The following Fedora 25 Security updates need testing: Age URL 52 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9b3ed5f170 chicken-4.11.0-3.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2df27a2224 ghostscript-9.20-2.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d2a05a0644 libass-0.13.4-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6dd3bc37c3 compat-guile18-1.8.8-14.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6b82fc729 php-7.0.12-2.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ea58a428a1 php-pecl-zip-1.13.5-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3d3218ec41 qemu-2.7.0-4.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6cb65ea55b pungi-4.1.10-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a5c3ebe67a libXfont2-2.0.1-2.fc25 tigervnc-1.7.0-3.fc25 xorg-x11-drivers-7.7-18.fc25 xorg-x11-drv-amdgpu-1.1.2-3.20160929git97d7386c.fc25 xorg-x11-drv-armsoc-1.4.0-3.20160929.fc25 xorg-x11-drv-ati-7.7.1-1.20160928git3fc839ff.fc25 xorg-x11-drv-dummy-0.3.6-26.fc25 xorg-x11-drv-evdev-2.10.4-1.fc25 xorg-x11-drv-fbdev-0.4.3-25.fc25 xorg-x11-drv-fbturbo-0.5.1-0.8.20150221.fc25 xorg-x11-drv-freedreno-1.4.0-3.20160929.fc25 xorg-x11-drv-geode-2.11.18-2.fc25 xorg-x11-drv-intel-2.99.917-26.20160929.fc25 xorg-x11-drv-ivtv-1.2.0-0.22.fc25 xorg-x11-drv-libinput-0.19.1-3.20160929.fc25 xorg-x11-drv-nouveau-1.0.13-1.fc25 xorg-x11-drv-omap-0.4.4-3.fc25 xorg-x11-drv-openchrome-0.5.0-2.fc25 xorg-x11-drv-opentegra-0.7.0-8.fc25 xorg-x11-drv-qxl-0.1.4-10.20160929gite13d28ee.fc25 xorg-x11-drv-sisusb-0.9.6-24.fc25 xorg-x11-drv-synaptics-1.8.99.2-2.fc25 xorg-x11-drv-v4l-0.2.0-47.fc25 xorg-x11-drv-vesa-2.3.2-25.fc25 xorg-x11-drv-vmware-13.0.2-12.20150 211git8f0cf7c.fc25 xorg-x11-drv-voodoo-1.2.5-25.fc25 xorg-x11-drv-wacom-0.33.0-2.20160929gitb61d1711.fc25 xorg-x11-font-utils-7.5-32.fc25 xorg-x11-proto-devel-7.7-20.fc25 xorg-x11-server-1.19.0-0.2.20160929.fc25 The following builds have been pushed to Fedora 25 updates-testing cjdns-18-3.fc25 erlang-19.1.4-1.fc25 findbugs-contrib-6.8.0-1.fc25 frogr-1.2-1.fc25 gssdp-1.0.1-1.fc25 gupnp-1.0.1-1.fc25 gupnp-av-0.12.10-1.fc25 kaccounts-integration-16.08.2-1.fc25 kaccounts-providers-16.08.2-1.fc25 kdenetwork-filesharing-16.08.2-1.fc25 kdnssd-16.08.2-1.fc25 kget-16.08.2-1.fc25 kio-extras-16.08.2-1.fc25 kopete-16.08.2-1.fc25 kppp-16.08.2-1.fc25 krdc-16.08.2-1.fc25 krfb-16.08.2-1.fc25 ktp-accounts-kcm-16.08.2-1.fc25 ktp-approver-16.08.2-1.fc25 ktp-auth-handler-16.08.2-1.fc25 ktp-common-internals-16.08.2-1.fc25 ktp-contact-list-16.08.2-1.fc25 ktp-contact-runner-16.08.2-1.fc25 ktp-desktop-applets-16.08.2-1.fc25 ktp-filetransfer-handler-16.08.2-1.fc25 ktp-kded-integration-module-16.08.2-1.fc25 ktp-send-file-16.08.2-1.fc25 ktp-text-ui-16.08.2-1.fc25 lua-rex-2.7.2-12.fc25 mate-notification-daemon-1.16.0-2.fc25 mingw-gdb-7.12-1.fc25 mingw-harfbuzz-1.3.2-1.fc25 mingw-libpng-1.6.25-1.fc25 monit-5.19.0-1.fc25 nodejs-6.8.1-3.fc25 perl-App-Cmd-0.331-2.fc25 perl-Specio-0.30-1.fc25 purple-skypeweb-1.2.2-3.20161015gitd23eab9.fc25 qemu-2.7.0-4.fc25 signon-kwallet-extension-16.08.2-1.fc25 subtitleeditor-0.53.0-1.fc25 vulkan-1.0.30.0-1.fc25 Details about builds: ================================================================================ cjdns-18-3.fc25 (FEDORA-2016-e4ad76ccf9) The privacy-friendly network without borders -------------------------------------------------------------------------------- Update Information: New upstream release has protocol 18 which supports supernodes. Supernode/Subnode code is still a work in progress with this release, so it is disabled. Fedora and EL7 use libsodium, as it gives the best performance with a dynamic library. EL6 uses the bundled NaCl library to avoid the libstdc++ dependency of the dynamic library. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1383844 - None https://bugzilla.redhat.com/show_bug.cgi?id=1383844 -------------------------------------------------------------------------------- ================================================================================ erlang-19.1.4-1.fc25 (FEDORA-2016-4421c7d7b8) General-purpose programming language and runtime environment -------------------------------------------------------------------------------- Update Information: * Ver. 19.1.4 ---- * Ver. 19.1.3 ---- * Ver. 19.1.2 ---- * Ver. 19.1.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1385273 - None https://bugzilla.redhat.com/show_bug.cgi?id=1385273 [ 2 ] Bug #1383671 - None https://bugzilla.redhat.com/show_bug.cgi?id=1383671 [ 3 ] Bug #1378049 - None https://bugzilla.redhat.com/show_bug.cgi?id=1378049 -------------------------------------------------------------------------------- ================================================================================ findbugs-contrib-6.8.0-1.fc25 (FEDORA-2016-02274602f7) Extra findbugs detectors -------------------------------------------------------------------------------- Update Information: Update to 6.8.0. Detectors added in this version: * **[DMC] Dubious Map Collection** - Looks for fields that are implementations of `java.util.Map`, but that are only ever iterated over. This probably means that this data structure should be a `List` of some class that holds two values, or at the least `Pair`. `Map` was probably chosen as it was the easiest thing to use, but obfuscates the reason for the data structure. * **[BL] Burying Logic** - Looks for relatively large `if` blocks of code, where you unconditionally `return` from them, and then follow that with an unconditional `return` of a small block. This places the bulk of the logic to the right indentation-wise, making it more difficult to read than needed. It would be better to invert the logic of the `if` block, and immediately `return`, allowing the bulk of the logic to be moved to the left, for easier reading. * **[WI] Wiring Issues** - Looks for various issues around `@Autowired`/`@Inject` fields in DI classes * Injecting the same bean twice into the same class hierarchy, even with different field names * **[CCI] Concurrent Collection Issues** - Looks for various issues around using concurrent collections including: * Using `get`/`put` with collection values, when you should use `putIfAbsent` -------------------------------------------------------------------------------- References: [ 1 ] Bug #1383534 - None https://bugzilla.redhat.com/show_bug.cgi?id=1383534 -------------------------------------------------------------------------------- ================================================================================ frogr-1.2-1.fc25 (FEDORA-2016-15d6061baf) Flickr Remote Organizer for GNOME -------------------------------------------------------------------------------- Update Information: frogr 1.2 release. * Added flatpak support. * Improved content inside the AppData file. * Fix cancellation of the image upload process. * Remove build-dependency on intltool, now relying on gettext only. -------------------------------------------------------------------------------- ================================================================================ gssdp-1.0.1-1.fc25 (FEDORA-2016-3aac6fddd1) Resource discovery and announcement over SSDP -------------------------------------------------------------------------------- Update Information: 1.0.1 releases of the gupnp stack. -------------------------------------------------------------------------------- ================================================================================ gupnp-1.0.1-1.fc25 (FEDORA-2016-3aac6fddd1) A framework for creating UPnP devices & control points -------------------------------------------------------------------------------- Update Information: 1.0.1 releases of the gupnp stack. -------------------------------------------------------------------------------- ================================================================================ gupnp-av-0.12.10-1.fc25 (FEDORA-2016-3aac6fddd1) A collection of helpers for building UPnP AV applications -------------------------------------------------------------------------------- Update Information: 1.0.1 releases of the gupnp stack. -------------------------------------------------------------------------------- ================================================================================ kaccounts-integration-16.08.2-1.fc25 (FEDORA-2016-8b494f4606) Small system to administer web accounts across the KDE desktop -------------------------------------------------------------------------------- Update Information: KDE Network Applications 16.08.2 -------------------------------------------------------------------------------- ================================================================================ kaccounts-providers-16.08.2-1.fc25 (FEDORA-2016-8b494f4606) Additional service providers for KAccounts framework -------------------------------------------------------------------------------- Update Information: KDE Network Applications 16.08.2 -------------------------------------------------------------------------------- ================================================================================ kdenetwork-filesharing-16.08.2-1.fc25 (FEDORA-2016-8b494f4606) Network filesharing -------------------------------------------------------------------------------- Update Information: KDE Network Applications 16.08.2 -------------------------------------------------------------------------------- ================================================================================ kdnssd-16.08.2-1.fc25 (FEDORA-2016-8b494f4606) KDE Network Monitor for DNS-SD services (Zeroconf) -------------------------------------------------------------------------------- Update Information: KDE Network Applications 16.08.2 -------------------------------------------------------------------------------- ================================================================================ kget-16.08.2-1.fc25 (FEDORA-2016-8b494f4606) Download manager -------------------------------------------------------------------------------- Update Information: KDE Network Applications 16.08.2 -------------------------------------------------------------------------------- ================================================================================ kio-extras-16.08.2-1.fc25 (FEDORA-2016-8b494f4606) Additional components to increase the functionality of KIO Framework -------------------------------------------------------------------------------- Update Information: KDE Network Applications 16.08.2 -------------------------------------------------------------------------------- ================================================================================ kopete-16.08.2-1.fc25 (FEDORA-2016-8b494f4606) Instant messenger -------------------------------------------------------------------------------- Update Information: KDE Network Applications 16.08.2 -------------------------------------------------------------------------------- ================================================================================ kppp-16.08.2-1.fc25 (FEDORA-2016-8b494f4606) Dialer and Front end for pppd -------------------------------------------------------------------------------- Update Information: KDE Network Applications 16.08.2 -------------------------------------------------------------------------------- ================================================================================ krdc-16.08.2-1.fc25 (FEDORA-2016-8b494f4606) Remote desktop client -------------------------------------------------------------------------------- Update Information: KDE Network Applications 16.08.2 -------------------------------------------------------------------------------- ================================================================================ krfb-16.08.2-1.fc25 (FEDORA-2016-8b494f4606) Desktop sharing -------------------------------------------------------------------------------- Update Information: KDE Network Applications 16.08.2 -------------------------------------------------------------------------------- ================================================================================ ktp-accounts-kcm-16.08.2-1.fc25 (FEDORA-2016-8b494f4606) KDE Configuration Module for Telepathy Instant Messaging Accounts -------------------------------------------------------------------------------- Update Information: KDE Network Applications 16.08.2 -------------------------------------------------------------------------------- ================================================================================ ktp-approver-16.08.2-1.fc25 (FEDORA-2016-8b494f4606) KDE Channel Approver for Telepathy -------------------------------------------------------------------------------- Update Information: KDE Network Applications 16.08.2 -------------------------------------------------------------------------------- ================================================================================ ktp-auth-handler-16.08.2-1.fc25 (FEDORA-2016-8b494f4606) Provide UI/KWallet Integration -------------------------------------------------------------------------------- Update Information: KDE Network Applications 16.08.2 -------------------------------------------------------------------------------- ================================================================================ ktp-common-internals-16.08.2-1.fc25 (FEDORA-2016-8b494f4606) Common internals for KDE Telepathy -------------------------------------------------------------------------------- Update Information: KDE Network Applications 16.08.2 -------------------------------------------------------------------------------- ================================================================================ ktp-contact-list-16.08.2-1.fc25 (FEDORA-2016-8b494f4606) Telepathy contact list application -------------------------------------------------------------------------------- Update Information: KDE Network Applications 16.08.2 -------------------------------------------------------------------------------- ================================================================================ ktp-contact-runner-16.08.2-1.fc25 (FEDORA-2016-8b494f4606) Plasma runner for KDE Telepathy -------------------------------------------------------------------------------- Update Information: KDE Network Applications 16.08.2 -------------------------------------------------------------------------------- ================================================================================ ktp-desktop-applets-16.08.2-1.fc25 (FEDORA-2016-8b494f4606) KDE Telepathy desktop applets -------------------------------------------------------------------------------- Update Information: KDE Network Applications 16.08.2 -------------------------------------------------------------------------------- ================================================================================ ktp-filetransfer-handler-16.08.2-1.fc25 (FEDORA-2016-8b494f4606) Telepathy file transfer handler -------------------------------------------------------------------------------- Update Information: KDE Network Applications 16.08.2 -------------------------------------------------------------------------------- ================================================================================ ktp-kded-integration-module-16.08.2-1.fc25 (FEDORA-2016-8b494f4606) KDE integration for telepathy -------------------------------------------------------------------------------- Update Information: KDE Network Applications 16.08.2 -------------------------------------------------------------------------------- ================================================================================ ktp-send-file-16.08.2-1.fc25 (FEDORA-2016-8b494f4606) A File manager plugin to launch file transfer jobs -------------------------------------------------------------------------------- Update Information: KDE Network Applications 16.08.2 -------------------------------------------------------------------------------- ================================================================================ ktp-text-ui-16.08.2-1.fc25 (FEDORA-2016-8b494f4606) Telepathy text chat handler -------------------------------------------------------------------------------- Update Information: KDE Network Applications 16.08.2 -------------------------------------------------------------------------------- ================================================================================ lua-rex-2.7.2-12.fc25 (FEDORA-2016-aaab5d3629) Regular expression handling library for Lua -------------------------------------------------------------------------------- Update Information: Fix broken dependencies. -------------------------------------------------------------------------------- ================================================================================ mate-notification-daemon-1.16.0-2.fc25 (FEDORA-2016-07aecbc405) Notification daemon for MATE Desktop -------------------------------------------------------------------------------- Update Information: - Fix bold formating -------------------------------------------------------------------------------- ================================================================================ mingw-gdb-7.12-1.fc25 (FEDORA-2016-c52626ad7f) MinGW Windows port of the GDB debugger -------------------------------------------------------------------------------- Update Information: MinGW cross compiled gdb 7.12 release. -------------------------------------------------------------------------------- ================================================================================ mingw-harfbuzz-1.3.2-1.fc25 (FEDORA-2016-bd30dc0071) MinGW Windows Harfbuzz library -------------------------------------------------------------------------------- Update Information: MinGW cross compiled harfbuzz 1.3.2 release. -------------------------------------------------------------------------------- ================================================================================ mingw-libpng-1.6.25-1.fc25 (FEDORA-2016-ac30e9617e) MinGW Windows Libpng library -------------------------------------------------------------------------------- Update Information: MinGW cross compiled libpng 1.6.25 release. -------------------------------------------------------------------------------- ================================================================================ monit-5.19.0-1.fc25 (FEDORA-2016-73d71ed643) Manages and monitors processes, files, directories and devices -------------------------------------------------------------------------------- Update Information: Updates Monit to 5.19.0. Please note that this update may require minor updates to your configuration files if you wish to preserve identical behaviour to 5.14.0. See https://mmonit.com/monit/changes for details. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1325633 - None https://bugzilla.redhat.com/show_bug.cgi?id=1325633 -------------------------------------------------------------------------------- ================================================================================ nodejs-6.8.1-3.fc25 (FEDORA-2016-161d3d82d0) JavaScript runtime -------------------------------------------------------------------------------- Update Information: Update to Node.js 6.8.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1384267 - None https://bugzilla.redhat.com/show_bug.cgi?id=1384267 -------------------------------------------------------------------------------- ================================================================================ perl-App-Cmd-0.331-2.fc25 (FEDORA-2016-c5a776d731) Write command line apps with less suffering -------------------------------------------------------------------------------- Update Information: The upstream tests have been removed from the package, per user request. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1385280 - None https://bugzilla.redhat.com/show_bug.cgi?id=1385280 -------------------------------------------------------------------------------- ================================================================================ perl-Specio-0.30-1.fc25 (FEDORA-2016-678f5c6111) Type constraints and coercions for Perl -------------------------------------------------------------------------------- Update Information: Minor bugfix for a corner case. -------------------------------------------------------------------------------- ================================================================================ purple-skypeweb-1.2.2-3.20161015gitd23eab9.fc25 (FEDORA-2016-097e115239) Adds support for Skype to Pidgin -------------------------------------------------------------------------------- Update Information: Fixed warning. ---- * Updated to version 1.2.2. * Fixed accounts login. ---- * Updated to version 1.2.2. * Fixed non-Live logins. -------------------------------------------------------------------------------- ================================================================================ qemu-2.7.0-4.fc25 (FEDORA-2016-3d3218ec41) QEMU is a FAST! processor emulator -------------------------------------------------------------------------------- Update Information: * CVE-2016-7155: pvscsi: OOB read and infinite loop (bz #1373463) * CVE-2016-7156: pvscsi: infinite loop when building SG list (bz #1373480) * CVE-2016-7156: pvscsi: infinite loop when processing IO requests (bz #1373480) * CVE-2016-7170: vmware_vga: OOB stack memory access (bz #1374709) * CVE-2016-7157: mptsas: invalid memory access (bz #1373505) * CVE-2016-7466: usb: xhci memory leakage during device unplug (bz #1377838) * CVE-2016-7423: scsi: mptsas: OOB access (bz #1376777) * CVE-2016-7422: virtio: null pointer dereference (bz #1376756) * CVE-2016-7908: net: Infinite loop in mcf_fec_do_tx (bz #1381193) * CVE-2016-8576: usb: xHCI: infinite loop vulnerability (bz #1382322) * CVE-2016-7995: usb: hcd-ehci: memory leak (bz #1382669) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1373462 - CVE-2016-7155 Qemu: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings https://bugzilla.redhat.com/show_bug.cgi?id=1373462 [ 2 ] Bug #1373478 - CVE-2016-7156 Qemu: scsi: pvscsi: infintie loop when building SG list https://bugzilla.redhat.com/show_bug.cgi?id=1373478 [ 3 ] Bug #1374702 - CVE-2016-7170 Qemu: vmware_vga: OOB stack memory access when processing svga command https://bugzilla.redhat.com/show_bug.cgi?id=1374702 [ 4 ] Bug #1373504 - CVE-2016-7157 Qemu: scsi: mptsas: invalid memory access while building configuration pages https://bugzilla.redhat.com/show_bug.cgi?id=1373504 [ 5 ] Bug #1377837 - CVE-2016-7466 Qemu: usb: xhci memory leakage during device unplug https://bugzilla.redhat.com/show_bug.cgi?id=1377837 [ 6 ] Bug #1376776 - CVE-2016-7423 Qemu: scsi: mptsas: OOB access when freeing MPTSASRequest object https://bugzilla.redhat.com/show_bug.cgi?id=1376776 [ 7 ] Bug #1376755 - CVE-2016-7422 Qemu: virtio: null pointer dereference in virtqueu_map_desc https://bugzilla.redhat.com/show_bug.cgi?id=1376755 [ 8 ] Bug #1327465 - CVE-2016-7908 Qemu: net: Infinite loop in mcf_fec_do_tx() https://bugzilla.redhat.com/show_bug.cgi?id=1327465 [ 9 ] Bug #1333425 - CVE-2016-8576 Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch https://bugzilla.redhat.com/show_bug.cgi?id=1333425 [ 10 ] Bug #1382668 - CVE-2016-7995 Qemu: usb: hcd-ehci: memory leak in ehci_process_itd https://bugzilla.redhat.com/show_bug.cgi?id=1382668 -------------------------------------------------------------------------------- ================================================================================ signon-kwallet-extension-16.08.2-1.fc25 (FEDORA-2016-8b494f4606) KWallet integration for Sign-on framework -------------------------------------------------------------------------------- Update Information: KDE Network Applications 16.08.2 -------------------------------------------------------------------------------- ================================================================================ subtitleeditor-0.53.0-1.fc25 (FEDORA-2016-42f17cdbbb) GTK+2 tool to edit subtitles for GNU/Linux/*BSD -------------------------------------------------------------------------------- Update Information: Fix broken dependencies. -------------------------------------------------------------------------------- ================================================================================ vulkan-1.0.30.0-1.fc25 (FEDORA-2016-7b73fbcc99) Vulkan loader and validation layers -------------------------------------------------------------------------------- Update Information: Update ---- Add wayland support -------------------------------------------------------------------------------- References: [ 1 ] Bug #1383115 - None https://bugzilla.redhat.com/show_bug.cgi?id=1383115 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx