The following Fedora 24 Security updates need testing: Age URL 106 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08 squid-3.5.23-1.fc24 99 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24 61 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba runc-1.0.0-5.rc2.gitc91b5be.fc24 42 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4b176c1694 redis-3.2.8-1.fc24 19 https://bodhi.fedoraproject.org/updates/FEDORA-2017-68cdc567e9 php-onelogin-php-saml-2.10.5-1.fc24 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0f5fe1913f sane-backends-1.0.25-7.fc24 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-72323a442f ntp-4.2.6p5-44.fc24 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-97e65f13bb python-sleekxmpp-1.3.2-1.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e6419b416d xen-4.6.5-4.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-712a186f5f icecat-52.0.1-5.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-461ce095b5 samba-4.4.13-0.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ec01954fe9 chromium-57.0.2987.133-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-174cb400d7 flatpak-0.8.5-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8eac23007d xorgxrdp-0.2.1-1.fc24 xrdp-0.9.2-3.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2a3e6fa12 php-horde-Horde-Crypt-2.7.6-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-66fd940572 libpng15-1.5.28-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-84bc8ac268 libpng12-1.2.57-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a66ca10c22 tigervnc-1.7.1-3.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3d7c3f66ae pcre-8.40-6.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-47eb254e1c vim-8.0.514-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-58d5521965 linux-firmware-20170313-72.git695f2d6d.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6189eb6f22 gvfs-1.28.4-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e50ea71b16 audit-2.7.4-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-461ce095b5 samba-4.4.13-0.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-579411a8a3 nss-3.29.3-1.1.fc24 nss-util-3.29.3-1.1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c372fa4dbc sudo-1.8.19p2-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3e90bdded7 p11-kit-0.23.2-3.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1739c0ed1b hwdata-0.299-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3753e75f72 ca-certificates-2017.2.11-1.1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a66ca10c22 tigervnc-1.7.1-3.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-85f5f525f1 firefox-52.0.2-2.fc24 The following builds have been pushed to Fedora 24 updates-testing a52dec-0.7.4-27.fc24 ca-certificates-2017.2.11-1.1.fc24 chkrootkit-0.52-1.fc24 golang-github-cznic-fileutil-0-0.2.git90cf820.fc24 golang-github-cznic-sortutil-0-0.1.git4c73428.fc24 golang-github-cznic-strutil-0-0.1.git43a8959.fc24 mc-4.8.19-1.fc24 pkgconf-1.3.5-1.fc24 python-hglib-2.4-1.fc24 python-streamlink-0.5.0-1.fc24 snapd-2.23.6-3.fc24 snapd-glib-1.10-1.fc24 spacefm-1.0.5-4.fc24 tigervnc-1.7.1-3.fc24 unity-gtk-module-0.0.0+17.04.20170403-1.fc24 Details about builds: ================================================================================ a52dec-0.7.4-27.fc24 (FEDORA-2017-fec43917b0) Small test program for liba52 -------------------------------------------------------------------------------- Update Information: Fix upgrade path for 3rd part repos using a52dec-libs instead of liba52 ---- Fix multilibs transition -------------------------------------------------------------------------------- ================================================================================ ca-certificates-2017.2.11-1.1.fc24 (FEDORA-2017-3753e75f72) The Mozilla CA root certificate bundle -------------------------------------------------------------------------------- Update Information: This update supports a new PKCS#11 attribute CKA_NSS_MOZILLA_CA_POLICY. The attribute has been defined by NSS version 3.30. The attribute is expected to be set to true for CA certificates that have been added as part of the Mozilla CA Policy process. The enhancement is required for compatibility with the future Firefox 54 release, which will query this attribute when accessing root CA certificates from the loaded CA trust module. On Fedora, Firefox is configured to access the p11-kit-trust module, instead of the NSS CA trust module nssckbi. This change to the ca-certificates package will make the attribute available to p11-kit-trust and Firefox. Support for this new attribute requires p11-kit- trust version and build 0.23.2-3, which contains the relevant backported functionality from upstream version 0.23.5. To enable the addition of this attribute, the ca-certificates package has been changed to use p11-kit-trust's flexible p11-kit-object-v1 file format for the internal packaging of the CA certificates list. The update-ca-trust command has been changed to add comments to extracted PEM format files. The changes in this package version shouldn't affect any existing functionality or trust. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1418741 - Change the CA + trust input format given from ca-certificates to p11-kit-trust https://bugzilla.redhat.com/show_bug.cgi?id=1418741 [ 2 ] Bug #1418739 - ca-certificates must set the nss-mozilla-ca-policy pkcs#11 attribute for Mozilla CAs https://bugzilla.redhat.com/show_bug.cgi?id=1418739 -------------------------------------------------------------------------------- ================================================================================ chkrootkit-0.52-1.fc24 (FEDORA-2017-0e016ac083) Tool to locally check for signs of a rootkit -------------------------------------------------------------------------------- Update Information: 0.52 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438910 - update 0.52 https://bugzilla.redhat.com/show_bug.cgi?id=1438910 [ 2 ] Bug #1411126 - Suspicious detections on fresh installed system https://bugzilla.redhat.com/show_bug.cgi?id=1411126 -------------------------------------------------------------------------------- ================================================================================ golang-github-cznic-fileutil-0-0.2.git90cf820.fc24 (FEDORA-2017-67ad50afb4) File utility functions for Go -------------------------------------------------------------------------------- Update Information: New package for fedora. This is one of the dependencies of syncthing. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1431732 - Review Request: golang-github-cznic-fileutil - File utility functions for Go https://bugzilla.redhat.com/show_bug.cgi?id=1431732 -------------------------------------------------------------------------------- ================================================================================ golang-github-cznic-sortutil-0-0.1.git4c73428.fc24 (FEDORA-2017-b7696240e0) Supplemental utilities for Go's sort package -------------------------------------------------------------------------------- Update Information: New package for fedora. This is one of the dependencies of syncthing. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1431735 - Review Request: golang-github-cznic-sortutil - Supplemental utilities for Go's sort package https://bugzilla.redhat.com/show_bug.cgi?id=1431735 -------------------------------------------------------------------------------- ================================================================================ golang-github-cznic-strutil-0-0.1.git43a8959.fc24 (FEDORA-2017-4365f9f0c6) Supplemental utilities for Go's strings package -------------------------------------------------------------------------------- Update Information: New package for fedora. This is one of the dependencies of syncthing. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1431736 - Review Request: golang-github-cznic-strutil - Supplemental utilities for Go's strings package https://bugzilla.redhat.com/show_bug.cgi?id=1431736 -------------------------------------------------------------------------------- ================================================================================ mc-4.8.19-1.fc24 (FEDORA-2017-b857531f8e) User-friendly text console file manager and visual shell -------------------------------------------------------------------------------- Update Information: 4.8.19 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1436394 - update to 4.8.19, switch from slang to ncurses, other cleanups https://bugzilla.redhat.com/show_bug.cgi?id=1436394 [ 2 ] Bug #1429265 - mc-4.8.19 is available https://bugzilla.redhat.com/show_bug.cgi?id=1429265 -------------------------------------------------------------------------------- ================================================================================ pkgconf-1.3.5-1.fc24 (FEDORA-2017-c1a5e2ba13) Package compiler and linker metadata toolkit -------------------------------------------------------------------------------- Update Information: **Bug fixes**: - fix --variable output for compatibility some broken configure scripts when they request the same variable from multiple packages ---- Update to 1.3.3, making behavior changes in 1.3.2 optional ---- - **Features**: - implement `--short-errors` - **Bug fixes**: - only consider a single package at a time with `--print-requires`, `--print-requires- private`, `--print-provides`, `--modversion`, `--print-variable` and `--print- variables` - rewrite handling of `--modversion`, `--print-variables` and `--variable` to not require the dependency resolver - Enhancements: - synchronized latest freedesktop.org changes to pkg.m4 - improve error reporting with legacy `--atleast-version` and similar flags -------------------------------------------------------------------------------- References: [ 1 ] Bug #1436463 - pkgconf-1.3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1436463 -------------------------------------------------------------------------------- ================================================================================ python-hglib-2.4-1.fc24 (FEDORA-2017-d1b91f85bd) Mercurial Python library -------------------------------------------------------------------------------- Update Information: Update to latest upstream release python-hglib 2.4. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438627 - python-hglib-2.