The following Fedora 24 Security updates need testing: Age URL 75 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08 squid-3.5.23-1.fc24 68 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24 31 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba runc-1.0.0-5.rc2.gitc91b5be.fc24 24 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9a5b89363f libwmf-0.2.8.4-50.fc24 24 https://bodhi.fedoraproject.org/updates/FEDORA-2017-404f1a29fc mingw-gtk-vnc-0.7.0-1.fc24 16 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f9f3a78148 suricata-3.2.1-1.fc24 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4b176c1694 redis-3.2.8-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1607a3a78e xen-4.6.4-8.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a513be0939 cacti-1.0.4-1.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cc7249b821 drupal7-metatag-1.21-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bcab179007 drupal7-views-3.15-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-25df1dbd02 munin-2.0.30-5.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-aaf92c483c php-pear-PHP-CodeSniffer-2.8.1-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d2bab54ac9 GraphicsMagick-1.3.25-6.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3b97b275da mupdf-1.10a-4.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b011e8c922 kdelibs-4.14.29-2.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-01eed6fe8c kdelibs3-3.5.10-84.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-783e8fa63e w3m-0.5.3-30.git20170102.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5b32a5782b tor-0.2.9.10-1.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a6183d9d27 lorax-24.22-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-efd3683a66 audit-2.7.3-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8a48514287 pcre-8.40-5.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b011e8c922 kdelibs-4.14.29-2.fc24 The following builds have been pushed to Fedora 24 updates-testing jenkins-1.651.3-5.fc24 libcxx-3.8.0-6.fc24 libcxxabi-3.8.0-3.fc24 psysh-0.8.2-1.fc24 tor-0.2.9.10-1.fc24 w3m-0.5.3-30.git20170102.fc24 Details about builds: ================================================================================ jenkins-1.651.3-5.fc24 (FEDORA-2017-2303ed6489) An extendable open source continuous integration server -------------------------------------------------------------------------------- Update Information: Fix symlinks. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1401161 - Updating to latest packages of jenkins prevents jenkins from properly starting https://bugzilla.redhat.com/show_bug.cgi?id=1401161 -------------------------------------------------------------------------------- ================================================================================ libcxx-3.8.0-6.fc24 (FEDORA-2017-409bad2fb2) C++ standard library targeting C++11 -------------------------------------------------------------------------------- Update Information: New package: libcxxabi. (libcxx rebuilt against it as well). Added linker script to pull in -lc++abi by default when using -stdlib=libc++ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1332306 - Review Request: libcxxabi - Low level support for a standard C++ library https://bugzilla.redhat.com/show_bug.cgi?id=1332306 -------------------------------------------------------------------------------- ================================================================================ libcxxabi-3.8.0-3.fc24 (FEDORA-2017-409bad2fb2) Low level support for a standard C++ library -------------------------------------------------------------------------------- Update Information: New package: libcxxabi. (libcxx rebuilt against it as well). Added linker script to pull in -lc++abi by default when using -stdlib=libc++ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1332306 - Review Request: libcxxabi - Low level support for a standard C++ library https://bugzilla.redhat.com/show_bug.cgi?id=1332306 -------------------------------------------------------------------------------- ================================================================================ psysh-0.8.2-1.fc24 (FEDORA-2017-12be510c1a) A runtime developer console, interactive debugger and REPL for PHP -------------------------------------------------------------------------------- Update Information: ### v0.8.2 #### New * Add a `startupMessage` config option (Thanks @gitetsu!) * Reflecting commands (`dump`, `ls`, `show`, `doc`) now add magic variables so you can do fun things with them: `$__class`, `$__file`, `$__method`, etc. #### Improved * Fix some mistyped annotations and add a phan config (Thanks @zonuexe!) * Handle file permissions errors for update checks and history files more gracefully (Thanks @zonuexe!) * Handle PHP 7.x `\Error`s thrown while serializing the shell return value (Thanks @damiankloip!) * Deal with variables named `$this` (like if you started your shell session from inside a class method) without exploding in PHP 7.1+. * Improve the accuracy of info returned by `Psy\info()`. * Fix an error preventing `Psy\info()` from doing anything at all in the last release :-( * Don't let local configuration interfere with config unit tests. * Make reflecting commands superglobals-aware. `dump` is the only one that actually does anything useful with a superglobal, but now the others have reasonable output. * Fix fatal error when trying to extend final classes. * Make a few things reference `static` instead of `self` to make extension easier (Thanks @castarco!) * Fix a handful of bugs around escaping special characters (and `<`) while dumping values. ### v0.8.1 * Add support for `use` statement groups. * Don't throw fatal errors when conditionally redefining classes and functions. * Fix `parse` command for older PHP Parser versions. * Add `bin/package`, to hopefully make our automatic releases go a bit smoother. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1413429 - psysh-0.8.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1413429 -------------------------------------------------------------------------------- ================================================================================ tor-0.2.9.10-1.fc24 (FEDORA-2017-5b32a5782b) Anonymizing overlay network for TCP -------------------------------------------------------------------------------- Update Information: Security update for integer underflow -------------------------------------------------------------------------------- References: [ 1 ] Bug #1428872 - tor: Integer underflow when comparing malformed tor versions https://bugzilla.redhat.com/show_bug.cgi?id=1428872 -------------------------------------------------------------------------------- ================================================================================ w3m-0.5.3-30.git20170102.fc24 (FEDORA-2017-783e8fa63e) A pager with Web browsing abilities -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-9422, CVE-2016-9423, CVE-2016-9424, CVE-2016-9425, CVE-2016-9428, CVE-2016-9426, CVE-2016-9429, CVE-2016-9430, CVE-2016-9431, CVE-2016-9432, CVE-2016-9433, CVE-2016-9434, CVE-2016-9435, CVE-2016-9436, CVE-2016-9437, CVE-2016-9438, CVE-2016-9439, CVE-2016-9440, CVE-2016-9441, CVE-2016-9442, CVE-2016-9443, CVE-2016-9622, CVE-2016-9623, CVE-2016-9624, CVE-2016-9625, CVE-2016-9626, CVE-2016-9627, CVE-2016-9628, CVE-2016-9629, CVE-2016-9631, CVE-2016-9630, CVE-2016-9632, CVE-2016-9633 ---- Update to latest upstream gitrev 20170102 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1399662 - CVE-2016-9422 w3m: Stack smashed with large image inside table https://bugzilla.redhat.com/show_bug.cgi?id=1399662 [ 2 ] Bug #1399664 - CVE-2016-9423 w3m: Malformed html tag heap-buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1399664 [ 3 ] Bug #1399665 - CVE-2016-9424 w3m: Out-of-bounds heap write due to negative array index https://bugzilla.redhat.com/show_bug.cgi?id=1399665 [ 4 ] Bug #1399666 - CVE-2016-9425 w3m: Segmentation fault due to write to lineBuf[-1] in addMultirowsForm https://bugzilla.redhat.com/show_bug.cgi?id=1399666 [ 5 ] Bug #1399667 - CVE-2016-9428 w3m: Out-of-bounds write in addMultirowsForm() https://bugzilla.redhat.com/show_bug.cgi?id=1399667 [ 6 ] Bug #1399668 - CVE-2016-9426 w3m: Heap corruption due to integer overflow in renderTable() https://bugzilla.redhat.com/show_bug.cgi?id=1399668 [ 7 ] Bug #1399682 - CVE-2016-9429 w3m: Global-buffer-overflow write in formUpdateBuffer https://bugzilla.redhat.com/show_bug.cgi?id=1399682 [ 8 ] Bug #1399685 - CVE-2016-9430 w3m: Segmentation fault with malformed input tag https://bugzilla.redhat.com/show_bug.cgi?id=1399685 [ 9 ] Bug #1399687 - CVE-2016-9431 w3m: Stack buffer overflow in deleteFrameSet() https://bugzilla.redhat.com/show_bug.cgi?id=1399687 [ 10 ] Bug #1399689 - CVE-2016-9432 w3m: Segmentation fault due to bcopy with negative size https://bugzilla.redhat.com/show_bug.cgi?id=1399689 [ 11 ] Bug #1399690 - CVE-2016-9433 w3m: Segmentation fault when parsing iso2022 characters https://bugzilla.redhat.com/show_bug.cgi?id=1399690 [ 12 ] Bug #1399691 - CVE-2016-9434 w3m: Null pointer dereference due to incorrect form_int fid https://bugzilla.redhat.com/show_bug.cgi?id=1399691 [ 13 ] Bug #1399694 - CVE-2016-9435 w3m: Unitialised value in file.c https://bugzilla.redhat.com/show_bug.cgi?id=1399694 [ 14 ] Bug #1399695 - CVE-2016-9436 w3m: Unitialised value in parsetagx.c https://bugzilla.redhat.com/show_bug.cgi?id=1399695 [ 15 ] Bug #1399697 - CVE-2016-9437 w3m: Write access violation with '<button type=radio>' https://bugzilla.redhat.com/show_bug.cgi?id=1399697 [ 16 ] Bug #1399699 - CVE-2016-9438 w3m: Null pointer dereference with input_alt tag https://bugzilla.redhat.com/show_bug.cgi?id=1399699 [ 17 ] Bug #1399701 - CVE-2016-9439 w3m: Infinite recursion with nested table and textarea https://bugzilla.redhat.com/show_bug.cgi?id=1399701 [ 18 ] Bug #1399702 - CVE-2016-9440 w3m: Null pointer dereference in formUpdateBuffer https://bugzilla.redhat.com/show_bug.cgi?id=1399702 [ 19 ] Bug #1399705 - CVE-2016-9441 w3m: Null pointer dereference in do_refill https://bugzilla.redhat.com/show_bug.cgi?id=1399705 [ 20 ] Bug #1399707 - CVE-2016-9442 w3m: Potential heap-buffer corruption due to Strgrow https://bugzilla.redhat.com/show_bug.cgi?id=1399707 [ 21 ] Bug #1399710 - CVE-2016-9443 w3m: Null pointer dereference in formUpdateBuffer https://bugzilla.redhat.com/show_bug.cgi?id=1399710 [ 22 ] Bug #1399713 - CVE-2016-9622 w3m: Null pointer dereference in HTMLlineproc2body https://bugzilla.redhat.com/show_bug.cgi?id=1399713 [ 23 ] Bug #1399715 - CVE-2016-9623 w3m: Integer overflow resulting in segmentation fault https://bugzilla.redhat.com/show_bug.cgi?id=1399715 [ 24 ] Bug #1399718 - CVE-2016-9624 w3m: Null pointer dereference in formUpdateBuffer https://bugzilla.redhat.com/show_bug.cgi?id=1399718 [ 25 ] Bug #1399720 - CVE-2016-9625 w3m: HTMLlineproc0 infinite recursion https://bugzilla.redhat.com/show_bug.cgi?id=1399720 [ 26 ] Bug #1399723 - CVE-2016-9626 w3m: Infinite recursion in HTMLlineproc0 https://bugzilla.redhat.com/show_bug.cgi?id=1399723 [ 27 ] Bug #1399728 - CVE-2016-9627 w3m: Array index out of bounds in display.c https://bugzilla.redhat.com/show_bug.cgi?id=1399728 [ 28 ] Bug #1399730 - CVE-2016-9628 w3m: Null pointer dereference due to bad form id in HTMLlineproc2body() https://bugzilla.redhat.com/show_bug.cgi?id=1399730 [ 29 ] Bug #1399732 - CVE-2016-9629 w3m: Null pointer dereference in shiftAnchorPosition() https://bugzilla.redhat.com/show_bug.cgi?id=1399732 [ 30 ] Bug #1399734 - CVE-2016-9631 w3m: Null pointer dereference in HTMLlineproc0() https://bugzilla.redhat.com/show_bug.cgi?id=1399734 [ 31 ] Bug #1399737 - CVE-2016-9630 w3m: Buffer-overflow in parseURL() https://bugzilla.redhat.com/show_bug.cgi?id=1399737 [ 32 ] Bug #1399739 - CVE-2016-9632 w3m: Buffer-overflow in wc_any_to_ucs() https://bugzilla.redhat.com/show_bug.cgi?id=1399739 [ 33 ] Bug #1399740 - CVE-2016-9633 w3m: Memory exhaustion due to repeatedly appending '<table>' https://bugzilla.redhat.com/show_bug.cgi?id=1399740 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx