Fedora 25 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 25 Security updates need testing:
 Age  URL
  68  https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb   exim-4.87.1-1.fc25
  24  https://bodhi.fedoraproject.org/updates/FEDORA-2017-c3739273e5   mingw-gtk-vnc-0.7.0-1.fc25
  16  https://bodhi.fedoraproject.org/updates/FEDORA-2017-f3aac83a8f   suricata-3.2.1-1.fc25
   6  https://bodhi.fedoraproject.org/updates/FEDORA-2017-b9ffa8b00f   canl-c-2.1.8-1.fc25
   5  https://bodhi.fedoraproject.org/updates/FEDORA-2017-8b0737b093   cacti-1.0.4-1.fc25
   5  https://bodhi.fedoraproject.org/updates/FEDORA-2017-c87bbae385   drupal7-metatag-1.21-1.fc25
   4  https://bodhi.fedoraproject.org/updates/FEDORA-2017-98f85533f0   freeipa-4.4.3-2.fc25
   4  https://bodhi.fedoraproject.org/updates/FEDORA-2017-038e821698   knot-2.4.1-1.fc25 knot-resolver-1.2.3-1.fc25
   4  https://bodhi.fedoraproject.org/updates/FEDORA-2017-82ce4661d6   drupal7-views-3.15-1.fc25
   4  https://bodhi.fedoraproject.org/updates/FEDORA-2017-3776c9d747   munin-2.0.30-5.fc25
   3  https://bodhi.fedoraproject.org/updates/FEDORA-2017-25fe7ab217   rabbitmq-server-3.6.6-1.fc25
   2  https://bodhi.fedoraproject.org/updates/FEDORA-2017-ca3f01bd37   php-pear-PHP-CodeSniffer-2.8.1-1.fc25
   2  https://bodhi.fedoraproject.org/updates/FEDORA-2017-c71a0f40f0   GraphicsMagick-1.3.25-6.fc25
   2  https://bodhi.fedoraproject.org/updates/FEDORA-2017-9a819664a6   mupdf-1.10a-4.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-6f3ea63acc   tor-0.2.9.10-1.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-4f4eef4791   kdelibs3-3.5.10-84.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-2e6b693937   w3m-0.5.3-30.git20170102.fc25


The following Fedora 25 Critical Path updates have yet to be approved:
 Age URL
  45  https://bodhi.fedoraproject.org/updates/FEDORA-2017-d117622795   pungi-4.1.12-1.fc25
  11  https://bodhi.fedoraproject.org/updates/FEDORA-2017-67d4fc728f   libinput-1.6.2-2.fc25
  11  https://bodhi.fedoraproject.org/updates/FEDORA-2017-c5dbde322a   epiphany-3.22.6-2.fc25
  10  https://bodhi.fedoraproject.org/updates/FEDORA-2017-4f607645a5   lorax-25.19-1.fc25
   4  https://bodhi.fedoraproject.org/updates/FEDORA-2017-450fe04a06   python-pyasn1-0.2.3-1.fc25
   3  https://bodhi.fedoraproject.org/updates/FEDORA-2017-9778e2d516   nss-pem-1.0.3-1.fc25
   1  https://bodhi.fedoraproject.org/updates/FEDORA-2017-602cd20ad4   krb5-1.14.4-6.fc25


The following builds have been pushed to Fedora 25 updates-testing

    jenkins-1.651.3-5.fc25
    libcxx-3.8.1-3.fc25
    libcxxabi-3.8.1-2.fc25
    psysh-0.8.2-1.fc25
    w3m-0.5.3-30.git20170102.fc25

Details about builds:


================================================================================
 jenkins-1.651.3-5.fc25 (FEDORA-2017-c4725ad473)
 An extendable open source continuous integration server
--------------------------------------------------------------------------------
Update Information:

Fix symlinks.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1401161 - Updating to latest packages of jenkins prevents jenkins from properly starting
        https://bugzilla.redhat.com/show_bug.cgi?id=1401161
--------------------------------------------------------------------------------


================================================================================
 libcxx-3.8.1-3.fc25 (FEDORA-2017-10562907fe)
 C++ standard library targeting C++11
--------------------------------------------------------------------------------
Update Information:

New package: libcxxabi. (libcxx rebuilt against it as well). Added linker script
to pull in -lc++abi by default when using -stdlib=libc++
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1332306 - Review Request: libcxxabi - Low level support for a standard C++ library
        https://bugzilla.redhat.com/show_bug.cgi?id=1332306
--------------------------------------------------------------------------------


================================================================================
 libcxxabi-3.8.1-2.fc25 (FEDORA-2017-10562907fe)
 Low level support for a standard C++ library
--------------------------------------------------------------------------------
Update Information:

New package: libcxxabi. (libcxx rebuilt against it as well). Added linker script
to pull in -lc++abi by default when using -stdlib=libc++
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1332306 - Review Request: libcxxabi - Low level support for a standard C++ library
        https://bugzilla.redhat.com/show_bug.cgi?id=1332306
--------------------------------------------------------------------------------


================================================================================
 psysh-0.8.2-1.fc25 (FEDORA-2017-8c10eb757d)
 A runtime developer console, interactive debugger and REPL for PHP
--------------------------------------------------------------------------------
Update Information:

### v0.8.2  #### New  * Add a `startupMessage` config option (Thanks @gitetsu!)
* Reflecting commands (`dump`, `ls`, `show`, `doc`) now add magic variables so
you can do fun things with them: `$__class`, `$__file`, `$__method`, etc.  ####
Improved  * Fix some mistyped annotations and add a phan config (Thanks
@zonuexe!) * Handle file permissions errors for update checks and history files
more gracefully (Thanks @zonuexe!) * Handle PHP 7.x `\Error`s thrown while
serializing the shell return value (Thanks @damiankloip!) * Deal with variables
named `$this` (like if you started your shell session from inside a class
method) without exploding in PHP 7.1+. * Improve the accuracy of info returned
by `Psy\info()`. * Fix an error preventing `Psy\info()` from doing anything at
all in the last release :-( * Don't let local configuration interfere with
config unit tests. * Make reflecting commands superglobals-aware. `dump` is the
only one that actually does anything useful with a superglobal, but now the
others have reasonable output. * Fix fatal error when trying to extend final
classes. * Make a few things reference `static` instead of `self` to make
extension easier (Thanks @castarco!) * Fix a handful of bugs around escaping
special characters (and `<`) while dumping values.  ### v0.8.1  * Add support
for `use` statement groups. * Don't throw fatal errors when conditionally
redefining classes and functions. * Fix `parse` command for older PHP Parser
versions. * Add `bin/package`, to hopefully make our automatic releases go a bit
smoother.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1413429 - psysh-0.8.2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1413429
--------------------------------------------------------------------------------


================================================================================
 w3m-0.5.3-30.git20170102.fc25 (FEDORA-2017-2e6b693937)
 A pager with Web browsing abilities
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2016-9422, CVE-2016-9423, CVE-2016-9424, CVE-2016-9425,
CVE-2016-9428, CVE-2016-9426, CVE-2016-9429, CVE-2016-9430, CVE-2016-9431,
CVE-2016-9432, CVE-2016-9433, CVE-2016-9434, CVE-2016-9435, CVE-2016-9436,
CVE-2016-9437, CVE-2016-9438, CVE-2016-9439, CVE-2016-9440, CVE-2016-9441,
CVE-2016-9442, CVE-2016-9443, CVE-2016-9622, CVE-2016-9623, CVE-2016-9624,
CVE-2016-9625, CVE-2016-9626, CVE-2016-9627, CVE-2016-9628, CVE-2016-9629,
CVE-2016-9631, CVE-2016-9630, CVE-2016-9632, CVE-2016-9633  And new upstream
20170102 as well
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1399740 - CVE-2016-9633 w3m: Memory exhaustion due to repeatedly appending '<table>'
        https://bugzilla.redhat.com/show_bug.cgi?id=1399740
  [ 2 ] Bug #1399739 - CVE-2016-9632 w3m: Buffer-overflow in wc_any_to_ucs()
        https://bugzilla.redhat.com/show_bug.cgi?id=1399739
  [ 3 ] Bug #1399737 - CVE-2016-9630 w3m: Buffer-overflow in parseURL()
        https://bugzilla.redhat.com/show_bug.cgi?id=1399737
  [ 4 ] Bug #1399734 - CVE-2016-9631 w3m: Null pointer dereference in HTMLlineproc0()
        https://bugzilla.redhat.com/show_bug.cgi?id=1399734
  [ 5 ] Bug #1399732 - CVE-2016-9629 w3m: Null pointer dereference in shiftAnchorPosition()
        https://bugzilla.redhat.com/show_bug.cgi?id=1399732
  [ 6 ] Bug #1399730 - CVE-2016-9628 w3m: Null pointer dereference due to bad form id in HTMLlineproc2body()
        https://bugzilla.redhat.com/show_bug.cgi?id=1399730
  [ 7 ] Bug #1399728 - CVE-2016-9627 w3m: Array index out of bounds in display.c
        https://bugzilla.redhat.com/show_bug.cgi?id=1399728
  [ 8 ] Bug #1399723 - CVE-2016-9626 w3m: Infinite recursion in HTMLlineproc0
        https://bugzilla.redhat.com/show_bug.cgi?id=1399723
  [ 9 ] Bug #1399720 - CVE-2016-9625 w3m: HTMLlineproc0 infinite recursion
        https://bugzilla.redhat.com/show_bug.cgi?id=1399720
  [ 10 ] Bug #1399718 - CVE-2016-9624 w3m: Null pointer dereference in formUpdateBuffer
        https://bugzilla.redhat.com/show_bug.cgi?id=1399718
  [ 11 ] Bug #1399715 - CVE-2016-9623 w3m: Integer overflow resulting in segmentation fault
        https://bugzilla.redhat.com/show_bug.cgi?id=1399715
  [ 12 ] Bug #1399713 - CVE-2016-9622 w3m: Null pointer dereference in HTMLlineproc2body
        https://bugzilla.redhat.com/show_bug.cgi?id=1399713
  [ 13 ] Bug #1399710 - CVE-2016-9443 w3m: Null pointer dereference in formUpdateBuffer
        https://bugzilla.redhat.com/show_bug.cgi?id=1399710
  [ 14 ] Bug #1399707 - CVE-2016-9442 w3m: Potential heap-buffer corruption due to Strgrow
        https://bugzilla.redhat.com/show_bug.cgi?id=1399707
  [ 15 ] Bug #1399705 - CVE-2016-9441 w3m: Null pointer dereference in do_refill
        https://bugzilla.redhat.com/show_bug.cgi?id=1399705
  [ 16 ] Bug #1399702 - CVE-2016-9440 w3m: Null pointer dereference in formUpdateBuffer
        https://bugzilla.redhat.com/show_bug.cgi?id=1399702
  [ 17 ] Bug #1399701 - CVE-2016-9439 w3m: Infinite recursion with nested table and textarea
        https://bugzilla.redhat.com/show_bug.cgi?id=1399701
  [ 18 ] Bug #1399699 - CVE-2016-9438 w3m: Null pointer dereference with input_alt tag
        https://bugzilla.redhat.com/show_bug.cgi?id=1399699
  [ 19 ] Bug #1399697 - CVE-2016-9437 w3m: Write access violation with '<button type=radio>'
        https://bugzilla.redhat.com/show_bug.cgi?id=1399697
  [ 20 ] Bug #1399695 - CVE-2016-9436 w3m: Unitialised value in parsetagx.c
        https://bugzilla.redhat.com/show_bug.cgi?id=1399695
  [ 21 ] Bug #1399694 - CVE-2016-9435 w3m: Unitialised value in file.c
        https://bugzilla.redhat.com/show_bug.cgi?id=1399694
  [ 22 ] Bug #1399691 - CVE-2016-9434 w3m: Null pointer dereference due to incorrect form_int fid
        https://bugzilla.redhat.com/show_bug.cgi?id=1399691
  [ 23 ] Bug #1399690 - CVE-2016-9433 w3m: Segmentation fault when parsing iso2022 characters
        https://bugzilla.redhat.com/show_bug.cgi?id=1399690
  [ 24 ] Bug #1399689 - CVE-2016-9432 w3m: Segmentation fault due to bcopy with negative size
        https://bugzilla.redhat.com/show_bug.cgi?id=1399689
  [ 25 ] Bug #1399687 - CVE-2016-9431 w3m: Stack buffer overflow in deleteFrameSet()
        https://bugzilla.redhat.com/show_bug.cgi?id=1399687
  [ 26 ] Bug #1399685 - CVE-2016-9430 w3m: Segmentation fault with malformed input tag
        https://bugzilla.redhat.com/show_bug.cgi?id=1399685
  [ 27 ] Bug #1399682 - CVE-2016-9429 w3m: Global-buffer-overflow write in formUpdateBuffer
        https://bugzilla.redhat.com/show_bug.cgi?id=1399682
  [ 28 ] Bug #1399668 - CVE-2016-9426 w3m: Heap corruption due to integer overflow in renderTable()
        https://bugzilla.redhat.com/show_bug.cgi?id=1399668
  [ 29 ] Bug #1399667 - CVE-2016-9428 w3m: Out-of-bounds write in addMultirowsForm()
        https://bugzilla.redhat.com/show_bug.cgi?id=1399667
  [ 30 ] Bug #1399666 - CVE-2016-9425 w3m: Segmentation fault due to write to lineBuf[-1] in addMultirowsForm
        https://bugzilla.redhat.com/show_bug.cgi?id=1399666
  [ 31 ] Bug #1399665 - CVE-2016-9424 w3m: Out-of-bounds heap write due to negative array index
        https://bugzilla.redhat.com/show_bug.cgi?id=1399665
  [ 32 ] Bug #1399664 - CVE-2016-9423 w3m: Malformed html tag heap-buffer overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=1399664
  [ 33 ] Bug #1399662 - CVE-2016-9422 w3m: Stack smashed with large image inside table
        https://bugzilla.redhat.com/show_bug.cgi?id=1399662
--------------------------------------------------------------------------------
_______________________________________________
test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux