The following Fedora 24 Security updates need testing: Age URL 112 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08 squid-3.5.23-1.fc24 105 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24 67 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba runc-1.0.0-5.rc2.gitc91b5be.fc24 48 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4b176c1694 redis-3.2.8-1.fc24 25 https://bodhi.fedoraproject.org/updates/FEDORA-2017-68cdc567e9 php-onelogin-php-saml-2.10.5-1.fc24 17 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0f5fe1913f sane-backends-1.0.25-7.fc24 17 https://bodhi.fedoraproject.org/updates/FEDORA-2017-72323a442f ntp-4.2.6p5-44.fc24 16 https://bodhi.fedoraproject.org/updates/FEDORA-2017-97e65f13bb python-sleekxmpp-1.3.2-1.fc24 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ec01954fe9 chromium-57.0.2987.133-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2a3e6fa12 php-horde-Horde-Crypt-2.7.6-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-66fd940572 libpng15-1.5.28-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-84bc8ac268 libpng12-1.2.57-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a66ca10c22 tigervnc-1.7.1-4.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-03dc811be6 xen-4.6.5-5.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7de130a80d tnef-1.4.14-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-97fb93e1d1 samba-4.4.13-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9a13090378 ghostscript-9.20-7.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8330a48ca2 python-XStatic-jquery-ui-1.12.0.1-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8eac23007d xorgxrdp-0.2.1-1.fc24 xrdp-0.9.2-5.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ed6b6a1d7a ming-0.4.8-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e15e37b689 proftpd-1.3.5e-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-502cf68d68 kernel-4.10.9-100.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d9d620366e php-pear-CAS-1.3.5-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-be8574d593 libxml2-2.9.4-2.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-58d5521965 linux-firmware-20170313-72.git695f2d6d.fc24 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6189eb6f22 gvfs-1.28.4-1.fc24 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e50ea71b16 audit-2.7.4-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-579411a8a3 nss-3.29.3-1.1.fc24 nss-util-3.29.3-1.1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c372fa4dbc sudo-1.8.19p2-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3e90bdded7 p11-kit-0.23.2-3.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1739c0ed1b hwdata-0.299-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3753e75f72 ca-certificates-2017.2.11-1.1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a90e43dc1b thunderbird-52.0-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-185a953346 libfm-1.2.5-3.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-97fb93e1d1 samba-4.4.13-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-61498b10c5 cups-2.1.4-6.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a66ca10c22 tigervnc-1.7.1-4.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6ec305fa93 dbus-1.11.12-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-be8574d593 libxml2-2.9.4-2.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ae0e285fc1 libdrm-2.4.79-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-502cf68d68 kernel-4.10.9-100.fc24 The following builds have been pushed to Fedora 24 updates-testing daala-0-5.20170324gitee07b32.fc24 ixpdimm_sw-01.00.00.2229-1.fc24 kernel-4.10.9-100.fc24 libdrm-2.4.79-1.fc24 libxml2-2.9.4-2.fc24 libyui-3.2.9-1.fc24 libyui-gtk-2.44.8-2.fc24 libyui-ncurses-2.48.1-1.fc24 libyui-qt-2.47.1-1.fc24 openttd-1.7.0-1.fc24 otter-browser-0.9.12-0.3.beta12gitd82cbcc.fc24 perl-Compress-Bzip2-2.26-1.fc24 perl-PPI-XS-0.904-1.fc24 php-horde-Horde-Image-2.4.1-1.fc24 php-pear-CAS-1.3.5-1.fc24 purple-hangouts-0-46.20170409hg0b17daa.fc24 py3status-3.5-1.fc24 python-libpagure-0.9-1.fc24 python-mnemonic-0.17-1.fc24 qt5-qtdeclarative-5.6.2-2.fc24 Details about builds: ================================================================================ daala-0-5.20170324gitee07b32.fc24 (FEDORA-2017-5b895e20d7) Daala video compression -------------------------------------------------------------------------------- Update Information: Fixed daalainfo command line tool. No changes to the libraries' ABI. -------------------------------------------------------------------------------- ================================================================================ ixpdimm_sw-01.00.00.2229-1.fc24 (FEDORA-2017-41785bf296) API for development of IXPDIMM management utilities -------------------------------------------------------------------------------- Update Information: Fix ixpdimm-cli installation. ---- Updated to latest HEAD. ---- Update to HEAD. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1423749 - ixpdimm_sw: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1423749 [ 2 ] Bug #1427852 - ixpdimm_sw-01.00.00.2228 is available https://bugzilla.redhat.com/show_bug.cgi?id=1427852 [ 3 ] Bug #1367222 - ixpdimm_sw-01.00.00.2144 is available https://bugzilla.redhat.com/show_bug.cgi?id=1367222 -------------------------------------------------------------------------------- ================================================================================ kernel-4.10.9-100.fc24 (FEDORA-2017-502cf68d68) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 4.10.9 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1434327 - CVE-2017-7187 kernel: scsi: Stack-based buffer overflow in sg_ioctl function https://bugzilla.redhat.com/show_bug.cgi?id=1434327 [ 2 ] Bug #1436649 - CVE-2017-2671 kernel: ping socket / AF_LLC connect() sin_family race https://bugzilla.redhat.com/show_bug.cgi?id=1436649 -------------------------------------------------------------------------------- ================================================================================ libdrm-2.4.79-1.fc24 (FEDORA-2017-ae0e285fc1) Direct Rendering Manager runtime library -------------------------------------------------------------------------------- Update Information: Update to 2.4.79 -------------------------------------------------------------------------------- ================================================================================ libxml2-2.9.4-2.fc24 (FEDORA-2017-be8574d593) Library providing XML and HTML support -------------------------------------------------------------------------------- Update Information: Update to latest upstream release, includes several security related fixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1395609 - CVE-2016-9318 libxml2: XML External Entity vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1395609 [ 2 ] Bug #1384424 - CVE-2016-4658 libxml2: Use after free via namespace node in XPointer ranges https://bugzilla.redhat.com/show_bug.cgi?id=1384424 [ 3 ] Bug #1358641 - CVE-2016-5131 chromium-browser: use-after-free in libxml https://bugzilla.redhat.com/show_bug.cgi?id=1358641 [ 4 ] Bug #1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar https://bugzilla.redhat.com/show_bug.cgi?id=1338711 [ 5 ] Bug #1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat https://bugzilla.redhat.com/show_bug.cgi?id=1338708 [ 6 ] Bug #1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup https://bugzilla.redhat.com/show_bug.cgi?id=1338706 [ 7 ] Bug #1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal https://bugzilla.redhat.com/show_bug.cgi?id=1338705 [ 8 ] Bug #1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString https://bugzilla.redhat.com/show_bug.cgi?id=1338703 [ 9 ] Bug #1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey https://bugzilla.redhat.com/show_bug.cgi?id=1338702 [ 10 ] Bug #1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content https://bugzilla.redhat.com/show_bug.cgi?id=1338701 [ 11 ] Bug #1338700 - CVE-2016-4448 libxml2: Format string vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1338700 [ 12 ] Bug #1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral https://bugzilla.redhat.com/show_bug.cgi?id=1338696 [ 13 ] Bug #1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs https://bugzilla.redhat.com/show_bug.cgi?id=1338691 [ 14 ] Bug #1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName https://bugzilla.redhat.com/show_bug.cgi?id=1338686 [ 15 ] Bug #1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar https://bugzilla.redhat.com/show_bug.cgi?id=1338682 -------------------------------------------------------------------------------- ================================================================================ libyui-3.2.9-1.fc24 (FEDORA-2017-9226fb42a0) GUI-abstraction library -------------------------------------------------------------------------------- Update Information: * New upstream release * Use rich-dependencies instead of virtual provides * Fix GTK-warnings -------------------------------------------------------------------------------- ================================================================================ libyui-gtk-2.44.8-2.fc24 (FEDORA-2017-9226fb42a0) Gtk3 User Interface for libyui -------------------------------------------------------------------------------- Update Information: * New upstream release * Use rich-dependencies instead of virtual provides * Fix GTK-warnings -------------------------------------------------------------------------------- ================================================================================ libyui-ncurses-2.48.1-1.fc24 (FEDORA-2017-9226fb42a0) Character Based User Interface for libyui -------------------------------------------------------------------------------- Update Information: * New upstream release * Use rich-dependencies instead of virtual provides * Fix GTK-warnings -------------------------------------------------------------------------------- ================================================================================ libyui-qt-2.47.1-1.fc24 (FEDORA-2017-9226fb42a0) Qt User Interface for libyui -------------------------------------------------------------------------------- Update Information: * New upstream release * Use rich-dependencies instead of virtual provides * Fix GTK-warnings -------------------------------------------------------------------------------- ================================================================================ openttd-1.7.0-1.fc24 (FEDORA-2017-ea25ee47e1) Transport system simulation game -------------------------------------------------------------------------------- Update Information: Update to version 1.7.0 containing bugfixes and performance improvements. Some new features have been added under the hood for NewGRFs. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1424030 - openttd: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1424030 -------------------------------------------------------------------------------- ================================================================================ otter-browser-0.9.12-0.3.beta12gitd82cbcc.fc24 (FEDORA-2017-04be248489) Web browser controlled by the user, not vice-versa -------------------------------------------------------------------------------- Update Information: Update to 0.9.12-0.3.beta12gitd82cbcc -------------------------------------------------------------------------------- ================================================================================ perl-Compress-Bzip2-2.26-1.fc24 (FEDORA-2017-1b99579876) Interface to Bzip2 compression library -------------------------------------------------------------------------------- Update Information: This release fixes building on perl without "." in @INC path. We deliver this fix only to provide up-to-date version string. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441002 - perl-Compress-Bzip2-2.26 is available https://bugzilla.redhat.com/show_bug.cgi?id=1441002 -------------------------------------------------------------------------------- ================================================================================ perl-PPI-XS-0.904-1.fc24 (FEDORA-2017-fd1efc9d3e) XS acceleration for PPI -------------------------------------------------------------------------------- Update Information: This release fixes building on perl without "." in @INC path. We deliver it only to provide up-to-date version string. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441008 - perl-PPI-XS-0.904 is available https://bugzilla.redhat.com/show_bug.cgi?id=1441008 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Image-2.4.1-1.fc24 (FEDORA-2017-a7174f4482) Horde Image API -------------------------------------------------------------------------------- Update Information: **Horde_Image 2.4.1** * [mjr] Fix returning stream data from NULL image driver (Bug #14608). -------------------------------------------------------------------------------- ================================================================================ php-pear-CAS-1.3.5-1.fc24 (FEDORA-2017-d9d620366e) Central Authentication Service client library in php -------------------------------------------------------------------------------- Update Information: **Changes in version 1.3.5** * Security Fixes: * Fix possible authentication bypass in validateCAS20 [#228] (Gregory Boddin) * Bug Fixes: * Fix file permissions (non-executable) [#177] (Remi Collet) * Fixed translations Greek and Japanese [#192] (ikari7789) * Fix errors under phpdbg [#204] (MasonM) * Fix logout replication error [#213] (Gregory Boddin) * Improvement: * Add more debug info to logout code [#95] (Joachim Fritschi) * Allow longer ticket >32 chars for PGTStorage [#130] (Joachim Fritchi) * Improved verification of supplied CA arguments [#172] (Joachim Fritschi) * Change minimum supported php version to 5.4 in documentation (Joachim Fritschi) * Add message to CAS_Authentication_Exception [#197] (Baldinof) * Ingnore composer related files and directories [#201] (greg0ire) * Add setter for cas client [#206] (greg0ire) * Add callback for attribute parsing [#205] (Gregory Boddin) * Added setter for base url [#208] (LeopardDennis) * Fix documentation of code documentation [#216] (erozqba) * Improved https detection by HTTP_X_FORWARDED_Protocol [#220] (Gregory Boddin) * Add language support for simplified chinese [#227] (phy25) -------------------------------------------------------------------------------- ================================================================================ purple-hangouts-0-46.20170409hg0b17daa.fc24 (FEDORA-2017-797601e118) Hangouts plugin for libpurple -------------------------------------------------------------------------------- Update Information: Updated to latest snapshot. -------------------------------------------------------------------------------- ================================================================================ py3status-3.5-1.fc24 (FEDORA-2017-dcbc257417) An extensible i3status wrapper written in python -------------------------------------------------------------------------------- Update Information: update to version 3.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1417005 - py3status-3.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1417005 -------------------------------------------------------------------------------- ================================================================================ python-libpagure-0.9-1.fc24 (FEDORA-2017-46d85b5859) A Python library for Pagure APIs -------------------------------------------------------------------------------- Update Information: Updates to 0.9 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1439535 - Rebase to version 0.9 https://bugzilla.redhat.com/show_bug.cgi?id=1439535 -------------------------------------------------------------------------------- ================================================================================ python-mnemonic-0.17-1.fc24 (FEDORA-2017-b541fc9bf3) Implementation of Bitcoin BIP-0039 -------------------------------------------------------------------------------- Update Information: Updated to upstream 0.17 -------------------------------------------------------------------------------- ================================================================================ qt5-qtdeclarative-5.6.2-2.fc24 (FEDORA-2017-e4883cb14a) Qt5 - QtDeclarative component -------------------------------------------------------------------------------- Update Information: Backport upstream crash fix for https://bugs.kde.org/show_bug.cgi?id=351839 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
