The following Fedora 24 Security updates need testing: Age URL 77 https://bodhi.fedoraproject.org/updates/FEDORA-2016-32eaf0c41e redis-3.2.3-1.fc24 60 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0ef628998f chicken-4.11.0-3.fc24 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-be779371b4 perl-Image-Info-1.38-6.fc24 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-990e2012ea compat-guile18-1.8.8-14.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-59316cf667 tor-0.2.8.9-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1b01b9278 tomcat-8.0.37-3.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e0f0d48142 jasper-1.900.13-1.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 15 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f00a05d7b9 pungi-4.1.10-1.fc24 10 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6c9d0d9a4f mpfr-3.1.5-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3eaf049e56 libfm-1.2.4-8.D20161017git82b3a1a201.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d1315ad2ab pcre-8.39-6.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e0f0d48142 jasper-1.900.13-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3d5c976bf8 menu-cache-1.0.1-3.D20161021git441f0ca9a1.fc24 The following builds have been pushed to Fedora 24 updates-testing fstrm-0.3.0-1.fc24 ginga-2.5.20161005204600-1.fc24 hadoop-2.4.1-23.fc24 jasper-1.900.13-1.fc24 magic-8.1.110-1.fc24 mingw-taglib-1.11.1-1.fc24 notmuch-0.23.1-1.fc24 openqa-4.4-26.20161022git1f44aeb.fc24 pcre-8.39-6.fc24 pcre2-10.21-8.fc24 perl-DateTime-TimeZone-2.01-4.fc24 perl-Tangerine-0.23-1.fc24 perl-Unicode-Collate-1.15-1.fc24 perl-WWW-Form-UrlEncoded-0.23-2.fc24 php-fedora-autoloader-0.1.2-1.fc24 proguard-5.3.1-1.fc24 python-fitsio-0.9.10-1.fc24 python-hidapi-0.7.99.post19-1.fc24 python-ripe-atlas-cousteau-1.3-1.fc24 python-ruamel-yaml-0.12.14-2.fc24 python-socketIO-client-0.7.0-1.fc24 qgnomeplatform-0.2-10.20161024git.fc24 ripe-atlas-tools-2.0.2-1.fc24 rpmdeplint-1.2-2.fc24 rubygem-rkerberos-0.1.5-1.fc24 texstudio-2.11.2-1.fc24 tomcat-8.0.37-3.fc24 xcircuit-3.9.57-1.fc24 Details about builds: ================================================================================ fstrm-0.3.0-1.fc24 (FEDORA-2016-34566a4872) Frame Streams implementation in C -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1356981 - None https://bugzilla.redhat.com/show_bug.cgi?id=1356981 -------------------------------------------------------------------------------- ================================================================================ ginga-2.5.20161005204600-1.fc24 (FEDORA-2016-b68460ba1a) Image Viewer and Toolkit -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1381741 - None https://bugzilla.redhat.com/show_bug.cgi?id=1381741 -------------------------------------------------------------------------------- ================================================================================ hadoop-2.4.1-23.fc24 (FEDORA-2016-a86114edce) A software platform for processing vast amounts of data -------------------------------------------------------------------------------- Update Information: Minor updates to the package to clean up packaging issues and fix FTBFS for F26. -------------------------------------------------------------------------------- ================================================================================ jasper-1.900.13-1.fc24 (FEDORA-2016-e0f0d48142) Implementation of the JPEG-2000 standard, Part 1 -------------------------------------------------------------------------------- Update Information: New version of jasper is available (jasper-1.900.13). Security fix for CVE-2016-8690, CVE-2016-8691, CVE-2016-8692, CVE-2016-8693. ---- New version of jasper is available (1.900.3) ---- Security fix for CVE-2016-2089 ---- New version of jasper is available. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1385507 - CVE-2016-8693 jasper: Double free vulnerability in mem_close https://bugzilla.redhat.com/show_bug.cgi?id=1385507 [ 2 ] Bug #1385503 - CVE-2016-8692 jasper: Divide by zero in jpc_dec_process_siz https://bugzilla.redhat.com/show_bug.cgi?id=1385503 [ 3 ] Bug #1385502 - CVE-2016-8691 jasper: Divide by zero in jpc_dec_process_siz https://bugzilla.redhat.com/show_bug.cgi?id=1385502 [ 4 ] Bug #1385499 - CVE-2016-8690 jasper: Null pointer dereference in bmp_getdata triggered by crafted BMP image https://bugzilla.redhat.com/show_bug.cgi?id=1385499 [ 5 ] Bug #1302636 - CVE-2016-2089 jasper: matrix rows_ NULL pointer dereference in jas_matrix_clip() https://bugzilla.redhat.com/show_bug.cgi?id=1302636 -------------------------------------------------------------------------------- ================================================================================ magic-8.1.110-1.fc24 (FEDORA-2016-d8a71109e7) A very capable VLSI layout tool -------------------------------------------------------------------------------- Update Information: New version 8.1.110 is released. -------------------------------------------------------------------------------- ================================================================================ mingw-taglib-1.11.1-1.fc24 (FEDORA-2016-2488527f10) Audio Meta-Data Library -------------------------------------------------------------------------------- Update Information: Update to 1.11.1 -------------------------------------------------------------------------------- ================================================================================ notmuch-0.23.1-1.fc24 (FEDORA-2016-4a4ea6f7b2) System for indexing, searching, and tagging email -------------------------------------------------------------------------------- Update Information: Latest upstream. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1388085 - None https://bugzilla.redhat.com/show_bug.cgi?id=1388085 -------------------------------------------------------------------------------- ================================================================================ openqa-4.4-26.20161022git1f44aeb.fc24 (FEDORA-2016-3cc3b46a2e) OS-level automated testing framework -------------------------------------------------------------------------------- Update Information: This update provides a newer git snapshot of openQA, with various changes from upstream. The main reason for the update from our perspective is to include [this change](https://github.com/os-autoinst/openQA/pull/920), which is needed to improve our handling of ARM test assets. There are also several bug fixes (mainly related to asset handling) for issues encountered in testing on our staging instance. -------------------------------------------------------------------------------- ================================================================================ pcre-8.39-6.fc24 (FEDORA-2016-d1315ad2ab) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release documents an existing assert capture limitation. -------------------------------------------------------------------------------- ================================================================================ pcre2-10.21-8.fc24 (FEDORA-2016-8b64cf2690) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release documents an existing assert capture limitination. ---- This release fixes compilation of conditionals when a group name starts with "R". It fixes optimization for patterns starting with lookaheads. It also corrects displaying a callout position in pcretest output if an escape sequence is greater than \x{ff}. It also corrects internal options documentation and misspelllings in pcrepattern(3) manual page. -------------------------------------------------------------------------------- ================================================================================ perl-DateTime-TimeZone-2.01-4.fc24 (FEDORA-2016-6a24938760) Time zone object base class and factory -------------------------------------------------------------------------------- Update Information: Updated to 2016h Olson database -------------------------------------------------------------------------------- References: [ 1 ] Bug #1387452 - None https://bugzilla.redhat.com/show_bug.cgi?id=1387452 -------------------------------------------------------------------------------- ================================================================================ perl-Tangerine-0.23-1.fc24 (FEDORA-2016-a1f86142ee) Analyse perl files and report module-related information -------------------------------------------------------------------------------- Update Information: A new version of Tangerine is available. This release introduces support for Test::Needs. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1387944 - None https://bugzilla.redhat.com/show_bug.cgi?id=1387944 -------------------------------------------------------------------------------- ================================================================================ perl-Unicode-Collate-1.15-1.fc24 (FEDORA-2016-32a12e1608) Unicode Collation Algorithm -------------------------------------------------------------------------------- Update Information: This release adds support for Uyghur cyrilic locale. It also corrects license declaration and improves tests. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1387849 - None https://bugzilla.redhat.com/show_bug.cgi?id=1387849 -------------------------------------------------------------------------------- ================================================================================ perl-WWW-Form-UrlEncoded-0.23-2.fc24 (FEDORA-2016-9fa0374cf8) Parser and builder for application/x-www-form-urlencoded -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1382922 - None https://bugzilla.redhat.com/show_bug.cgi?id=1382922 -------------------------------------------------------------------------------- ================================================================================ php-fedora-autoloader-0.1.2-1.fc24 (FEDORA-2016-b13ad233fd) Fedora Autoloader -------------------------------------------------------------------------------- Update Information: Static [PSR-4](http://www.php-fig.org/psr/psr-4/), [PSR-0](http://www.php- fig.org/psr/psr-0/), and classmap autoloader. Includes loader for required and optional dependencies. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1386735 - None https://bugzilla.redhat.com/show_bug.cgi?id=1386735 -------------------------------------------------------------------------------- ================================================================================ proguard-5.3.1-1.fc24 (FEDORA-2016-1fac2de7bc) Java class file shrinker, optimizer, obfuscator and preverifier -------------------------------------------------------------------------------- Update Information: update to 5.3.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1387941 - None https://bugzilla.redhat.com/show_bug.cgi?id=1387941 -------------------------------------------------------------------------------- ================================================================================ python-fitsio-0.9.10-1.fc24 (FEDORA-2016-b6f8a460f3) A full featured python library to read from and write to FITS files -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1387876 - None https://bugzilla.redhat.com/show_bug.cgi?id=1387876 -------------------------------------------------------------------------------- ================================================================================ python-hidapi-0.7.99.post19-1.fc24 (FEDORA-2016-7e34683045) Interface to the hidapi library -------------------------------------------------------------------------------- Update Information: - Initial rpm release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1387837 - None https://bugzilla.redhat.com/show_bug.cgi?id=1387837 -------------------------------------------------------------------------------- ================================================================================ python-ripe-atlas-cousteau-1.3-1.fc24 (FEDORA-2016-4d2918c672) Python wrapper for RIPE Atlas API -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1387639 - None https://bugzilla.redhat.com/show_bug.cgi?id=1387639 [ 2 ] Bug #1387810 - None