The following Fedora 24 Security updates need testing: Age URL 93 https://bodhi.fedoraproject.org/updates/FEDORA-2016-93679a91df jenkins-1.651.3-2.fc24 jenkins-remoting-2.62.3-1.fc24 62 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08 squid-3.5.23-1.fc24 55 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24 18 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ba9c6a3634 quagga-0.99.24.1-5.fc24 17 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba runc-1.0.0-5.rc2.gitc91b5be.fc24 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9a5b89363f libwmf-0.2.8.4-50.fc24 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fa4e441e03 netpbm-10.77.00-3.fc24 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-404f1a29fc mingw-gtk-vnc-0.7.0-1.fc24 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a9e6a5c249 gtk-vnc-0.7.0-1.fc24 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9b2cf468d5 vim-8.0.324-1.fc24 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-abbfa3f1a9 python-cjson-1.1.0-9.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-844445f2aa mupdf-1.10a-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-40d29c8e84 kopete-16.12.2-2.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-33cb46c6b0 diffoscope-77-1.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-624e2eeda0 mujs-0-8.20170124git4006739.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-13b5cb36c3 plasma-desktop-5.8.5-4.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b1abcbe695 webkitgtk4-2.14.5-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f9f3a78148 suricata-3.2.1-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d4ee7018c1 xen-4.6.4-7.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-19c5440abe tomcat-8.0.41-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-05e32fe278 xrdp-0.9.1-4.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-85415b3949 lua-5.3.4-1.fc24 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-176122b6c4 ntfs-3g-2016.2.22-4.fc24 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9b2cf468d5 vim-8.0.324-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-acb5ebda45 audit-2.7.2-2.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-37dac69023 baloo-widgets-16.12.2-1.fc24 dolphin-16.12.2-1.fc24 dolphin-plugins-16.12.2-1.fc24 kate-16.12.2-1.fc24 kde-l10n-16.12.2-2.fc24 kde-runtime-16.12.2-2.fc24 kdelibs-4.14.29-1.fc24 khelpcenter-16.12.2-1.fc24 konsole5-16.12.2-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-66658c6fa2 perl-5.22.3-369.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9f83ba7048 akonadi-calendar-tools-16.12.2-1.fc24 akonadi-import-wizard-16.12.2-1.fc24 akonadiconsole-16.12.2-1.fc24 akregator-16.12.2-1.fc24 balsa-2.5.2-3.fc24.1 blogilo-16.12.2-1.fc24 gpgme-1.8.0-10.fc24 grantlee-editor-16.12.2-1.fc24 kaddressbook-16.12.2-1.fc24 kalarm-16.12.2-1.fc24 kde-runtime-16.12.2-2.fc24.1 kdepim-addons-16.12.2-1.fc24 kdepim-apps-libs-16.12.2-1.fc24 kdepim-runtime-16.12.2-1.fc24 kdepimlibs-4.14.10-17.fc24 kf5-akonadi-calendar-16.12.2-1.fc24 kf5-akonadi-contacts-16.12.2-1.fc24 kf5-akonadi-mime-16.12.2-1.fc24 kf5-akonadi-notes-16.12.2-1.fc24 kf5-akonadi-search-16.12.2-1.fc24 kf5-akonadi-server-16.12.2-1.fc24 kf5-calendarsupport-16.12.2-1.fc24 kf5-eventviews-16.12.2-1.fc24 kf5-gpgmepp-16.08.3-3.fc24 kf5-grantleetheme-16.12.2-1.fc24 kf5-incidenceeditor-16.12.2-1.fc24 kf5-kalarmcal-16.12.2-1.fc24 kf5-kblog-16.12.2-1.fc24 kf5-kcalendarcore-16.12.2-1.fc24 kf5-kcalendarutils-16.12.2-1.fc24 kf5-kcontacts-16.12 .2-1.fc24 kf5-kholidays-16.12.2-1.fc24 kf5-kidentitymanagement-16.12.2-1.fc24 kf5-kimap-16.12.2-1.fc24 kf5-kldap-16.12.2-1.fc24 kf5-kmailtransport-16.12.2-1.fc24 kf5-kmbox-16.12.2-1.fc24 kf5-kmime-16.12.2-1.fc24 kf5-kontactinterface-16.12.2-1.fc24 kf5-kpimtextedit-16.12.2-1.fc24 kf5-ktnef-16.12.2-1.fc24 kf5-libgravatar-16.12.2-1.fc24 kf5-libkdepim-16.12.2-1.fc24 kf5-libkleo-16.12.2-1.fc24 kf5-libksieve-16.12.2-1.fc24 kf5-mailcommon-16.12.2-1.fc24 kf5-mailimporter-16.12.2-1.fc24 kf5-messagelib-16.12.2-1.fc24 kf5-pimcommon-16.12.2-1.fc24 kf5-syndication-16.12.2-1.fc24 kget-16.12.2-1.fc24.1 kleopatra-16.12.2-1.fc24 kmail-16.12.2-1.fc24 kmail-account-wizard-16.12.2-1.fc24 knotes-16.12.2-1.fc24 kontact-16.12.2-1.fc24 korganizer-16.12.2-1.fc24 mbox-importer-16.12.2-1.fc24 ostree-2017.2-2.fc24.1 pim-data-exporter-16.12.2-1.fc24 pim-sieve-editor-16.12.2-1.fc24 pim-storage-service-manager-16.12.2-1.fc24 trojita-0.7-3.fc24 The following builds have been pushed to Fedora 24 updates-testing aime-8.20170219-1.fc24 bsd-games-2.17-51.fc24 cinnamon-screensaver-3.2.14-0.2.20170124git5561f3c.fc24 enunciate-2.8.0-2.fc24 flatpak-0.8.3-3.fc24 fusioninventory-agent-2.3.19-2.fc24 gfal2-2.13.1-1.fc24 gfal2-python-1.9.1-1.fc24 gfal2-util-1.5.0-1.fc24 giac-1.2.3-1.25.fc24 libreoffice-5.1.6.2-7.fc24 perl-5.22.3-369.fc24 perl-LWP-Protocol-https-6.07-1.fc24 perl-Net-HTTP-6.13-1.fc24 perl-SOAP-WSDL-3.003-6.fc24 php-phpunit-PHPUnit-5.7.14-1.fc24 qtgpsc-0.3.1-17.fc24 srm-ifce-1.24.2-1.fc24 testcloud-0.1.11-1.fc24 xrdp-0.9.1-4.fc24 Details about builds: ================================================================================ aime-8.20170219-1.fc24 (FEDORA-2017-4d3d5d29ca) An application embeddable programming language interpreter -------------------------------------------------------------------------------- Update Information: - Updated to new 8.20170219 upstream version, fixes rhbz #1421666 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1413563 - aime-8.20170111 is available https://bugzilla.redhat.com/show_bug.cgi?id=1413563 [ 2 ] Bug #1421666 - aime-8.20170219 is available https://bugzilla.redhat.com/show_bug.cgi?id=1421666 -------------------------------------------------------------------------------- ================================================================================ bsd-games-2.17-51.fc24 (FEDORA-2017-dd7af6eb98) Collection of text-based games -------------------------------------------------------------------------------- Update Information: * Update wtf acronym databases. (BZ #1235427) * Fix hunt version mismatch. (BZ #1236218) * Rename getrandom() to get_random() in arithmetic. (BZ #1422443) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1236218 - hunt fails with "hunt: Version number mismatch. No go." https://bugzilla.redhat.com/show_bug.cgi?id=1236218 [ 2 ] Bug #1235427 - Please update acronym databases https://bugzilla.redhat.com/show_bug.cgi?id=1235427 [ 3 ] Bug #1422443 - bsd-games: arithmetic should not use getrandom https://bugzilla.redhat.com/show_bug.cgi?id=1422443 -------------------------------------------------------------------------------- ================================================================================ cinnamon-screensaver-3.2.14-0.2.20170124git5561f3c.fc24 (FEDORA-2017-cfb76d98fc) Cinnamon Screensaver -------------------------------------------------------------------------------- Update Information: Update to git snapshot -------------------------------------------------------------------------------- References: [ 1 ] Bug #1424960 - [abrt] cinnamon-screensaver: framedImage.py:111:on_file_written:UnboundLocalError: local variable 'pixbuf' referenced before assignment https://bugzilla.redhat.com/show_bug.cgi?id=1424960 [ 2 ] Bug #1422401 - [abrt] cinnamon-screensaver: passwordEntry.py:105:on_draw:TypeError: Can't convert 'NoneType' object to str implicitly https://bugzilla.redhat.com/show_bug.cgi?id=1422401 [ 3 ] Bug #1422400 - [abrt] cinnamon-screensaver: stage.py:766:position_overlay_child:AttributeError: 'NoneType' object has no attribute 'get_preferred_width' https://bugzilla.redhat.com/show_bug.cgi?id=1422400 [ 4 ] Bug #1417058 - [abrt] cinnamon-screensaver: stage.py:517:cancel_unlocking:AttributeError: 'NoneType' object has no attribute 'cancel_auth_client' https://bugzilla.redhat.com/show_bug.cgi?id=1417058 [ 5 ] Bug #1414968 - Cinnamon unresponsive, time gap grows over time. https://bugzilla.redhat.com/show_bug.cgi?id=1414968 -------------------------------------------------------------------------------- ================================================================================ enunciate-2.8.0-2.fc24 (FEDORA-2017-23d2fab7e7) Build-time enhancement tool for Java-based Web services projects -------------------------------------------------------------------------------- Update Information: Upstream update to 2.8.0 -------------------------------------------------------------------------------- ================================================================================ flatpak-0.8.3-3.fc24 (FEDORA-2017-bc7abf175b) Application deployment framework for desktop apps -------------------------------------------------------------------------------- Update Information: Make flatpak-builder require bzip2 (#1424857) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1424857 - flatpak-builder should depend on bzip2 https://bugzilla.redhat.com/show_bug.cgi?id=1424857 -------------------------------------------------------------------------------- ================================================================================ fusioninventory-agent-2.3.19-2.fc24 (FEDORA-2017-e084edff03) FusionInventory agent -------------------------------------------------------------------------------- Update Information: Update to last upstream release on EL6 Fix a setup/path issue ---- Last upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1424664 - fusioninventory-agent-2.3.19 is available https://bugzilla.redhat.com/show_bug.cgi?id=1424664 -------------------------------------------------------------------------------- ================================================================================ gfal2-2.13.1-1.fc24 (FEDORA-2017-3e4a34b5a9) Grid file access library 2.0 -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ================================================================================ gfal2-python-1.9.1-1.fc24 (FEDORA-2017-9ee2b46609) Python bindings for gfal 2 -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ================================================================================ gfal2-util-1.5.0-1.fc24 (FEDORA-2017-4f715c680b) GFAL2 utility tools -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ================================================================================ giac-1.2.3-1.25.fc24 (FEDORA-2017-1aa489dc33) Computer Algebra System, Symbolic calculus, Geometry -------------------------------------------------------------------------------- Update Information: - Update to 1.2.3 sub-25 -------------------------------------------------------------------------------- ================================================================================ libreoffice-5.1.6.2-7.fc24 (FEDORA-2017-3453b4764a) Free Software Productivity Suite -------------------------------------------------------------------------------- Update Information: Resolves: tdf#103493 copying note captions needs a completed destination sheet -------------------------------------------------------------------------------- References: [ 1 ] Bug #103493 - less.sh/less.csh should not set JLESSCHARSET for UTF-8 locales https://bugzilla.redhat.com/show_bug.cgi?id=103493 [ 2 ] Bug #105968 - None https://bugzilla.redhat.com/show_bug.cgi?id=105968 -------------------------------------------------------------------------------- ================================================================================ perl-5.22.3-369.fc24 (FEDORA-2017-66658c6fa2) Practical Extraction and Report Language -------------------------------------------------------------------------------- Update Information: This release fixes a crash when compiling a regexp with impossible quantifiers. It also fixes buffer overflows with format with "use bytes" and when studying some regexps repeatedly. -------------------------------------------------------------------------------- ================================================================================ perl-LWP-Protocol-https-6.07-1.fc24 (FEDORA-2017-3ef3f544e6) Provide HTTPS support for LWP::UserAgent -------------------------------------------------------------------------------- Update Information: This release sends server hostname in TLS SNI field. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1425036 - perl-LWP-Protocol-https-6.07 is available https://bugzilla.redhat.com/show_bug.cgi?id=1425036 -------------------------------------------------------------------------------- ================================================================================ perl-Net-HTTP-6.13-1.fc24 (FEDORA-2017-b75648a13d) Low-level HTTP connection (client) -------------------------------------------------------------------------------- Update Information: This release correct handling non-blocking I/O calls. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1425039 - perl-Net-HTTP-6.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1425039 -------------------------------------------------------------------------------- ================================================================================ perl-SOAP-WSDL-3.003-6.fc24 (FEDORA-2017-efa3b938bb) Perl module for SOAP with WSDL support -------------------------------------------------------------------------------- Update Information: SOAP::WSDL provides easy access to Web Services with WSDL descriptions. The WSDL is parsed and stored in memory. Your data is serialized according to the rules in the WSDL. The only transport mechanisms currently supported are HTTP and HTTPS. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1418310 - Review Request: perl-SOAP-WSDL - Perl module for SOAP with WSDL support https://bugzilla.redhat.com/show_bug.cgi?id=1418310 -------------------------------------------------------------------------------- ================================================================================ php-phpunit-PHPUnit-5.7.14-1.fc24 (FEDORA-2017-7bf8538f98) The PHP Unit Testing framework -------------------------------------------------------------------------------- Update Information: **Version 5.7.14** - 2017-02-19 * Fixed [#2489](https://github.com/sebastianbergmann/phpunit/issues/2489): `processUncoveredFilesFromWhitelist` is not handled correctly * Fixed default values for `addUncoveredFilesFromWhitelist` and `processUncoveredFilesFromWhitelist` in `phpunit.xsd` -------------------------------------------------------------------------------- ================================================================================ qtgpsc-0.3.1-17.fc24 (FEDORA-2017-ae72e22bb0) A client for the gpsd GPS server -------------------------------------------------------------------------------- Update Information: Fix FTBFS -------------------------------------------------------------------------------- References: [ 1 ] Bug #1307972 - qtgpsc: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1307972 -------------------------------------------------------------------------------- ================================================================================ srm-ifce-1.24.2-1.fc24 (FEDORA-2017-45f562e123) SRM client side library -------------------------------------------------------------------------------- Update Information: Upstream release 1.24.2 -------------------------------------------------------------------------------- ================================================================================ testcloud-0.1.11-1.fc24 (FEDORA-2017-c8269ca6da) Tool for running cloud images locally -------------------------------------------------------------------------------- Update Information: - make libvirt url configurable - avoid race condition during listing domains -------------------------------------------------------------------------------- ================================================================================ xrdp-0.9.1-4.fc24 (FEDORA-2017-05e32fe278) Open source remote desktop protocol (RDP) server -------------------------------------------------------------------------------- Update Information: WARNING: Please note that this update comes with a slightly different syntax of sesman.ini file, so if you edited this file by hand, you may need to look at the .rpmnew file and merge any required changes by hand. This release also creates three files in /etc/xrdp directory if they don't already exist or are empty: - rsakeys.ini - cert.pem - key.pem Also note that in Fedora, the only backend that will really work is still Xvnc for now. New features - New xorgxrdp backend using existing Xorg with additional modules - Improvements to X11rdp backend - Support for IPv6 (disabled by default) - Initial support for RemoteFX Codec (disabled by default) - Support for TLS security layer (preferred over RDP layer if supported by the client) - Support for disabling deprecated SSLv3 protocol and for selecting custom cipher suites in xrdp.ini - Support for bidirectional fastpath (enabled in both directions by default) - Support clients that don't support drawing orders, such as MS RDP client for Android, ChromeRDP (disabled by default) - More configurable login screen - Support for new virtual channels: - - rdpdr: device redirection - - rdpsnd: audio output - - cliprdr: clipboard - - xrdpvr: xrdp video redirection channel (can be used along with NeutrinoRDP client) - Support for disabling virtual channels globally or by session type - Allow to specify the path for backends (Xorg, X11rdp, Xvnc) - Added files for systemd support - Multi-monitor support - xrdp-chansrv stroes logs in ${XDG_DATA_HOME}/xrdp now Security fixes - User's password could be recovered from the Xvnc password file - X11 authentication was not used -------------------------------------------------------------------------------- References: [ 1 ] Bug #1404972 - CVE-2013-1430 xrdp: Cleartext password shown in file after logging into xrdp session [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1404972 [ 2 ] Bug #1404971 - CVE-2013-1430 xrdp: Cleartext password shown in file after logging into xrdp session [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1404971 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
