The following Fedora 24 Security updates need testing: Age URL 90 https://bodhi.fedoraproject.org/updates/FEDORA-2016-93679a91df jenkins-1.651.3-2.fc24 jenkins-remoting-2.62.3-1.fc24 59 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08 squid-3.5.23-1.fc24 52 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24 15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ba9c6a3634 quagga-0.99.24.1-5.fc24 15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba runc-1.0.0-5.rc2.gitc91b5be.fc24 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-22828d4bdb redis-3.2.7-1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9a5b89363f libwmf-0.2.8.4-50.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d5fb74cd2e zoneminder-1.28.1-8.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fa4e441e03 netpbm-10.77.00-3.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-404f1a29fc mingw-gtk-vnc-0.7.0-1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a9e6a5c249 gtk-vnc-0.7.0-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-27099c270a bind-9.10.4-3.P6.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9b2cf468d5 vim-8.0.324-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-abbfa3f1a9 python-cjson-1.1.0-9.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3893b6e15b mingw-wavpack-5.1.0-1.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bf34bc83ba python-tqdm-4.11.2-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-844445f2aa mupdf-1.10a-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-40d29c8e84 kopete-16.12.2-2.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-33cb46c6b0 diffoscope-77-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-624e2eeda0 mujs-0-8.20170124git4006739.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-13b5cb36c3 plasma-desktop-5.8.5-4.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b1abcbe695 webkitgtk4-2.14.5-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-05e32fe278 xrdp-0.9.1-3.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-787bc0d5b4 kernel-4.9.10-100.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f9f3a78148 suricata-3.2.1-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d4ee7018c1 xen-4.6.4-7.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-19c5440abe tomcat-8.0.41-1.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-176122b6c4 ntfs-3g-2016.2.22-4.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-85415b3949 lua-5.3.4-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9b2cf468d5 vim-8.0.324-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-acb5ebda45 audit-2.7.2-2.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-748d61bdb8 dbus-1.11.10-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-787bc0d5b4 kernel-4.9.10-100.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a8dc348834 pcre-8.40-2.fc24 The following builds have been pushed to Fedora 24 updates-testing cargo-0.16.0-1.fc24 copyq-2.9.0-1.fc24 dbus-1.11.10-1.fc24 dnssec-trigger-0.13-1.fc24 gdouros-alexander-fonts-7.17-1.fc24 gdouros-anaktoria-fonts-7.17-1.fc24 gdouros-aroania-fonts-7.17-1.fc24 gdouros-asea-fonts-7.17-1.fc24 gdouros-avdira-fonts-7.17-1.fc24 glusterfs-3.8.9-1.fc24 gomtree-0.3.1-1.fc24 magic-8.1.149-1.fc24 masscan-1.0.3-7.fc24 mate-power-manager-1.16.2-1.fc24 openstack-java-sdk-3.1.2-1.fc24 perl-Thread-Queue-3.12-1.fc24 php-pecl-amqp-1.8.0-1.fc24 proftpd-1.3.5d-3.fc24 python-openqa_client-1.3.0-1.fc24 resultsdb_conventions-2.0.1-1.fc24 rust-1.15.1-1.fc24.1 shigofumi-0.8-1.fc24 suricata-3.2.1-1.fc24 targetd-0.8.5-1.fc24 tomcat-8.0.41-1.fc24 vnstat-1.17-1.fc24 xen-4.6.4-7.fc24 xrootd-4.6.0-4.fc24 youtube-dl-2017.02.16-1.fc24 Details about builds: ================================================================================ cargo-0.16.0-1.fc24 (FEDORA-2017-9e7217f11d) Rust's package manager and build tool -------------------------------------------------------------------------------- Update Information: New versions of Rust and Cargo -- see the release notes for [1.15](https://blog .rust-lang.org/2017/02/02/Rust-1.15.html) and [1.15.1](https://blog.rust- lang.org/2017/02/09/Rust-1.15.1.html). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1422930 - dnf upgrade yielded non-functioning compiler https://bugzilla.redhat.com/show_bug.cgi?id=1422930 -------------------------------------------------------------------------------- ================================================================================ copyq-2.9.0-1.fc24 (FEDORA-2017-e7279b835d) Advanced clipboard manager -------------------------------------------------------------------------------- Update Information: Upstreame release rhbz#1423475 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1423475 - copyq-v2.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1423475 -------------------------------------------------------------------------------- ================================================================================ dbus-1.11.10-1.fc24 (FEDORA-2017-748d61bdb8) D-BUS message bus -------------------------------------------------------------------------------- Update Information: Update to 1.11.10 -------------------------------------------------------------------------------- ================================================================================ dnssec-trigger-0.13-1.fc24 (FEDORA-2017-321d2aec03) Tool for dynamic reconfiguration of validating resolver Unbound -------------------------------------------------------------------------------- Update Information: - update to the latest stable upstream release 0.13 - Fixes for couple of fedora issues were merged upstream -------------------------------------------------------------------------------- References: [ 1 ] Bug #1423337 - dnssec-trigger: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1423337 [ 2 ] Bug #1317196 - [abrt] dnssec-trigger: subprocess.py:1457:_execute_child:FileNotFoundError: [Errno 2] No such file or directory: '/etc/init.d/NetworkManager' https://bugzilla.redhat.com/show_bug.cgi?id=1317196 -------------------------------------------------------------------------------- ================================================================================ gdouros-alexander-fonts-7.17-1.fc24 (FEDORA-2017-e72352e221) A Greek typeface inspired by Alexander Wilson -------------------------------------------------------------------------------- Update Information: Update to 7.17 -------------------------------------------------------------------------------- ================================================================================ gdouros-anaktoria-fonts-7.17-1.fc24 (FEDORA-2017-eca281d547) A font based on "Grecs du roi" and the "First Folio Edition of Shakespeare" -------------------------------------------------------------------------------- Update Information: Update to 7.17 -------------------------------------------------------------------------------- ================================================================================ gdouros-aroania-fonts-7.17-1.fc24 (FEDORA-2017-048649ca66) A font based on Victor Julius Scholderer's "New Hellenic" -------------------------------------------------------------------------------- Update Information: Update to 7.17 -------------------------------------------------------------------------------- ================================================================================ gdouros-asea-fonts-7.17-1.fc24 (FEDORA-2017-0795b4cdc5) Asea is an etude on the dominant typeface of Greek typography -------------------------------------------------------------------------------- Update Information: Update to 7.17 -------------------------------------------------------------------------------- ================================================================================ gdouros-avdira-fonts-7.17-1.fc24 (FEDORA-2017-146da4ca07) A font based on elements created by Demetrios Damilas (late 15th c.) -------------------------------------------------------------------------------- Update Information: Update to 7.17 -------------------------------------------------------------------------------- ================================================================================ glusterfs-3.8.9-1.fc24 (FEDORA-2017-b0626ae17d) Distributed File System -------------------------------------------------------------------------------- Update Information: GlusterFS 3.8.9 GA -------------------------------------------------------------------------------- ================================================================================ gomtree-0.3.1-1.fc24 (FEDORA-2017-7c37227c8d) Go CLI tool for mtree support -------------------------------------------------------------------------------- Update Information: bump to v0.3.1 -------------------------------------------------------------------------------- ================================================================================ magic-8.1.149-1.fc24 (FEDORA-2017-77f3f690ae) A very capable VLSI layout tool -------------------------------------------------------------------------------- Update Information: New version 8.1.149 is released. -------------------------------------------------------------------------------- ================================================================================ masscan-1.0.3-7.fc24 (FEDORA-2017-b3f33501e7) This is the fastest Internet port scanner -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1307763 - masscan: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1307763 -------------------------------------------------------------------------------- ================================================================================ mate-power-manager-1.16.2-1.fc24 (FEDORA-2017-716390223a) MATE power management service -------------------------------------------------------------------------------- Update Information: - update to 1.16.2 -------------------------------------------------------------------------------- ================================================================================ openstack-java-sdk-3.1.2-1.fc24 (FEDORA-2017-f1011fb9f9) OpenStack Java SDK -------------------------------------------------------------------------------- Update Information: update to openstack-java-sdk-3.1.2 -------------------------------------------------------------------------------- ================================================================================ perl-Thread-Queue-3.12-1.fc24 (FEDORA-2017-b74c381b22) Thread-safe queues -------------------------------------------------------------------------------- Update Information: This release fixes a dead lock when using dequeue_nb, enqueue, and queue size limit. It also prevents from calling dequeue methids if count is bigger than limit. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1423058 - perl-Thread-Queue-3.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=1423058 -------------------------------------------------------------------------------- ================================================================================ php-pecl-amqp-1.8.0-1.fc24 (FEDORA-2017-dd4ca9b873) Communicate with any AMQP compliant server -------------------------------------------------------------------------------- Update Information: **Version 1.8.0** * Add SSL connection support (Bogdan Padalko) * Support for server method handling: confirms (publisher acknowledgments) and basic.return (Bogdan Padalko) * Add support for pkg-config (Remi Collet) * Preserve AMQP server error code for exceptions (Bogdan Padalko) * Add AMQPChannel::close() (Bogdan Padalko) * Fix segfault when deleting an unknown exchange (Bogdan Padalko) * Fix segfault with PHPUnit and xdebug for PHP 7 (Bogdan Padalko) * Add publisher confirms (Bogdan Padalko) -------------------------------------------------------------------------------- ================================================================================ proftpd-1.3.5d-3.fc24 (FEDORA-2017-0036ee2265) Flexible, stable and highly-configurable FTP server -------------------------------------------------------------------------------- Update Information: This update is an attempt to fix segfaults when using mod_sftp. * http://bugs.proftpd.org/show_bug.cgi?id=4287 * https://github.com/proftpd/proftpd/issues/408 -------------------------------------------------------------------------------- ================================================================================ python-openqa_client-1.3.0-1.fc24 (FEDORA-2017-b52500052e) Python client library for openQA API -------------------------------------------------------------------------------- Update Information: This update introduces a new package containing the [Python client library](https://github.com/os-autoinst/openQA-python-client) for the [openQA](http://open.qa) web API. It handles authentication for administrative requests, and provides a couple of convenience functions for job queries. This library is already used for scheduling jobs, forwarding results to [Wikitcms](https://fedoraproject.org/wiki/Wikitcms) and [ResultsDB](https://fedoraproject.org/wiki/ResultsDB) and generating the 'compose check report' emails and [nightly compose finder page](https://www.happyassassin.net/nightlies.html), but had not formerly been packaged. -------------------------------------------------------------------------------- ================================================================================ resultsdb_conventions-2.0.1-1.fc24 (FEDORA-2017-a72d888945) Library defining conventions for ResultsDB results -------------------------------------------------------------------------------- Update Information: This update introduces a new package for [resultsdb_conventions](https://pagure.io/taskotron/resultsdb_conventions), which is intended both to define shared 'conventions' for reporting results to [ResultsDB](https://fedoraproject.org/wiki/ResultsDB) and to ease the process of reporting results that comply with these conventions. Currently it provides a Python library enabling convenient result reporting for tests related to distribution composes with [productmd](https://github.com/release- engineering/productmd)-type metadata, which is used by [fedora_openqa](https://pagure.io/fedora-qa/fedora_openqa) and [autocloudreporter](https://pagure.io/fedora-qa/autocloudreporter) to forward results to ResultsDB in a consistent format. -------------------------------------------------------------------------------- ================================================================================ rust-1.15.1-1.fc24.1 (FEDORA-2017-9e7217f11d) The Rust Programming Language -------------------------------------------------------------------------------- Update Information: New versions of Rust and Cargo -- see the release notes for [1.15](https://blog .rust-lang.org/2017/02/02/Rust-1.15.html) and [1.15.1](https://blog.rust- lang.org/2017/02/09/Rust-1.15.1.html). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1422930 - dnf upgrade yielded non-functioning compiler https://bugzilla.redhat.com/show_bug.cgi?id=1422930 -------------------------------------------------------------------------------- ================================================================================ shigofumi-0.8-1.fc24 (FEDORA-2017-5bcbbd01b2) Command line client for accessing the Czech Data Boxes -------------------------------------------------------------------------------- Update Information: This release fixes building when libmagic libary is too old. ---- This release fixes a check for an empty password when changing the password. It fixes build script. It updates documentation and it enables support for storing and retrieving file types from file extended attributes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1423056 - shigofumi-0.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1423056 [ 2 ] Bug #1421889 - shigofumi-0.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1421889 -------------------------------------------------------------------------------- ================================================================================ suricata-3.2.1-1.fc24 (FEDORA-2017-f9f3a78148) Intrusion Detection System -------------------------------------------------------------------------------- Update Information: This is a new upstream feature and security release. Improvements include: bypass; pre-filter -- fast packet keywords; TLS improvements; ICS protocol additions: DNP3 CIP/ENIP; SHA1/SHA256 for file matching, logging & extraction; NIC offloading disabled by default; unix socket enabled by default; and App Layer stats. Documentation: http://suricata.readthedocs.io/en/suricata-3.2/ -------------------------------------------------------------------------------- ================================================================================ targetd-0.8.5-1.fc24 (FEDORA-2017-aa3de4265c) Service to make storage remotely configurable -------------------------------------------------------------------------------- Update Information: Minor bug fixes and code clean-up, now runs on python3 run-time. Validates SSL certificates are present at start up if daemon is using SSL. -------------------------------------------------------------------------------- ================================================================================ tomcat-8.0.41-1.fc24 (FEDORA-2017-19c5440abe) Apache Servlet/JSP Engine, RI for Servlet 3.1/JSP 2.3 API -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-8745 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1403824 - CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing https://bugzilla.redhat.com/show_bug.cgi?id=1403824 -------------------------------------------------------------------------------- ================================================================================ vnstat-1.17-1.fc24 (FEDORA-2017-b182c138bc) Console-based network traffic monitor -------------------------------------------------------------------------------- Update Information: Upgrade to 1.17 (#1423060) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1423060 - vnstat-v1.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1423060 -------------------------------------------------------------------------------- ================================================================================ xen-4.6.4-7.fc24 (FEDORA-2017-d4ee7018c1) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: memory leak when destroying guest without PT devices [XSA-207] (#1422492) update patches for XSA-208 after upstream revision (no functional change) ---- Qemu: net: mcf_fec: infinite loop while receiving data in mcf_fec_receive [CVE-2016-9776] Qemu: audio: memory leakage in ac97 [CVE-2017-5525] (#1414111) Qemu: audio: memory leakage in es1370 device [CVE-2017-5526] (#1414211) oob access in cirrus bitblt copy [XSA-208, CVE-2017-2615] (#1418243) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1418277 - xsa207 xen: memory leak when destroying guest without PT devices (XSA-207) https://bugzilla.redhat.com/show_bug.cgi?id=1418277 [ 2 ] Bug #1414108 - CVE-2017-5525 Qemu: audio: memory leakage in ac97 device https://bugzilla.redhat.com/show_bug.cgi?id=1414108 [ 3 ] Bug #1414209 - CVE-2017-5526 Qemu: audio: memory leakage in es1370 device https://bugzilla.redhat.com/show_bug.cgi?id=1414209 [ 4 ] Bug #1418200 - CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode https://bugzilla.redhat.com/show_bug.cgi?id=1418200 -------------------------------------------------------------------------------- ================================================================================ xrootd-4.6.0-4.fc24 (FEDORA-2017-e12389b771) Extended ROOT file server -------------------------------------------------------------------------------- Update Information: New version 4.6.0, release notes are here: https://github.com/xrootd/xrootd/blob/v4.6.0/docs/ReleaseNotes.txt -------------------------------------------------------------------------------- ================================================================================ youtube-dl-2017.02.16-1.fc24 (FEDORA-2017-2759025f5b) A small command-line program to download online videos -------------------------------------------------------------------------------- Update Information: Update to the latest upstream -------------------------------------------------------------------------------- References: [ 1 ] Bug #1420965 - youtube-dl cannot find pycrypto, even though it is installed https://bugzilla.redhat.com/show_bug.cgi?id=1420965 [ 2 ] Bug #1418496 - youtube-dl-2017.02.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1418496 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
