a security and bugfix release. Included in the list of fixed issues in 2.8.5 are two CVEs: CVE-2016-3696: Leakage of CA key in pulp-qpid-ssl-cfg CVE-2016-3704: Unsafe use of bash $RANDOM for NSS DB password and seed Several issues with database migrations are also addressed in this release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1330264 - CVE-2016-3704 Pulp: Unsafe use of bash $RANDOM for NSS DB password and seed https://bugzilla.redhat.com/show_bug.cgi?id=1330264 [ 2 ] Bug #1328930 - CVE-2016-3696 pulp: Leakage of CA key in pulp-qpid-ssl-cfg https://bugzilla.redhat.com/show_bug.cgi?id=1328930 -------------------------------------------------------------------------------- ================================================================================ pulp-ostree-1.1.2-1.fc24 (FEDORA-2016-4373f7d32a) Support for OSTree content in the Pulp platform -------------------------------------------------------------------------------- Update Information: 2.8.6 is a security and bugfix release. Included in the list of fixed issues in 2.8.5 are two CVEs: CVE-2016-3696: Leakage of CA key in pulp-qpid-ssl-cfg CVE-2016-3704: Unsafe use of bash $RANDOM for NSS DB password and seed Several issues with database migrations are also addressed in this release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1330264 - CVE-2016-3704 Pulp: Unsafe use of bash $RANDOM for NSS DB password and seed https://bugzilla.redhat.com/show_bug.cgi?id=1330264 [ 2 ] Bug #1328930 - CVE-2016-3696 pulp: Leakage of CA key in pulp-qpid-ssl-cfg https://bugzilla.redhat.com/show_bug.cgi?id=1328930 -------------------------------------------------------------------------------- ================================================================================ pulp-puppet-2.8.6-1.fc24 (FEDORA-2016-4373f7d32a) Support for Puppet content in the Pulp Platform -------------------------------------------------------------------------------- Update Information: 2.8.6 is a security and bugfix release. Included in the list of fixed issues in 2.8.5 are two CVEs: CVE-2016-3696: Leakage of CA key in pulp-qpid-ssl-cfg CVE-2016-3704: Unsafe use of bash $RANDOM for NSS DB password and seed Several issues with database migrations are also addressed in this release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1330264 - CVE-2016-3704 Pulp: Unsafe use of bash $RANDOM for NSS DB password and seed https://bugzilla.redhat.com/show_bug.cgi?id=1330264 [ 2 ] Bug #1328930 - CVE-2016-3696 pulp: Leakage of CA key in pulp-qpid-ssl-cfg https://bugzilla.redhat.com/show_bug.cgi?id=1328930 -------------------------------------------------------------------------------- ================================================================================ pulp-python-1.1.2-1.fc24 (FEDORA-2016-4373f7d32a) Support for Python content in the Pulp platform -------------------------------------------------------------------------------- Update Information: 2.8.6 is a security and bugfix release. Included in the list of fixed issues in 2.8.5 are two CVEs: CVE-2016-3696: Leakage of CA key in pulp-qpid-ssl-cfg CVE-2016-3704: Unsafe use of bash $RANDOM for NSS DB password and seed Several issues with database migrations are also addressed in this release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1330264 - CVE-2016-3704 Pulp: Unsafe use of bash $RANDOM for NSS DB password and seed https://bugzilla.redhat.com/show_bug.cgi?id=1330264 [ 2 ] Bug #1328930 - CVE-2016-3696 pulp: Leakage of CA key in pulp-qpid-ssl-cfg https://bugzilla.redhat.com/show_bug.cgi?id=1328930 -------------------------------------------------------------------------------- ================================================================================ pulp-rpm-2.8.6-1.fc24 (FEDORA-2016-4373f7d32a) Support for RPM content in the Pulp platform -------------------------------------------------------------------------------- Update Information: 2.8.6 is a security and bugfix release. Included in the list of fixed issues in 2.8.5 are two CVEs: CVE-2016-3696: Leakage of CA key in pulp-qpid-ssl-cfg CVE-2016-3704: Unsafe use of bash $RANDOM for NSS DB password and seed Several issues with database migrations are also addressed in this release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1330264 - CVE-2016-3704 Pulp: Unsafe use of bash $RANDOM for NSS DB password and seed https://bugzilla.redhat.com/show_bug.cgi?id=1330264 [ 2 ] Bug #1328930 - CVE-2016-3696 pulp: Leakage of CA key in pulp-qpid-ssl-cfg https://bugzilla.redhat.com/show_bug.cgi?id=1328930 -------------------------------------------------------------------------------- ================================================================================ python-numexpr-2.6.1-1.fc24 (FEDORA-2016-deb9878d0b) Fast numerical array expression evaluator for Python and NumPy -------------------------------------------------------------------------------- Update Information: Fix a performance regression with a better value for BLOCK_SIZE1. -------------------------------------------------------------------------------- ================================================================================ qgnomeplatform-0.2-9.20160718git.fc24 (FEDORA-2016-ee12b70c69) Qt Platform Theme aimed to accommodate Gnome settings -------------------------------------------------------------------------------- Update Information: Drop dependency on GDM. Fix not working dialogs. -------------------------------------------------------------------------------- ================================================================================ root-6.06.06-2.fc24 (FEDORA-2016-68a83da0f9) Numerical data analysis framework -------------------------------------------------------------------------------- Update Information: Add dependency on redhat-rpm-config -------------------------------------------------------------------------------- References: [ 1 ] Bug #1357279 - redhat-rpm-config not listed as a dependency https://bugzilla.redhat.com/show_bug.cgi?id=1357279 -------------------------------------------------------------------------------- ================================================================================ rubygem-github-linguist-4.8.8-1.fc24 (FEDORA-2016-6563158d8f) GitHub Language detection -------------------------------------------------------------------------------- Update Information: New upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1356749 - rubygem-github-linguist-v4.8.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1356749 -------------------------------------------------------------------------------- ================================================================================ sc-7.16-4.fc24 (FEDORA-2016-002a8a5386) Spreadsheet Calculator -------------------------------------------------------------------------------- Update Information: This update fixes a problem with "sc" that was causing it to display the message "Weird character," take up 100% CPU and ignore multi-keystroke commands. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1357902 - application sc spreadsheet does not function e.g. help and copy/paste/insert/delete all fail https://bugzilla.redhat.com/show_bug.cgi?id=1357902 -------------------------------------------------------------------------------- ================================================================================ shotwell-0.23.2-1.fc24 (FEDORA-2016-3e984ce2a0) A photo organizer for the GNOME desktop -------------------------------------------------------------------------------- Update Information: #### Shotwell 0.23.2 - 20 Jun 2016 #### * Use yelp-build to generate HTML docs * Remove gphoto-2.4 support * Fix background color drawing (#766864) * Port GtkNotebook to GtkStack (#744289) * Fix missing scroll bars in events (#766864) * Fix URLs in manpage * Clean up external functions * Port librest's internal hmac_sha1 implementation to Vala * Fix multiplication of symbols in plugins * Request "popup" login in Facebook * Update help regarding publishing permissions in Facebook (#766919) * Add source SVG for new app icons * Update logo for help * Remove executable flag on images * Piwigo: Let libsoup parse the cookie * Remove string utility functions in publishing plugins * Remove a libgee work- around, bump to 0.10 minimum version * Make filter toolbar buttons contain text and image * Move commonly used functions into shared library to prevent multiple definition of symbols -------------------------------------------------------------------------------- ================================================================================ tcsh-6.19.00-10.fc24 (FEDORA-2016-e6666b3570) An enhanced version of csh, the C shell -------------------------------------------------------------------------------- Update Information: Doing these steps in TCSH: > 1. cd ~ > 2. set prompt="%~\n%%" > 3. ctrl-p, ctrl-u Now correctly produces: > ~ > % -------------------------------------------------------------------------------- References: [ 1 ] Bug #1351056 - Multi-line prompt is not treated correctly in command line editing https://bugzilla.redhat.com/show_bug.cgi?id=1351056 -------------------------------------------------------------------------------- ================================================================================ testcloud-0.1.9-1.fc24 (FEDORA-2016-4c7e219434) Tool for running cloud images locally -------------------------------------------------------------------------------- Update Information: - upstream 0.1.9 release - "destroy" commands renamed to "remove" - "instance remove" now supports "--force" - new "instance reboot" command - no more crashes when stopping an already stopped instance - option to automatically stop an instance during remove (API) -------------------------------------------------------------------------------- ================================================================================ tuned-2.7.0-1.fc24 (FEDORA-2016-327cccfbae) A dynamic adaptive system tuning daemon -------------------------------------------------------------------------------- Update Information: This is new version of Tuned fixing many bugs and also introducing new features, for details see upstream changelog: https://fedorahosted.org/tuned/#Changelog -------------------------------------------------------------------------------- References: [ 1 ] Bug #1095142 - Tuned should use polkit instead of dbus policy https://bugzilla.redhat.com/show_bug.cgi?id=1095142 [ 2 ] Bug #1246992 - tuned doesnt honor devices specified when setting alpm policy https://bugzilla.redhat.com/show_bug.cgi?id=1246992 [ 3 ] Bug #1351937 - fix conditional support for grub2 in RPM post scriplets https://bugzilla.redhat.com/show_bug.cgi?id=1351937 [ 4 ] Bug #1356369 - tuned-gui: After installing the tuned-gtk package a launcher is not generated (*.desktop) https://bugzilla.redhat.com/show_bug.cgi?id=1356369 -------------------------------------------------------------------------------- ================================================================================ undertow-1.3.19-2.fc24 (FEDORA-2016-c3f255ae10) Java web server using non-blocking IO -------------------------------------------------------------------------------- Update Information: Update to 1.3.19.Final -------------------------------------------------------------------------------- References: [ 1 ] Bug #1194622 - undertow: Upgrade to 1.3.19.Final https://bugzilla.redhat.com/show_bug.cgi?id=1194622 -------------------------------------------------------------------------------- ================================================================================ xorg-x11-drv-libinput-0.19.0-2.fc24 (FEDORA-2016-9998c0789a) Xorg X11 libinput input driver -------------------------------------------------------------------------------- Update Information: Restore the previous sort order for libinput vs synaptics, unintentionally chnaged in the 0.19 update -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
