The following Fedora 24 Security updates need testing: Age URL 15 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4373f7d32a pulp-2.8.6-1.fc24 pulp-docker-2.0.2-1.fc24 pulp-ostree-1.1.2-1.fc24 pulp-puppet-2.8.6-1.fc24 pulp-python-1.1.2-1.fc24 pulp-rpm-2.8.6-1.fc24 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3f93ead5b moin-1.9.8-1.fc24 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-683d0b257b perl-CGI-Emulate-PSGI-0.22-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e720bc8451 v8-3.14.5.10-25.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c9ad9582f7 flex-2.6.0-2.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c0fd203d6e nodejs-tough-cookie-2.3.1-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-01cc766201 xen-4.6.3-4.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-dd20a4631a perl-Module-Load-Conditional-0.68-1.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-30e3636e79 kernel-4.6.5-300.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7098bdc536 pdns-4.0.1-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-07e9059072 lighttpd-1.4.41-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-432f067a80 cryptobone-1.0.5-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5b05ca41dd drupal7-features-2.10-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-24316f1f56 curl-7.47.1-6.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-40d5f1d3c2 pagure-2.3.4-1.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-494a721a73 ModemManager-1.6.0-1.fc24 libmbim-1.14.0-1.fc24 libqmi-1.16.0-1.fc24 usb_modeswitch-2.4.0-4.fc24 usb_modeswitch-data-20160612-3.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-30e3636e79 kernel-4.6.5-300.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6d86398e12 libdv-1.0.0-22.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-414cd2471e nautilus-3.20.2-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1b859f1368 json-glib-1.2.2-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-24316f1f56 curl-7.47.1-6.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-dbc8ebb975 perl-PathTools-3.62-3.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-67ecd3c3a0 hwdata-0.291-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a9fa33b2ec bluez-5.41-1.fc24 The following builds have been pushed to Fedora 24 updates-testing 3Depict-0.0.19-1.fc24 OpenImageIO-1.6.16-1.fc24 amanda-3.3.9-2.fc24 curl-7.47.1-6.fc24 fuse-encfs-1.8.1-2.fc24 kf5-akonadi-16.04.3-2.fc24 kmix-16.04.3-2.fc24 libntirpc-1.4.0-0.3pre3.fc24 lxqt-wallet-3.0.0-1.fc24 mingw-crt-5.0-0.2.rc2.v5.x.git65a0c3.20160723.fc24 mingw-headers-5.0-0.2.rc2.v5.x.git65a0c3.20160723.fc24 mongo-cxx-driver-1.1.2-2.fc24 pagure-2.3.4-1.fc24 php-5.6.25-0.1.RC1.fc24 supertux-0.4.0-5.fc24 wlc-0.0.5-1.fc24 zanata-client-3.9.1-2.fc24 Details about builds: ================================================================================ 3Depict-0.0.19-1.fc24 (FEDORA-2016-cb19837095) Valued 3D point cloud visualization and analysis -------------------------------------------------------------------------------- Update Information: Update to new release 0.0.19 -------------------------------------------------------------------------------- ================================================================================ OpenImageIO-1.6.16-1.fc24 (FEDORA-2016-d0391dc70c) Library for reading and writing images -------------------------------------------------------------------------------- Update Information: Release 1.6.16 (released 1 Aug 2016 -- compared to 1.6.15) * Fix EXR tile logic for OpenEXR 1.x (fixes a break introduced in 1.6.15, is not an issue for exr 2.x). #1448 * Now builds correctly against OpenJPEG 2.x, it previously only supported OpenJPEG 1.x. #1452 (Fixes #957, #1449) * New utility functions: Sysutil::getenv(), Filesystem::file_size(), FileSystem::read_bytes(). #1451 * Fixed minor bug with OpenEXR output with correctly setting PixelAspectRatio based on the "XResolution" and "YResolution" attributes. #1453 (Fixes #1214) * Gracefully handle unexpected exceptions inside an ImageInput or ImageOutput constructor -- return an error rather than crashing. #1456 -------------------------------------------------------------------------------- ================================================================================ amanda-3.3.9-2.fc24 (FEDORA-2016-2acd2eed98) A network-capable tape backup solution -------------------------------------------------------------------------------- Update Information: Bugfix update - Tie::StdHash permission problem BZ#1257686 ---- New upstream release 3.3.9. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1257686 - Multiple tools have permission problems https://bugzilla.redhat.com/show_bug.cgi?id=1257686 [ 2 ] Bug #1360703 - amanda-3.3.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1360703 -------------------------------------------------------------------------------- ================================================================================ curl-7.47.1-6.fc24 (FEDORA-2016-24316f1f56) A utility for getting files from remote servers (FTP, HTTP, and others) -------------------------------------------------------------------------------- Update Information: - fix re-using connections with wrong client cert (CVE-2016-5420) - fix TLS session resumption client cert bypass (CVE-2016-5419) - fix use of connection struct after free (CVE-2016-5421) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1362199 - CVE-2016-5421 curl: Use of connection struct after free https://bugzilla.redhat.com/show_bug.cgi?id=1362199 [ 2 ] Bug #1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert https://bugzilla.redhat.com/show_bug.cgi?id=1362190 [ 3 ] Bug #1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass https://bugzilla.redhat.com/show_bug.cgi?id=1362183 -------------------------------------------------------------------------------- ================================================================================ fuse-encfs-1.8.1-2.fc24 (FEDORA-2016-5107a56f0d) Encrypted pass-thru filesystem in userspace -------------------------------------------------------------------------------- Update Information: Revert remove o-default_permissions-unless-needed. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1363723 - Files treated as executable https://bugzilla.redhat.com/show_bug.cgi?id=1363723 -------------------------------------------------------------------------------- ================================================================================ kf5-akonadi-16.04.3-2.fc24 (FEDORA-2016-812f27db2a) The Akonadi client libraries -------------------------------------------------------------------------------- Update Information: Fix akonadi-contact plugin loading path -------------------------------------------------------------------------------- ================================================================================ kmix-16.04.3-2.fc24 (FEDORA-2016-b9b9942c19) KDE volume control -------------------------------------------------------------------------------- Update Information: Candidate fix for scrollwheel crasher. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1352119 - kmix: crash changing volume for individual streams since qt-5.6.1 https://bugzilla.redhat.com/show_bug.cgi?id=1352119 -------------------------------------------------------------------------------- ================================================================================ libntirpc-1.4.0-0.3pre3.fc24 (FEDORA-2016-b2a7c2aae7) New Transport Independent RPC Library -------------------------------------------------------------------------------- Update Information: libntirpc 1.4.0-pre3 -------------------------------------------------------------------------------- ================================================================================ lxqt-wallet-3.0.0-1.fc24 (FEDORA-2016-0f2d6af926) Create a kwallet like functionality for LXQt -------------------------------------------------------------------------------- Update Information: initial package, rhbz#1356657 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1356657 - Review Request: lxqt-wallet - Create a kwallet like functionality for LXQt https://bugzilla.redhat.com/show_bug.cgi?id=1356657 [ 2 ] Bug #1362317 - lxqt-wallet-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1362317 -------------------------------------------------------------------------------- ================================================================================ mingw-crt-5.0-0.2.rc2.v5.x.git65a0c3.20160723.fc24 (FEDORA-2016-784db7cc6a) MinGW Windows cross-compiler runtime -------------------------------------------------------------------------------- Update Information: Update to more recent mingw-w64 v5.x snapshot which contains changes needed to get the latest wine-gecko built -------------------------------------------------------------------------------- ================================================================================ mingw-headers-5.0-0.2.rc2.v5.x.git65a0c3.20160723.fc24 (FEDORA-2016-784db7cc6a) Win32/Win64 header files -------------------------------------------------------------------------------- Update Information: Update to more recent mingw-w64 v5.x snapshot which contains changes needed to get the latest wine-gecko built -------------------------------------------------------------------------------- ================================================================================ mongo-cxx-driver-1.1.2-2.fc24 (FEDORA-2016-bb1a1002c8) A legacy C++ Driver for MongoDB -------------------------------------------------------------------------------- Update Information: Added tests during rpm build. -------------------------------------------------------------------------------- ================================================================================ pagure-2.3.4-1.fc24 (FEDORA-2016-40d5f1d3c2) A git-centered forge -------------------------------------------------------------------------------- Update Information: CVE-2016-1000037 ---- Update to 2.3.3 Be sure to read UPGRADING.rst -------------------------------------------------------------------------------- ================================================================================ php-5.6.25-0.1.RC1.fc24 (FEDORA-2016-16b577cdef) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: **For testing** only, Release Candidate of upcoming 5.6.25. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1362571 - php-5.6.24-2.fc24.x86_64 not returning full results for exif_read_data function https://bugzilla.redhat.com/show_bug.cgi?id=1362571 -------------------------------------------------------------------------------- ================================================================================ supertux-0.4.0-5.fc24 (FEDORA-2016-5501cbdfe9) Jump'n run like game -------------------------------------------------------------------------------- Update Information: Use bundled squirrel 3.0.7 (#1295185) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1295185 - Supertux don't save level state https://bugzilla.redhat.com/show_bug.cgi?id=1295185 -------------------------------------------------------------------------------- ================================================================================ wlc-0.0.5-1.fc24 (FEDORA-2016-07c0fe2988) Wayland compositor library -------------------------------------------------------------------------------- Update Information: New version around ---- Upstream update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1361574 - wlc-v0.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1361574 -------------------------------------------------------------------------------- ================================================================================ zanata-client-3.9.1-2.fc24 (FEDORA-2016-8edd25b96c) Zanata client module -------------------------------------------------------------------------------- Update Information: Remove irrelevant resteasy dependency -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
