The following Fedora 25 Security updates need testing: Age URL 118 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9b3ed5f170 chicken-4.11.0-3.fc25 69 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6dd3bc37c3 compat-guile18-1.8.8-14.fc25 15 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2d8fb6d7ad ipsilon-2.0.2-2.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-daf90926d4 dovecot-2.2.27-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b59109c48 botan-1.10.14-3.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-01eba63bcc FlightGear-2016.3.1-3.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-dd895763ac kernel-4.8.15-300.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fce8b939c9 python-wikitcms-2.1.10-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f30fae0f67 nagios-plugins-2.1.4-2.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9b83c6862d community-mysql-5.7.17-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-89ee54c661 mingw-openjpeg2-2.1.2-3.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-364f61377b samba-4.5.3-0.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c614315d29 squid-4.0.17-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-95b4e9077e tor-0.2.8.12-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a1e8589ef9 gdk-pixbuf2-2.36.2-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b6cb3e83fa js-jquery1-1.12.4-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3368a38282 js-jquery-2.2.4-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-897a1e6698 smack-4.1.5-3.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 24 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a1231ada78 python-productmd-1.3-1.fc25 24 https://bodhi.fedoraproject.org/updates/FEDORA-2016-940ecb5c59 wpa_supplicant-2.6-1.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c25320b71 pungi-4.1.11-3.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ab324eaf7a libnl3-3.2.29-0.2.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-37c1b46c83 python-mako-1.0.6-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-dd895763ac kernel-4.8.15-300.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-be5fa630c5 vim-8.0.134-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5ccc141b9c openssl-1.0.2j-3.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c06a720e75 flatpak-0.8.0-1.fc25 bubblewrap-0.1.5-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b70f3f873d xorg-x11-drv-libinput-0.23.0-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a1e8589ef9 gdk-pixbuf2-2.36.2-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-469935a9d1 xorg-x11-server-1.19.0-3.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-364f61377b samba-4.5.3-0.fc25 The following builds have been pushed to Fedora 25 updates-testing bubblewrap-0.1.5-1.fc25 cinch-0.2.1-3.fc25 flatpak-0.8.0-1.fc25 gdal-2.1.2-5.fc25 gdk-pixbuf2-2.36.2-1.fc25 jabberd-2.4.0-6.fc25 js-jquery-2.2.4-1.fc25 js-jquery1-1.12.4-2.fc25 krita-3.1.1-1.fc25 libspf2-1.2.10-12.20150405gitd57d79fd.fc25 lis-1.7.20-1.fc25 meson-0.37.1-1.fc25 mod_gnutls-0.8.1-1.fc25 monkeysphere-0.41-1.fc25 opendkim-2.11.0-0.1.fc25 openssl-1.0.2j-3.fc25 perl-CPAN-Perl-Releases-3.02-1.fc25 perl-Module-CoreList-5.20161220-1.fc25 pgRouting-2.2.4-1.fc25 phodav-2.1-1.fc25 php-pecl-igbinary-2.0.1-1.fc25 python-canonicaljson-1.0.0-1.fc25 python-keyring-9.0-5.fc25 python-pyeclib-1.4.0-1.fc25 python-signedjson-1.0.0-1.fc25 rt-4.4.1-2.fc25 smack-4.1.5-3.fc25 spatialite-gui-1.7.1-10.fc25 tor-0.2.8.12-1.fc25 uwsgi-2.0.14-3.fc25 xorg-x11-drv-libinput-0.23.0-2.fc25 Details about builds: ================================================================================ bubblewrap-0.1.5-1.fc25 (FEDORA-2016-c06a720e75) Core execution tool for unprivileged containers -------------------------------------------------------------------------------- Update Information: flatpak 0.8.0 release. For details, see https://github.com/flatpak/flatpak/releases/tag/0.8.0 -------------------------------------------------------------------------------- ================================================================================ cinch-0.2.1-3.fc25 (FEDORA-2016-f997abaa82) A tool for provisioning Jenkins components for CI -------------------------------------------------------------------------------- Update Information: Updated Source0 with name macro substitution -------------------------------------------------------------------------------- References: [ 1 ] Bug #1393947 - Review Request: cinch - A tool for provisioning Jenkins components for CI https://bugzilla.redhat.com/show_bug.cgi?id=1393947 -------------------------------------------------------------------------------- ================================================================================ flatpak-0.8.0-1.fc25 (FEDORA-2016-c06a720e75) Application deployment framework for desktop apps -------------------------------------------------------------------------------- Update Information: flatpak 0.8.0 release. For details, see https://github.com/flatpak/flatpak/releases/tag/0.8.0 -------------------------------------------------------------------------------- ================================================================================ gdal-2.1.2-5.fc25 (FEDORA-2016-9e5960ce59) GIS file format library -------------------------------------------------------------------------------- Update Information: https://trac.osgeo.org/gdal/wiki/Release/2.1.1-News https://trac.osgeo.org/gdal/wiki/Release/2.1.2-News -------------------------------------------------------------------------------- ================================================================================ gdk-pixbuf2-2.36.2-1.fc25 (FEDORA-2016-a1e8589ef9) An image loading library -------------------------------------------------------------------------------- Update Information: gdk-pixbuf 2.36.2 release. * Remove the pixdata loader (#776004) * Fix integer overflows in the jpeg loader (#775218) * Add an external thumbnailer for images * Fix a NULL pointer dereference (#776026) * Fix a memory leak (#776020) * Support bmp headers with bitmask (#766890) * Add tests for scaling (#80925) * Handle compressed pixdata in resources (#776105) * Avoid a buffer overrun in the qtif loader ($#775648) * Fix a crash in the bmp loader (#775242) * Fix crash opening pnm images with large dimensions (#775232) * Prevent buffer overflow in the pixdata loader (#775693) * Translation updates -------------------------------------------------------------------------------- ================================================================================ jabberd-2.4.0-6.fc25 (FEDORA-2016-33fc54e9e5) OpenSource server implementation of the Jabber protocols -------------------------------------------------------------------------------- Update Information: Added patches to fix "segfaut in 'sm' component when blocking users" (#1406062) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1406062 - segfaut in 'sm' component when blocking users https://bugzilla.redhat.com/show_bug.cgi?id=1406062 -------------------------------------------------------------------------------- ================================================================================ js-jquery-2.2.4-1.fc25 (FEDORA-2016-3368a38282) JavaScript DOM manipulation, event handling, and AJAX library -------------------------------------------------------------------------------- Update Information: Update to 2.2.4 with backport for XSS vulnerability. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1307666 - js-jquery: FTBFS in F24 https://bugzilla.redhat.com/show_bug.cgi?id=1307666 [ 2 ] Bug #1399550 - js-jquery: Cross-site scripting via cross-domain ajax requests [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1399550 [ 3 ] Bug #1399549 - js-jquery: Cross-site scripting via cross-domain ajax requests [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1399549 -------------------------------------------------------------------------------- ================================================================================ js-jquery1-1.12.4-2.fc25 (FEDORA-2016-b6cb3e83fa) JavaScript DOM manipulation, event handling, and AJAX library -------------------------------------------------------------------------------- Update Information: Update to latest jquery1 stable, with backport fix for XSS vulnerability.) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1307668 - js-jquery1: FTBFS in F24 https://bugzilla.redhat.com/show_bug.cgi?id=1307668 [ 2 ] Bug #1257589 - Upgrade js-jquery1 to 1.11.3 https://bugzilla.redhat.com/show_bug.cgi?id=1257589 [ 3 ] Bug #1399548 - js-jquery1: js-jquery: Cross-site scripting via cross-domain ajax requests [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1399548 [ 4 ] Bug #1399547 - js-jquery1: js-jquery: Cross-site scripting via cross-domain ajax requests [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1399547 -------------------------------------------------------------------------------- ================================================================================ krita-3.1.1-1.fc25 (FEDORA-2016-7f8e6f5e77) Krita is a sketching and painting program -------------------------------------------------------------------------------- Update Information: New upstream version -------------------------------------------------------------------------------- ================================================================================ libspf2-1.2.10-12.20150405gitd57d79fd.fc25 (FEDORA-2016-34c47eba9a) An implementation of the SPF specification -------------------------------------------------------------------------------- Update Information: Simplify release numbers (same for both library and perl module) -------------------------------------------------------------------------------- ================================================================================ lis-1.7.20-1.fc25 (FEDORA-2016-58576b89b9) A library for solving linear equations and eigenvalue problems -------------------------------------------------------------------------------- Update Information: Update to 1.7.20 ---- Add new binaries ---- Update to 1.6.24 ---- Update to 1.6.10 ---- Update to 1.6.2 ---- Update to 1.5.76 -------------------------------------------------------------------------------- ================================================================================ meson-0.37.1-1.fc25 (FEDORA-2016-a84067a1ad) High productivity build system -------------------------------------------------------------------------------- Update Information: Update to 0.37.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1401062 - %meson -Denable_gudev=true does not work https://bugzilla.redhat.com/show_bug.cgi?id=1401062 -------------------------------------------------------------------------------- ================================================================================ mod_gnutls-0.8.1-1.fc25 (FEDORA-2016-122d70c91c) GnuTLS module for the Apache HTTP server -------------------------------------------------------------------------------- Update Information: update to 0.8.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1243837 - mod_gnutls: documentation and/or examples are not included https://bugzilla.redhat.com/show_bug.cgi?id=1243837 -------------------------------------------------------------------------------- ================================================================================ monkeysphere-0.41-1.fc25 (FEDORA-2016-85f3109ef5) Use the OpenPGP web of trust to verify SSH connections -------------------------------------------------------------------------------- Update Information: Update monkeysphere to 0.41 release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1402815 - monkeysphere-0.41 is available https://bugzilla.redhat.com/show_bug.cgi?id=1402815 -------------------------------------------------------------------------------- ================================================================================ opendkim-2.11.0-0.1.fc25 (FEDORA-2016-c3671d2758) A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail -------------------------------------------------------------------------------- Update Information: Updating to the 2.11.Alpha0 upstream source @ https://sourceforge.net/projects/opendkim/, which has been stable since 2015. Patches included for: * openssl 1.1.0 support (https://sourceforge.net/p/opendkim/patches/35/) * strl.h location (https://sourceforge.net/p/opendkim/patches/37/) Thanks @adamwill for the nudge on re-diffing patches. -------------------------------------------------------------------------------- ================================================================================ openssl-1.0.2j-3.fc25 (FEDORA-2016-5ccc141b9c) Utilities from the general purpose cryptography library with TLS implementation -------------------------------------------------------------------------------- Update Information: Bug fix for a dead lock problem in FIPS mode -------------------------------------------------------------------------------- References: [ 1 ] Bug #1400922 - OpenSSL 1.0.2j deadlock in FIPS mode https://bugzilla.redhat.com/show_bug.cgi?id=1400922 -------------------------------------------------------------------------------- ================================================================================ perl-CPAN-Perl-Releases-3.02-1.fc25 (FEDORA-2016-29830ad55e) Mapping Perl releases on CPAN to the location of the tarballs -------------------------------------------------------------------------------- Update Information: Updated to the latest version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1406581 - perl-CPAN-Perl-Releases-3.02 is available https://bugzilla.redhat.com/show_bug.cgi?id=1406581 -------------------------------------------------------------------------------- ================================================================================ perl-Module-CoreList-5.20161220-1.fc25 (FEDORA-2016-3820e42f06) What modules are shipped with versions of perl -------------------------------------------------------------------------------- Update Information: This release provides data for Perl 5.25.8. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1406587 - perl-Module-CoreList-5.20161220 is available https://bugzilla.redhat.com/show_bug.cgi?id=1406587 -------------------------------------------------------------------------------- ================================================================================ pgRouting-2.2.4-1.fc25 (FEDORA-2016-94e70086bc) Provides routing functionality to PostGIS/PostgreSQL -------------------------------------------------------------------------------- Update Information: Fixed Regression error pgr_nodeNetwork -------------------------------------------------------------------------------- ================================================================================ phodav-2.1-1.fc25 (FEDORA-2016-dfccd20db1) A WebDAV server using libsoup -------------------------------------------------------------------------------- Update Information: new version -------------------------------------------------------------------------------- ================================================================================ php-pecl-igbinary-2.0.1-1.fc25 (FEDORA-2016-c8ad3c48fc) Replacement for the standard PHP serializer -------------------------------------------------------------------------------- Update Information: **Version 2.0.1** - Compatible with PHP 5.2 - 7.0 - Fixes bug in session decoder not calling __wakeup() in php 7.0+ - (Enhancement) Reuses identical strings when unserializing objects and arrays in php 7.0+ -------------------------------------------------------------------------------- ================================================================================ python-canonicaljson-1.0.0-1.fc25 (FEDORA-2016-f4174b0049) Canonical JSON -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1405856 - Review Request: python-canonicaljson - Canonical JSON https://bugzilla.redhat.com/show_bug.cgi?id=1405856 -------------------------------------------------------------------------------- ================================================================================ python-keyring-9.0-5.fc25 (FEDORA-2016-1b270b9769) Store and access your passwords safely -------------------------------------------------------------------------------- Update Information: Update adds missing dependency on python-SecretStorage, which is needed for basic functionality. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1398710 - python3-keyring missing dependency on python3-SecretStorage https://bugzilla.redhat.com/show_bug.cgi?id=1398710 [ 2 ] Bug #1328218 - python-keyring: missing dependency on python-SecretStorage https://bugzilla.redhat.com/show_bug.cgi?id=1328218 -------------------------------------------------------------------------------- ================================================================================ python-pyeclib-1.4.0-1.fc25 (FEDORA-2016-6d844fad24) Python interface to erasure codes -------------------------------------------------------------------------------- Update Information: This update to 1.4.0 permits a use of "isa_l_rs_cauchy" method of erasure coding. -------------------------------------------------------------------------------- ================================================================================ python-signedjson-1.0.0-1.fc25 (FEDORA-2016-32eeb894f4) Sign JSON with Ed25519 signatures -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1405857 - Review Request: python-signedjson - Sign JSON with Ed25519 signatures https://bugzilla.redhat.com/show_bug.cgi?id=1405857 -------------------------------------------------------------------------------- ================================================================================ rt-4.4.1-2.fc25 (FEDORA-2016-3370809994) Request tracker -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1304825 - rt-4.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1304825 -------------------------------------------------------------------------------- ================================================================================ smack-4.1.5-3.fc25 (FEDORA-2016-897a1e6698) Open Source XMPP (Jabber) client library -------------------------------------------------------------------------------- Update Information: fix for "TLS SecurityMode.required bypass via StripTLS attack" (rhbz#1406703,1406704) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1406703 - smack: TLS SecurityMode.required bypass via StripTLS attack https://bugzilla.redhat.com/show_bug.cgi?id=1406703 -------------------------------------------------------------------------------- ================================================================================ spatialite-gui-1.7.1-10.fc25 (FEDORA-2016-be9bc33423) GUI to manage Spatialite databases -------------------------------------------------------------------------------- Update Information: Fixed the linking issues that broke building this package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1308147 - spatialite-gui: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1308147 -------------------------------------------------------------------------------- ================================================================================ tor-0.2.8.12-1.fc25 (FEDORA-2016-95b4e9077e) Anonymizing overlay network for TCP -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-1254 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1406314 - CVE-2016-1254 tor: Remote DoS via parsing problem https://bugzilla.redhat.com/show_bug.cgi?id=1406314 -------------------------------------------------------------------------------- ================================================================================ uwsgi-2.0.14-3.fc25 (FEDORA-2016-badaca3348) Fast, self-healing, application container server -------------------------------------------------------------------------------- Update Information: enable psgi plugin on el7 -------------------------------------------------------------------------------- ================================================================================ xorg-x11-drv-libinput-0.23.0-2.fc25 (FEDORA-2016-b70f3f873d) Xorg X11 libinput input driver -------------------------------------------------------------------------------- Update Information: Ignore LED updates for disabled devices, avoids a null-pointer dereference when an AccessX timeout is set -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx