The following Fedora 24 Security updates need testing: Age URL 94 https://bodhi.fedoraproject.org/updates/FEDORA-2016-32eaf0c41e redis-3.2.3-1.fc24 78 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0ef628998f chicken-4.11.0-3.fc24 29 https://bodhi.fedoraproject.org/updates/FEDORA-2016-990e2012ea compat-guile18-1.8.8-14.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-66c70cadb4 memcached-1.4.25-2.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3eb5a55123 python-django-1.9.11-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2b27b075ee libgit2-0.24.3-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cd09eab674 tre-0.8.0-18.20140228gitc2f5d13.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d3a2b640ce python-cryptography-vectors-1.5.3-1.fc24 python-cryptography-1.5.3-3.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9417b4c1dc bind99-9.9.9-4.P4.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 33 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f00a05d7b9 pungi-4.1.10-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f5e78ec298 rpm-4.13.0-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26e09d3ace xfce4-settings-4.12.1-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-188fa26fbc lxsession-0.5.2-12.D20161106git7b9a9580da.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6466d563cc libfm-1.2.4-9.D20161105gitc2989af015.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-92b77eef65 menu-cache-1.0.2-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-139a004954 dnsmasq-2.76-2.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-abb3ede5d5 selinux-policy-3.13.1-191.21.fc24 The following builds have been pushed to Fedora 24 updates-testing bind99-9.9.9-4.P4.fc24 gst-entrans-1.0.3-1.fc24 java-1.8.0-openjdk-1.8.0.111-3.b16.fc24 khard-0.9.0-3.fc24 libfastjson-0.99.4-1.fc24 libinput-1.5.1-1.fc24 libmediainfo-0.7.90-1.fc24 libsolv-0.6.24-1.fc24 libzrtpcpp-4.6.4-1.fc24 mediainfo-0.7.90-1.fc24 mediawriter-4.0.4-0.fc24 mingw-mediawriter-4.0.4-0.fc24 openms-2.1.0-0.1.fc24 php-horde-Horde-Service-Weather-2.5.2-1.fc24 php-pecl-yaml-1.3.0-1.fc24 php-zendframework-zend-expressive-1.0.2-1.fc24 python-cryptography-1.5.3-3.fc24 python-cryptography-vectors-1.5.3-1.fc24 python-peewee-2.8.2-3.fc24 Details about builds: ================================================================================ bind99-9.9.9-4.P4.fc24 (FEDORA-2016-9417b4c1dc) The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) libraries -------------------------------------------------------------------------------- Update Information: Allow zone size limit (CVE-2016-6170) ---- Security fix for CVE-2016-8864 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1353563 - CVE-2016-6170 bind: Improper restriction of zone size limit https://bugzilla.redhat.com/show_bug.cgi?id=1353563 [ 2 ] Bug #1389652 - CVE-2016-8864 bind: assertion failure while handling responses containing a DNAME answer https://bugzilla.redhat.com/show_bug.cgi?id=1389652 -------------------------------------------------------------------------------- ================================================================================ gst-entrans-1.0.3-1.fc24 (FEDORA-2016-9c0d366970) Plug-ins and tools for transcoding and recording with GStreamer -------------------------------------------------------------------------------- Update Information: This update contains minor bugfixes for both entrans and associated GStreamer plugins. Full release notes: http://gentrans.sourceforge.net/docs/head/manual/html/package.html#sect-history -------------------------------------------------------------------------------- ================================================================================ java-1.8.0-openjdk-1.8.0.111-3.b16.fc24 (FEDORA-2016-7da42d8561) OpenJDK Runtime Environment -------------------------------------------------------------------------------- Update Information: java SSL/TLS implementation: should follow the policies of system-wide crypto policy -------------------------------------------------------------------------------- ================================================================================ khard-0.9.0-3.fc24 (FEDORA-2016-6adc3feabf) An address book for the Linux console -------------------------------------------------------------------------------- Update Information: fix missing dependency ---- - Support for vobject library version >= 0.8.2 from https://github.com/tBaxter/vobject - Contact template syntax switched to yaml - alot and mutt actions summarized to new email action (please have a look into the readme file for configuration changes) - Support for extended name attributes - Create and modify contact from stdin or from template file - New action "export" to export data of existing contact in yaml format - New argument --open-editor to open the preferred text editor after successful creation of new contact from stdin or template file - New argument {-u, --uid} to select contact by uid - Added write support for categories