Fedora 25 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 25 Security updates need testing:
 Age  URL
 118  https://bodhi.fedoraproject.org/updates/FEDORA-2016-9b3ed5f170   chicken-4.11.0-3.fc25
  69  https://bodhi.fedoraproject.org/updates/FEDORA-2016-6dd3bc37c3   compat-guile18-1.8.8-14.fc25
  15  https://bodhi.fedoraproject.org/updates/FEDORA-2016-2d8fb6d7ad   ipsilon-2.0.2-2.fc25
  11  https://bodhi.fedoraproject.org/updates/FEDORA-2016-daf90926d4   dovecot-2.2.27-1.fc25
   7  https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b59109c48   botan-1.10.14-3.fc25
   5  https://bodhi.fedoraproject.org/updates/FEDORA-2016-01eba63bcc   FlightGear-2016.3.1-3.fc25
   2  https://bodhi.fedoraproject.org/updates/FEDORA-2016-dd895763ac   kernel-4.8.15-300.fc25
   2  https://bodhi.fedoraproject.org/updates/FEDORA-2016-fce8b939c9   python-wikitcms-2.1.10-1.fc25
   2  https://bodhi.fedoraproject.org/updates/FEDORA-2016-f30fae0f67   nagios-plugins-2.1.4-2.fc25
   2  https://bodhi.fedoraproject.org/updates/FEDORA-2016-9b83c6862d   community-mysql-5.7.17-1.fc25
   2  https://bodhi.fedoraproject.org/updates/FEDORA-2016-89ee54c661   mingw-openjpeg2-2.1.2-3.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-364f61377b   samba-4.5.3-0.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-c614315d29   squid-4.0.17-1.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-95b4e9077e   tor-0.2.8.12-1.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-a1e8589ef9   gdk-pixbuf2-2.36.2-1.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-b6cb3e83fa   js-jquery1-1.12.4-2.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-3368a38282   js-jquery-2.2.4-1.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-897a1e6698   smack-4.1.5-3.fc25


The following Fedora 25 Critical Path updates have yet to be approved:
 Age URL
  24  https://bodhi.fedoraproject.org/updates/FEDORA-2016-a1231ada78   python-productmd-1.3-1.fc25
  24  https://bodhi.fedoraproject.org/updates/FEDORA-2016-940ecb5c59   wpa_supplicant-2.6-1.fc25
  11  https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c25320b71   pungi-4.1.11-3.fc25
   4  https://bodhi.fedoraproject.org/updates/FEDORA-2016-ab324eaf7a   libnl3-3.2.29-0.2.fc25
   2  https://bodhi.fedoraproject.org/updates/FEDORA-2016-37c1b46c83   python-mako-1.0.6-1.fc25
   2  https://bodhi.fedoraproject.org/updates/FEDORA-2016-dd895763ac   kernel-4.8.15-300.fc25
   1  https://bodhi.fedoraproject.org/updates/FEDORA-2016-be5fa630c5   vim-8.0.134-2.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-5ccc141b9c   openssl-1.0.2j-3.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-c06a720e75   flatpak-0.8.0-1.fc25 bubblewrap-0.1.5-1.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-b70f3f873d   xorg-x11-drv-libinput-0.23.0-2.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-a1e8589ef9   gdk-pixbuf2-2.36.2-1.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-469935a9d1   xorg-x11-server-1.19.0-3.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2016-364f61377b   samba-4.5.3-0.fc25


The following builds have been pushed to Fedora 25 updates-testing

    bubblewrap-0.1.5-1.fc25
    cinch-0.2.1-3.fc25
    flatpak-0.8.0-1.fc25
    gdal-2.1.2-5.fc25
    gdk-pixbuf2-2.36.2-1.fc25
    jabberd-2.4.0-6.fc25
    js-jquery-2.2.4-1.fc25
    js-jquery1-1.12.4-2.fc25
    krita-3.1.1-1.fc25
    libspf2-1.2.10-12.20150405gitd57d79fd.fc25
    lis-1.7.20-1.fc25
    meson-0.37.1-1.fc25
    mod_gnutls-0.8.1-1.fc25
    monkeysphere-0.41-1.fc25
    opendkim-2.11.0-0.1.fc25
    openssl-1.0.2j-3.fc25
    perl-CPAN-Perl-Releases-3.02-1.fc25
    perl-Module-CoreList-5.20161220-1.fc25
    pgRouting-2.2.4-1.fc25
    phodav-2.1-1.fc25
    php-pecl-igbinary-2.0.1-1.fc25
    python-canonicaljson-1.0.0-1.fc25
    python-keyring-9.0-5.fc25
    python-pyeclib-1.4.0-1.fc25
    python-signedjson-1.0.0-1.fc25
    rt-4.4.1-2.fc25
    smack-4.1.5-3.fc25
    spatialite-gui-1.7.1-10.fc25
    tor-0.2.8.12-1.fc25
    uwsgi-2.0.14-3.fc25
    xorg-x11-drv-libinput-0.23.0-2.fc25

Details about builds:


================================================================================
 bubblewrap-0.1.5-1.fc25 (FEDORA-2016-c06a720e75)
 Core execution tool for unprivileged containers
--------------------------------------------------------------------------------
Update Information:

flatpak 0.8.0 release. For details, see
https://github.com/flatpak/flatpak/releases/tag/0.8.0
--------------------------------------------------------------------------------


================================================================================
 cinch-0.2.1-3.fc25 (FEDORA-2016-f997abaa82)
 A tool for provisioning Jenkins components for CI
--------------------------------------------------------------------------------
Update Information:

Updated Source0 with name macro substitution
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1393947 - Review Request: cinch - A tool for provisioning Jenkins components for CI
        https://bugzilla.redhat.com/show_bug.cgi?id=1393947
--------------------------------------------------------------------------------


================================================================================
 flatpak-0.8.0-1.fc25 (FEDORA-2016-c06a720e75)
 Application deployment framework for desktop apps
--------------------------------------------------------------------------------
Update Information:

flatpak 0.8.0 release. For details, see
https://github.com/flatpak/flatpak/releases/tag/0.8.0
--------------------------------------------------------------------------------


================================================================================
 gdal-2.1.2-5.fc25 (FEDORA-2016-9e5960ce59)
 GIS file format library
--------------------------------------------------------------------------------
Update Information:

https://trac.osgeo.org/gdal/wiki/Release/2.1.1-News
https://trac.osgeo.org/gdal/wiki/Release/2.1.2-News
--------------------------------------------------------------------------------


================================================================================
 gdk-pixbuf2-2.36.2-1.fc25 (FEDORA-2016-a1e8589ef9)
 An image loading library
--------------------------------------------------------------------------------
Update Information:

gdk-pixbuf 2.36.2 release.   * Remove the pixdata loader (#776004)  * Fix
integer overflows in the jpeg loader (#775218)  * Add an external thumbnailer
for images  * Fix a NULL pointer dereference (#776026)  * Fix a memory leak
(#776020)  * Support bmp headers with bitmask (#766890)  * Add tests for scaling
(#80925)  * Handle compressed pixdata in resources (#776105)  * Avoid a buffer
overrun in the qtif loader ($#775648)  * Fix a crash in the bmp loader (#775242)
* Fix crash opening pnm images with large dimensions (#775232)  * Prevent buffer
overflow in the pixdata loader (#775693)  * Translation updates
--------------------------------------------------------------------------------


================================================================================
 jabberd-2.4.0-6.fc25 (FEDORA-2016-33fc54e9e5)
 OpenSource server implementation of the Jabber protocols
--------------------------------------------------------------------------------
Update Information:

Added patches to fix "segfaut in 'sm' component when blocking users" (#1406062)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1406062 - segfaut in 'sm' component when blocking users
        https://bugzilla.redhat.com/show_bug.cgi?id=1406062
--------------------------------------------------------------------------------


================================================================================
 js-jquery-2.2.4-1.fc25 (FEDORA-2016-3368a38282)
 JavaScript DOM manipulation, event handling, and AJAX library
--------------------------------------------------------------------------------
Update Information:

Update to 2.2.4 with backport for XSS vulnerability.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1307666 - js-jquery: FTBFS in F24
        https://bugzilla.redhat.com/show_bug.cgi?id=1307666
  [ 2 ] Bug #1399550 - js-jquery: Cross-site scripting via cross-domain ajax requests [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=1399550
  [ 3 ] Bug #1399549 - js-jquery: Cross-site scripting via cross-domain ajax requests [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1399549
--------------------------------------------------------------------------------


================================================================================
 js-jquery1-1.12.4-2.fc25 (FEDORA-2016-b6cb3e83fa)
 JavaScript DOM manipulation, event handling, and AJAX library
--------------------------------------------------------------------------------
Update Information:

Update to latest jquery1 stable, with backport fix for XSS vulnerability.)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1307668 - js-jquery1: FTBFS in F24
        https://bugzilla.redhat.com/show_bug.cgi?id=1307668
  [ 2 ] Bug #1257589 - Upgrade js-jquery1 to 1.11.3
        https://bugzilla.redhat.com/show_bug.cgi?id=1257589
  [ 3 ] Bug #1399548 - js-jquery1: js-jquery: Cross-site scripting via cross-domain ajax requests [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=1399548
  [ 4 ] Bug #1399547 - js-jquery1: js-jquery: Cross-site scripting via cross-domain ajax requests [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1399547
--------------------------------------------------------------------------------


================================================================================
 krita-3.1.1-1.fc25 (FEDORA-2016-7f8e6f5e77)
 Krita is a sketching and painting program
--------------------------------------------------------------------------------
Update Information:

New upstream version
--------------------------------------------------------------------------------


================================================================================
 libspf2-1.2.10-12.20150405gitd57d79fd.fc25 (FEDORA-2016-34c47eba9a)
 An implementation of the SPF specification
--------------------------------------------------------------------------------
Update Information:

Simplify release numbers (same for both library and perl module)
--------------------------------------------------------------------------------


================================================================================
 lis-1.7.20-1.fc25 (FEDORA-2016-58576b89b9)
 A library for solving linear equations and eigenvalue problems
--------------------------------------------------------------------------------
Update Information:

Update to 1.7.20  ----  Add new binaries  ----  Update to 1.6.24  ----  Update
to 1.6.10  ----  Update to 1.6.2  ----  Update to 1.5.76
--------------------------------------------------------------------------------


================================================================================
 meson-0.37.1-1.fc25 (FEDORA-2016-a84067a1ad)
 High productivity build system
--------------------------------------------------------------------------------
Update Information:

Update to 0.37.1
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1401062 - %meson -Denable_gudev=true does not work
        https://bugzilla.redhat.com/show_bug.cgi?id=1401062
--------------------------------------------------------------------------------


================================================================================
 mod_gnutls-0.8.1-1.fc25 (FEDORA-2016-122d70c91c)
 GnuTLS module for the Apache HTTP server
--------------------------------------------------------------------------------
Update Information:

update to 0.8.1
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1243837 - mod_gnutls: documentation and/or examples are not included
        https://bugzilla.redhat.com/show_bug.cgi?id=1243837
--------------------------------------------------------------------------------


================================================================================
 monkeysphere-0.41-1.fc25 (FEDORA-2016-85f3109ef5)
 Use the OpenPGP web of trust to verify SSH connections
--------------------------------------------------------------------------------
Update Information:

Update monkeysphere to 0.41 release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1402815 - monkeysphere-0.41 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1402815
--------------------------------------------------------------------------------


================================================================================
 opendkim-2.11.0-0.1.fc25 (FEDORA-2016-c3671d2758)
 A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail
--------------------------------------------------------------------------------
Update Information:

Updating to the 2.11.Alpha0 upstream source @
https://sourceforge.net/projects/opendkim/, which has been stable since 2015.
Patches included for:  * openssl 1.1.0 support
(https://sourceforge.net/p/opendkim/patches/35/) * strl.h location
(https://sourceforge.net/p/opendkim/patches/37/)  Thanks @adamwill for the nudge
on re-diffing patches.
--------------------------------------------------------------------------------


================================================================================
 openssl-1.0.2j-3.fc25 (FEDORA-2016-5ccc141b9c)
 Utilities from the general purpose cryptography library with TLS implementation
--------------------------------------------------------------------------------
Update Information:

Bug fix for a dead lock problem in FIPS mode
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1400922 - OpenSSL 1.0.2j deadlock in FIPS mode
        https://bugzilla.redhat.com/show_bug.cgi?id=1400922
--------------------------------------------------------------------------------


================================================================================
 perl-CPAN-Perl-Releases-3.02-1.fc25 (FEDORA-2016-29830ad55e)
 Mapping Perl releases on CPAN to the location of the tarballs
--------------------------------------------------------------------------------
Update Information:

Updated to the latest version
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1406581 - perl-CPAN-Perl-Releases-3.02 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1406581
--------------------------------------------------------------------------------


================================================================================
 perl-Module-CoreList-5.20161220-1.fc25 (FEDORA-2016-3820e42f06)
 What modules are shipped with versions of perl
--------------------------------------------------------------------------------
Update Information:

This release provides data for Perl 5.25.8.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1406587 - perl-Module-CoreList-5.20161220 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1406587
--------------------------------------------------------------------------------


================================================================================
 pgRouting-2.2.4-1.fc25 (FEDORA-2016-94e70086bc)
 Provides routing functionality to PostGIS/PostgreSQL
--------------------------------------------------------------------------------
Update Information:

Fixed Regression error pgr_nodeNetwork
--------------------------------------------------------------------------------


