The following Fedora 25 Security updates need testing: Age URL 99 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 19 https://bodhi.fedoraproject.org/updates/FEDORA-2017-06f4b88ceb php-onelogin-php-saml-2.10.5-1.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-99ad80f109 python-sleekxmpp-1.3.2-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-674d306f51 icecat-52.0.1-5.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7bd002b77c xorgxrdp-0.2.1-1.fc25 xrdp-0.9.2-3.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ed4c9b605b php-horde-Horde-Crypt-2.7.6-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cf1944f480 libpng15-1.5.28-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bad9942e42 libpng12-1.2.57-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-51979161f4 tigervnc-1.7.1-3.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ea86a8123b pungi-4.1.14-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a11057f70e ca-certificates-2017.2.11-1.1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-85b7d7129b flatpak-0.9.2-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a40dca1e21 gtk3-3.22.11-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5a6a02391d file-5.29-4.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b1b8a7c469 git-2.9.3-3.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-51979161f4 tigervnc-1.7.1-3.fc25 The following builds have been pushed to Fedora 25 updates-testing a52dec-0.7.4-27.fc25 aide-0.16-2.fc25 ca-certificates-2017.2.11-1.1.fc25 chkrootkit-0.52-1.fc25 file-5.29-4.fc25 flatpak-0.9.2-1.fc25 gegl03-0.3.14-1.fc25 git-2.9.3-3.fc25 golang-github-cznic-fileutil-0-0.2.git90cf820.fc25 golang-github-cznic-sortutil-0-0.1.git4c73428.fc25 golang-github-cznic-strutil-0-0.1.git43a8959.fc25 gtk3-3.22.11-1.fc25 guacamole-server-0.9.12-1.fc25 mc-4.8.19-1.fc25 molequeue-0.8.0-2.20161222giteb397e.fc25 perl-LWP-UserAgent-DNS-Hosts-0.11-3.fc25 pkgconf-1.3.5-1.fc25 python-dbfread-2.0.7-3.git300b2d7.fc25 python-hglib-2.4-1.fc25 python-msrest-0.4.7-1.fc25 python-streamlink-0.5.0-1.fc25 rpmconf-1.0.19-1.fc25 snapd-2.23.6-4.fc25 snapd-glib-1.10-1.fc25 spacefm-1.0.5-4.fc25 tigervnc-1.7.1-3.fc25 unity-gtk-module-0.0.0+17.04.20170403-1.fc25 xonotic-0.8.2-1.fc25 xonotic-data-0.8.2-1.fc25 zathura-pdf-mupdf-0.3.1-1.fc25 zathura-pdf-poppler-0.2.7-1.fc25 Details about builds: ================================================================================ a52dec-0.7.4-27.fc25 (FEDORA-2017-6b4678f51e) Small test program for liba52 -------------------------------------------------------------------------------- Update Information: Fix upgrade path for 3rd part repos using a52dec-libs instead of liba52 -------------------------------------------------------------------------------- ================================================================================ aide-0.16-2.fc25 (FEDORA-2017-5162abbf03) Intrusion detection environment -------------------------------------------------------------------------------- Update Information: fixed upstream link -------------------------------------------------------------------------------- References: [ 1 ] Bug #1421355 - aide contrib directory is not readable https://bugzilla.redhat.com/show_bug.cgi?id=1421355 [ 2 ] Bug #1421351 - /sbin/aide is not readable by non root https://bugzilla.redhat.com/show_bug.cgi?id=1421351 -------------------------------------------------------------------------------- ================================================================================ ca-certificates-2017.2.11-1.1.fc25 (FEDORA-2017-a11057f70e) The Mozilla CA root certificate bundle -------------------------------------------------------------------------------- Update Information: This update supports a new PKCS#11 attribute CKA_NSS_MOZILLA_CA_POLICY. The attribute has been defined by NSS version 3.30. The attribute is expected to be set to true for CA certificates that have been added as part of the Mozilla CA Policy process. The enhancement is required for compatibility with the future Firefox 54 release, which will query this attribute when accessing root CA certificates from the loaded CA trust module. On Fedora, Firefox is configured to access the p11-kit-trust module, instead of the NSS CA trust module nssckbi. This change to the ca-certificates package will make the attribute available to p11-kit-trust and Firefox. Support for this new attribute requires p11-kit- trust version and build 0.23.2-3, which contains the relevant backported functionality from upstream version 0.23.5. To enable the addition of this attribute, the ca-certificates package has been changed to use p11-kit-trust's flexible p11-kit-object-v1 file format for the internal packaging of the CA certificates list. The update-ca-trust command has been changed to add comments to extracted PEM format files. The changes in this package version shouldn't affect any existing functionality or trust. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1418741 - Change the CA + trust input format given from ca-certificates to p11-kit-trust https://bugzilla.redhat.com/show_bug.cgi?id=1418741 [ 2 ] Bug #1418739 - ca-certificates must set the nss-mozilla-ca-policy pkcs#11 attribute for Mozilla CAs https://bugzilla.redhat.com/show_bug.cgi?id=1418739 -------------------------------------------------------------------------------- ================================================================================ chkrootkit-0.52-1.fc25 (FEDORA-2017-8df4d86cda) Tool to locally check for signs of a rootkit -------------------------------------------------------------------------------- Update Information: 0.52 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438910 - update 0.52 https://bugzilla.redhat.com/show_bug.cgi?id=1438910 [ 2 ] Bug #1411126 - Suspicious detections on fresh installed system https://bugzilla.redhat.com/show_bug.cgi?id=1411126 -------------------------------------------------------------------------------- ================================================================================ file-5.29-4.fc25 (FEDORA-2017-5a6a02391d) A utility for determining file types -------------------------------------------------------------------------------- Update Information: - fix utf-8 conversion in Python 2 bindings (#1433364) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1433364 - python bindings no longer working with Python 2.7 https://bugzilla.redhat.com/show_bug.cgi?id=1433364 -------------------------------------------------------------------------------- ================================================================================ flatpak-0.9.2-1.fc25 (FEDORA-2017-85b7d7129b) Application deployment framework for desktop apps -------------------------------------------------------------------------------- Update Information: flatpak 0.9.2 release. For details, see https://github.com/flatpak/flatpak/releases/tag/0.9.2 -------------------------------------------------------------------------------- ================================================================================ gegl03-0.3.14-1.fc25 (FEDORA-2017-994a121f66) Graph based image processing framework -------------------------------------------------------------------------------- Update Information: Be more memory efficient when converting a GeglBuffer to a GdkPixbuf. -------------------------------------------------------------------------------- ================================================================================ git-2.9.3-3.fc25 (FEDORA-2017-b1b8a7c469) Fast Version Control System -------------------------------------------------------------------------------- Update Information: Calling git blame on an untracked file resulted in a segfault. Apply the upstream [patch](https://github.com/git/git/commit/bc6b13a7d) which resolves this [issue](https://bugzilla.redhat.com/1438801). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438801 - [abrt] git-core: __strcmp_sse2_unaligned(): git killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1438801 -------------------------------------------------------------------------------- ================================================================================ golang-github-cznic-fileutil-0-0.2.git90cf820.fc25 (FEDORA-2017-471057d7ad) File utility functions for Go -------------------------------------------------------------------------------- Update Information: New package for fedora. This is one of the dependencies of syncthing. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1431732 - Review Request: golang-github-cznic-fileutil - File utility functions for Go https://bugzilla.redhat.com/show_bug.cgi?id=1431732 -------------------------------------------------------------------------------- ================================================================================ golang-github-cznic-sortutil-0-0.1.git4c73428.fc25 (FEDORA-2017-ee335a33cd) Supplemental utilities for Go's sort package -------------------------------------------------------------------------------- Update Information: New package for fedora. This is one of the dependencies of syncthing. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1431735 - Review Request: golang-github-cznic-sortutil - Supplemental utilities for Go's sort package https://bugzilla.redhat.com/show_bug.cgi?id=1431735 -------------------------------------------------------------------------------- ================================================================================ golang-github-cznic-strutil-0-0.1.git43a8959.fc25 (FEDORA-2017-ba8291615d) Supplemental utilities for Go's strings package -------------------------------------------------------------------------------- Update Information: New package for fedora. This is one of the dependencies of syncthing. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1431736 - Review Request: golang-github-cznic-strutil - Supplemental utilities for Go's strings package https://bugzilla.redhat.com/show_bug.cgi?id=1431736 -------------------------------------------------------------------------------- ================================================================================ gtk3-3.22.11-1.fc25 (FEDORA-2017-a40dca1e21) The GIMP ToolKit (GTK+), a library for creating GUIs for X -------------------------------------------------------------------------------- Update Information: gtk+ 3.22.11 release. For details, see https://mail.gnome.org/archives/ftp- release-list/2017-March/msg00134.html -------------------------------------------------------------------------------- ================================================================================ guacamole-server-0.9.12-1.fc25 (FEDORA-2017-5465f87566) Server-side native components that form the Guacamole proxy -------------------------------------------------------------------------------- Update Information: Update to 0.9.12 release -------------------------------------------------------------------------------- ================================================================================ mc-4.8.19-1.fc25 (FEDORA-2017-34bd61b9fa) User-friendly text console file manager and visual shell -------------------------------------------------------------------------------- Update Information: 4.8.19 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1436394 - update to 4.8.19, switch from slang to ncurses, other cleanups https://bugzilla.redhat.com/show_bug.cgi?id=1436394 [ 2 ] Bug #1429265 - mc-4.8.19 is available https://bugzilla.redhat.com/show_bug.cgi?id=1429265 -------------------------------------------------------------------------------- ================================================================================ molequeue-0.8.0-2.20161222giteb397e.fc25 (FEDORA-2017-833b73f0b0) Desktop integration of high performance computing resources -------------------------------------------------------------------------------- Update Information: - New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1431444 - Review Request: molequeue - Desktop integration of high performance computing resources https://bugzilla.redhat.com/show_bug.cgi?id=1431444 -------------------------------------------------------------------------------- ================================================================================ perl-LWP-UserAgent-DNS-Hosts-0.11-3.fc25 (FEDORA-2017-f1c5ba4a31) Override LWP HTTP/HTTPS request's host like /etc/hosts -------------------------------------------------------------------------------- Update Information: - Latest upstream - Upstream switched to Module::Build::Tiny flow - Set minimum version of Test::Fake::HTTPD to 0.08 - Remove deprecated Group tag - Fix typo -------------------------------------------------------------------------------- References: [ 1 ] Bug #1429101 - perl-LWP-UserAgent-DNS-Hosts-0.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1429101 -------------------------------------------------------------------------------- ================================================================================ pkgconf-1.3.5-1.fc25 (FEDORA-2017-fa482d6f73) Package compiler and linker metadata toolkit -------------------------------------------------------------------------------- Update Information: **Bug fixes**: - fix --variable output for compatibility some broken configure scripts when they request the same variable from multiple packages ---- Update to 1.3.3, making behavior changes in 1.3.2 optional ---- - **Features**: - implement `--short-errors` - **Bug fixes**: - only consider a single package at a time with `--print-requires`, `--print-requires- private`, `--print-provides`, `--modversion`, `--print-variable` and `--print- variables` - rewrite handling of `--modversion`, `--print-variables` and `--variable` to not require the dependency resolver - **Enhancements**: - synchronized latest freedesktop.org changes to pkg.m4 - improve error reporting with legacy `--atleast-version` and similar flags -------------------------------------------------------------------------------- References: [ 1 ] Bug #1436463 - pkgconf-1.3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1436463 [ 2 ] Bug #1437101 - Pkgconf breaks golang https://bugzilla.redhat.com/show_bug.cgi?id=1437101 -------------------------------------------------------------------------------- ================================================================================ python-dbfread-2.0.7-3.git300b2d7.fc25 (FEDORA-2017-9996b7466a) Read DBF Files with Python -------------------------------------------------------------------------------- Update Information: Fix shebang in examples -------------------------------------------------------------------------------- References: [ 1 ] Bug #1431426 - Review Request: python-dbfread - Read DBF Files with Python https://bugzilla.redhat.com/show_bug.cgi?id=1431426 -------------------------------------------------------------------------------- ================================================================================ python-hglib-2.4-1.fc25 (FEDORA-2017-613477d23f) Mercurial Python library -------------------------------------------------------------------------------- Update Information: Update to latest upstream release python-hglib 2.4. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438627 - python-hglib-2.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1438627 -------------------------------------------------------------------------------- ================================================================================ python-msrest-0.4.7-1.fc25 (FEDORA-2017-0470464858) AutoRest swagger generator Python client runtime -------------------------------------------------------------------------------- Update Information: BugFixes * Refactor paging #22: * "next" is renamed "advance_page" and "next" returns only 1 element (Python 2 expected behavior) * paging objects are now real generator and support the "next()" built-in function without need for "iter()" * Raise accurate DeserialisationError on incorrect RestAPI discriminator usage #27 * Fix discriminator usage of the base class name #27 * Remove default mutable arguments in Clients #20 * Fix object comparison in some scenarios #24 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1439197 - python-msrest-v0.4.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1439197 -------------------------------------------------------------------------------- ================================================================================ python-streamlink-0.5.0-1.fc25 (FEDORA-2017-c08f2a193e) Python library for extracting streams from various websites -------------------------------------------------------------------------------- Update Information: Lot's of contributions since the last release. As always, lot's of updating to plugins! One of the new features is the addition of Google Drive / Google Docs, you can now stream videos stored on Google Docs. We've also gone ahead and removed dead plugins (sites which have gone down) as well as added pycrypto as a dependency for future plugins. See https://github.com/streamlink/streamlink/releases/latest for more. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438991 - python-streamlink-0.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1438991 -------------------------------------------------------------------------------- ================================================================================ rpmconf-1.0.19-1.fc25 (FEDORA-2017-0ce35fa95e) Tool to handle rpmnew and rpmsave files -------------------------------------------------------------------------------- Update Information: * bugfix * new option --test -------------------------------------------------------------------------------- References: [ 1 ] Bug #1350249 - rpmconf tracebacks if one of the files is a broken symlink https://bugzilla.redhat.com/show_bug.cgi?id=1350249 -------------------------------------------------------------------------------- ================================================================================ snapd-2.23.6-4.fc25 (FEDORA-2017-37a7331620) A transactional software package manager -------------------------------------------------------------------------------- Update Information: `snapd` 2.23.6 and `snapd-glib` 1.10 introduce support for using Snaps in Fedora. `snapd` provides the Snappy system functionality, while `snapd-glib` enables various applications to interact and integrate with `snapd`. See https://snapcraft.io/ for more information on Snappy. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1390616 - Review Request: snapd-glib - Library providing a GLib interface to snapd https://bugzilla.redhat.com/show_bug.cgi?id=1390616 [ 2 ] Bug #1367825 - Review Request: snapd - The snapd and snap tools enable systems to work with .snap files https://bugzilla.redhat.com/show_bug.cgi?id=1367825 [ 3 ] Bug #1421274 - Is this ever going to be built? https://bugzilla.redhat.com/show_bug.cgi?id=1421274 [ 4 ] Bug #1438790 - snapd-glib-1.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1438790 -------------------------------------------------------------------------------- ================================================================================ snapd-glib-1.10-1.fc25 (FEDORA-2017-37a7331620) Library providing a GLib interface to snapd -------------------------------------------------------------------------------- Update Information: `snapd` 2.23.6 and `snapd-glib` 1.10 introduce support for using Snaps in Fedora. `snapd` provides the Snappy system functionality, while `snapd-glib` enables various applications to interact and integrate with `snapd`. See https://snapcraft.io/ for more information on Snappy. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1390616 - Review Request: snapd-glib - Library providing a GLib interface to snapd https://bugzilla.redhat.com/show_bug.cgi?id=1390616 [ 2 ] Bug #1367825 - Review Request: snapd - The snapd and snap tools enable systems to work with .snap files https://bugzilla.redhat.com/show_bug.cgi?id=1367825 [ 3 ] Bug #1421274 - Is this ever going to be built? https://bugzilla.redhat.com/show_bug.cgi?id=1421274 [ 4 ] Bug #1438790 - snapd-glib-1.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1438790 -------------------------------------------------------------------------------- ================================================================================ spacefm-1.0.5-4.fc25 (FEDORA-2017-ead5f9f02e) Multi-panel tabbed file and desktop manager -------------------------------------------------------------------------------- Update Information: A bug was reported that opening preferences causes segv on wayland session. This new rpm should fix this issue. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438277 - [abrt] spacefm: XRootWindowOfScreen(): spacefm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1438277 -------------------------------------------------------------------------------- ================================================================================ tigervnc-1.7.1-3.fc25 (FEDORA-2017-51979161f4) A TigerVNC remote display system -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438703 - CVE-2017-7396 tigervnc: SecurityServer and ClientServer memory leaks https://bugzilla.redhat.com/show_bug.cgi?id=1438703 [ 2 ] Bug #1438701 - CVE-2017-7395 tigervnc: Integer overflow in SMsgReader::readClientCutText https://bugzilla.redhat.com/show_bug.cgi?id=1438701 [ 3 ] Bug #1438700 - CVE-2017-7394 tigervnc: Server crash via long usernames https://bugzilla.redhat.com/show_bug.cgi?id=1438700 [ 4 ] Bug #1438697 - CVE-2017-7393 tigervnc: Double free via crafted fences https://bugzilla.redhat.com/show_bug.cgi?id=1438697 [ 5 ] Bug #1438694 - CVE-2017-7392 tigervnc: SSecurityVeNCrypt memory leak https://bugzilla.redhat.com/show_bug.cgi?id=1438694 -------------------------------------------------------------------------------- ================================================================================ unity-gtk-module-0.0.0+17.04.20170403-1.fc25 (FEDORA-2017-a0deba7ab0) GTK+ module for exporting old-style menus as GMenuModels -------------------------------------------------------------------------------- Update Information: * New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438992 - unity-gtk-module-0.0.0+17.04.20170403 is available https://bugzilla.redhat.com/show_bug.cgi?id=1438992 -------------------------------------------------------------------------------- ================================================================================ xonotic-0.8.2-1.fc25 (FEDORA-2017-e08d325224) Multiplayer, deathmatch oriented first person shooter -------------------------------------------------------------------------------- Update Information: xonotic 0.8.2 release. For details, see http://xonotic.org/posts/2017/xonotic-0-8-2-release/ -------------------------------------------------------------------------------- ================================================================================ xonotic-data-0.8.2-1.fc25 (FEDORA-2017-e08d325224) Game data for the Xonotic first person shooter -------------------------------------------------------------------------------- Update Information: xonotic 0.8.2 release. For details, see http://xonotic.org/posts/2017/xonotic-0-8-2-release/ -------------------------------------------------------------------------------- ================================================================================ zathura-pdf-mupdf-0.3.1-1.fc25 (FEDORA-2017-61cb9568a7) PDF support for zathura via mupdf -------------------------------------------------------------------------------- Update Information: A new version of the Zathura mupdf-based PDF plugin is available. This build is based on mupdf 1.10a. See https://pwmt.org/news/zathura-pdf-mupdf-0-3-1/ for the summary of changes in this release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1428927 - Update to 0.3.1 and rebuild against mupdf 1.10a https://bugzilla.redhat.com/show_bug.cgi?id=1428927 -------------------------------------------------------------------------------- ================================================================================ zathura-pdf-poppler-0.2.7-1.fc25 (FEDORA-2017-01907f180b) PDF support for zathura via poppler -------------------------------------------------------------------------------- Update Information: A new version of the Zathura poppler-based PDF plugin is available. Refer to https://pwmt.org/news/zathura-pdf-poppler-0-2-7/ for the summary of changes in this release. -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
