Fedora 25 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 25 Security updates need testing:
 Age  URL
  98  https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb   exim-4.87.1-1.fc25
  18  https://bodhi.fedoraproject.org/updates/FEDORA-2017-06f4b88ceb   php-onelogin-php-saml-2.10.5-1.fc25
  10  https://bodhi.fedoraproject.org/updates/FEDORA-2017-99ad80f109   python-sleekxmpp-1.3.2-1.fc25
   4  https://bodhi.fedoraproject.org/updates/FEDORA-2017-7e5b5201e7   xen-4.7.2-4.fc25
   4  https://bodhi.fedoraproject.org/updates/FEDORA-2017-674d306f51   icecat-52.0.1-5.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-7bd002b77c   xorgxrdp-0.2.1-1.fc25 xrdp-0.9.2-3.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-ed4c9b605b   php-horde-Horde-Crypt-2.7.6-1.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-cf1944f480   libpng15-1.5.28-1.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-bad9942e42   libpng12-1.2.57-1.fc25


The following Fedora 25 Critical Path updates have yet to be approved:
 Age URL
   6  https://bodhi.fedoraproject.org/updates/FEDORA-2017-ea86a8123b   pungi-4.1.14-1.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-707045e260   cups-2.2.0-7.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-bb919b7642   nss-pem-1.0.3-3.fc25 curl-7.51.0-5.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-859f058eda   firefox-52.0.2-2.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-5067c05bad   firewalld-0.4.4.4-1.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-a14aa819ff   freetype-2.6.5-4.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-0e8a306df1   at-spi2-core-2.22.1-1.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-0dc6f0c054   p11-kit-0.23.2-3.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-433b2a46f7   pcre2-10.23-5.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-68626b63de   gdk-pixbuf2-2.36.6-1.fc25
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-6e992252aa   openldap-2.4.44-10.fc25


The following builds have been pushed to Fedora 25 updates-testing

    cups-2.2.0-7.fc25
    curl-7.51.0-5.fc25
    firefox-52.0.2-2.fc25
    firewalld-0.4.4.4-1.fc25
    freerdp-2.0.0-24.20170317git8c68761.fc25
    freetype-2.6.5-4.fc25
    kicad-4.0.6-1.fc25.1
    libglvnd-0.2.999-14.20170308git8e6e102.fc25
    libpng12-1.2.57-1.fc25
    libpng15-1.5.28-1.fc25
    lirc-0.9.4c-8.fc25
    notmuch-0.24.1-1.fc25
    nss-pem-1.0.3-3.fc25
    perl-Dist-Zilla-6.009-1.fc25
    php-composer-spdx-licenses-1.1.6-1.fc25
    php-horde-Horde-Crypt-2.7.6-1.fc25
    python-pyaes-1.6.0-1.fc25
    python-pygatt-3.1.1-1.fc25
    python-xml2rfc-2.5.2-1.fc25
    remmina-1.2.0-0.33.20170317git4d8d257.fc25
    sway-0.12.2-1.fc25
    xorgxrdp-0.2.1-1.fc25
    xrdp-0.9.2-3.fc25
    yakuake-3.0.4-1.fc25
    zbar-0.10-29.fc25
    zsh-5.2-6.fc25

Details about builds:


================================================================================
 cups-2.2.0-7.fc25 (FEDORA-2017-707045e260)
 CUPS printing system
--------------------------------------------------------------------------------
Update Information:

Temporarily removing resolv_reload patch.
--------------------------------------------------------------------------------


================================================================================
 curl-7.51.0-5.fc25 (FEDORA-2017-bb919b7642)
 A utility for getting files from remote servers (FTP, HTTP, and others)
--------------------------------------------------------------------------------
Update Information:

- make the dependency on nss-pem arch-specific (#1428550)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1431347 - libcurl-7.53.1-3.fc26.i686 requires non-existent nss-pem.fc26.i686 package
        https://bugzilla.redhat.com/show_bug.cgi?id=1431347
  [ 2 ] Bug #1428550 - nss-pem.i686 not available on x86_64 platform
        https://bugzilla.redhat.com/show_bug.cgi?id=1428550
--------------------------------------------------------------------------------


================================================================================
 firefox-52.0.2-2.fc25 (FEDORA-2017-859f058eda)
 Mozilla Firefox Web browser
--------------------------------------------------------------------------------
Update Information:

- New upstream (52.0.2) - mozbz#1348576 - enable e10s for selected users -
mozbz#1158076 - enable dark theme by pref
--------------------------------------------------------------------------------


================================================================================
 firewalld-0.4.4.4-1.fc25 (FEDORA-2017-5067c05bad)
 A firewall daemon with D-Bus interface providing a dynamic firewall
--------------------------------------------------------------------------------
Update Information:

The new firewalld version 0.4.4.4 is available as a bug fix release for
firewalld version 0.4.4.3
http://www.firewalld.org/2017/03/firewalld-0-4-4-4-release  - Drop all
references to fedorahosted.org - Fix inconsistent order of source bindings - Fix
ipset overloading from /etc/firewalld/ipsets - Fix permanent rich rules using
icmp-type elements - Check if ICMP types are supported by kernel - Show
icmptypes and ipsets with type errors in permanent environment - firewall-
config: Show invalid ipset types - firewall-config: Deactivate modify buttons if
there are no items
--------------------------------------------------------------------------------


================================================================================
 freerdp-2.0.0-24.20170317git8c68761.fc25 (FEDORA-2017-0a8fb73c20)
 Free implementation of the Remote Desktop Protocol (RDP)
--------------------------------------------------------------------------------
Update Information:

Update to latest snapshot.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1438154 - [abrt] remmina: remmina_rdp_cliprdr_request_data(): remmina killed by SIGSEGV
        https://bugzilla.redhat.com/show_bug.cgi?id=1438154
  [ 2 ] Bug #1363834 - [abrt] remmina: setChannelError(): remmina killed by SIGSEGV
        https://bugzilla.redhat.com/show_bug.cgi?id=1363834
  [ 3 ] Bug #1370421 - [abrt] remmina: g_realloc(): remmina killed by SIGABRT
        https://bugzilla.redhat.com/show_bug.cgi?id=1370421
  [ 4 ] Bug #1380189 - [abrt] remmina: update_free(): remmina killed by SIGABRT
        https://bugzilla.redhat.com/show_bug.cgi?id=1380189
  [ 5 ] Bug #1403452 - [abrt] remmina: do_validate_rows(): remmina killed by SIGSEGV
        https://bugzilla.redhat.com/show_bug.cgi?id=1403452
  [ 6 ] Bug #1432258 - [abrt] remmina: HashTable_GetItemValue(): remmina killed by SIGSEGV
        https://bugzilla.redhat.com/show_bug.cgi?id=1432258
--------------------------------------------------------------------------------


================================================================================
 freetype-2.6.5-4.fc25 (FEDORA-2017-a14aa819ff)
 A free and portable font rendering engine
--------------------------------------------------------------------------------
Update Information:

This update allows linear scaling for unhinted rendering of TrueType fonts.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1437999 - FreeType bug causes Chromium misrendering of PDF
        https://bugzilla.redhat.com/show_bug.cgi?id=1437999
--------------------------------------------------------------------------------


================================================================================
 kicad-4.0.6-1.fc25.1 (FEDORA-2017-274268f6f7)
 EDA software suite for creation of schematic diagrams and PCBs
--------------------------------------------------------------------------------
Update Information:

Update to 4.0.6.
--------------------------------------------------------------------------------


================================================================================
 libglvnd-0.2.999-14.20170308git8e6e102.fc25 (FEDORA-2017-ce3f26ba8a)
 The GL Vendor-Neutral Dispatch library
--------------------------------------------------------------------------------
Update Information:

* Fix conditionals for _without_mesa_glvnd_default * Fix other RHEL-
conditionals, too * Update RPM filters for private libraries (includes GLX,
fixes RHEL 6). * Update to latest snapshot, remove upstreamed patches. * Update
release to packaging guidelines format. * Make sure that for Fedora 24 and RHEL
the libraries are always private.
--------------------------------------------------------------------------------


================================================================================
 libpng12-1.2.57-1.fc25 (FEDORA-2017-bad9942e42)
 Old version of libpng, needed to run old binaries
--------------------------------------------------------------------------------
Update Information:

* Update to upstream release **1.2.57**. * Fixes **CVE-2016-10087**.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1409617 - CVE-2016-10087 libpng: NULL pointer dereference in png_set_text_2()
        https://bugzilla.redhat.com/show_bug.cgi?id=1409617
--------------------------------------------------------------------------------


================================================================================
 libpng15-1.5.28-1.fc25 (FEDORA-2017-cf1944f480)
 Old version of libpng, needed to run old binaries
--------------------------------------------------------------------------------
Update Information:

* Update to upstream release **1.5.28**. * Fixes **CVE-2016-10087**.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1409617 - CVE-2016-10087 libpng: NULL pointer dereference in png_set_text_2()
        https://bugzilla.redhat.com/show_bug.cgi?id=1409617
--------------------------------------------------------------------------------


================================================================================
 lirc-0.9.4c-8.fc25 (FEDORA-2017-e134d6805f)
 The Linux Infrared Remote Control package
--------------------------------------------------------------------------------
Update Information:

Fix for missing systemd socket activation giving subtle boot errors.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1438702 - systemd socket-activation support is not available
        https://bugzilla.redhat.com/show_bug.cgi?id=1438702
--------------------------------------------------------------------------------


