The following Fedora 24 Security updates need testing: Age URL 113 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08 squid-3.5.23-1.fc24 106 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24 69 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba runc-1.0.0-5.rc2.gitc91b5be.fc24 49 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4b176c1694 redis-3.2.8-1.fc24 26 https://bodhi.fedoraproject.org/updates/FEDORA-2017-68cdc567e9 php-onelogin-php-saml-2.10.5-1.fc24 19 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0f5fe1913f sane-backends-1.0.25-7.fc24 19 https://bodhi.fedoraproject.org/updates/FEDORA-2017-72323a442f ntp-4.2.6p5-44.fc24 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ec01954fe9 chromium-57.0.2987.133-1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-84bc8ac268 libpng12-1.2.57-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a66ca10c22 tigervnc-1.7.1-4.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-03dc811be6 xen-4.6.5-5.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7de130a80d tnef-1.4.14-1.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-97fb93e1d1 samba-4.4.13-1.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9a13090378 ghostscript-9.20-7.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8330a48ca2 python-XStatic-jquery-ui-1.12.0.1-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8eac23007d xorgxrdp-0.2.1-1.fc24 xrdp-0.9.2-5.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ed6b6a1d7a ming-0.4.8-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e15e37b689 proftpd-1.3.5e-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-502cf68d68 kernel-4.10.9-100.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d9d620366e php-pear-CAS-1.3.5-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-be8574d593 libxml2-2.9.4-2.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f676ecb20d libsndfile-1.0.28-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5764721de5 xstream-1.4.9-5.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-db6864b797 jenkins-xstream-1.4.7-11.jenkins1.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-58d5521965 linux-firmware-20170313-72.git695f2d6d.fc24 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6189eb6f22 gvfs-1.28.4-1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-579411a8a3 nss-3.29.3-1.1.fc24 nss-util-3.29.3-1.1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c372fa4dbc sudo-1.8.19p2-1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3e90bdded7 p11-kit-0.23.2-3.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1739c0ed1b hwdata-0.299-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3753e75f72 ca-certificates-2017.2.11-1.1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a66ca10c22 tigervnc-1.7.1-4.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a90e43dc1b thunderbird-52.0-1.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-185a953346 libfm-1.2.5-3.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-97fb93e1d1 samba-4.4.13-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6ec305fa93 dbus-1.11.12-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-be8574d593 libxml2-2.9.4-2.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ae0e285fc1 libdrm-2.4.79-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-502cf68d68 kernel-4.10.9-100.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5f06d0bad6 vim-8.0.562-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f676ecb20d libsndfile-1.0.28-1.fc24 The following builds have been pushed to Fedora 24 updates-testing asciinema-1.4.0-1.fc24 dovecot-2.2.29-1.fc24 glusterfs-3.8.11-1.fc24 gnucash-2.6.16-1.fc24 gnucash-docs-2.6.16-1.fc24 jenkins-xstream-1.4.7-11.jenkins1.fc24 js-jquery-2.2.4-3.fc24 kde-cli-tools-5.8.6-2.fc24 kf5-networkmanager-qt-5.33.0-2.fc24 kup-0.3.6-1.fc24 libmicrohttpd-0.9.53-1.fc24 libsndfile-1.0.28-1.fc24 libtaskotron-0.4.20-1.fc24 python-pyvo-0.6.0-1.git20170411.3fa56a6.fc24 shotwell-0.24.6-1.fc24 snapd-2.24-1.fc24 taskotron-trigger-0.4.8-1.fc24 thermald-1.6-3.fc24 vim-8.0.562-1.fc24 webkitgtk4-2.16.1-2.fc24 xstream-1.4.9-5.fc24 Details about builds: ================================================================================ asciinema-1.4.0-1.fc24 (FEDORA-2017-ae46c20591) Command line client (terminal recorder) for asciinema.org service -------------------------------------------------------------------------------- Update Information: Update to version 1.4.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441573 - asciinema-1.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1441573 -------------------------------------------------------------------------------- ================================================================================ dovecot-2.2.29-1.fc24 (FEDORA-2017-da4ed58fd5) Secure imap and pop3 server -------------------------------------------------------------------------------- Update Information: + quota: Add plugin { quota_max_mail_size } setting to limit the maximum individual mail size that can be saved. + imapc: Add imapc_features=delay- login. If set, connecting to the remote IMAP server isn't done until it's necessary. + imapc: Add imapc_connection_retry_count and imapc_connection_retry_interval settings. + imap, pop3, indexer-worker: Add (deinit) to process title before autoexpunging runs. + Added %{encrypt} and %{decrypt} variables + imap/pop3 proxy: Log proxy state in errors as human- readable string. + imap/pop3-login: All forward_* extra fields returned by passdb are sent to the next hop when proxying using ID/XCLIENT commands. On the receiving side these fields are imported and sent to auth process where they're accessible via %{passdb:forward_*}. This is done only if the sending IP address matches login_trusted_networks. + imap-login: If imap_id_retain=yes, send the IMAP ID string to auth process. %{client_id} expands to it in auth process. The ID string is also sent to the next hop when proxying. + passdb imap: Use ssl_client_ca_* settings for CA validation. - fts-tika: Fixed crash when parsing attachment without Content-Disposition header. Broken by 2.2.28. - trash plugin was broken in 2.2.28 - auth: When passdb/userdb lookups were done via auth-workers, too much data was added to auth cache. This could have resulted in wrong replies when using multiple passdbs/userdbs. - auth: passdb { skip & mechanisms } were ignored for the first passdb - oauth2: Various fixes, including fixes to crashes - dsync: Large Sieve scripts (or other large metadata) weren't always synced. - Index rebuild (e.g. doveadm force-resync) set all mails as \Recent - imap-hibernate: %{userdb:*} wasn't expanded in mail_log_prefix - doveadm: Exit codes weren't preserved when proxying commands via doveadm-server. Almost all errors used exit code 75 (tempfail). - ACLs weren't applied to not-yet-existing autocreated mailboxes. - Fixed a potential crash when parsing a broken message header. - cassandra: Fallback consistency settings weren't working correctly. - doveadm director status <user>: "Initial config" was always empty - imapc: Various reconnection fixes. -------------------------------------------------------------------------------- ================================================================================ glusterfs-3.8.11-1.fc24 (FEDORA-2017-efd28bd5c7) Distributed File System -------------------------------------------------------------------------------- Update Information: 3.8.11 GA -------------------------------------------------------------------------------- ================================================================================ gnucash-2.6.16-1.fc24 (FEDORA-2017-d90785c9e9) Finance management application -------------------------------------------------------------------------------- Update Information: This updates GnuCash to the latest upstream bugfix release, 2.6.16. For more information, see the upstream release notes at http://gnucash.org/. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1436183 - gnucash-2.6.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1436183 [ 2 ] Bug #1409887 - Reports flicker after opening https://bugzilla.redhat.com/show_bug.cgi?id=1409887 -------------------------------------------------------------------------------- ================================================================================ gnucash-docs-2.6.16-1.fc24 (FEDORA-2017-d90785c9e9) Help files and documentation for the GnuCash personal finance manager -------------------------------------------------------------------------------- Update Information: This updates GnuCash to the latest upstream bugfix release, 2.6.16. For more information, see the upstream release notes at http://gnucash.org/. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1436183 - gnucash-2.6.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1436183 [ 2 ] Bug #1409887 - Reports flicker after opening https://bugzilla.redhat.com/show_bug.cgi?id=1409887 -------------------------------------------------------------------------------- ================================================================================ jenkins-xstream-1.4.7-11.jenkins1.fc24 (FEDORA-2017-db6864b797) Jenkins XStream library -------------------------------------------------------------------------------- Update Information: Security fix for rhbz#1441541 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441541 - jenkins-xstream: XStream: DoS when unmarshalling void type [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1441541 -------------------------------------------------------------------------------- ================================================================================ js-jquery-2.2.4-3.fc24 (FEDORA-2017-4c189bc234) JavaScript DOM manipulation, event handling, and AJAX library -------------------------------------------------------------------------------- Update Information: Update adds Provides: js-jquery2, in order to better support future package rename and addition of jQuery 3. -------------------------------------------------------------------------------- ================================================================================ kde-cli-tools-5.8.6-2.fc24 (FEDORA-2017-9c1688ae30) Tools based on KDE Frameworks 5 to better interact with the system -------------------------------------------------------------------------------- Update Information: Backport upstream fix for getting a more-complete output from "kcmshell5 --list" -------------------------------------------------------------------------------- ================================================================================ kf5-networkmanager-qt-5.33.0-2.fc24 (FEDORA-2017-f1b43b783e) A Tier 1 KDE Frameworks 5 module that wraps NetworkManager DBus API -------------------------------------------------------------------------------- Update Information: Set default value for auto-negotiation in wired setting based on running NetworkManager version (bz#1440583). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440583 - Unable to modify network settings https://bugzilla.redhat.com/show_bug.cgi?id=1440583 -------------------------------------------------------------------------------- ================================================================================ kup-0.3.6-1.fc24 (FEDORA-2017-a9e48d1d49) Kernel.org Uploader -------------------------------------------------------------------------------- Update Information: Update to upstream 0.3.6 with support for subcmd and gitolite -------------------------------------------------------------------------------- ================================================================================ libmicrohttpd-0.9.53-1.fc24 (FEDORA-2017-a815fd1582) Lightweight library for embedding a webserver in applications -------------------------------------------------------------------------------- Update Information: Update to 0.9.53-1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1288676 - libmicrohttpd-0.9.53 is available https://bugzilla.redhat.com/show_bug.cgi?id=1288676 -------------------------------------------------------------------------------- ================================================================================ libsndfile-1.0.28-1.fc24 (FEDORA-2017-f676ecb20d) Library for reading and writing sound files -------------------------------------------------------------------------------- Update Information: * updated to 1.0.28 * fixes possible buffer overflow when parsing crafted ID3 tags (#1440758, CVE-2017-7586) * fixes possible buffer overflow when parsing crafted flac file (#1440756, CVE-2017-7585) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440756 - CVE-2017-7585 libsndfile: Stack-based buffer overflow in flac_buffer_copy() https://bugzilla.redhat.com/show_bug.cgi?id=1440756 [ 2 ] Bug #1440758 - CVE-2017-7586 libsndfile: Error in header_read() causing stack-based buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1440758 -------------------------------------------------------------------------------- ================================================================================ libtaskotron-0.4.20-1.fc24 (FEDORA-2017-2a907d23bd) Taskotron Support Library -------------------------------------------------------------------------------- Update Information: Added better support for F26, secondary arches handling. Added module_build item type, other small fixes -------------------------------------------------------------------------------- ================================================================================ python-pyvo-0.6.0-1.git20170411.3fa56a6.fc24 (FEDORA-2017-6d2d130048) Access to remote data and services of the Virtual observatory (VO) using Python -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441189 - python-pyvo-0.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1441189 -------------------------------------------------------------------------------- ================================================================================ shotwell-0.24.6-1.fc24 (FEDORA-2017-a9d0c09896) A photo organizer for the GNOME desktop -------------------------------------------------------------------------------- Update Information: shotwell 0.24.6 release. * Fix gamma and chromatic aberrations when developing with libraw * Picasa: Remove possibility to create new albums * Fix import of files with ".ogg" extension * Fix crash on wayland when dragging tool boxes * Fix toolbox not visible in Cinnamon * Fix manpage * Viewer: Fix navigation after saving a photo * Do not load files into memory when importing * Translation updates -------------------------------------------------------------------------------- ================================================================================ snapd-2.24-1.fc24 (FEDORA-2017-3f22cb3858) A transactional software package manager -------------------------------------------------------------------------------- Update Information: Update to snapd v2.24. Some of the highlights (from the Snappy team): * Fix potential transition issue from `ubuntu-core` to `core` * Work towards improved aliases * (many) cross-distribution improvements * Fixes to work better with GNOME Software * Improve internal interfaces code * Detect devmode by inspecting the AppArmor support in the kernel * Test improvements * Allow chroot in base template * Fix `pi-config.*` core settings and add some more * interface updates: `browser-support`,`unity7`,`framebuffer`,`location-observe`,`location- control`,`browser-support`,`mir`,`opengl`,`unity8` * new interfaces: `joystick`,`maliit`,`autopilot` -------------------------------------------------------------------------------- ================================================================================ taskotron-trigger-0.4.8-1.fc24 (FEDORA-2017-858026aa08) Triggering Taskotron jobs via fedmsg -------------------------------------------------------------------------------- Update Information: Fixing issue where branch parameter was not being passed correctly and added MBS consumer ---- Fixes a bug in finding cloud images due to hard codded values -------------------------------------------------------------------------------- ================================================================================ thermald-1.6-3.fc24 (FEDORA-2017-9ab3f22a16) Thermal Management daemon -------------------------------------------------------------------------------- Update Information: * Initial rpm-release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440406 - Review Request: thermald - Thermal Management daemon https://bugzilla.redhat.com/show_bug.cgi?id=1440406 -------------------------------------------------------------------------------- ================================================================================ vim-8.0.562-1.fc24 (FEDORA-2017-5f06d0bad6) The VIM editor -------------------------------------------------------------------------------- Update Information: The newest upstream commit. -------------------------------------------------------------------------------- ================================================================================ webkitgtk4-2.16.1-2.fc24 (FEDORA-2017-c4d0520cfc) GTK+ Web content engine library -------------------------------------------------------------------------------- Update Information: This update brings the following changes: * Fix no-third-party cookies policy in case of redirections. * Keep URL fragments after server redirections. * Honor GTK+ font settings. * Ensure depth and stencil renderbuffers are created on GLESv2. * Prevent new navigations from onbeforeunload handler and document unload. * Disallow beforeunload alerts from web pages users have never interacted with. * Fix several crashes and rendering issues. -------------------------------------------------------------------------------- ================================================================================ xstream-1.4.9-5.fc24 (FEDORA-2017-5764721de5) Java XML serialization library -------------------------------------------------------------------------------- Update Information: Security fix for rhbz#1441542 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441542 - XStream: DoS when unmarshalling void type [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1441542 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx