The following Fedora 24 Security updates need testing: Age URL 66 https://bodhi.fedoraproject.org/updates/FEDORA-2016-32eaf0c41e redis-3.2.3-1.fc24 50 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0ef628998f chicken-4.11.0-3.fc24 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d61c4f72da chromium-53.0.2785.143-1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-be779371b4 perl-Image-Info-1.38-6.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-53e8aa35f6 ghostscript-9.20-2.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-282507c3e9 libass-0.13.4-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bc51f4636f libgit2-0.24.2-2.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7e57edc4cc glibc-arm-linux-gnu-2.24-2.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-990e2012ea compat-guile18-1.8.8-14.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f4b5897686 epiphany-3.20.4-1.fc24 webkitgtk4-2.14.1-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-57b72e526c jasper-1.900.3-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-34209c3a8e guile-2.0.13-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7a30285647 php-5.6.27-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b9cb75981a php-pecl-zip-1.13.5-1.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f00a05d7b9 pungi-4.1.10-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6c9d0d9a4f mpfr-3.1.5-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-79b5ab3437 pcre-8.39-4.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e51ac2b4f5 thunderbird-45.4.0-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-57b72e526c jasper-1.900.3-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8c47413113 libXi-1.7.7-2.fc24 The following builds have been pushed to Fedora 24 updates-testing 389-admin-1.1.45-1.fc24 389-ds-base-1.3.5.14-1.fc24 SDL_mng-0.2.7-2.fc24 appstream-data-24-8.fc24 atomic-reactor-1.6.17-1.fc24 certbot-0.9.3-1.fc24 dmlite-0.8.1-1.fc24 dpm-dsi-1.9.10-1.fc24 dpm-xrootd-3.6.2-1.fc24 eclipse-4.6.1-5.fc24 eclipse-mpc-1.5.2-1.fc24 evince-3.20.1-2.fc24 foomatic-4.0.12-7.fc24 gimagereader-3.1.99-1.fc24 heketi-3.0.0-1.fc24 lnst-12-1.fc24 magic-8.1.108-1.fc24 mpfr-3.1.5-1.fc24 openqa-4.4-21.20161006git1ad6190.fc24 osbs-client-0.32-1.fc24 pcre-8.39-4.fc24 perl-Time-Local-1.240-1.fc24 php-5.6.27-1.fc24 php-doctrine-cache-1.6.0-1.fc24 php-pecl-zip-1.13.5-1.fc24 pioneer-20160907-1.fc24 pymol-1.8.4-1.20161007svn4162.fc24 python-acme-0.9.3-1.fc24 python-certbot-apache-0.9.3-1.fc24 python-moksha-hub-1.4.7-1.fc24 python-pyroute2-0.4.10-1.fc24 python3-3.5.2-3.fc24 python3-docs-3.5.2-1.fc24 siril-0.9.4-2.fc24 taskotron-trigger-0.4.1-1.fc24 unity-gtk-module-0.0.0+16.10.20160913-3.fc24 xcircuit-3.9.56-1.fc24 xonsh-0.4.7-1.fc24 xscreensaver-5.36-1.fc24 Details about builds: ================================================================================ 389-admin-1.1.45-1.fc24 (FEDORA-2016-b1ec7bb18a) 389 Administration Server (admin) -------------------------------------------------------------------------------- Update Information: bump version to 1.1.45 -------------------------------------------------------------------------------- ================================================================================ 389-ds-base-1.3.5.14-1.fc24 (FEDORA-2016-393bece9d3) 389 Directory Server (base) -------------------------------------------------------------------------------- Update Information: Bump version to 1.3.5.14-1 -------------------------------------------------------------------------------- ================================================================================ SDL_mng-0.2.7-2.fc24 (FEDORA-2016-feac8f6d28) Simple DirectMedia Layer - MNG Loading Library -------------------------------------------------------------------------------- Update Information: Switched to using cmake -------------------------------------------------------------------------------- ================================================================================ appstream-data-24-8.fc24 (FEDORA-2016-74fb9e6d3c) Fedora AppStream metadata -------------------------------------------------------------------------------- Update Information: New metadata version -------------------------------------------------------------------------------- ================================================================================ atomic-reactor-1.6.17-1.fc24 (FEDORA-2016-8c6bc09ba6) Improved builder for Docker images -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1376236 - None https://bugzilla.redhat.com/show_bug.cgi?id=1376236 -------------------------------------------------------------------------------- ================================================================================ certbot-0.9.3-1.fc24 (FEDORA-2016-1c6bd07afa) A free, automated certificate authority client -------------------------------------------------------------------------------- Update Information: Update to 0.9.2 of certbot -------------------------------------------------------------------------------- References: [ 1 ] Bug #1343915 - None https://bugzilla.redhat.com/show_bug.cgi?id=1343915 [ 2 ] Bug #1382183 - None https://bugzilla.redhat.com/show_bug.cgi?id=1382183 -------------------------------------------------------------------------------- ================================================================================ dmlite-0.8.1-1.fc24 (FEDORA-2016-4d8e75fe0d) Lcgdm grid data management and storage framework -------------------------------------------------------------------------------- Update Information: * bug fixes -------------------------------------------------------------------------------- ================================================================================ dpm-dsi-1.9.10-1.fc24 (FEDORA-2016-9db33c037f) Disk Pool Manager (DPM) plugin for the Globus GridFTP server -------------------------------------------------------------------------------- Update Information: * new upstream release ---- * new upstream release -------------------------------------------------------------------------------- ================================================================================ dpm-xrootd-3.6.2-1.fc24 (FEDORA-2016-df046191cf) XROOT interface to the Disk Pool Manager (DPM) -------------------------------------------------------------------------------- Update Information: * bug fixes ---- - fix wrong dependency to dmlite ---- * new upstream release -------------------------------------------------------------------------------- ================================================================================ eclipse-4.6.1-5.fc24 (FEDORA-2016-df2350c7be) An open, extensible IDE -------------------------------------------------------------------------------- Update Information: Failures to start up due to missing package "javax.el" is corrected and unless the user specifies otherwise Eclipse now prefers to run on X11 by default instead of Wayland until support for Wayland improves upstream -------------------------------------------------------------------------------- References: [ 1 ] Bug #1384029 - None https://bugzilla.redhat.com/show_bug.cgi?id=1384029 [ 2 ] Bug #1384306 - None https://bugzilla.redhat.com/show_bug.cgi?id=1384306 [ 3 ] Bug #1255007 - None https://bugzilla.redhat.com/show_bug.cgi?id=1255007 -------------------------------------------------------------------------------- ================================================================================ eclipse-mpc-1.5.2-1.fc24 (FEDORA-2016-df2350c7be) Eclipse Marketplace Client -------------------------------------------------------------------------------- Update Information: Failures to start up due to missing package "javax.el" is corrected and unless the user specifies otherwise Eclipse now prefers to run on X11 by default instead of Wayland until support for Wayland improves upstream -------------------------------------------------------------------------------- References: [ 1 ] Bug #1384029 - None https://bugzilla.redhat.com/show_bug.cgi?id=1384029 [ 2 ] Bug #1384306 - None https://bugzilla.redhat.com/show_bug.cgi?id=1384306 [ 3 ] Bug #1255007 - None https://bugzilla.redhat.com/show_bug.cgi?id=1255007 -------------------------------------------------------------------------------- ================================================================================ evince-3.20.1-2.fc24 (FEDORA-2016-d4bb9e240b) Document viewer -------------------------------------------------------------------------------- Update Information: - Resolves: rhbz#1365026 missing check of number of pages causing crash - Resolves: rhbz#1329804 support opening file uris to help xdg-utils -------------------------------------------------------------------------------- References: [ 1 ] Bug #1329804 - None https://bugzilla.redhat.com/show_bug.cgi?id=1329804 [ 2 ] Bug #1365026 - None https://bugzilla.redhat.com/show_bug.cgi?id=1365026 -------------------------------------------------------------------------------- ================================================================================ foomatic-4.0.12-7.fc24 (FEDORA-2016-8adfae6d38) Tools for using the foomatic database of printers and printer drivers -------------------------------------------------------------------------------- Update Information: Rebuild for ghostscript-9.20 -------------------------------------------------------------------------------- ================================================================================ gimagereader-3.1.99-1.fc24 (FEDORA-2016-7c76926fd7) A front-end to tesseract-ocr -------------------------------------------------------------------------------- Update Information: Update to 3.1.99, see https://github.com/manisandro/gImageReader/releases/tag/v3.1.99 for details. -------------------------------------------------------------------------------- ================================================================================ heketi-3.0.0-1.fc24 (FEDORA-2016-194d9bbbd3) RESTful based volume management framework for GlusterFS -------------------------------------------------------------------------------- Update Information: Release 3 Final -------------------------------------------------------------------------------- ================================================================================ lnst-12-1.fc24 (FEDORA-2016-64f4c97770) Common code for lnst-ctl and