The following Fedora 24 Security updates need testing: Age URL 130 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08 squid-3.5.23-1.fc24 123 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24 86 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba runc-1.0.0-5.rc2.gitc91b5be.fc24 66 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4b176c1694 redis-3.2.8-1.fc24 36 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0f5fe1913f sane-backends-1.0.25-7.fc24 29 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ec01954fe9 chromium-57.0.2987.133-1.fc24 22 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8330a48ca2 python-XStatic-jquery-ui-1.12.0.1-1.fc24 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-374389c196 qemu-2.6.2-8.fc24 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-edce28f24b bind99-9.9.9-4.P8.fc24 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7a5363b41d libnl3-3.2.28-5.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4c3ac44551 bouncycastle-1.52-9.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e8767a2fbb drupal8-8.3.1-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c2cefcc2b3 icu-56.1-8.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3b367c896f pcre-8.40-7.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7a7d2044c9 libreoffice-5.1.6.2-8.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2ccfbd650a log4j-2.5-3.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0b6da97aa5 squirrelmail-1.4.22-19.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7de130a80d tnef-1.4.14-2.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c8448d0cad roundcubemail-1.2.5-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-aff3dd3101 batik-1.8-9.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0aa0f69e0c kernel-4.10.13-100.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 22 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a90e43dc1b thunderbird-52.0-1.fc24 18 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ae0e285fc1 libdrm-2.4.79-1.fc24 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e1905fd566 koji-1.12.0-2.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3b367c896f pcre-8.40-7.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c2cefcc2b3 icu-56.1-8.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0768d64843 nss-3.30.2-1.0.fc24 nss-softokn-3.30.2-1.0.fc24 nss-util-3.30.2-1.0.fc24 nspr-4.14.0-2.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-dc35d35e92 vim-8.0.586-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f808fd0be7 menu-cache-1.0.2-3.D20170419gitdffb1314ec.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-508fd2b9ca json-c-0.12.1-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-878927210f ca-certificates-2017.2.14-1.0.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-162308e82b llvm-3.8.1-3.fc24 cargo-0.18.0-1.fc24 rust-1.17.0-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fb8bb34a62 coreutils-8.25-9.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0aa0f69e0c kernel-4.10.13-100.fc24 The following builds have been pushed to Fedora 24 updates-testing batik-1.8-9.fc24 cargo-0.18.0-1.fc24 certbot-0.13.0-2.fc24 coreutils-8.25-9.fc24 execdb-0.0.9-1.fc24 fedora-arm-installer-1.99.14-1.fc24 gsequencer-0.8.0-1.fc24 kernel-4.10.13-100.fc24 llvm-3.8.1-3.fc24 loopabull-0.0.6-1.fc24 origin-1.5.0-1.fc24 php-league-flysystem-1.0.40-1.fc24 php-psr-simple-cache-1.0.0-1.fc24 php-react-dns-0.4.8-1.fc24 php-react-event-loop-0.4.3-1.fc24 php-simplepie-1.5-1.fc24 purple-hangouts-0-47.20170427hg0dc1213.fc24 purple-skypeweb-1.3-3.20170420git31222f4.fc24 python2-pyx-0.12.1-6.fc24 roundcubemail-1.2.5-1.fc24 rust-1.17.0-1.fc24 tnef-1.4.14-2.fc24 yad-0.39.0-1.fc24 Details about builds: ================================================================================ batik-1.8-9.fc24 (FEDORA-2017-aff3dd3101) Scalable Vector Graphics for Java -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-5662 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1443592 - CVE-2017-5662 batik: XML external entity processing vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1443592 -------------------------------------------------------------------------------- ================================================================================ cargo-0.18.0-1.fc24 (FEDORA-2017-162308e82b) Rust's package manager and build tool -------------------------------------------------------------------------------- Update Information: New versions of Rust and Cargo -- see the release notes for [1.17](https://blog .rust-lang.org/2017/04/27/Rust-1.17.html). LLVM is included in this update to fix a bug with ARM codegen. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438031 - File conflicts between rust-gdb and rust-lldb https://bugzilla.redhat.com/show_bug.cgi?id=1438031 -------------------------------------------------------------------------------- ================================================================================ certbot-0.13.0-2.fc24 (FEDORA-2017-c651872919) A free, automated certificate authority client -------------------------------------------------------------------------------- Update Information: Fix to timer target -------------------------------------------------------------------------------- ================================================================================ coreutils-8.25-9.fc24 (FEDORA-2017-fb8bb34a62) A set of basic GNU tools commonly used in shell scripts -------------------------------------------------------------------------------- Update Information: - tail: "tail -F dir/file" revert to polling if the followed directory is replaced (#1283760) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1283760 - coreutils: tail: inotify support changes behavior of -F with subdirs https://bugzilla.redhat.com/show_bug.cgi?id=1283760 -------------------------------------------------------------------------------- ================================================================================ execdb-0.0.9-1.fc24 (FEDORA-2017-ec42ed7505) Execution status database for Taskotron -------------------------------------------------------------------------------- Update Information: This adds a small fix to execdb where the headers like "progress, logs, details" are made into links instead of just text ---- New release of execdb changes the job.taskname column from a 20 char string to a variable width char -------------------------------------------------------------------------------- ================================================================================ fedora-arm-installer-1.99.14-1.fc24 (FEDORA-2017-ce343f6fc4) Writes binary image files to any specified block device -------------------------------------------------------------------------------- Update Information: Add support for numerous new devices, various bug fixes and improvements -------------------------------------------------------------------------------- ================================================================================ gsequencer-0.8.0-1.fc24 (FEDORA-2017-3b057333c8) Advanced Gtk+ Sequencer audio processing engine -------------------------------------------------------------------------------- Update Information: removed patch to fix missing type because upstream includes changes -------------------------------------------------------------------------------- ================================================================================ kernel-4.10.13-100.fc24 (FEDORA-2017-0aa0f69e0c) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 4.10.13 stable kernel update contains a number of important fixes across the tree. ---- The 4.10.12 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1389433 - CVE-2016-9604 kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user https://bugzilla.redhat.com/show_bug.cgi?id=1389433 [ 2 ] Bug #1445207 - CVE-2017-7477 kernel: net: Heap overflow in skb_to_sgvec in macsec.c https://bugzilla.redhat.com/show_bug.cgi?id=1445207 [ 3 ] Bug #1444493 - CVE-2017-7889 kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism https://bugzilla.redhat.com/show_bug.cgi?id=1444493 [ 4 ] Bug #1443615 - CVE-2017-7645 kernel: nfsd: Incorrect handling of long RPC replies https://bugzilla.redhat.com/show_bug.cgi?id=1443615 -------------------------------------------------------------------------------- ================================================================================ llvm-3.8.1-3.fc24 (FEDORA-2017-162308e82b) The Low Level Virtual Machine -------------------------------------------------------------------------------- Update Information: New versions of Rust and Cargo -- see the release notes for [1.17](https://blog .rust-lang.org/2017/04/27/Rust-1.17.html). LLVM is included in this update to fix a bug with ARM codegen. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438031 - File conflicts between rust-gdb and rust-lldb https://bugzilla.redhat.com/show_bug.cgi?id=1438031 -------------------------------------------------------------------------------- ================================================================================ loopabull-0.0.6-1.fc24 (FEDORA-2017-9b10dfbc15) Event loop driven Ansible playbook execution engine -------------------------------------------------------------------------------- Update Information: Update to latest upstream - 0.0.6 -------------------------------------------------------------------------------- ================================================================================ origin-1.5.0-1.fc24 (FEDORA-2017-f63105b276) Open Source Container Management by Red Hat -------------------------------------------------------------------------------- Update Information: Update to latest upstream - v1.5.0 -------------------------------------------------------------------------------- ================================================================================ php-league-flysystem-1.0.40-1.fc24 (FEDORA-2017-e2f712c6c9) Filesystem abstraction: Many filesystems, one API -------------------------------------------------------------------------------- Update Information: **Version 1.0.40** - 2017-04-28 * Improved * Made it possible to indicate an adapter can ovewrite files using the write functions rather than the update ones. ---- **Version 1.0.39** - 2017-04-25 * Fixed * Some FTP servers return the `total` of 0 when a file doesn't exist instead of saying it doesn't exist. ---- **Version 1.0.38** - 2017-04-22 * Fixed * Pure-FTPd now escapes the first call to rawlist too. * Improved * You can now optionally put the FTP adapter in `utf8`-mode by setting the `utf8` setting to `true`. -------------------------------------------------------------------------------- ================================================================================ php-psr-simple-cache-1.0.0-1.fc24 (FEDORA-2017-8060878365) Common interfaces for simple caching (PSR-16) -------------------------------------------------------------------------------- Update Information: This repository holds all interfaces related to PSR-16. Note that this is not a cache implementation of its own. It is merely an interface that describes a cache implementation. See the specification [1] for more details. You can find implementations of the specification by looking for packages providing the psr /simple-cache-implementation [2] virtual package. Autoloader: /usr/share/php/Psr/SimpleCache/autoload.php [1] https://github.com/php-fig/fig- standards/blob/master/accepted/PSR-16-simple-cache.md [2] https://packagist.org/providers/psr/simple-cache-implementation -------------------------------------------------------------------------------- References: [ 1 ] Bug #1442469 - Review Request: php-psr-simple-cache - Common interfaces for simple caching (PSR-16) https://bugzilla.redhat.com/show_bug.cgi?id=1442469 -------------------------------------------------------------------------------- ================================================================================ php-react-dns-0.4.8-1.fc24 (FEDORA-2017-58fd4a9e09) Async DNS resolver -------------------------------------------------------------------------------- Update Information: ## 0.4.8 (2017-04-16) * Feature: Add support for the AAAA record type to the protocol parser (#58 by @othillo) * Feature: Add support for the PTR record type to the protocol parser (#59 by @othillo) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1443522 - php-react-dns-0.4.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1443522 -------------------------------------------------------------------------------- ================================================================================ php-react-event-loop-0.4.3-1.fc24 (FEDORA-2017-e0195473d0) Event loop abstraction layer that libraries can use for evented I/O -------------------------------------------------------------------------------- Update Information: ## 0.4.3 (2017-04-27) * Bug fix: Bugfix in the usage sample code #57 (@dandelionred) * Improvement: Remove branch-alias definition #53 (@WyriHaximus) * Improvement: StreamSelectLoop: Use fresh time so Timers added during stream events are accurate #51 (@andrewminerd) * Improvement: Avoid deprecation warnings in test suite due to deprecation of getMock() in PHPUnit #68 (@martinschroeder) * Improvement: Add PHPUnit 4.8 to require-dev #69 (@shaunbramley) * Improvement: Increase test timeouts for HHVM and unify timeout handling #70 (@clue) * Improvement: Travis improvements (backported from #74) #75 (@clue) * Improvement: Test suite now uses socket pairs instead of memory streams #66 (@martinschroeder) * Improvement: StreamSelectLoop: Test suite uses signal constant names in data provider #67 (@martinschroeder) * Improvement: ExtEventLoop: No longer suppress all errors #65 (@mamciek) * Improvement: Readme cleanup #89 (@jsor) * Improvement: Restructure and improve README #90 (@jsor) * Bug fix: StreamSelectLoop: Fix erroneous zero-time sleep (backport to 0.4) #94 (@jsor) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1446188 - php-react-event-loop-0.4.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1446188 -------------------------------------------------------------------------------- ================================================================================ php-simplepie-1.5-1.fc24 (FEDORA-2017-d00e5477a1) A simple Atom/RSS parsing library for PHP -------------------------------------------------------------------------------- Update Information: Last upstream release -------------------------------------------------------------------------------- ================================================================================ purple-hangouts-0-47.20170427hg0dc1213.fc24 (FEDORA-2017-a6489383da) Hangouts plugin for libpurple -------------------------------------------------------------------------------- Update Information: Updated plugins to latest snapshots. -------------------------------------------------------------------------------- ================================================================================ purple-skypeweb-1.3-3.20170420git31222f4.fc24 (FEDORA-2017-a6489383da) Adds support for Skype to Pidgin -------------------------------------------------------------------------------- Update Information: Updated plugins to latest snapshots. -------------------------------------------------------------------------------- ================================================================================ python2-pyx-0.12.1-6.fc24 (FEDORA-2017-9f47b98e3f) Legacy Python graphics package for python2 -------------------------------------------------------------------------------- Update Information: New package. The legacy version of pyx needed by the scapy and some other packages. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1387873 - Review Request: python2-pyx - Python graphics package https://bugzilla.redhat.com/show_bug.cgi?id=1387873 -------------------------------------------------------------------------------- ================================================================================ roundcubemail-1.2.5-1.fc24 (FEDORA-2017-c8448d0cad) Round Cube Webmail is a browser-based multilingual IMAP client -------------------------------------------------------------------------------- Update Information: **Roundcube Webmail 1.2.5** This is a security update to the stable version 1.2. It primarily fixes a recently discovered vulnerability in the virtualmin and sasl drivers of the password plugin plus adds a few cherry-picked bug fixes from upstream versions. A detailed list of changes is shown below. It's considered stable and we recommend to update all productive installations of Roundcube with this version. Please do backup your data before updating! CHANGELOG * Password: Fix security issue in virtualmin and sasl drivers [CVE-2017-8114] * Fix re-positioning of the fixed header of messages list in Chrome when using minimal mode toggle and About dialog (#5711) * Fix so settings/upload.inc could not be used by plugins (#5694) * Fix regression in LDAP fuzzy search where it always used prefix search instead (#5713) * Fix bug where namespace prefix could not be truncated on folders list if show_real_foldernames=true (#5695) * Fix bug where base_dn setting was ignored inside group_filters (#5720) -------------------------------------------------------------------------------- ================================================================================ rust-1.17.0-1.fc24 (FEDORA-2017-162308e82b) The Rust Programming Language -------------------------------------------------------------------------------- Update Information: New versions of Rust and Cargo -- see the release notes for [1.17](https://blog .rust-lang.org/2017/04/27/Rust-1.17.html). LLVM is included in this update to fix a bug with ARM codegen. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438031 - File conflicts between rust-gdb and rust-lldb https://bugzilla.redhat.com/show_bug.cgi?id=1438031 -------------------------------------------------------------------------------- ================================================================================ tnef-1.4.14-2.fc24 (FEDORA-2017-7de130a80d) Extract files from email attachments like WINMAIL.DAT -------------------------------------------------------------------------------- Update Information: Release 1.4.14 includes security bug fixes introduced in 1.4.13 and a further bug fix. The tnef-dolphin file manager integration is updated to suit the kf5/qt5 base. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1427434 - CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310 tnef: Multiple vulnerabilities fixed in 1.4.13 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1427434 -------------------------------------------------------------------------------- ================================================================================ yad-0.39.0-1.fc24 (FEDORA-2017-f33215533f) Display graphical dialogs from shell scripts or command line -------------------------------------------------------------------------------- Update Information: update yad to version 0.39.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1446197 - yad-0.39.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1446197 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
