The following Fedora 24 Security updates need testing: Age URL 154 https://bodhi.fedoraproject.org/updates/FEDORA-2016-32eaf0c41e redis-3.2.3-1.fc24 137 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0ef628998f chicken-4.11.0-3.fc24 88 https://bodhi.fedoraproject.org/updates/FEDORA-2016-990e2012ea compat-guile18-1.8.8-14.fc24 51 https://bodhi.fedoraproject.org/updates/FEDORA-2016-93679a91df jenkins-1.651.3-2.fc24 jenkins-remoting-2.62.3-1.fc24 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08 squid-3.5.23-1.fc24 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-76d9809fd4 w3m-0.5.3-27.git20161120.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8311440c55 pcsc-lite-1.8.20-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cdf8277947 onionshare-0.9.1-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7c221d6f49 icoutils-0.31.1-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c3dc97e1e1 php-PHPMailer-5.2.22-1.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 54 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cddf0ec383 nss-3.27.0-1.3.fc24 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1979eafeae libgweather-3.20.4-1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6c9a495a48 elfutils-0.168-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8b3063d71c redhat-rpm-config-42-2.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-925d54e4c1 kernel-4.8.16-200.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2153a45ba5 nautilus-3.20.4-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7585703fbe selinux-policy-3.13.1-191.24.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d489f7e75c vim-8.0.160-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2e4a42d809 thunderbird-45.6.0-3.fc24 The following builds have been pushed to Fedora 24 updates-testing OpenSceneGraph-3.4.0-7.fc24 ansible-review-0.13.0-2.fc24 bitlbee-3.5-1.fc24 cinnamon-themes-2016.12.07-1.fc24 gambit-c-4.8.7-1.fc24 golang-github-onsi-ginkgo-1.1.0-11.fc24 golang-github-onsi-gomega-1.0-0.1.git2152b45.fc24 icoutils-0.31.1-1.fc24 mbuffer-20161115-1.fc24 mint-x-icons-1.4.0-1.fc24 mint-y-icons-1.0.4-1.fc24 nautilus-3.20.4-1.fc24 nitrokey-app-0.6.2-1.fc24 notmuch-0.23.5-1.fc24 obnam-1.21-1.fc24 perl-CPAN-2.11-350.fc24 perl-Number-Bytes-Human-0.11-1.fc24 php-PHPMailer-5.2.22-1.fc24 python-ECPy-0.8.1-1.fc24 python-coverage-test-runner-1.11-1.fc24 python-lxml-3.7.2-1.fc24 python-streamlink-0.2.0-3.fc24 python-tracing-0.9-1.fc24 python-ttystatus-0.34-1.fc24 selinux-policy-3.13.1-191.24.fc24 sheepdog-1.0.1-2.fc24 stoken-0.91-1.fc24 thunderbird-45.6.0-3.fc24 vim-8.0.160-1.fc24 wine-2.0-0.1.rc4.fc24 Details about builds: ================================================================================ OpenSceneGraph-3.4.0-7.fc24 (FEDORA-2017-c9cd97b7e1) High performance real-time graphics toolkit -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ================================================================================ ansible-review-0.13.0-2.fc24 (FEDORA-2017-4d52377593) Reviews Ansible playbooks, roles and inventory and suggests improvements -------------------------------------------------------------------------------- Update Information: RHBZ#1410896: depend on python-flake8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1410896 - ansible-review doesn't work, unless I manually install python2-flake8 https://bugzilla.redhat.com/show_bug.cgi?id=1410896 -------------------------------------------------------------------------------- ================================================================================ bitlbee-3.5-1.fc24 (FEDORA-2017-63dd18b255) IRC to other chat networks gateway -------------------------------------------------------------------------------- Update Information: Update to the latest upstream. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1411171 - bitlbee-3.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1411171 -------------------------------------------------------------------------------- ================================================================================ cinnamon-themes-2016.12.07-1.fc24 (FEDORA-2017-6d917d7d85) Collection of the best themes available for Cinnamon -------------------------------------------------------------------------------- Update Information: * Initial rpm-release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1411153 - Review Request: mint-y-icons - The Mint-Y icon theme https://bugzilla.redhat.com/show_bug.cgi?id=1411153 [ 2 ] Bug #1411152 - Review Request: mint-x-icons - Icon theme for Linux Mint https://bugzilla.redhat.com/show_bug.cgi?id=1411152 [ 3 ] Bug #1411151 - Review Request: cinnamon-themes - Collection of the best themes available for Cinnamon https://bugzilla.redhat.com/show_bug.cgi?id=1411151 -------------------------------------------------------------------------------- ================================================================================ gambit-c-4.8.7-1.fc24 (FEDORA-2017-14f51f0bda) Scheme programming system -------------------------------------------------------------------------------- Update Information: Update to latest Gambit release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1323380 - gambit-c-v4.8.7-bootstrap is available https://bugzilla.redhat.com/show_bug.cgi?id=1323380 -------------------------------------------------------------------------------- ================================================================================ golang-github-onsi-ginkgo-1.1.0-11.fc24 (FEDORA-2017-f9b037833f) A Golang BDD Testing Framework -------------------------------------------------------------------------------- Update Information: Add missing Provides ---- Bump to upstream 7f8ab55aaf3b86885aa55b762e803744d1674700 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1214619 - Tracker for golang-github-onsi-ginkgo https://bugzilla.redhat.com/show_bug.cgi?id=1214619 -------------------------------------------------------------------------------- ================================================================================ golang-github-onsi-gomega-1.0-0.1.git2152b45.fc24 (FEDORA-2017-5be622602d) Ginkgo's Preferred Matcher Library -------------------------------------------------------------------------------- Update Information: Bump to upstream 2152b45fa28a361beba9aab0885972323a444e28 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1248013 - Tracker for golang-github-onsi-gomega https://bugzilla.redhat.com/show_bug.cgi?id=1248013 -------------------------------------------------------------------------------- ================================================================================ icoutils-0.31.1-1.fc24 (FEDORA-2017-7c221d6f49) Utility for extracting and converting Microsoft icon and cursor files -------------------------------------------------------------------------------- Update Information: This new point release fixes a security vulnerability in wrestool. For further details see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850017 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1411251 - CVE-2017-5208 icoutils: Check_offset overflow on 64-bit systems https://bugzilla.redhat.com/show_bug.cgi?id=1411251 -------------------------------------------------------------------------------- ================================================================================ mbuffer-20161115-1.fc24 (FEDORA-2017-7d454c16f6) Measuring Buffer is an enhanced version of buffer -------------------------------------------------------------------------------- Update Information: Update to new upstream version 20161115 -------------------------------------------------------------------------------- ================================================================================ mint-x-icons-1.4.0-1.fc24 (FEDORA-2017-6d917d7d85) Icon theme for Linux Mint -------------------------------------------------------------------------------- Update Information: * Initial rpm-release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1411153 - Review Request: mint-y-icons - The Mint-Y icon theme https://bugzilla.redhat.com/show_bug.cgi?id=1411153 [ 2 ] Bug #1411152 - Review Request: mint-x-icons - Icon theme for Linux Mint https://bugzilla.redhat.com/show_bug.cgi?id=1411152 [ 3 ] Bug #1411151 - Review Request: cinnamon-themes - Collection of the best themes available for Cinnamon https://bugzilla.redhat.com/show_bug.cgi?id=1411151 -------------------------------------------------------------------------------- ================================================================================ mint-y-icons-1.0.4-1.fc24 (FEDORA-2017-6d917d7d85) The Mint-Y icon theme -------------------------------------------------------------------------------- Update Information: * Initial rpm-release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1411153 - Review Request: mint-y-icons - The Mint-Y icon theme https://bugzilla.redhat.com/show_bug.cgi?id=1411153 [ 2 ] Bug #1411152 - Review Request: mint-x-icons - Icon theme for Linux Mint https://bugzilla.redhat.com/show_bug.cgi?id=1411152 [ 3 ] Bug #1411151 - Review Request: cinnamon-themes - Collection of the best themes available for Cinnamon https://bugzilla.redhat.com/show_bug.cgi?id=1411151 -------------------------------------------------------------------------------- ================================================================================ nautilus-3.20.4-1.fc24 (FEDORA-2017-2153a45ba5) File manager for GNOME -------------------------------------------------------------------------------- Update Information: Update to 3.20.4 -------------------------------------------------------------------------------- ================================================================================ nitrokey-app-0.6.2-1.fc24 (FEDORA-2017-8d47bdfcd0) Nitrokey's Application -------------------------------------------------------------------------------- Update Information: Update to 0.6.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1409940 - nitrokey-app-0.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1409940 -------------------------------------------------------------------------------- ================================================================================ notmuch-0.23.5-1.fc24 (FEDORA-2017-50de46b483) System for indexing, searching, and tagging email -------------------------------------------------------------------------------- Update Information: Latest upstream -------------------------------------------------------------------------------- References: [ 1 ] Bug #1408540 - notmuch-0.23.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1408540 -------------------------------------------------------------------------------- ================================================================================ obnam-1.21-1.fc24 (FEDORA-2017-447688f77f) An easy, secure backup program -------------------------------------------------------------------------------- Update Information: Update to latest upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1389905 - obnam-1.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1389905 -------------------------------------------------------------------------------- ================================================================================ perl-CPAN-2.11-350.fc24 (FEDORA-2017-d2db0e970c) Query, download and build perl modules from CPAN sites -------------------------------------------------------------------------------- Update Information: This release fixes CVE-2016-1238 vulnerability i the CPAN client, loading optional modules from current working directory. It also corrects logging fatal errors through Log::Log4pel back end. -------------------------------------------------------------------------------- ================================================================================ perl-Number-Bytes-Human-0.11-1.fc24 (FEDORA-2017-18ec5c3149) Convert byte count to human readable format -------------------------------------------------------------------------------- Update Information: Updte to latest upstream release 0.11 (rhbz#1411308) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1411308 - perl-Number-Bytes-Human-0.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1411308 -------------------------------------------------------------------------------- ================================================================================ php-PHPMailer-5.2.22-1.fc24 (FEDORA-2017-c3dc97e1e1) PHP email transport class with a lot of features -------------------------------------------------------------------------------- Update Information: **Version 5.2.22** (January 5th 2017) * **SECURITY** Fix [CVE-2017-5223](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5223), local file disclosure vulnerability if content passed to `msgHTML()` is sourced from unfiltered user input. Reported by Yongxiang Li of Asiasecurity. The fix for this means that calls to `msgHTML()` without a `$basedir` will not import images with relative URLs, and relative URLs containing `..` will be ignored. * Add simple contact form example * Emoji in test content ---- **Version 5.2.21** (December 28th 2016) * Fix missed number update in version file - no functional changes ---- **Version 5.2.20** (December 28th 2016) * **SECURITY** Critical security update for CVE-2016-10045 please update now! Thanks to [Dawid Golunski](https://legalhackers.com) and Paul Buonopane (Zenexer). ---- ** Version 5.2.19** (December 26th 2016) * Minor cleanup ** Version 5.2.18** (December 24th 2016) * **SECURITY** Critical security update for CVE-2016-10033 please update now! Thanks to [Dawid Golunski](https://legalhackers.com). * Add ability to extract the SMTP transaction ID from some common SMTP success messages * Minor documentation tweaks ** Version 5.2.17** (December 9th 2016) * This is officially the last feature release of 5.2. Security fixes only from now on; use PHPMailer 6.0! * Allow DKIM private key to be provided as a string * Provide mechanism to allow overriding of boundary and message ID creation * Improve Brazilian Portuguese, Spanish, Swedish, Romanian, and German translations * PHP 7.1 support for Travis-CI * Fix some language codes * Add security notices * Improve DKIM compatibility in older PHP versions * Improve trapping and capture of SMTP connection errors * Improve passthrough of error levels for debug output * PHPDoc cleanup -------------------------------------------------------------------------------- References: [ 1 ] Bug #1409489 - CVE-2016-10033 phpmailer: Parameter injection via mail() function https://bugzilla.redhat.com/show_bug.cgi?id=1409489 -------------------------------------------------------------------------------- ================================================================================ python-ECPy-0.8.1-1.fc24 (FEDORA-2017-c2eeacdbd4) Python Elliptic Curve Library -------------------------------------------------------------------------------- Update Information: Initial packaging for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1411036 - Review Request: python-ECPy - Pure Python Elliptic Curve Library https://bugzilla.redhat.com/show_bug.cgi?id=1411036 -------------------------------------------------------------------------------- ================================================================================ python-coverage-test-runner-1.11-1.fc24 (FEDORA-2017-2439e93a6c) Python module for enforcing code coverage completeness -------------------------------------------------------------------------------- Update Information: Update to latest upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1275121 - python-coverage-test-runner-1.11.orig is available https://bugzilla.redhat.com/show_bug.cgi?id=1275121 -------------------------------------------------------------------------------- ================================================================================ python-lxml-3.7.2-1.fc24 (FEDORA-2017-cc6784a87b) XML processing library combining libxml2/libxslt with the ElementTree API -------------------------------------------------------------------------------- Update Information: update to 3.7.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1411177 - python-lxml-3.7.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1411177 -------------------------------------------------------------------------------- ================================================================================ python-streamlink-0.2.0-3.fc24 (FEDORA-2017-082179ed31) Python library for extracting streams from various websites -------------------------------------------------------------------------------- Update Information: Streamlink is a command-line utility that pipes video streams from various services into a video player, such as VLC. The main purpose of Streamlink is to allow the user to avoid buggy and CPU heavy flash plugins but still be able to enjoy various streamed content. There is also an API available for developers who want access to the video stream data. This project was forked from Livestreamer, which is no longer maintained. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1405271 - Review Request: python-streamlink - Python library for extracting streams from various websites https://bugzilla.redhat.com/show_bug.cgi?id=1405271 -------------------------------------------------------------------------------- ================================================================================ python-tracing-0.9-1.fc24 (FEDORA-2017-3b591f572a) Python debug logging helper -------------------------------------------------------------------------------- Update Information: Update to latest upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1275120 - python-tracing-0.9.orig is available https://bugzilla.redhat.com/show_bug.cgi?id=1275120 -------------------------------------------------------------------------------- ================================================================================ python-ttystatus-0.34-1.fc24 (FEDORA-2017-ed1ab19d76) Progress and status updates on terminals for Python -------------------------------------------------------------------------------- Update Information: Update to latest upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1408688 - python-ttystatus-0.34.orig is available https://bugzilla.redhat.com/show_bug.cgi?id=1408688 -------------------------------------------------------------------------------- ================================================================================ selinux-policy-3.13.1-191.24.fc24 (FEDORA-2017-7585703fbe) SELinux policy configuration -------------------------------------------------------------------------------- Update Information: More info: https://koji.fedoraproject.org/koji/buildinfo?buildID=832000 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1349998 - SELinux is preventing zabbix_agentd from using the 'setrlimit' accesses on a process. https://bugzilla.redhat.com/show_bug.cgi?id=1349998 [ 2 ] Bug #1356456 - kexec-tools: kdump service start fails due to AVC deny https://bugzilla.redhat.com/show_bug.cgi?id=1356456 [ 3 ] Bug #1384600 - SELinux prevents cobbler from authenticating via PAM https://bugzilla.redhat.com/show_bug.cgi?id=1384600 [ 4 ] Bug #1392464 - None https://bugzilla.redhat.com/show_bug.cgi?id=1392464 [ 5 ] Bug #1401715 - virsh/libvirt problems with selinux https://bugzilla.redhat.com/show_bug.cgi?id=1401715 -------------------------------------------------------------------------------- ================================================================================ sheepdog-1.0.1-2.fc24 (FEDORA-2017-56fa4c4bb2) The Sheepdog distributed storage system for KVM/QEMU -------------------------------------------------------------------------------- Update Information: Sheepdog was completely broken until this release, segfaulting on start. This release fixes the bug, updates the systemd units and moves the store from /tmp (!) to /var/lib/sheepdog. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1396430 - sheepdog broken out of the box https://bugzilla.redhat.com/show_bug.cgi?id=1396430 -------------------------------------------------------------------------------- ================================================================================ stoken-0.91-1.fc24 (FEDORA-2017-86236e8e16) Token code generator compatible with RSA SecurID 128-bit (AES) token -------------------------------------------------------------------------------- Update Information: Small bug fixes. -------------------------------------------------------------------------------- ================================================================================ thunderbird-45.6.0-3.fc24 (FEDORA-2017-2e4a42d809) Mozilla Thunderbird mail/newsgroup client -------------------------------------------------------------------------------- Update Information: Update fixes wrong language packs for calendar extension. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1410740 - Calendar broken in Thunderbird 45.6.0-2 https://bugzilla.redhat.com/show_bug.cgi?id=1410740 -------------------------------------------------------------------------------- ================================================================================ vim-8.0.160-1.fc24 (FEDORA-2017-d489f7e75c) The VIM editor -------------------------------------------------------------------------------- Update Information: New upstream commit -------------------------------------------------------------------------------- ================================================================================ wine-2.0-0.1.rc4.fc24 (FEDORA-2017-51e0686cad) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information: https://www.winehq.org/announce/2.0-rc4 - Bug fixes only, we are in code freeze. https://wine-staging.com/news/2017-01-09-release-2.0-rc4.html - Improved FlipToGDISurface ddraw handling. - Regression fixes. - Various smaller improvements. -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