lnst-slave -------------------------------------------------------------------------------- Update Information: Updating to stable release 12 - This is going to be one of the final releases supporting XML recipes -------------------------------------------------------------------------------- ================================================================================ magic-8.1.108-1.fc24 (FEDORA-2016-99c3ee4465) A very capable VLSI layout tool -------------------------------------------------------------------------------- Update Information: New version 8.1.108 is released. -------------------------------------------------------------------------------- ================================================================================ mpfr-3.1.5-1.fc24 (FEDORA-2016-6c9d0d9a4f) A C library for multiple-precision floating-point computations -------------------------------------------------------------------------------- Update Information: rebase -------------------------------------------------------------------------------- References: [ 1 ] Bug #1384480 - None https://bugzilla.redhat.com/show_bug.cgi?id=1384480 -------------------------------------------------------------------------------- ================================================================================ openqa-4.4-21.20161006git1ad6190.fc24 (FEDORA-2016-3cc3b46a2e) OS-level automated testing framework -------------------------------------------------------------------------------- Update Information: This update provides a newer git snapshot of openQA, with various changes from upstream. The main reason for the update from our perspective is to include [this change](https://github.com/os-autoinst/openQA/pull/920), which is needed to improve our handling of ARM test assets. This build has been live on staging for a week or so now. -------------------------------------------------------------------------------- ================================================================================ osbs-client-0.32-1.fc24 (FEDORA-2016-b2b8e83f3c) Python command line client for OpenShift Build Service -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1383851 - None https://bugzilla.redhat.com/show_bug.cgi?id=1383851 -------------------------------------------------------------------------------- ================================================================================ pcre-8.39-4.fc24 (FEDORA-2016-79b5ab3437) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release fixes compilation of conditionals whena group name starts with "R". It also corrects displaying a callout position in pcretest output if an escape sequence is greater than \x{ff}. It also corrects misspelllings in pcrepattern(3) manual page. -------------------------------------------------------------------------------- ================================================================================ perl-Time-Local-1.240-1.fc24 (FEDORA-2016-7764609a1b) Efficiently compute time from local and GMT time -------------------------------------------------------------------------------- Update Information: This release improves tests, a build script and code legibility. Ve deliver it mainly to provide up-to-date version string. -------------------------------------------------------------------------------- ================================================================================ php-5.6.27-1.fc24 (FEDORA-2016-7a30285647) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: 13 Oct 2016 - **PHP version 5.6.27** **Core:** * Fixed bug php#73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c). (cmb) * Fixed bug php#73058 (crypt broken when salt is 'too' long). (Anatol) * Fixed bug php#72703 (Out of bounds global memory read in BF_crypt triggered by password_verify). (Anatol) * Fixed bug php#73189 (Memcpy negative size parameter php_resolve_path). (Stas) * Fixed bug php#73147 (Use After Free in unserialize()). (Stas) **BCmath:** * Fixed bug php#73190 (memcpy negative parameter _bc_new_num_ex). (Stas) **DOM:** * Fixed bug php#73150 (missing NULL check in dom_document_save_html). (Stas) **Ereg:** * Fixed bug php#73284 (heap overflow in php_ereg_replace function). (Stas) **Filter:** * Fixed bug php#72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE). (julien) * Fixed bug php#67167 (Wrong return value from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE). (levim, cmb) * Fixed bug php#73054 (default option ignored when object passed to int filter). (cmb) **GD:** * Fixed bug php#67325 (imagetruecolortopalette: white is duplicated in palette). (cmb) * Fixed bug php#50194 (imagettftext broken on transparent background w/o alphablending). (cmb) * Fixed bug php#73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c). (trylab, cmb) * Fixed bug php#53504 (imagettfbbox gives incorrect values for bounding box). (Mark Plomer, cmb) * Fixed bug php#73157 (imagegd2() ignores 3rd param if 4 are given). (cmb) * Fixed bug php#73155 (imagegd2() writes wrong chunk sizes on boundaries). (cmb) * Fixed bug php#73159 (imagegd2(): unrecognized formats may result in corrupted files). (cmb) * Fixed bug php#73161 (imagecreatefromgd2() may leak memory). (cmb) **Intl:** * Fixed bug php#73218 (add mitigation for ICU int overflow). (Stas) **Imap:** * Fixed bug php#73208 (integer overflow in imap_8bit caused heap corruption). (Stas) **Mbstring:** * Fixed bug php#72994 (mbc_to_code() out of bounds read). (Laruence, cmb) * Fixed bug php#66964 (mb_convert_variables() cannot detect recursion). (Yasuo) * Fixed bug php#72992 (mbstring.internal_encoding doesn't inherit default_charset). (Yasuo) * Fixed bug php#73082 (string length overflow in mb_encode_* function). (Stas) **PCRE:** * Fixed bug php#73174 (heap overflow in php_pcre_replace_impl). (Stas) **Opcache:** * Fixed bug php#72590 (Opcache restart with kill_all_lockers does not work). (Keyur) (julien backport) **OpenSSL:** * Fixed bug php#73072 (Invalid path SNI_server_certs causes segfault). (Jakub Zelenka) * Fixed bug php#73275 (crash in openssl_encrypt function). (Stas) * Fixed bug php#73276 (crash in openssl_random_pseudo_bytes function). (Stas) **Session:** * Fixed bug php#68015 (Session does not report invalid uid for files save handler). (Yasuo) * Fixed bug php#73100 (session_destroy null dereference in ps_files_path_create). (cmb) **SimpleXML:** * Fixed bug php#73293 (NULL pointer dereference in SimpleXMLElement::asXML()). (Stas) **SPL:** * Fixed bug php#73073 (CachingIterator null dereference when convert to string). (Stas) **Standard:** * Fixed bug php#73240 (Write out of bounds at number_format). (Stas) * Fixed bug php#73017 (memory corruption in wordwrap function). (Stas) **Stream:** * Fixed bug php#73069 (readfile() mangles files larger than 2G). (Laruence) -------------------------------------------------------------------------------- ================================================================================ php-doctrine-cache-1.6.0-1.fc24 (FEDORA-2016-058944745b) Doctrine Cache -------------------------------------------------------------------------------- Update Information: ### v1.6.0 * 109: Cleanup: drop unsupported php versions * 112: Native APCu support * 115: Add APCu cache provider * 117: Added MultiPutCache interface and implementations for drivers that support it * 130: Added support for stats and ttl on ArrayCache -------------------------------------------------------------------------------- References: [ 1 ] Bug #1295634 - None https://bugzilla.redhat.com/show_bug.cgi?id=1295634 -------------------------------------------------------------------------------- ================================================================================ php-pecl-zip-1.13.5-1.fc24 (FEDORA-2016-b9cb75981a) A ZIP archive management extension -------------------------------------------------------------------------------- Update Information: **Version 1.13.5** - Fixed bug php#72660 (NULL Pointer dereference in zend_virtual_cwd). (Laruence) - Fixed bug php#68302 (impossible to compile php with zip support). (cmb) - Fixed bug php#70752 (Depacking with wrong password leaves 0 length files). (cmb) -------------------------------------------------------------------------------- ================================================================================ pioneer-20160907-1.fc24 (FEDORA-2016-d5f5a9f08b) A game of lonely space adventure -------------------------------------------------------------------------------- Update Information: 20160907 release. http://pioneerspacesim.net/download#changelog -------------------------------------------------------------------------------- ================================================================================ pymol-1.8.4-1.20161007svn4162.fc24 (FEDORA-2016-d7a6d91430) PyMOL Molecular Graphics System -------------------------------------------------------------------------------- Update Information: - update to 1.8.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1382199 - None https://bugzilla.redhat.com/show_bug.cgi?id=1382199 -------------------------------------------------------------------------------- ================================================================================ python-acme-0.9.3-1.fc24 (FEDORA-2016-1c6bd07afa) Python library for the ACME protocol -------------------------------------------------------------------------------- Update Information: Update to 0.9.2 of certbot -------------------------------------------------------------------------------- References: [ 1 ] Bug #1343915 - None https://bugzilla.redhat.com/show_bug.cgi?id=1343915 [ 2 ] Bug #1382183 - None https://bugzilla.redhat.com/show_bug.cgi?id=1382183 -------------------------------------------------------------------------------- ================================================================================ python-certbot-apache-0.9.3-1.fc24 (FEDORA-2016-1c6bd07afa) The apache plugin for certbot -------------------------------------------------------------------------------- Update Information: Update to 0.9.2 of certbot -------------------------------------------------------------------------------- References: [ 1 ] Bug #1343915 - None https://bugzilla.redhat.com/show_bug.cgi?id=1343915 [ 2 ] Bug #1382183 - None https://bugzilla.redhat.com/show_bug.cgi?id=1382183 -------------------------------------------------------------------------------- ================================================================================ python-moksha-hub-1.4.7-1.fc24 (FEDORA-2016-3bc25f4a3d) Hub components for Moksha -------------------------------------------------------------------------------- Update Information: Enhancements and bugfixes to the STOMP backend. -------------------------------------------------------------------------------- ================================================================================ python-pyroute2-0.4.10-1.fc24 (FEDORA-2016-32c2ab8f8e) Pure Python netlink library -------------------------------------------------------------------------------- Update Information: devlink fd leak fix ---- critical fd leak fix ---- uplift to 0.4.x ---- separate Python2 and Python3 packages -------------------------------------------------------------------------------- References: [ 1 ] Bug #1309389 - python-pyroute2: Provide a Python 3 subpackage https://bugzilla.redhat.com/show_bug.cgi?id=1309389 -------------------------------------------------------------------------------- ================================================================================ python3-3.5.2-3.fc24 (FEDORA-2016-cd0636887f) Version 3 of the Python programming language aka Python 3000 -------------------------------------------------------------------------------- Update Information: Updating Python to a new subminor release with multitude of bugfixes. Since we're updating a live Fedora, I'd like to wait at least 2 weeks in updates- testing. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1383060 - None https://bugzilla.redhat.com/show_bug.cgi?id=1383060 [ 2 ] Bug #1379897 - None https://bugzilla.redhat.com/show_bug.cgi?id=1379897 -------------------------------------------------------------------------------- ================================================================================ python3-docs-3.5.2-1.fc24 (FEDORA-2016-cd0636887f) Documentation for the Python 3 programming language -------------------------------------------------------------------------------- Update Information: Updating Python to a new subminor release with multitude of bugfixes. Since we're updating a live Fedora, I'd like to wait at least 2 weeks in updates- testing. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1383060 - None https://bugzilla.redhat.com/show_bug.cgi?id=1383060 [ 2 ] Bug #1379897 - None https://bugzilla.redhat.com/show_bug.cgi?id=1379897 -------------------------------------------------------------------------------- ================================================================================ siril-0.9.4-2.fc24 (FEDORA-2016-e4a425ce77) Astronomical image processing software -------------------------------------------------------------------------------- Update Information: Update to 0.9.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1371502 - None https://bugzilla.redhat.com/show_bug.cgi?id=1371502 -------------------------------------------------------------------------------- ================================================================================ taskotron-trigger-0.4.1-1.fc24 (FEDORA-2016-5727de3374) Triggering Taskotron jobs via fedmsg -------------------------------------------------------------------------------- Update Information: Add docker support. Remove mongoquery bundle. ---- Initial build of taskotron- trigger in Fedora repos -------------------------------------------------------------------------------- References: [ 1 ] Bug #1341099 - None https://bugzilla.redhat.com/show_bug.cgi?id=1341099 -------------------------------------------------------------------------------- ================================================================================ unity-gtk-module-0.0.0+16.10.20160913-3.fc24 (FEDORA-2016-cdb63d04cd) GTK+ module for exporting old-style menus as GMenuModels -------------------------------------------------------------------------------- Update Information: - Drop dependency on glib2 and gtk-doc, own the dir in the package instead - Updated Url-tag -------------------------------------------------------------------------------- ================================================================================ xcircuit-3.9.56-1.fc24 (FEDORA-2016-177a8dea81) Electronic circuit schematic drawing program -------------------------------------------------------------------------------- Update Information: New version 3.9.56 is released. -------------------------------------------------------------------------------- ================================================================================ xonsh-0.4.7-1.fc24 (FEDORA-2016-a82fe9b737) A general purpose, Python-ish shell -------------------------------------------------------------------------------- Update Information: New upstream release 0.4.7 -------------------------------------------------------------------------------- ================================================================================ xscreensaver-5.36-1.fc24 (FEDORA-2016-9910999694) X screen saver and locker -------------------------------------------------------------------------------- Update Information: New version 5.36 is released. -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