attribute - Added wrapper script for sdiff - Fixed a bug, which prevented the creation of new contacts with the add- email action - Added support for multiple instances of one vcard attribute - Use of module atomicwrites to securely write vcards to disk - Cancel without further actions if the opened contacts editor is closed without saving (determined by modification date of template file) - Fixed uid dictionary creation - Sort contact table by first or last name (take note of changed behaviour of "sort" option) - New option -g, --group-by-addressbook to group contact table by address book - Changes in config file: - New group: contact table - new option: sort to sort contact table by first or last name - New option: group_by_addressbook to group contact table by address book - Moved show_nicknames option from group "general" to group "contact table" - New option "show_uids" in config file to disable uid column in contact table - Fully restructured command line interface for better usability: - general help with: khard -h - help for a specific action: khard action -h - Updated zsh completion function - New Action addressbooks - New option -p|--pretty for email and phone actions to get pretty formatted output - Fix: Only delete contact after modify, copy or move action was completed successfully -------------------------------------------------------------------------------- References: [ 1 ] Bug #1381668 - khard throws UnicodeDecodeError https://bugzilla.redhat.com/show_bug.cgi?id=1381668 -------------------------------------------------------------------------------- ================================================================================ libfastjson-0.99.4-1.fc24 (FEDORA-2016-9d61c4e62a) A JSON implementation in C -------------------------------------------------------------------------------- Update Information: Package created -------------------------------------------------------------------------------- ================================================================================ libinput-1.5.1-1.fc24 (FEDORA-2016-83f87452e3) Input device library -------------------------------------------------------------------------------- Update Information: libinput 1.5.1 -------------------------------------------------------------------------------- ================================================================================ libmediainfo-0.7.90-1.fc24 (FEDORA-2016-9814d19b17) Library for supplies technical and tag information about a video or audio file -------------------------------------------------------------------------------- Update Information: Update to 0.7.90. -------------------------------------------------------------------------------- ================================================================================ libsolv-0.6.24-1.fc24 (FEDORA-2016-ba9e964555) Package dependency solver -------------------------------------------------------------------------------- Update Information: Update to 0.6.24 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1389884 - Typo mistake in spec file: MULTI_SYMANTICS instead of MULTI_SEMANTICS https://bugzilla.redhat.com/show_bug.cgi?id=1389884 -------------------------------------------------------------------------------- ================================================================================ libzrtpcpp-4.6.4-1.fc24 (FEDORA-2016-1c9c74624a) ZRTP support library for the GNU ccRTP stack -------------------------------------------------------------------------------- Update Information: Update to 4.6.4, see https://github.com/wernerd/ZRTPCPP/blob/master/NEWS.md for details. -------------------------------------------------------------------------------- ================================================================================ mediainfo-0.7.90-1.fc24 (FEDORA-2016-9814d19b17) Supplies technical and tag information about a video or audio file (CLI) -------------------------------------------------------------------------------- Update Information: Update to 0.7.90. -------------------------------------------------------------------------------- ================================================================================ mediawriter-4.0.4-0.fc24 (FEDORA-2016-1a54b4389a) Fedora Media Writer -------------------------------------------------------------------------------- Update Information: Update to 4.0.4 -------------------------------------------------------------------------------- ================================================================================ mingw-mediawriter-4.0.4-0.fc24 (FEDORA-2016-d5dddd9618) Fedora Media Writer -------------------------------------------------------------------------------- Update Information: Update to 4.0.4 ---- Update to 4.0.0-0 ---- Update to 3.97.2 ---- Update to 3.97.1 ---- Update to 3.97.0 ---- Update to 3.96.0 -------------------------------------------------------------------------------- ================================================================================ openms-2.1.0-0.1.fc24 (FEDORA-2016-b4a64ca324) LC/MS data management and analyses -------------------------------------------------------------------------------- Update Information: - Update to 2.1.0 (pre-release) - Patched to fix PyOpenMS - Python bindings disabled (upstream issue #2286) -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Service-Weather-2.5.2-1.fc24 (FEDORA-2016-eeda4772a6) Horde Weather Provider -------------------------------------------------------------------------------- Update Information: **Horde_Service_Weather 2.5.2** * [mjr] More fixes for Postgres, and more robust data validation during migration. ---- **Horde_Service_Weather 2.5.1** * [mjr] Fix migration for Postgres (Bug #14508). ---- **Horde_Service_Weather 2.5.0** * [mjr] Replace defunct data source for surface station data (Bug #14502). ---- ** Horde_Service_Weather 2.4.1** * [jan] Update location of METAR stations. -------------------------------------------------------------------------------- ================================================================================ php-pecl-yaml-1.3.0-1.fc24 (FEDORA-2016-6a93d3d64a) Support for YAML 1.1 serialization using the LibYAML library -------------------------------------------------------------------------------- Update Information: This update brings in a number of important bug fixes backported from the PHP YAML extension's 2.0 branch. Full release notes: https://pecl.php.net/package/yaml/1.3.0 -------------------------------------------------------------------------------- ================================================================================ php-zendframework-zend-expressive-1.0.2-1.fc24 (FEDORA-2016-9c873ee513) PSR-7 Middleware Microframework based on Stratigility -------------------------------------------------------------------------------- Update Information: **Version 1.0.2** - 2016-11-11 - [#393](https://github.com/zendframework/zend- expressive/pull/393) updates `Application::run()` to inject the request with an `originalResponse` attribute using the provided response as the value. - [#393](https://github.com/zendframework/zend-expressive/pull/393) fixes how each of the `TemplatedErrorHandler` and `WhoopsErrorHandler` access the "original" request, URI, and/or response. Previously, these used Stratigility- specific methods; they now use request attributes, eliminating deprecation notices emitted in Stratigility 1.3+ versions. ---- **Version 1.0.1** - 2016-11-11 - [#306](https://github.com/zendframework/zend-expressive/pull/306) adds a cookbook recipe covering flash messages. - [#384](https://github.com/zendframework/zend-expressive/pull/384) adds support for Whoops version 2 releases, providing PHP 7 support for Whoops. - [#391](https://github.com/zendframework/zend-expressive/pull/391) fixes the `Application::run()` implementation to prevent emission of deprecation notices when used with Stratigility 1.3. -------------------------------------------------------------------------------- ================================================================================ python-cryptography-1.5.3-3.fc24 (FEDORA-2016-d3a2b640ce) PyCA's cryptography library -------------------------------------------------------------------------------- Update Information: Rebase to 1.5.3 to fix CVE-2016-9243 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1393432 - CVE-2016-9243 python-cryptography: HKDF might return an empty byte-string [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1393432 [ 2 ] Bug #1361916 - python-cryptography - Missing python2-subpackage https://bugzilla.redhat.com/show_bug.cgi?id=1361916 [ 3 ] Bug #1279263 - python-cryptography-vectors needs upgrade for the security bug https://bugzilla.redhat.com/show_bug.cgi?id=1279263 -------------------------------------------------------------------------------- ================================================================================ python-cryptography-vectors-1.5.3-1.fc24 (FEDORA-2016-d3a2b640ce) Test vectors for the cryptography package -------------------------------------------------------------------------------- Update Information: Rebase to 1.5.3 to fix CVE-2016-9243 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1393432 - CVE-2016-9243 python-cryptography: HKDF might return an empty byte-string [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1393432 [ 2 ] Bug #1361916 - python-cryptography - Missing python2-subpackage https://bugzilla.redhat.com/show_bug.cgi?id=1361916 [ 3 ] Bug #1279263 - python-cryptography-vectors needs upgrade for the security bug https://bugzilla.redhat.com/show_bug.cgi?id=1279263 -------------------------------------------------------------------------------- ================================================================================ python-peewee-2.8.2-3.fc24 (FEDORA-2016-4541b44f8a) A small, expressive orm -------------------------------------------------------------------------------- Update Information: Make pskel script install under usr/bin/ -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