https://bugzilla.redhat.com/show_bug.cgi?id=1387810 -------------------------------------------------------------------------------- ================================================================================ python-ruamel-yaml-0.12.14-2.fc24 (FEDORA-2016-9eb6ae5416) YAML 1.2 loader/dumper package for Python -------------------------------------------------------------------------------- Update Information: Fixed python2-typing runtime dependency issue -------------------------------------------------------------------------------- References: [ 1 ] Bug #1386563 - None https://bugzilla.redhat.com/show_bug.cgi?id=1386563 -------------------------------------------------------------------------------- ================================================================================ python-socketIO-client-0.7.0-1.fc24 (FEDORA-2016-46aa5593f9) A socket.io client library for Python -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1357170 - None https://bugzilla.redhat.com/show_bug.cgi?id=1357170 -------------------------------------------------------------------------------- ================================================================================ qgnomeplatform-0.2-10.20161024git.fc24 (FEDORA-2016-49039adca5) Qt Platform Theme aimed to accommodate Gnome settings -------------------------------------------------------------------------------- Update Information: Update to latest git snapshot, fix gtk3 dialogs on wayland. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1362603 - None https://bugzilla.redhat.com/show_bug.cgi?id=1362603 [ 2 ] Bug #1352506 - None https://bugzilla.redhat.com/show_bug.cgi?id=1352506 -------------------------------------------------------------------------------- ================================================================================ ripe-atlas-tools-2.0.2-1.fc24 (FEDORA-2016-4d2918c672) The official command line client for RIPE Atlas -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1387639 - None https://bugzilla.redhat.com/show_bug.cgi?id=1387639 [ 2 ] Bug #1387810 - None https://bugzilla.redhat.com/show_bug.cgi?id=1387810 -------------------------------------------------------------------------------- ================================================================================ rpmdeplint-1.2-2.fc24 (FEDORA-2016-a5cb5e478f) Tool to find errors in RPM packages in the context of their dependency graph -------------------------------------------------------------------------------- Update Information: Rpmdeplint is a tool to find errors in RPM packages in the context of their dependency graph. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1385441 - None https://bugzilla.redhat.com/show_bug.cgi?id=1385441 -------------------------------------------------------------------------------- ================================================================================ rubygem-rkerberos-0.1.5-1.fc24 (FEDORA-2016-6bdd3e360c) A Ruby interface for the the Kerberos library -------------------------------------------------------------------------------- Update Information: * Fix build error on Ruby 2.0.0/2.1 with CFLAGS concatenation * Implement db_args functionality in kadmin (fixes #8) * Fix a double-free error when setting the realm for a principal * Fix an error in policy creation that would sometimes cause a communication failure * Set C99 as the C Standard and fix all compiler warnings at this level * rebuild due rkerberos ABI change -------------------------------------------------------------------------------- References: [ 1 ] Bug #1385656 - None https://bugzilla.redhat.com/show_bug.cgi?id=1385656 -------------------------------------------------------------------------------- ================================================================================ texstudio-2.11.2-1.fc24 (FEDORA-2016-7286701c0f) A feature-rich editor for LaTeX documents -------------------------------------------------------------------------------- Update Information: - update to 2.11.2 - http://texstudio.sourceforge.net/manual/current/CHANGELOG.txt -------------------------------------------------------------------------------- References: [ 1 ] Bug #1293027 - None https://bugzilla.redhat.com/show_bug.cgi?id=1293027 [ 2 ] Bug #1283359 - None https://bugzilla.redhat.com/show_bug.cgi?id=1283359 -------------------------------------------------------------------------------- ================================================================================ tomcat-8.0.37-3.fc24 (FEDORA-2016-c1b01b9278) Apache Servlet/JSP Engine, RI for Servlet 3.1/JSP 2.3 API -------------------------------------------------------------------------------- Update Information: This updates includes a rebase from tomcat 8.0.36 up to 8.0.37 which resolves one CVE: * rhbz#1375581 - CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header and includes two additional CVE fixes along with one bug fix: * rhbz#1383210 CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service * rhbz#1383216 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation * rhbz#1370262 - catalina.out is no longer in use in the main package, but still gets rotated -------------------------------------------------------------------------------- References: [ 1 ] Bug #1375581 - CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1375581 [ 2 ] Bug #1383216 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1383216 [ 3 ] Bug #1383210 - CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1383210 [ 4 ] Bug #1370262 - catalina.out is no longer in use in the main package, but still gets rotated https://bugzilla.redhat.com/show_bug.cgi?id=1370262 -------------------------------------------------------------------------------- ================================================================================ xcircuit-3.9.57-1.fc24 (FEDORA-2016-92c109fa1c) Electronic circuit schematic drawing program -------------------------------------------------------------------------------- Update Information: New version 3.9.57 is released. -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
