The following Fedora 25 Security updates need testing: Age URL 67 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 23 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c3739273e5 mingw-gtk-vnc-0.7.0-1.fc25 15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f3aac83a8f suricata-3.2.1-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b9ffa8b00f canl-c-2.1.8-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8b0737b093 cacti-1.0.4-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c87bbae385 drupal7-metatag-1.21-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-98f85533f0 freeipa-4.4.3-2.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-038e821698 knot-2.4.1-1.fc25 knot-resolver-1.2.3-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-82ce4661d6 drupal7-views-3.15-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3776c9d747 munin-2.0.30-5.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-25fe7ab217 rabbitmq-server-3.6.6-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ca3f01bd37 php-pear-PHP-CodeSniffer-2.8.1-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c71a0f40f0 GraphicsMagick-1.3.25-6.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9a819664a6 mupdf-1.10a-4.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6f3ea63acc tor-0.2.9.10-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4f4eef4791 kdelibs3-3.5.10-84.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 44 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d117622795 pungi-4.1.12-1.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-67d4fc728f libinput-1.6.2-2.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0986b6d6a1 sssd-1.15.0-1.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c5dbde322a epiphany-3.22.6-2.fc25 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4f607645a5 lorax-25.19-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-450fe04a06 python-pyasn1-0.2.3-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9778e2d516 nss-pem-1.0.3-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ce763afcbe gtk3-3.22.9-2.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c19514a649 gnome-autoar-0.2.1-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-602cd20ad4 krb5-1.14.4-6.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cc8582d738 openssh-7.4p1-4.fc25 The following builds have been pushed to Fedora 25 updates-testing COPASI-4.19.146-1.fc25 armadillo-7.800.1-2.fc25 cpdup-1.18-1.fc25 datanommer-commands-0.7.0-1.fc25 golang-bitbucket-kardianos-osext-0-0.14.git9b883c5.fc25 golang-github-thejerf-suture-2.0.1-1.fc25 gsi-openssh-7.4p1-4.fc25 kdelibs3-3.5.10-84.fc25 kid3-3.4.5-2.fc25 libreoffice-5.2.6.2-2.fc25 nrpe-3.0.1-4.fc25 openssh-7.4p1-4.fc25 php-doctrine-doctrine-bundle-1.6.7-1.fc25 php-punic-1.6.5-1.fc25 php-scssphp-0.6.7-1.fc25 python-datanommer-consumer-0.7.0-1.fc25 python-datanommer-models-0.7.0-1.fc25 python-netjsonconfig-0.5.3-1.fc25 python-trezor-0.7.8-2.fc25 sundials-2.7.0-10.fc25 tor-0.2.9.10-1.fc25 tripwire-2.4.3.3-1.fc25 uthash-2.0.2-1.fc25 vdr-epg-daemon-1.1.103-1.fc25 Details about builds: ================================================================================ COPASI-4.19.146-1.fc25 (FEDORA-2017-aad8b04e27) Biochemical network simulator -------------------------------------------------------------------------------- Update Information: - Update to version 4.19 -build 146 -------------------------------------------------------------------------------- ================================================================================ armadillo-7.800.1-2.fc25 (FEDORA-2017-0e0d8d0995) Fast C++ matrix library with syntax similar to MATLAB and Octave -------------------------------------------------------------------------------- Update Information: Update to the latest stable version. When compared with the previous version (7.600.2) the changes are: * changed license to the Apache Software License 2.0 * added `polyfit()` and `polyval()` * added second form of `log_det()` to directly return the result as a complex number * added `range()` to statistics functions * expanded `trimatu()`/`trimatl()` and `symmatu()`/`symmatl()` to handle sparse matrices -------------------------------------------------------------------------------- References: [ 1 ] Bug #1419522 - armadillo-7.800.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1419522 -------------------------------------------------------------------------------- ================================================================================ cpdup-1.18-1.fc25 (FEDORA-2017-8950f5949d) Filesystem mirroring utility -------------------------------------------------------------------------------- Update Information: Latest release; see https://github.com/DragonFlyBSD/DragonFlyBSD/commits/1f249c9 81c4e89e7cde1836a75b61cac36dc7ac5/bin/cpdup for history -------------------------------------------------------------------------------- References: [ 1 ] Bug #1279852 - cpdup-1.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1279852 -------------------------------------------------------------------------------- ================================================================================ datanommer-commands-0.7.0-1.fc25 (FEDORA-2017-b099acb9df) Console commands for datanommer -------------------------------------------------------------------------------- Update Information: Latest upstream. -------------------------------------------------------------------------------- ================================================================================ golang-bitbucket-kardianos-osext-0-0.14.git9b883c5.fc25 (FEDORA-2017-52d61358a7) Extensions to the standard Go OS package -------------------------------------------------------------------------------- Update Information: This update includes the old (bitbucket) and new (github) versions of this go library, and contains subpackages which provide golang(both import paths). -------------------------------------------------------------------------------- ================================================================================ golang-github-thejerf-suture-2.0.1-1.fc25 (FEDORA-2017-3663a1a985) Supervisor trees for Go -------------------------------------------------------------------------------- Update Information: New package for fedora. This go library is one of the dependencies of syncthing. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1427576 - Review Request: golang-github-thejerf-suture - Supervisor trees for Go https://bugzilla.redhat.com/show_bug.cgi?id=1427576 -------------------------------------------------------------------------------- ================================================================================ gsi-openssh-7.4p1-4.fc25 (FEDORA-2017-068c38da8d) An implementation of the SSH protocol with GSI authentication -------------------------------------------------------------------------------- Update Information: Sync with openssh package. -------------------------------------------------------------------------------- ================================================================================ kdelibs3-3.5.10-84.fc25 (FEDORA-2017-4f4eef4791) KDE 3 Libraries -------------------------------------------------------------------------------- Update Information: This kdelibs3 (KDE 3 compatibility libraries) update fixes the security issues: * CVE-2016-6232 (karchive): Extraction of tar files possible to arbitrary system locations * CVE-2017-6410 (kio): Information Leak when accessing https when using a malicious PAC file for the KDE 3 compatibility libraries. (Security updates for KDE Frameworks 5 (kf5-karchive resp. kf5-kio) and for the KDE 4 compatibility libraries (kdelibs 4) have already been submitted.) In addition, the KDE 3 compatibility version of KCrash was modified to use the DrKonqi from Plasma 5 rather than from kde-runtime 4. (The original KDE 3 DrKonqi was already dropped years ago.) The kde-runtime 4 DrKonqi is not installed by default and will be removed entirely in future Fedora versions, the Plasma 5 version of DrKonqi can also be used for legacy applications. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1427808 - CVE-2017-6410 kf5-kio, kdelibs: Information Leak when accessing https when using a malicious PAC file https://bugzilla.redhat.com/show_bug.cgi?id=1427808 [ 2 ] Bug #1357410 - CVE-2016-6232 kf5-karchive: Extraction of tar files possible to arbitrary system locations https://bugzilla.redhat.com/show_bug.cgi?id=1357410 -------------------------------------------------------------------------------- ================================================================================ kid3-3.4.5-2.fc25 (FEDORA-2017-4e08e938a7) Efficient KDE ID3 tag editor -------------------------------------------------------------------------------- Update Information: Update to 3.4.5, https://kid3.sourceforge.io/#history -------------------------------------------------------------------------------- References: [ 1 ] Bug #1424737 - None https://bugzilla.redhat.com/show_bug.cgi?id=1424737 -------------------------------------------------------------------------------- ================================================================================ libreoffice-5.2.6.2-2.fc25 (FEDORA-2017-0b2e48b304) Free Software Productivity Suite -------------------------------------------------------------------------------- Update Information: Resolves: tdf#106261 fix export to .doc of certain footers containing tables -------------------------------------------------------------------------------- ================================================================================ nrpe-3.0.1-4.fc25 (FEDORA-2017-a89da38bf3) Host/service/network monitoring agent for Nagios -------------------------------------------------------------------------------- Update Information: Remember to add the patch so it can build. -------------------------------------------------------------------------------- References: [ 1 ] Bug #970997 - Allow multiple packets to be received https://bugzilla.redhat.com/show_bug.cgi?id=970997 [ 2 ] Bug #1236081 - nrpe: /var/run/nrpe owner mismatch https://bugzilla.redhat.com/show_bug.cgi?id=1236081 [ 3 ] Bug #1318773 - nrpe.service sets User/Group, prevents normal .cfg user/group setting https://bugzilla.redhat.com/show_bug.cgi?id=1318773 [ 4 ] Bug #1412214 - NRPE systemd service file does not support reload command https://bugzilla.redhat.com/show_bug.cgi?id=1412214 [ 5 ] Bug #1428769 - NRPE uses nagios log dir for pid file https://bugzilla.redhat.com/show_bug.cgi?id=1428769 -------------------------------------------------------------------------------- ================================================================================ openssh-7.4p1-4.fc25 (FEDORA-2017-cc8582d738) An open source implementation of SSH protocol versions 1 and 2 -------------------------------------------------------------------------------- Update Information: This update avoids sending the SD_NOTIFY messages from wrong processes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1427526 - sshd.service: Got notification message from PID [x], but reception only permitted for main PID [y] https://bugzilla.redhat.com/show_bug.cgi?id=1427526 -------------------------------------------------------------------------------- ================================================================================ php-doctrine-doctrine-bundle-1.6.7-1.fc25 (FEDORA-2017-eeecf3eca0) Symfony Bundle for Doctrine -------------------------------------------------------------------------------- Update Information: ### 1.6.7 #### Fixed * [608: Dont call addClassesToCompile on PHP 7.0, its deprecated](https://github.com/doctrine/doctrineBundle/pull/608) thanks to @nicolas-grekas * [607: Documentation updates](https://github.com/doctrine/doctrineBundle/pull/607) thanks to @mhor ### 1.6.6 * Merge pull request [#606](https://github.com/doctrine/DoctrineBundle/pull/606) from ickbinhier/patch-1: add twig/twig version 2.0 ### 1.6.5 * Merge pull request [#604](https://github.com/doctrine/DoctrineBundle/pull/604) from mikeSimonson /oracle-init-doc: Add documentation on the oracle session environment -------------------------------------------------------------------------------- References: [ 1 ] Bug #1416390 - php-doctrine-doctrine-bundle-1.6.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1416390 -------------------------------------------------------------------------------- ================================================================================ php-punic-1.6.5-1.fc25 (FEDORA-2017-723bb5aebd) PHP-Unicode CLDR -------------------------------------------------------------------------------- Update Information: ### v1.6.5 * Fix edge case on old PHP versions without the intl PHP extension (see [#89](https://github.com/punic/punic/pull/89)) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1419293 - php-punic-1.6.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1419293 -------------------------------------------------------------------------------- ================================================================================ php-scssphp-0.6.7-1.fc25 (FEDORA-2017-f5ab7ec4cc) A compiler for SCSS written in PHP -------------------------------------------------------------------------------- Update Information: ### v0.6.7 Maintenance release * fix list interpolation * pscss: enable --line-numbers and --debug-info for stdin * checkRange() throws RangeException -------------------------------------------------------------------------------- References: [ 1 ] Bug #1426927 - php-scssphp-0.6.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1426927 -------------------------------------------------------------------------------- ================================================================================ python-datanommer-consumer-0.7.0-1.fc25 (FEDORA-2017-b099acb9df) Hub consumer plugin for datanommer -------------------------------------------------------------------------------- Update Information: Latest upstream. -------------------------------------------------------------------------------- ================================================================================ python-datanommer-models-0.7.0-1.fc25 (FEDORA-2017-b099acb9df) SQLAlchemy models for datanommer -------------------------------------------------------------------------------- Update Information: Latest upstream. -------------------------------------------------------------------------------- ================================================================================ python-netjsonconfig-0.5.3-1.fc25 (FEDORA-2017-260b560f99) Network configuration management library based on NetJSON DeviceConfiguration -------------------------------------------------------------------------------- Update Information: first Fedora release -------------------------------------------------------------------------------- ================================================================================ python-trezor-0.7.8-2.fc25 (FEDORA-2017-84c14a7e2c) Python library for communicating with TREZOR Hardware Wallet -------------------------------------------------------------------------------- Update Information: Include udev-rules -------------------------------------------------------------------------------- ================================================================================ sundials-2.7.0-10.fc25 (FEDORA-2017-cde963e3c2) Suite of nonlinear solvers -------------------------------------------------------------------------------- Update Information: - Add KLU support - Build OpenMPI libraries on EPEL -------------------------------------------------------------------------------- References: [ 1 ] Bug #1428644 - sundials is not compled to support KLU https://bugzilla.redhat.com/show_bug.cgi?id=1428644 -------------------------------------------------------------------------------- ================================================================================ tor-0.2.9.10-1.fc25 (FEDORA-2017-6f3ea63acc) Anonymizing overlay network for TCP -------------------------------------------------------------------------------- Update Information: Security fix for integer underflow -------------------------------------------------------------------------------- References: [ 1 ] Bug #1428872 - tor: Integer underflow when comparing malformed tor versions https://bugzilla.redhat.com/show_bug.cgi?id=1428872 -------------------------------------------------------------------------------- ================================================================================ tripwire-2.4.3.3-1.fc25 (FEDORA-2017-c1418c86c2) IDS (Intrusion Detection System) -------------------------------------------------------------------------------- Update Information: update to 2.4.3.3 -------------------------------------------------------------------------------- ================================================================================ uthash-2.0.2-1.fc25 (FEDORA-2017-bb0ab33b4d) A hash table for C structures -------------------------------------------------------------------------------- Update Information: Version 2.0.2 (2017-03-02) -------------------------- * fix segfault in HASH_ADD_INORDER etc (thanks, Yana Kireyonok!) * remove spurious cast to unsigned in utstring_len (thanks, Michal Sestrienka!) * add uthash_memcmp and uthash_strlen for platforms without stdlib.h (thanks, Pawel Veselov!) * fix a C++ incompatibility in utringbuffer -------------------------------------------------------------------------------- References: [ 1 ] Bug #1429106 - uthash-2.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1429106 -------------------------------------------------------------------------------- ================================================================================ vdr-epg-daemon-1.1.103-1.fc25 (FEDORA-2017-36764cf389) A daemon to download EPG data from internet and manage it in a mysql database -------------------------------------------------------------------------------- Update Information: Update to 1.1.103 ---- Update to 1.1.102 ---- Update to 1.1.101 ---- Update to 1.1.100 ---- Update to 1.1.99 ---- Changed INIT_AFTER to mariadb.service in Make.config ---- Update to 1.1.97 ---- Update to 1.1.95 ---- Update to 1.94 ---- Update to 1.1.93 ---- Update to 1.1.91 ---- Update to 1.1.90 ---- Update to 1.1.89 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