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1438627 -------------------------------------------------------------------------------- ================================================================================ python-streamlink-0.5.0-1.fc24 (FEDORA-2017-5192e79a20) Python library for extracting streams from various websites -------------------------------------------------------------------------------- Update Information: Lot's of contributions since the last release. As always, lot's of updating to plugins! One of the new features is the addition of Google Drive / Google Docs, you can now stream videos stored on Google Docs. We've also gone ahead and removed dead plugins (sites which have gone down) as well as added pycrypto as a dependency for future plugins. See https://github.com/streamlink/streamlink/releases/latest for more. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438991 - python-streamlink-0.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1438991 -------------------------------------------------------------------------------- ================================================================================ snapd-2.23.6-3.fc24 (FEDORA-2017-ce0fdd87a4) A transactional software package manager -------------------------------------------------------------------------------- Update Information: `snapd` 2.23.6 and `snapd-glib` 1.10 introduce support for using Snaps in Fedora. `snapd` provides the Snappy system functionality, while `snapd-glib` enables various applications to interact and integrate with `snapd`. See https://snapcraft.io/ for more information on Snappy. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1390616 - Review Request: snapd-glib - Library providing a GLib interface to snapd https://bugzilla.redhat.com/show_bug.cgi?id=1390616 [ 2 ] Bug #1367825 - Review Request: snapd - The snapd and snap tools enable systems to work with .snap files https://bugzilla.redhat.com/show_bug.cgi?id=1367825 [ 3 ] Bug #1421274 - Is this ever going to be built? https://bugzilla.redhat.com/show_bug.cgi?id=1421274 [ 4 ] Bug #1438790 - snapd-glib-1.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1438790 -------------------------------------------------------------------------------- ================================================================================ snapd-glib-1.10-1.fc24 (FEDORA-2017-ce0fdd87a4) Library providing a GLib interface to snapd -------------------------------------------------------------------------------- Update Information: `snapd` 2.23.6 and `snapd-glib` 1.10 introduce support for using Snaps in Fedora. `snapd` provides the Snappy system functionality, while `snapd-glib` enables various applications to interact and integrate with `snapd`. See https://snapcraft.io/ for more information on Snappy. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1390616 - Review Request: snapd-glib - Library providing a GLib interface to snapd https://bugzilla.redhat.com/show_bug.cgi?id=1390616 [ 2 ] Bug #1367825 - Review Request: snapd - The snapd and snap tools enable systems to work with .snap files https://bugzilla.redhat.com/show_bug.cgi?id=1367825 [ 3 ] Bug #1421274 - Is this ever going to be built? https://bugzilla.redhat.com/show_bug.cgi?id=1421274 [ 4 ] Bug #1438790 - snapd-glib-1.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1438790 -------------------------------------------------------------------------------- ================================================================================ spacefm-1.0.5-4.fc24 (FEDORA-2017-a69184bb27) Multi-panel tabbed file and desktop manager -------------------------------------------------------------------------------- Update Information: A bug was reported that opening preferences causes segv on wayland session. This new rpm should fix this issue. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438277 - [abrt] spacefm: XRootWindowOfScreen(): spacefm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1438277 -------------------------------------------------------------------------------- ================================================================================ tigervnc-1.7.1-3.fc24 (FEDORA-2017-a66ca10c22) A TigerVNC remote display system -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438703 - CVE-2017-7396 tigervnc: SecurityServer and ClientServer memory leaks https://bugzilla.redhat.com/show_bug.cgi?id=1438703 [ 2 ] Bug #1438701 - CVE-2017-7395 tigervnc: Integer overflow in SMsgReader::readClientCutText https://bugzilla.redhat.com/show_bug.cgi?id=1438701 [ 3 ] Bug #1438700 - CVE-2017-7394 tigervnc: Server crash via long usernames https://bugzilla.redhat.com/show_bug.cgi?id=1438700 [ 4 ] Bug #1438697 - CVE-2017-7393 tigervnc: Double free via crafted fences https://bugzilla.redhat.com/show_bug.cgi?id=1438697 [ 5 ] Bug #1438694 - CVE-2017-7392 tigervnc: SSecurityVeNCrypt memory leak https://bugzilla.redhat.com/show_bug.cgi?id=1438694 -------------------------------------------------------------------------------- ================================================================================ unity-gtk-module-0.0.0+17.04.20170403-1.fc24 (FEDORA-2017-b07b4d1df3) GTK+ module for exporting old-style menus as GMenuModels -------------------------------------------------------------------------------- Update Information: * New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438992 - unity-gtk-module-0.0.0+17.04.20170403 is available https://bugzilla.redhat.com/show_bug.cgi?id=1438992 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