================================================================================
 phodav-2.1-1.fc25 (FEDORA-2016-dfccd20db1)
 A WebDAV server using libsoup
--------------------------------------------------------------------------------
Update Information:

new version
--------------------------------------------------------------------------------


================================================================================
 php-pecl-igbinary-2.0.1-1.fc25 (FEDORA-2016-c8ad3c48fc)
 Replacement for the standard PHP serializer
--------------------------------------------------------------------------------
Update Information:

**Version 2.0.1**  - Compatible with PHP 5.2 - 7.0 - Fixes bug in session
decoder not calling __wakeup() in php 7.0+ - (Enhancement) Reuses identical
strings when unserializing objects and arrays in php 7.0+
--------------------------------------------------------------------------------


================================================================================
 python-canonicaljson-1.0.0-1.fc25 (FEDORA-2016-f4174b0049)
 Canonical JSON
--------------------------------------------------------------------------------
Update Information:

New package
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1405856 - Review Request: python-canonicaljson - Canonical JSON
        https://bugzilla.redhat.com/show_bug.cgi?id=1405856
--------------------------------------------------------------------------------


================================================================================
 python-keyring-9.0-5.fc25 (FEDORA-2016-1b270b9769)
 Store and access your passwords safely
--------------------------------------------------------------------------------
Update Information:

Update adds missing dependency on python-SecretStorage, which is needed for
basic functionality.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1398710 - python3-keyring missing dependency on python3-SecretStorage
        https://bugzilla.redhat.com/show_bug.cgi?id=1398710
  [ 2 ] Bug #1328218 - python-keyring: missing dependency on python-SecretStorage
        https://bugzilla.redhat.com/show_bug.cgi?id=1328218
--------------------------------------------------------------------------------


================================================================================
 python-pyeclib-1.4.0-1.fc25 (FEDORA-2016-6d844fad24)
 Python interface to erasure codes
--------------------------------------------------------------------------------
Update Information:

This update to 1.4.0 permits a use of "isa_l_rs_cauchy" method of erasure
coding.
--------------------------------------------------------------------------------


================================================================================
 python-signedjson-1.0.0-1.fc25 (FEDORA-2016-32eeb894f4)
 Sign JSON with Ed25519 signatures
--------------------------------------------------------------------------------
Update Information:

New package
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1405857 - Review Request: python-signedjson - Sign JSON with Ed25519 signatures
        https://bugzilla.redhat.com/show_bug.cgi?id=1405857
--------------------------------------------------------------------------------


================================================================================
 rt-4.4.1-2.fc25 (FEDORA-2016-3370809994)
 Request tracker
--------------------------------------------------------------------------------
Update Information:


--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1304825 - rt-4.4.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1304825
--------------------------------------------------------------------------------


================================================================================
 smack-4.1.5-3.fc25 (FEDORA-2016-897a1e6698)
 Open Source XMPP (Jabber) client library
--------------------------------------------------------------------------------
Update Information:

fix for "TLS SecurityMode.required bypass via StripTLS attack"
(rhbz#1406703,1406704)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1406703 - smack: TLS SecurityMode.required bypass via StripTLS attack
        https://bugzilla.redhat.com/show_bug.cgi?id=1406703
--------------------------------------------------------------------------------


================================================================================
 spatialite-gui-1.7.1-10.fc25 (FEDORA-2016-be9bc33423)
 GUI to manage Spatialite databases
--------------------------------------------------------------------------------
Update Information:

Fixed the linking issues that broke building this package.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1308147 - spatialite-gui: FTBFS in rawhide
        https://bugzilla.redhat.com/show_bug.cgi?id=1308147
--------------------------------------------------------------------------------


================================================================================
 tor-0.2.8.12-1.fc25 (FEDORA-2016-95b4e9077e)
 Anonymizing overlay network for TCP
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2016-1254
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1406314 - CVE-2016-1254 tor: Remote DoS via parsing problem
        https://bugzilla.redhat.com/show_bug.cgi?id=1406314
--------------------------------------------------------------------------------


================================================================================
 uwsgi-2.0.14-3.fc25 (FEDORA-2016-badaca3348)
 Fast, self-healing, application container server
--------------------------------------------------------------------------------
Update Information:

enable psgi plugin on el7
--------------------------------------------------------------------------------


================================================================================
 xorg-x11-drv-libinput-0.23.0-2.fc25 (FEDORA-2016-b70f3f873d)
 Xorg X11 libinput input driver
--------------------------------------------------------------------------------
Update Information:

Ignore LED updates for disabled devices, avoids a null-pointer dereference when
an AccessX timeout is set
--------------------------------------------------------------------------------
_______________________________________________
test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux