The following Fedora 24 Security updates need testing: Age URL 176 https://bodhi.fedoraproject.org/updates/FEDORA-2016-32eaf0c41e redis-3.2.3-1.fc24 74 https://bodhi.fedoraproject.org/updates/FEDORA-2016-93679a91df jenkins-1.651.3-2.fc24 jenkins-remoting-2.62.3-1.fc24 43 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08 squid-3.5.23-1.fc24 36 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0d7ef286d1 drupal7-title-1.0-0.7.alpha9.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-294c23bb1d phpMyAdmin-4.6.6-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-338a3f27e5 wordpress-4.7.2-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0f44f2b8c8 mariadb-10.1.21-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d90fac5c8f jasper-1.900.13-2.fc24 jasper-1.900.13-2.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-efed73a87c calibre-2.78.0-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6694f5cd3a bitlbee-3.5.1-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4cb58f0bda java-1.8.0-openjdk-aarch32-1.8.0.112-3.161109.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2bce6ed778 viewvc-1.1.26-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ddee871dd1 shotwell-0.24.5-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9d7f592a03 wavpack-5.1.0-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ba9c6a3634 quagga-0.99.24.1-5.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 22 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7585703fbe selinux-policy-3.13.1-191.24.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2b2696b823 vim-8.0.238-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a18a784b84 wpa_supplicant-2.5-6.fc24 wpa_supplicant-2.5-6.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d90fac5c8f jasper-1.900.13-2.fc24 jasper-1.900.13-2.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7fac567c88 systemd-229-17.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9d7f592a03 wavpack-5.1.0-1.fc24 The following builds have been pushed to Fedora 24 updates-testing amanda-3.4.2-1.fc24 cinnamon-3.2.8-9.fc24 cobbler-2.8.0-4.fc24 cppcheck-1.77-1.fc24 fedpkg-1.26-5.fc24 gnome-chemistry-utils-0.14.16-3.fc24 gnumeric-1.12.33-1.fc24 goffice-0.10.33-1.fc24 golang-github-rackspace-gophercloud-1.0.0-14.fc24 golang-github-xeipuuv-gojsonpointer-0-0.1.gite0fe6f6.fc24 golang-github-xeipuuv-gojsonreference-0-0.1.gite02fc20.fc24 guayadeque-0.4.5-0.4.beta1gitc2d3854.fc24 java-1.8.0-openjdk-aarch32-1.8.0.112-3.161109.fc24 liblangtag-0.6.2-1.fc24 nemo-3.2.2-4.fc24 osmo-0.2.14-11.fc24 pki-core-10.3.5-11.fc24 prelude-lml-3.1.0-1.fc24 quagga-0.99.24.1-5.fc24 rpkg-1.48-2.fc24 salt-2016.11.2-1.fc24 shotwell-0.24.5-1.fc24 systemd-229-17.fc24 timeline-1.13.0-1.fc24 tito-0.6.10-1.fc24 vdr-epg2vdr-1.1.27-1.fc24 viewvc-1.1.26-1.fc24 wavpack-5.1.0-1.fc24 youtube-dl-2017.01.31-1.fc24 Details about builds: ================================================================================ amanda-3.4.2-1.fc24 (FEDORA-2017-5fcf946acc) A network-capable tape backup solution -------------------------------------------------------------------------------- Update Information: New version of amanda (3.4.2) ---- Add small patches to enable the Amanda server to continue to back up RHEL5-era clients. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1417828 - The return value from the call to 'setreuid' is not checked. https://bugzilla.redhat.com/show_bug.cgi?id=1417828 [ 2 ] Bug #1413165 - amanda 3.4.1 cannot back up old (RHEL5) clients https://bugzilla.redhat.com/show_bug.cgi?id=1413165 -------------------------------------------------------------------------------- ================================================================================ cinnamon-3.2.8-9.fc24 (FEDORA-2017-f64191b1b0) Window management and application launching for GNOME -------------------------------------------------------------------------------- Update Information: * Add upstream-patch to fix a segmentation fault that happened in sound applet when menu animations were disabled (rhbz#1396110) * Add patch to use fedora-icon as default menu-icon * Make Cinnamon look more 'Minty' by default (rhbz#1268718) * Use dark arc-theme with mint-y-icons and google-noto-sans-fonts * Change hard requires on xawtv to a weak one * Remove unneded Requires: gnome-python2-gconf -------------------------------------------------------------------------------- References: [ 1 ] Bug #1268718 - Use fedora logo in menu applet https://bugzilla.redhat.com/show_bug.cgi?id=1268718 [ 2 ] Bug #1396110 - [abrt] cinnamon: _clutter_id_pool_remove(): cinnamon killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1396110 -------------------------------------------------------------------------------- ================================================================================ cobbler-2.8.0-4.fc24 (FEDORA-2017-24f5ced5ac) Boot server configurator -------------------------------------------------------------------------------- Update Information: - Restart named-chroot service if used - Fix logrotate script for systemd (bug #1414617) -------------------------------------------------------------------------------- ================================================================================ cppcheck-1.77-1.fc24 (FEDORA-2017-28b535463e) Tool for static C/C++ code analysis -------------------------------------------------------------------------------- Update Information: 1.77 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1383049 - cppcheck-1.77 is available https://bugzilla.redhat.com/show_bug.cgi?id=1383049 -------------------------------------------------------------------------------- ================================================================================ fedpkg-1.26-5.fc24 (FEDORA-2017-6808c6d2dc) Fedora utility for working with dist-git -------------------------------------------------------------------------------- Update Information: This version should fix chain building. -------------------------------------------------------------------------------- ================================================================================ gnome-chemistry-utils-0.14.16-3.fc24 (FEDORA-2017-c959cd3164) A set of chemical utilities -------------------------------------------------------------------------------- Update Information: This is an update to the latest upstream releases of gnumeric and goffice: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.33.html -------------------------------------------------------------------------------- References: [ 1 ] Bug #1417758 - RFE: New Gnumeric released that fixes a bunch of issues that I reported upstream https://bugzilla.redhat.com/show_bug.cgi?id=1417758 -------------------------------------------------------------------------------- ================================================================================ gnumeric-1.12.33-1.fc24 (FEDORA-2017-c959cd3164) Spreadsheet program for GNOME -------------------------------------------------------------------------------- Update Information: This is an update to the latest upstream releases of gnumeric and goffice: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.33.html -------------------------------------------------------------------------------- References: [ 1 ] Bug #1417758 - RFE: New Gnumeric released that fixes a bunch of issues that I reported upstream https://bugzilla.redhat.com/show_bug.cgi?id=1417758 -------------------------------------------------------------------------------- ================================================================================ goffice-0.10.33-1.fc24 (FEDORA-2017-c959cd3164) G Office support libraries -------------------------------------------------------------------------------- Update Information: This is an update to the latest upstream releases of gnumeric and goffice: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.33.html -------------------------------------------------------------------------------- References: [ 1 ] Bug #1417758 - RFE: New Gnumeric released that fixes a bunch of issues that I reported upstream https://bugzilla.redhat.com/show_bug.cgi?id=1417758 -------------------------------------------------------------------------------- ================================================================================ golang-github-rackspace-gophercloud-1.0.0-14.fc24 (FEDORA-2017-74b86aad1e) The Go SDK for Openstack http://gophercloud.io -------------------------------------------------------------------------------- Update Information: Fix [Build]Required yaml v2 ---- Bump to upstream c90cb954266e1bdd6d1914678fd6909fc5fabbfa -------------------------------------------------------------------------------- References: [ 1 ] Bug #1214774 - Tracker for golang-github-rackspace-gophercloud https://bugzilla.redhat.com/show_bug.cgi?id=1214774 -------------------------------------------------------------------------------- ================================================================================ golang-github-xeipuuv-gojsonpointer-0-0.1.gite0fe6f6.fc24 (FEDORA-2017-e84ba0b097) JSON Pointer implementation in Golang -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1405067 - Review Request: golang-github-xeipuuv-gojsonpointer - JSON Pointer implementation in Golang https://bugzilla.redhat.com/show_bug.cgi?id=1405067 -------------------------------------------------------------------------------- ================================================================================ golang-github-xeipuuv-gojsonreference-0-0.1.gite02fc20.fc24 (FEDORA-2017-3f27858fb8) JSON Reference implementation in Golang -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1405072 - Review Request: golang-github-xeipuuv-gojsonreference - JSON Reference implementation in Golang https://bugzilla.redhat.com/show_bug.cgi?id=1405072 -------------------------------------------------------------------------------- ================================================================================ guayadeque-0.4.5-0.4.beta1gitc2d3854.fc24 (FEDORA-2017-a4f49e50e9) Music player -------------------------------------------------------------------------------- Update Information: Update to 0.4.5-0.4.beta1gitc2d3854 ---- Update to 0.4.5-0.3.beta1gitfcf165e -------------------------------------------------------------------------------- ================================================================================ java-1.8.0-openjdk-aarch32-1.8.0.112-3.161109.fc24 (FEDORA-2017-4cb58f0bda) OpenJDK Runtime Environment in a preview of the OpenJDK AArch32 project -------------------------------------------------------------------------------- Update Information: January 2017 security fixes - http://www.oracle.com/technetwork/security- advisory/cpujan2017-2881727.html#AppendixJAVA -------------------------------------------------------------------------------- ================================================================================ liblangtag-0.6.2-1.fc24 (FEDORA-2017-16b7f694ed) An interface library to access tags for identifying languages -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- ================================================================================ nemo-3.2.2-4.fc24 (FEDORA-2017-7a325d99d5) File manager for Cinnamon -------------------------------------------------------------------------------- Update Information: * Update * Use Noto Sans font on Fedora 24+ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1307793 - nemo: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1307793 -------------------------------------------------------------------------------- ================================================================================ osmo-0.2.14-11.fc24 (FEDORA-2017-02acbb3217) Personal organizer -------------------------------------------------------------------------------- Update Information: Brought back webgtk dependency which is needed for contacts tab. In the long run, this has to go so some upstream development is important. ---- brought in dependency on webkitgtk4 to allow for the contacts tab ---- removed webkitgtk dependency, dropped aplay patch. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1251653 - osmo-0.2.14 is available https://bugzilla.redhat.com/show_bug.cgi?id=1251653 [ 2 ] Bug #1375822 - osmo must not depend on webkitgtk https://bugzilla.redhat.com/show_bug.cgi?id=1375822 -------------------------------------------------------------------------------- ================================================================================ pki-core-10.3.5-11.fc24 (FEDORA-2017-a2898f25b1) Certificate System - PKI Core Components -------------------------------------------------------------------------------- Update Information: PKI TRAC Tickets #1741,2450,2534,2564,2570,2573,2579 -------------------------------------------------------------------------------- ================================================================================ prelude-lml-3.1.0-1.fc24 (FEDORA-2017-f7c895b586) Log analyzer sensor with IDMEF output -------------------------------------------------------------------------------- Update Information: Bump version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1417405 - Review Request: prelude-lml https://bugzilla.redhat.com/show_bug.cgi?id=1417405 -------------------------------------------------------------------------------- ================================================================================ quagga-0.99.24.1-5.fc24 (FEDORA-2017-ba9c6a3634) Routing daemon -------------------------------------------------------------------------------- Update Information: Fix for CVE-2017-5495 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1416017 - CVE-2017-5495 quagga: Telnet interface input buffer allocates unbounded amounts of memory [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1416017 -------------------------------------------------------------------------------- ================================================================================ rpkg-1.48-2.fc24 (FEDORA-2017-6808c6d2dc) Utility for interacting with rpm+git packaging systems -------------------------------------------------------------------------------- Update Information: This version should fix chain building. -------------------------------------------------------------------------------- ================================================================================ salt-2016.11.2-1.fc24 (FEDORA-2017-da096c93ae) A parallel remote execution system -------------------------------------------------------------------------------- Update Information: Update to feature release 2016.11.2 ---- Update to feature release 2016.3.5 -------------------------------------------------------------------------------- ================================================================================ shotwell-0.24.5-1.fc24 (FEDORA-2017-ddee871dd1) A photo organizer for the GNOME desktop -------------------------------------------------------------------------------- Update Information: This release turns on HTTPS encyption all over the publishing plugins. Users using Tumblr and Yandex.Fotki publishing are strongly advised to change their passwords and reauthenticate Shotwell to those services after upgrade. Users of Picasa and Youtube publishing are strongly advised to reauthenticate (Log out and back in) Shotwell to those services after upgrade. Changes in shotwell 0.24.5 release: * Publishing: Use HTTPS consistently * Updated translations Changes in shotwell 0.24.4 release: * Piwigo: Fix title and comments for uploaded images * Fix icon file name for Serbian and Korean * Improved duplicate detection -------------------------------------------------------------------------------- ================================================================================ systemd-229-17.fc24 (FEDORA-2017-7fac567c88) A System and Service Manager -------------------------------------------------------------------------------- Update Information: This update fixes SELinux AVC caused by incorrect labeling of udev hardware database. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1395211 - Installation throws avc unlink hwdb.bin https://bugzilla.redhat.com/show_bug.cgi?id=1395211 -------------------------------------------------------------------------------- ================================================================================ timeline-1.13.0-1.fc24 (FEDORA-2017-c09c268934) Displays and navigates events on a timeline -------------------------------------------------------------------------------- Update Information: 1.13.0 -------------------------------------------------------------------------------- ================================================================================ tito-0.6.10-1.fc24 (FEDORA-2017-5e47af56eb) A tool for managing rpm based git projects -------------------------------------------------------------------------------- Update Information: - Do not undo tags when git state is dirty (skuznets@xxxxxxxxxx) - Parse options in `tito init` (skuznets@xxxxxxxxxx) - Only use `rpmbuild --noclean` if it is supported (skuznets@xxxxxxxxxx) - Explicitly define indicies in formatting statements (skuznets@xxxxxxxxxx) - Achieve quiet output from `rpmbuild` without passing `--quiet` (skuznets@xxxxxxxxxx) - Update the MANIFEST.in (skuznets@xxxxxxxxxx) - Correctly pass verbosity options through the builder CLI (skuznets@xxxxxxxxxx) - Use correct print-formatting directive in debugging (skuznets@xxxxxxxxxx) - Use `.format()` string formatting correctly in Builder (skuznets@xxxxxxxxxx) - Refactor `rpmbuild` invocation for readability (skuznets@xxxxxxxxxx) - Added `--quiet` and `--verbose` to `tito build` (skuznets@xxxxxxxxxx) - Add a Travis CI manifest (skuznets@xxxxxxxxxx) - Only flush output stream if flushing is supported (skuznets@xxxxxxxxxx) - Added support for choosing platforms for tests (skuznets@xxxxxxxxxx) - Refactored version->tag mapping logic in Tagger (skuznets@xxxxxxxxxx) - Improved debugging for RPM build step (skuznets@xxxxxxxxxx) - Print command debugging information only once (skuznets@xxxxxxxxxx) - Flush output buffers (skuznets@xxxxxxxxxx) - Document `tito tag --use-release` in the manpage (skuznets@xxxxxxxxxx) - Added an option to not escalate privileges on `tito build --install` (skuznets@xxxxxxxxxx) - Factor out the version->tag mapping in the Builder (skuznets@xxxxxxxxxx) - Collapse tagger class selection logic (skuznets@xxxxxxxxxx) - Rename `globalconfig` section to `buildconfig` in README (skuznets@xxxxxxxxxx) - fixes #29 - remove --list-tags and --only-tags (jmrodri@xxxxxxxxx) - 253 - print cmd info when --debug is supplied (jmrodri@xxxxxxxxx) - Work around `dnf` issues and install builddep for Rawhide (skuznets@xxxxxxxxxx) -------------------------------------------------------------------------------- ================================================================================ vdr-epg2vdr-1.1.27-1.fc24 (FEDORA-2017-5a6250ae58) A plugin to retrieve EPG data from a mysql database into VDR -------------------------------------------------------------------------------- Update Information: Update to 1.1.27 -------------------------------------------------------------------------------- ================================================================================ viewvc-1.1.26-1.fc24 (FEDORA-2017-2bce6ed778) Browser interface for CVS and SVN version control repositories -------------------------------------------------------------------------------- Update Information: Version 1.1.26 (released 24-Jan-2017) * security fix: escape nav_data name to avoid XSS attack Version 1.1.25 (released 15-Sep-2016) * fix _rev2optrev assertion on long input -------------------------------------------------------------------------------- ================================================================================ wavpack-5.1.0-1.fc24 (FEDORA-2017-9d7f592a03) A completely open audiocodec -------------------------------------------------------------------------------- Update Information: Update wavpack to 5.1.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1417853 - CVE-2016-10172 wavpack: Heap out of bounds read in read_new_config_info / open_utils.c https://bugzilla.redhat.com/show_bug.cgi?id=1417853 [ 2 ] Bug #1417852 - CVE-2016-10171 wavpack: Heap out of bounds read in unreorder_channels / wvunpack.c https://bugzilla.redhat.com/show_bug.cgi?id=1417852 [ 3 ] Bug #1417851 - CVE-2016-10170 wavpack: Heap out of bounds read in WriteCaffHeader / caff.c https://bugzilla.redhat.com/show_bug.cgi?id=1417851 [ 4 ] Bug #1417850 - CVE-2016-10169 wavpack: Global buffer overread in read_code / read_words.c https://bugzilla.redhat.com/show_bug.cgi?id=1417850 -------------------------------------------------------------------------------- ================================================================================ youtube-dl-2017.01.31-1.fc24 (FEDORA-2017-993fe6d6e3) A small command-line program to download online videos -------------------------------------------------------------------------------- Update Information: Update to the last upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1413279 - youtube-dl-2017.01.31 is available https://bugzilla.redhat.com/show_bug.cgi?id=1413279 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
