The following Fedora 24 Security updates need testing: Age URL 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4373f7d32a pulp-2.8.6-1.fc24 pulp-docker-2.0.2-1.fc24 pulp-ostree-1.1.2-1.fc24 pulp-puppet-2.8.6-1.fc24 pulp-python-1.1.2-1.fc24 pulp-rpm-2.8.6-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4e7db3d437 php-guzzlehttp-guzzle6-6.2.1-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-341c83dbd3 gsi-openssh-7.2p2-6.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-aef8a45afe php-guzzlehttp-guzzle-5.3.1-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2a33a2c9df glpi-0.90.4-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c580100c89 libarchive-3.2.1-3.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ea5e284d34 golang-1.6.3-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fff25f75b4 drupal7-views-3.14-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8eb11666aa php-5.6.24-2.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3af39b1fcb php-pecl-zip-1.13.4-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bdb86fbc7d pbuilder-0.225.2-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b7e31a0b9a python-django-1.9.8-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3f93ead5b moin-1.9.8-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-615f3bf06e gd-2.2.3-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-42514bee97 libidn-1.33-1.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8aabc73dbf xorg-x11-drv-intel-2.99.917-24.20160712.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-03e5b363ac ncurses-6.0-6.20160709.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3d13b330a gnupg2-2.1.13-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-73121ec768 libassuan-2.4.3-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a07fb35131 libgpg-error-1.24-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5ac25856f0 nss-pem-1.0.2-2.fc24 nss-3.25.0-1.2.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-47bda25e7a systemd-229-9.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-64b6be0e07 libdrm-2.4.69-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-198d93bc53 gpgme-1.6.0-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c580100c89 libarchive-3.2.1-3.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-42514bee97 libidn-1.33-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ff5fc7ccaf policycoreutils-2.5-13.fc24 The following builds have been pushed to Fedora 24 updates-testing MUMPS-5.0.2-1.fc24 R-Rcpp-0.12.6-1.fc24 boinc-client-7.6.22-7.fc24 cockpit-0.115-1.fc24 edk2-20160418gita8c39ba-4.fc24 engauge-digitizer-9.0-1.fc24 gd-2.2.3-1.fc24 generic-jms-ra-1.0.7-1.fc24 gnome-shell-extension-openweather-1-0.20.20160722git4c98fe3.fc24 gnome-shell-extension-panel-osd-1-0.16.20160722git5897019.fc24 golang-github-mvo5-uboot-go-0-0.1.git361f6eb.fc24 libidn-1.33-1.fc24 lighttpd-1.4.40-3.fc24 linuxptp-1.7-1.fc24 mariadb-10.1.16-1.fc24 moin-1.9.8-1.fc24 nodejs-emojione-2.2.6-3.fc24 opendkim-2.10.3-6.fc24 perl-Net-CUPS-0.62-1.fc24 php-phpunit-PHPUnit-5.4.7-1.fc24 policycoreutils-2.5-13.fc24 python-rpmfluff-0.5-1.fc24 shotwell-0.23.4-1.fc24 systemtap-3.0-3.fc24 tomoe-gtk-0.6.0-25.fc24 tuned-2.7.0-2.fc24 vdr-epg-daemon-1.1.10-1.fc24 Details about builds: ================================================================================ MUMPS-5.0.2-1.fc24 (FEDORA-2016-80b08ac91a) A MUltifrontal Massively Parallel sparse direct Solver -------------------------------------------------------------------------------- Update Information: - Update to 5.0.2 -------------------------------------------------------------------------------- ================================================================================ R-Rcpp-0.12.6-1.fc24 (FEDORA-2016-d4d20acb1d) Seamless R and C++ Integration -------------------------------------------------------------------------------- Update Information: See https://cran.r-project.org/web/packages/Rcpp/news.html -------------------------------------------------------------------------------- ================================================================================ boinc-client-7.6.22-7.fc24 (FEDORA-2016-b7c5ba70ea) The BOINC client core -------------------------------------------------------------------------------- Update Information: while waiting for upstream fixing user idle time detection, old algorithm has been disabled due not working + triggering SELinux alerts -------------------------------------------------------------------------------- References: [ 1 ] Bug #1337607 - BOINC relies on running "stat /dev/input/" for idle detection time. This approach does not work and triggers SELinux alerts https://bugzilla.redhat.com/show_bug.cgi?id=1337607 -------------------------------------------------------------------------------- ================================================================================ cockpit-0.115-1.fc24 (FEDORA-2016-9195c4580f) A user interface for Linux servers -------------------------------------------------------------------------------- Update Information: - * Setup Docker container and image storage through the UI - * Use Webpack to build Cockpit UI packages - * Update the Cockpit Vagrant development box to use Fedora 24 ---- - .104 - * Network configuration of the Ethernet MTU - * Red Hat Subscriptions can now specify activation keys and orgs - * Start integration testing on CentOS - * SSH Host keys are show on system page - * Machine ID is shown on system page - * Show intelligent password score error messages ---- - * Show timer information for systemd timer jobs - * Use 'active-backup' as the default for new network bonds - * When changing system time check formats properly - * Hide the machine asset tag when no asset exists - * Disable the network on/off switch for unknown or unmanaged interfaces - * Show full string for system hardware info and operating system name -------------------------------------------------------------------------------- ================================================================================ edk2-20160418gita8c39ba-4.fc24 (FEDORA-2016-81d6aa06e1) EFI Development Kit II -------------------------------------------------------------------------------- Update Information: Also build for armv7. -------------------------------------------------------------------------------- ================================================================================ engauge-digitizer-9.0-1.fc24 (FEDORA-2016-d98a084d4e) Convert graphs or map files into numbers -------------------------------------------------------------------------------- Update Information: - Update to 9.0 -------------------------------------------------------------------------------- ================================================================================ gd-2.2.3-1.fc24 (FEDORA-2016-615f3bf06e) A graphics library for quick creation of PNG or JPEG images -------------------------------------------------------------------------------- Update Information: **LibGD 2.2.3 release** Security related fixes: This flaw is caused by loading data from external sources (file, custom ctx, etc) and are hard to validate before calling libgd APIs: * fix php bug php#72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766) * bug #248, fix Out-Of-Bounds Read in read_image_tga Using application provided parameters, in these cases invalid data causes the issues: * Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207) * fix php bug php#72494, invalid color index not handled, can lead to crash * improve color check for CropThreshold Important update: * gdImageCopyResampled has been improved. Better handling of images with alpha channel, also brings libgd in sync with php's bundled gd. This is a recommended update. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1356486 - gd: Out-of-bounds read in function read_image_tga in gd_tga.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1356486 [ 2 ] Bug #1356467 - CVE-2016-6214 gd: Buffer over-read issue when parsing crafted TGA file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1356467 [ 3 ] Bug #1352548 - CVE-2016-6132 gd: Buffer over-read issue when parsing crafted TGA file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1352548 [ 4 ] Bug #1351604 - CVE-2016-6128 gd: Invalid color index not properly handled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1351604 -------------------------------------------------------------------------------- ================================================================================ generic-jms-ra-1.0.7-1.fc24 (FEDORA-2016-8216e5c39a) Generic JMS JCA Resource Adapter for JBoss AS -------------------------------------------------------------------------------- Update Information: Update to 1.0.7.Final -------------------------------------------------------------------------------- References: [ 1 ] Bug #1357268 - generic-jms-ra-1.0.7.Final is available https://bugzilla.redhat.com/show_bug.cgi?id=1357268 -------------------------------------------------------------------------------- ================================================================================ gnome-shell-extension-openweather-1-0.20.20160722git4c98fe3.fc24 (FEDORA-2016-9f976f319c) Display weather information from many locations in the world -------------------------------------------------------------------------------- Update Information: Update po-files via Makefile with gettext instead of using update.js . Get rid of (mostly unmaintained) intltools. Make gsettings schema translatable. -------------------------------------------------------------------------------- ================================================================================ gnome-shell-extension-panel-osd-1-0.16.20160722git5897019.fc24 (FEDORA-2016-9c72c3c24c) Configure the place where notifications are shown -------------------------------------------------------------------------------- Update Information: Add polish translation. Make gsettings-schema translatable. ---- Fixes layout on multimonitor-systems or when using bottom-panel extensions. -------------------------------------------------------------------------------- ================================================================================ golang-github-mvo5-uboot-go-0-0.1.git361f6eb.fc24 (FEDORA-2016-c6820c54b1) Read/write uboot environment -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1358692 - Review Request: golang-github-mvo5-uboot-go - Read/write uboot environment https://bugzilla.redhat.com/show_bug.cgi?id=1358692 -------------------------------------------------------------------------------- ================================================================================ libidn-1.33-1.fc24 (FEDORA-2016-42514bee97) Internationalized Domain Name support library -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-6263, CVE-2015-8948, CVE-2016-6262, CVE-2016-6261 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1359145 - CVE-2016-6263 libidn: Crash when given invalid UTF-8 data on input https://bugzilla.redhat.com/show_bug.cgi?id=1359145 [ 2 ] Bug #1359141 - CVE-2015-8948 libidn: Out-of-bounds read due to use of fgets with fixed-size buffer https://bugzilla.redhat.com/show_bug.cgi?id=1359141 [ 3 ] Bug #1359138 - CVE-2016-6262 libidn: Out-of-bounds read when reading zero byte as input https://bugzilla.redhat.com/show_bug.cgi?id=1359138 [ 4 ] Bug #1359134 - CVE-2016-6261 libidn: Out of bounds stack read in idna_to_ascii_4i https://bugzilla.redhat.com/show_bug.cgi?id=1359134 -------------------------------------------------------------------------------- ================================================================================ lighttpd-1.4.40-3.fc24 (FEDORA-2016-74e231d100) Lightning fast webserver with light system requirements -------------------------------------------------------------------------------- Update Information: Connection state patch. -------------------------------------------------------------------------------- ================================================================================ linuxptp-1.7-1.fc24 (FEDORA-2016-0b5d8c6cea) PTP implementation for Linux -------------------------------------------------------------------------------- Update Information: Update to the latest upstream release. -------------------------------------------------------------------------------- ================================================================================ mariadb-10.1.16-1.fc24 (FEDORA-2016-084f825e7b) A community developed branch of MySQL -------------------------------------------------------------------------------- Update Information: Update to 10.1.16 ---- This update fixes potential issue in database initialization which could lead to removing unwanted data in some corner cases. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1335849 - MariaDB removes all databases! https://bugzilla.redhat.com/show_bug.cgi?id=1335849 -------------------------------------------------------------------------------- ================================================================================ moin-1.9.8-1.fc24 (FEDORA-2016-b3f93ead5b) MoinMoin is a WikiEngine to collaborate on easily editable web pages -------------------------------------------------------------------------------- Update Information: Update to 1.9.8 (RHBZ #1338003) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1338003 - RfE: Please upgrade to moin 1.9.8 https://bugzilla.redhat.com/show_bug.cgi?id=1338003 -------------------------------------------------------------------------------- ================================================================================ nodejs-emojione-2.2.6-3.fc24 (FEDORA-2016-afde6e2f05) EmojiOne is a complete set of emojis designed for the web -------------------------------------------------------------------------------- Update Information: This is a new package and will be used by ibus package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1350700 - Review Request: nodejs-emojione - Emoji One is a complete set of emojis designed for the web https://bugzilla.redhat.com/show_bug.cgi?id=1350700 -------------------------------------------------------------------------------- ================================================================================ opendkim-2.10.3-6.fc24 (FEDORA-2016-b58a6144d1) A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail -------------------------------------------------------------------------------- Update Information: Added patch for SourceForge Ticket #226 to fix a bad signature due to a wrapping From: field ---- Fixed OpenLDAP support for all versions except EL5 (required version not available). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1293279 - opendkim miss LDAP support https://bugzilla.redhat.com/show_bug.cgi?id=1293279 -------------------------------------------------------------------------------- ================================================================================ perl-Net-CUPS-0.62-1.fc24 (FEDORA-2016-ef3c46f0a1) Perl bindings to the CUPS C API Interface -------------------------------------------------------------------------------- Update Information: Updated to the latest version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1358765 - perl-Net-CUPS-0.62 is available https://bugzilla.redhat.com/show_bug.cgi?id=1358765 -------------------------------------------------------------------------------- ================================================================================ php-phpunit-PHPUnit-5.4.7-1.fc24 (FEDORA-2016-cd87b850c5) The PHP Unit Testing framework -------------------------------------------------------------------------------- Update Information: **Version 5.4.7** - 2016-07-21 * Fixed [#1968](https://github.com/sebastianbergmann/phpunit/issues/1968): Invalid data sets are not handled correctly for `@testWith` annotation * Fixed [#2200](https://github.com/sebastianbergmann/phpunit/issues/2200): No warnings when test runs in separate process * Fixed [#2221](https://github.com/sebastianbergmann/phpunit/issues/2221): `expectException()` accepts non-string argument -------------------------------------------------------------------------------- ================================================================================ policycoreutils-2.5-13.fc24 (FEDORA-2016-ff5fc7ccaf) SELinux policy core utilities -------------------------------------------------------------------------------- Update Information: Fixes sandbox -X issue related to python3 (#1358138) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1358138 - [policycoreutils] 'sandbox -X' fails to launch https://bugzilla.redhat.com/show_bug.cgi?id=1358138 -------------------------------------------------------------------------------- ================================================================================ python-rpmfluff-0.5-1.fc24 (FEDORA-2016-bfcd0ff66e) Lightweight way of building RPMs, and sabotaging them -------------------------------------------------------------------------------- Update Information: Update to 0.5 -------------------------------------------------------------------------------- ================================================================================ shotwell-0.23.4-1.fc24 (FEDORA-2016-837a13e82a) A photo organizer for the GNOME desktop -------------------------------------------------------------------------------- Update Information: #### Shotwell 0.23.4 - 20 Jul 2016 #### * Plugins: Fix linking error #### Shotwell 0.23.3 - 18 Jul 2016 #### * libraw: Fix binding of ProcessedImage.data * graw: Prevent needless array duplication * Fix screenshot URLs in appdata * db: Add option to trace SQL statements * Change build system to autotools * Add help, appdata, gsettings and desktop files to translation system * Change way help is built and installed * Always install the manpage * Several translation fixes * Make message more clear that there are no photos matching a filter -------------------------------------------------------------------------------- ================================================================================ systemtap-3.0-3.fc24 (FEDORA-2016-70cdcf951c) Programmable system-wide instrumentation system -------------------------------------------------------------------------------- Update Information: Backport upstream fixes for running with kernel-4.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1358782 - systemtap is non functional in f24 https://bugzilla.redhat.com/show_bug.cgi?id=1358782 -------------------------------------------------------------------------------- ================================================================================ tomoe-gtk-0.6.0-25.fc24 (FEDORA-2016-a162816ad5) Gtk library for tomoe for Japanese and Chinese handwritten input -------------------------------------------------------------------------------- Update Information: - Fixed Bug 1240071 - tomoe-gtk: FTBFS in rawhide - Correct path for translation -------------------------------------------------------------------------------- ================================================================================ tuned-2.7.0-2.fc24 (FEDORA-2016-f2b0ad383e) A dynamic adaptive system tuning daemon -------------------------------------------------------------------------------- Update Information: This is an update fixing two tracebacks - tuned-gui and 'tuned-adm list' if running with main tuned daemon stopped. ---- This is new version of Tuned fixing many bugs and also introducing new features, for details see upstream changelog: https://fedorahosted.org/tuned/#Changelog -------------------------------------------------------------------------------- References: [ 1 ] Bug #1358846 - tuned-gui: traceback https://bugzilla.redhat.com/show_bug.cgi?id=1358846 [ 2 ] Bug #1095142 - Tuned should use polkit instead of dbus policy https://bugzilla.redhat.com/show_bug.cgi?id=1095142 [ 3 ] Bug #1246992 - tuned doesnt honor devices specified when setting alpm policy https://bugzilla.redhat.com/show_bug.cgi?id=1246992 [ 4 ] Bug #1351937 - fix conditional support for grub2 in RPM post scriplets https://bugzilla.redhat.com/show_bug.cgi?id=1351937 [ 5 ] Bug #1356369 - tuned-gui: After installing the tuned-gtk package a launcher is not generated (*.desktop) https://bugzilla.redhat.com/show_bug.cgi?id=1356369 -------------------------------------------------------------------------------- ================================================================================ vdr-epg-daemon-1.1.10-1.fc24 (FEDORA-2016-33d97d8a69) A daemon to download EPG data from internet and manage it in a mysql database -------------------------------------------------------------------------------- Update Information: Update to 1.1.10 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