================================================================================
 notmuch-0.24.1-1.fc25 (FEDORA-2017-490a8860f3)
 System for indexing, searching, and tagging email
--------------------------------------------------------------------------------
Update Information:

Latest upstream.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1438206 - notmuch-0.24.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1438206
--------------------------------------------------------------------------------


================================================================================
 nss-pem-1.0.3-3.fc25 (FEDORA-2017-bb919b7642)
 PEM file reader for Network Security Services (NSS)
--------------------------------------------------------------------------------
Update Information:

- make the dependency on nss-pem arch-specific (#1428550)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1431347 - libcurl-7.53.1-3.fc26.i686 requires non-existent nss-pem.fc26.i686 package
        https://bugzilla.redhat.com/show_bug.cgi?id=1431347
  [ 2 ] Bug #1428550 - nss-pem.i686 not available on x86_64 platform
        https://bugzilla.redhat.com/show_bug.cgi?id=1428550
--------------------------------------------------------------------------------


================================================================================
 perl-Dist-Zilla-6.009-1.fc25 (FEDORA-2017-3d3434d0fa)
 Distribution builder; installer not included!
--------------------------------------------------------------------------------
Update Information:

A new version of Dist-ZIlla is available. Refer to
http://cpansearch.perl.org/src/RJBS/Dist-Zilla-6.009/Changes for the summary of
changes in this release.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1429144 - perl-Dist-Zilla-6.009 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1429144
--------------------------------------------------------------------------------


================================================================================
 php-composer-spdx-licenses-1.1.6-1.fc25 (FEDORA-2017-e4ecdc1272)
 SPDX licenses list and validation library
--------------------------------------------------------------------------------
Update Information:

**Version 1.1.6** - 2017-04-03    * Changed: updated licenses list.
--------------------------------------------------------------------------------


================================================================================
 php-horde-Horde-Crypt-2.7.6-1.fc25 (FEDORA-2017-ed4c9b605b)
 Horde Cryptography API
--------------------------------------------------------------------------------
Update Information:

**Horde_Crypt 2.7.6**  * [mjr] SECURITY: Fix remote code execution vulnerability
(**CVE-2017-7413**, and **CVE-2017-7414**).
--------------------------------------------------------------------------------


================================================================================
 python-pyaes-1.6.0-1.fc25 (FEDORA-2017-df3a65f201)
 Pure-Python implementation of AES block-cipher and common modes of operation
--------------------------------------------------------------------------------
Update Information:

* Initial build
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1437986 - Review Request: python-pyaes - Pure-Python implementation of AES block-cipher and common modes of operation
        https://bugzilla.redhat.com/show_bug.cgi?id=1437986
--------------------------------------------------------------------------------


================================================================================
 python-pygatt-3.1.1-1.fc25 (FEDORA-2017-9efc8492e8)
 A Python Module for Bluetooth LE Generic Attribute Profile
--------------------------------------------------------------------------------
Update Information:

Update to latest upstream release 3.1.1
--------------------------------------------------------------------------------


================================================================================
 python-xml2rfc-2.5.2-1.fc25 (FEDORA-2017-167b3244c8)
 Convert IETF RFC-2629 XML into txt format
--------------------------------------------------------------------------------
Update Information:

Updated to 2.5.2
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1438375 - xml2rfc: incorrect dependencies
        https://bugzilla.redhat.com/show_bug.cgi?id=1438375
  [ 2 ] Bug #1323171 - python-xml2rfc: Provide a Python 3 subpackage
        https://bugzilla.redhat.com/show_bug.cgi?id=1323171
--------------------------------------------------------------------------------


================================================================================
 remmina-1.2.0-0.33.20170317git4d8d257.fc25 (FEDORA-2017-0a8fb73c20)
 Remote Desktop Client
--------------------------------------------------------------------------------
Update Information:

Update to latest snapshot.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1438154 - [abrt] remmina: remmina_rdp_cliprdr_request_data(): remmina killed by SIGSEGV
        https://bugzilla.redhat.com/show_bug.cgi?id=1438154
  [ 2 ] Bug #1363834 - [abrt] remmina: setChannelError(): remmina killed by SIGSEGV
        https://bugzilla.redhat.com/show_bug.cgi?id=1363834
  [ 3 ] Bug #1370421 - [abrt] remmina: g_realloc(): remmina killed by SIGABRT
        https://bugzilla.redhat.com/show_bug.cgi?id=1370421
  [ 4 ] Bug #1380189 - [abrt] remmina: update_free(): remmina killed by SIGABRT
        https://bugzilla.redhat.com/show_bug.cgi?id=1380189
  [ 5 ] Bug #1403452 - [abrt] remmina: do_validate_rows(): remmina killed by SIGSEGV
        https://bugzilla.redhat.com/show_bug.cgi?id=1403452
  [ 6 ] Bug #1432258 - [abrt] remmina: HashTable_GetItemValue(): remmina killed by SIGSEGV
        https://bugzilla.redhat.com/show_bug.cgi?id=1432258
--------------------------------------------------------------------------------


================================================================================
 sway-0.12.2-1.fc25 (FEDORA-2017-4627244140)
 i3-compatible window manager for Wayland
--------------------------------------------------------------------------------
Update Information:

update  ----  update
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1432455 - sway-0.12.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1432455
--------------------------------------------------------------------------------


================================================================================
 xorgxrdp-0.2.1-1.fc25 (FEDORA-2017-7bd002b77c)
 Implementation of xrdp backend as Xorg modules
--------------------------------------------------------------------------------
Update Information:

New upstream version of xorgxrdp and xrdp:  New features in xrdp:  - RemoteFX
codec support is now enabled by default. - Bitmap updates support is now enabled
by default. - TLS ciphers suites and version is now logged. - Connected computer
name is now logged. - Switched to Xorg (xorgxrdp) as the default backend now. -
Miscellaneous RemoteFX codec mode improvements. - Socket directory is
configurable at the compile time.  Bugfixes in xrdp:  - Parallels client for
MacOS / iOS can now connect (audio redirection must be disabled on client or
xrdp server though). - MS RDP client for iOS can now connect using TLS security
layer. - MS RDP client for Android can now connect to xrdp. - Large resolutions
(4K) can be used with RemoteFX graphics. - Multiple RemoteApps can be opened
throguh NeutrinoRDP proxy. - tls_ciphers in xrdp.ini is not limited to 63 chars
anymore, it's variable-length. - Fixed an issue where tls_ciphers were ignored
and rdp security layer could be used instead. - Kill disconnected sessions
feature is working with Xorg (xorgxrdp) backend. - Miscellaneous code cleanup
and memory issues fixes.  Rebuild of xrdp requiring both xorgxrdp and tigervnc-
minimal. VNC is still the default.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1433959 - CVE-2017-6967 xrdp: Incorrect placement of auth_start_session() [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1433959
--------------------------------------------------------------------------------


================================================================================
 xrdp-0.9.2-3.fc25 (FEDORA-2017-7bd002b77c)
 Open source remote desktop protocol (RDP) server
--------------------------------------------------------------------------------
Update Information:

New upstream version of xorgxrdp and xrdp:  New features in xrdp:  - RemoteFX
codec support is now enabled by default. - Bitmap updates support is now enabled
by default. - TLS ciphers suites and version is now logged. - Connected computer
name is now logged. - Switched to Xorg (xorgxrdp) as the default backend now. -
Miscellaneous RemoteFX codec mode improvements. - Socket directory is
configurable at the compile time.  Bugfixes in xrdp:  - Parallels client for
MacOS / iOS can now connect (audio redirection must be disabled on client or
xrdp server though). - MS RDP client for iOS can now connect using TLS security
layer. - MS RDP client for Android can now connect to xrdp. - Large resolutions
(4K) can be used with RemoteFX graphics. - Multiple RemoteApps can be opened
throguh NeutrinoRDP proxy. - tls_ciphers in xrdp.ini is not limited to 63 chars
anymore, it's variable-length. - Fixed an issue where tls_ciphers were ignored
and rdp security layer could be used instead. - Kill disconnected sessions
feature is working with Xorg (xorgxrdp) backend. - Miscellaneous code cleanup
and memory issues fixes.  Rebuild of xrdp requiring both xorgxrdp and tigervnc-
minimal. VNC is still the default.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1433959 - CVE-2017-6967 xrdp: Incorrect placement of auth_start_session() [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1433959
--------------------------------------------------------------------------------


================================================================================
 yakuake-3.0.4-1.fc25 (FEDORA-2017-8351331fde)
 A drop-down terminal emulator
--------------------------------------------------------------------------------
Update Information:

Latest upstream bugfix release.
--------------------------------------------------------------------------------


================================================================================
 zbar-0.10-29.fc25 (FEDORA-2017-fef3d3fb38)
 Bar code reader
--------------------------------------------------------------------------------
Update Information:

Update it to use Qt5 instead of Qt4 (whose package is currently orphaned on
Fedora)
--------------------------------------------------------------------------------


================================================================================
 zsh-5.2-6.fc25 (FEDORA-2017-aaf65ae1c0)
 Powerful interactive shell
--------------------------------------------------------------------------------
Update Information:

Included two additional zsh modules: pcre and db/gdbm, which are needed by some
completion functions.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1438009 - zsh package is missing some modules
        https://bugzilla.redhat.com/show_bug.cgi?id=1438009
--------------------------------------------------------------------------------
_______________________________________________
test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux