The following Fedora 24 Security updates need testing: Age URL 148 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08 squid-3.5.23-1.fc24 141 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24 104 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba runc-1.0.0-5.rc2.gitc91b5be.fc24 84 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4b176c1694 redis-3.2.8-1.fc24 54 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0f5fe1913f sane-backends-1.0.25-7.fc24 40 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8330a48ca2 python-XStatic-jquery-ui-1.12.0.1-1.fc24 20 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0b6da97aa5 squirrelmail-1.4.22-19.fc24 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c3ce061ea7 lynis-2.5.0-1.fc24 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7a0e2d58f8 thunderbird-52.1.0-1.fc24 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ebe41f3fd7 python-fedora-0.9.0-3.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-01a7989fc0 git-2.7.5-1.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-aceb424894 smb4k-1.2.2-3.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4de07172f4 postgresql-9.5.7-1.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-947da3daa5 chicken-4.12.0-2.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-eaab38c11e deluge-1.3.15-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3f2d5790d2 lxterminal-0.3.0-3.fc24 menu-cache-1.0.2-4.D20170514git56f6668459.fc24 pcmanfm-1.2.5-2.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fc10e3165a FlightGear-2016.1.2-6.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-607352ce5f FlightCrew-0.9.1-7.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f426acf49d openvpn-2.3.15-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e75602d3ed kernel-4.10.16-100.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-dd5d2381e4 libvncserver-0.9.11-2.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7d698eba8b chromium-58.0.3029.110-2.fc24 chromium-native_client-58.0.3029.81-1.20170421gitc948e9b.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-46fcfd8c98 wordpress-4.7.5-1.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 27 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e1905fd566 koji-1.12.0-2.fc24 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-80497255ca libICE-1.0.9-9.fc24 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a16494458f rsync-3.1.2-3.fc24 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7a0e2d58f8 thunderbird-52.1.0-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1fa6f4f9bf cups-2.1.4-7.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2dde77a642 python-beautifulsoup4-4.6.0-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6dfa4501e8 qt5-qtbase-5.6.2-4.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-01a7989fc0 git-2.7.5-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3f2d5790d2 lxterminal-0.3.0-3.fc24 menu-cache-1.0.2-4.D20170514git56f6668459.fc24 pcmanfm-1.2.5-2.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2c9e5e8fe tigervnc-1.8.0-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e75602d3ed kernel-4.10.16-100.fc24 The following builds have been pushed to Fedora 24 updates-testing GeoIP-1.6.11-1.fc24 certbot-0.14.1-2.fc24 chromium-58.0.3029.110-2.fc24 chromium-native_client-58.0.3029.81-1.20170421gitc948e9b.fc24 copr-dist-git-0.27-1.fc24 copr-frontend-1.109-1.fc24 fedora-arm-installer-1.99.16-1.fc24 gimagereader-3.2.1-4.fc24 golang-github-cznic-internal-1.0.0-1.20170516.git6c349f9.fc24 kernel-4.10.16-100.fc24 kompose-0.6.0-0.1.fc24 layla-fonts-2.0-1.fc24 libvncserver-0.9.11-2.fc24 lightdm-autologin-greeter-1.0-1.fc24 lightdm-settings-1.0.7-1.fc24 php-justinrainbow-json-schema5-5.2.1-1.fc24 python-acme-0.14.1-1.fc24 python-certbot-apache-0.14.1-1.fc24 root-6.08.06-7.fc24 tigervnc-1.8.0-1.fc24 wordpress-4.7.5-1.fc24 Details about builds: ================================================================================ GeoIP-1.6.11-1.fc24 (FEDORA-2017-100b2b9b65) Library for country/city/organization to IP address or hostname mapping -------------------------------------------------------------------------------- Update Information: This update fixes a crash that could happen when reading a corrupted database file (https://github.com/maxmind/geoip-api-c/issues/87). -------------------------------------------------------------------------------- ================================================================================ certbot-0.14.1-2.fc24 (FEDORA-2017-c651872919) A free, automated certificate authority client -------------------------------------------------------------------------------- Update Information: * Update to 0.14.1 * Tweaks to the renew timer (bz#1444814 bz#1441846) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441846 - Improvements to timer randomization https://bugzilla.redhat.com/show_bug.cgi?id=1441846 [ 2 ] Bug #1448431 - python-certbot-apache-0.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1448431 [ 3 ] Bug #1448423 - python-acme-0.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1448423 [ 4 ] Bug #1444814 - certbot: error: argument --pre-hook: expected one argument https://bugzilla.redhat.com/show_bug.cgi?id=1444814 [ 5 ] Bug #1448430 - certbot-0.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1448430 -------------------------------------------------------------------------------- ================================================================================ chromium-58.0.3029.110-2.fc24 (FEDORA-2017-7d698eba8b) A WebKit (Blink) powered web browser -------------------------------------------------------------------------------- Update Information: Update to chromium 58. Move chrome-remote-desktop to user systemd service. Security fixes for CVE-2017-5068, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069 ---- Security fix for CVE-2017-5055, CVE-2017-5054, CVE-2017-5052, CVE-2017-5056, CVE-2017-5053 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1443850 - CVE-2017-5069 chromium-browser: cross-origin bypass in blink https://bugzilla.redhat.com/show_bug.cgi?id=1443850 [ 2 ] Bug #1443849 - CVE-2017-5067 chromium-browser: url spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1443849 [ 3 ] Bug #1443848 - CVE-2017-5066 chromium-browser: incorrect signature handing in networking https://bugzilla.redhat.com/show_bug.cgi?id=1443848 [ 4 ] Bug #1443847 - CVE-2017-5065 chromium-browser: incorrect ui in blink https://bugzilla.redhat.com/show_bug.cgi?id=1443847 [ 5 ] Bug #1443845 - CVE-2017-5064 chromium-browser: use after free in blink https://bugzilla.redhat.com/show_bug.cgi?id=1443845 [ 6 ] Bug #1443841 - CVE-2017-5063 chromium-browser: heap overflow in skia https://bugzilla.redhat.com/show_bug.cgi?id=1443841 [ 7 ] Bug #1443840 - CVE-2017-5062 chromium-browser: use after free in chrome apps https://bugzilla.redhat.com/show_bug.cgi?id=1443840 [ 8 ] Bug #1443839 - CVE-2017-5061 chromium-browser: url spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1443839 [ 9 ] Bug #1443838 - CVE-2017-5060 chromium-browser: url spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1443838 [ 10 ] Bug #1443837 - CVE-2017-5059 chromium-browser: type confusion in blink https://bugzilla.redhat.com/show_bug.cgi?id=1443837 [ 11 ] Bug #1443836 - CVE-2017-5058 chromium-browser: heap use after free in print preview https://bugzilla.redhat.com/show_bug.cgi?id=1443836 [ 12 ] Bug #1443835 - CVE-2017-5057 chromium-browser: type confusion in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1443835 [ 13 ] Bug #1448031 - CVE-2017-5068 chromium-browser: race condition in webrtc https://bugzilla.redhat.com/show_bug.cgi?id=1448031 [ 14 ] Bug #1437353 - CVE-2017-5053 chromium-browser: out of bounds memory access in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1437353 [ 15 ] Bug #1437352 - CVE-2017-5056 chromium-browser: use after free in blink https://bugzilla.redhat.com/show_bug.cgi?id=1437352 [ 16 ] Bug #1437351 - CVE-2017-5052 chromium-browser: bad cast in blink https://bugzilla.redhat.com/show_bug.cgi?id=1437351 [ 17 ] Bug #1437350 - CVE-2017-5054 chromium-browser: heap buffer overflow in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1437350 [ 18 ] Bug #1437348 - CVE-2017-5055 chromium-browser: use after free in printing https://bugzilla.redhat.com/show_bug.cgi?id=1437348 -------------------------------------------------------------------------------- ================================================================================ chromium-native_client-58.0.3029.81-1.20170421gitc948e9b.fc24 (FEDORA-2017-7d698eba8b) Google Native Client Toolchain -------------------------------------------------------------------------------- Update Information: Update to chromium 58. Move chrome-remote-desktop to user systemd service. Security fixes for CVE-2017-5068, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069 ---- Security fix for CVE-2017-5055, CVE-2017-5054, CVE-2017-5052, CVE-2017-5056, CVE-2017-5053 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1443850 - CVE-2017-5069 chromium-browser: cross-origin bypass in blink https://bugzilla.redhat.com/show_bug.cgi?id=1443850 [ 2 ] Bug #1443849 - CVE-2017-5067 chromium-browser: url spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1443849 [ 3 ] Bug #1443848 - CVE-2017-5066 chromium-browser: incorrect signature handing in networking https://bugzilla.redhat.com/show_bug.cgi?id=1443848 [ 4 ] Bug #1443847 - CVE-2017-5065 chromium-browser: incorrect ui in blink https://bugzilla.redhat.com/show_bug.cgi?id=1443847 [ 5 ] Bug #1443845 - CVE-2017-5064 chromium-browser: use after free in blink https://bugzilla.redhat.com/show_bug.cgi?id=1443845 [ 6 ] Bug #1443841 - CVE-2017-5063 chromium-browser: heap overflow in skia https://bugzilla.redhat.com/show_bug.cgi?id=1443841 [ 7 ] Bug #1443840 - CVE-2017-5062 chromium-browser: use after free in chrome apps https://bugzilla.redhat.com/show_bug.cgi?id=1443840 [ 8 ] Bug #1443839 - CVE-2017-5061 chromium-browser: url spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1443839 [ 9 ] Bug #1443838 - CVE-2017-5060 chromium-browser: url spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1443838 [ 10 ] Bug #1443837 - CVE-2017-5059 chromium-browser: type confusion in blink https://bugzilla.redhat.com/show_bug.cgi?id=1443837 [ 11 ] Bug #1443836 - CVE-2017-5058 chromium-browser: heap use after free in print preview https://bugzilla.redhat.com/show_bug.cgi?id=1443836 [ 12 ] Bug #1443835 - CVE-2017-5057 chromium-browser: type confusion in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1443835 [ 13 ] Bug #1448031 - CVE-2017-5068 chromium-browser: race condition in webrtc https://bugzilla.redhat.com/show_bug.cgi?id=1448031 [ 14 ] Bug #1437353 - CVE-2017-5053 chromium-browser: out of bounds memory access in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1437353 [ 15 ] Bug #1437352 - CVE-2017-5056 chromium-browser: use after free in blink https://bugzilla.redhat.com/show_bug.cgi?id=1437352 [ 16 ] Bug #1437351 - CVE-2017-5052 chromium-browser: bad cast in blink https://bugzilla.redhat.com/show_bug.cgi?id=1437351 [ 17 ] Bug #1437350 - CVE-2017-5054 chromium-browser: heap buffer overflow in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1437350 [ 18 ] Bug #1437348 - CVE-2017-5055 chromium-browser: use after free in printing https://bugzilla.redhat.com/show_bug.cgi?id=1437348 -------------------------------------------------------------------------------- ================================================================================ copr-dist-git-0.27-1.fc24 (FEDORA-2017-1731e355af) Copr services for Dist Git server -------------------------------------------------------------------------------- Update Information: Fixes problem with fedpkg builds, see https://bugzilla.redhat.com/show_bug.cgi?id=1447102 -------------------------------------------------------------------------------- ================================================================================ copr-frontend-1.109-1.fc24 (FEDORA-2017-5e015528c9) Frontend for Copr -------------------------------------------------------------------------------- Update Information: - debugging infos in build_on_pagure_commit.py - error handling in build_on_pagure_commit.py - Bug 1448333 - Unable to edit someone's else project settings - do not require .git suffix in Git repo URL for webhook rebuilds of Tito and MockSCM packages - use MBS for building modules via UI - add class for communicating with MBS - add NSV property for modulemd generator - "#55 Builds triggered by GitHub WebHook (tag event) do not enable Internet during build" - use ModulemdGenerator for construnting the yaml file ---- - use custom chroot for modules instead of F24 - send the original filename to MBS - get rid of 'unknown key username' warning - fix modularity unit test - validate uploaded yaml file - dont print how to use a module when it is not succeeded - move MBS_URL to config - allow to submit optional params to mbs - frontend act as a gateway between user and mbs - allow to create module and it's action separately - make new-lines work in <code> blocks - Bug 1442047 - Regenerate action is not restricted to an owner of the project. - redirect output of update_indexes_quick in cron into /dev/null - validate fork name characters (RhBug: 1435123) - Bug 1433508 - Half-cancelled builds are not deleted correctly. - Add extra step for setting up GitHub Webhook - add "buildroot" repository into generated build- config - python3 compatibility fixes in frontend core - correctly set repo and ref to point to our dist-git - replace fedorahosted links - replace no-longer working fedorahosted links with the pagure ones ---- Changes from the last released version copr-frontend 1.104-1: - fix for python-flask-whooshee-0.4.1-2 - added alembic fedora revision to enable rawhide - rename add_debug_user command to add_user - show info about auto-createrepo only when disabled - only require python2-flask-whooshee on f25+, require python-flask- whooshee otherwise - proxyuser feature (RhBug: 1381574) - allow setting proxy/no-proxy when altering user - rewrite broken add_debug_user command - add boolean proxy column to user table - care only about packages in filter - specify module components buildorder - fill module rpm components - separate schema and data (fedora) migrations - update option descriptions in project settings page - always show "Regenerate" button for recreating backend repodata - ensure mock triplets are unique - show a quick guide how to install 'dnf module' command - add info what to do with modulemd - allow to have multiple info lines per form field - print info when there are no packages in a module - suggest dnf to enable module - make repo filter support group coprs for copr:// scheme - move creation of copr- frontend-devel macro definition file from %%check to %%install - handle GitHub tag event webhooks - change dependency from python-flask-whooshee to python2 -flask-whooshee - fix package icon for group projects (RhBug: 1403348) - return proper error when module not found - hide FAS groups for non-FAS deployments - provide functional API url to renew token - krb5 login - new replaceable welcome.html template - make FAS opt-out - fix traceback when forking -------------------------------------------------------------------------------- ================================================================================ fedora-arm-installer-1.99.16-1.fc24 (FEDORA-2017-21654b1645) Writes binary image files to any specified block device -------------------------------------------------------------------------------- Update Information: Update to 1.99.16 ---- Update to 1.99.15 ---- Add support for numerous new devices, various bug fixes and improvements -------------------------------------------------------------------------------- References: [ 1 ] Bug #1447456 - fedora-arm-installer ask for sudo root password uselessly https://bugzilla.redhat.com/show_bug.cgi?id=1447456 [ 2 ] Bug #1447457 - --supported-boards do not work https://bugzilla.redhat.com/show_bug.cgi?id=1447457 -------------------------------------------------------------------------------- ================================================================================ gimagereader-3.2.1-4.fc24 (FEDORA-2017-588f9229ad) A front-end to tesseract-ocr -------------------------------------------------------------------------------- Update Information: This update backports a patch to fix some missing icons in the Gtk interface. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1451357 - There seems to be some missing icons. https://bugzilla.redhat.com/show_bug.cgi?id=1451357 -------------------------------------------------------------------------------- ================================================================================ golang-github-cznic-internal-1.0.0-1.20170516.git6c349f9.fc24 (FEDORA-2017-16d772ae1b) Shared dependencies for other cznic Go libraries -------------------------------------------------------------------------------- Update Information: Initial package for fedora. This is one of the (indirect) dependencies of syncthing. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1431740 - Review Request: golang-github-cznic-internal - Shared dependencies for other cznic Go libraries https://bugzilla.redhat.com/show_bug.cgi?id=1431740 -------------------------------------------------------------------------------- ================================================================================ kernel-4.10.16-100.fc24 (FEDORA-2017-e75602d3ed) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 4.10.16 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1447734 - CVE-2017-7487 kernel: Reference counter leak in ipxitf_ioctl resulting into use after free https://bugzilla.redhat.com/show_bug.cgi?id=1447734 -------------------------------------------------------------------------------- ================================================================================ kompose-0.6.0-0.1.fc24 (FEDORA-2017-cd2c04199d) Tool to move from 'docker-compose' to Kubernetes -------------------------------------------------------------------------------- Update Information: Updated to latest release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1446862 - kompose-v0.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1446862 -------------------------------------------------------------------------------- ================================================================================ layla-fonts-2.0-1.fc24 (FEDORA-2017-30697e6b98) A collection of traditional Arabic fonts -------------------------------------------------------------------------------- Update Information: - Fixed fonts. They work on MacOS now - Changed Latin letters and numbers -------------------------------------------------------------------------------- ================================================================================ libvncserver-0.9.11-2.fc24 (FEDORA-2017-dd5d2381e4) Library to make writing a VNC server easy -------------------------------------------------------------------------------- Update Information: Update to latest stable release, include fixes for gnutls and gtk-vnc compatibility. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1410168 - CVE-2016-9942 libvncserver: Heap-based buffer overflow in ultra.c https://bugzilla.redhat.com/show_bug.cgi?id=1410168 [ 2 ] Bug #1410166 - CVE-2016-9941 libvncserver: Heap-based buffer overflow in rfbproto.c https://bugzilla.redhat.com/show_bug.cgi?id=1410166 -------------------------------------------------------------------------------- ================================================================================ lightdm-autologin-greeter-1.0-1.fc24 (FEDORA-2017-0b7393a69e) Autologin greeter using LightDM -------------------------------------------------------------------------------- Update Information: Initial import -------------------------------------------------------------------------------- References: [ 1 ] Bug #1451134 - Review Request: lightdm-autologin-greeter - Autologin greeter using LightDM https://bugzilla.redhat.com/show_bug.cgi?id=1451134 -------------------------------------------------------------------------------- ================================================================================ lightdm-settings-1.0.7-1.fc24 (FEDORA-2017-1ee611f4bd) Configuration tool for the LightDM display manager -------------------------------------------------------------------------------- Update Information: * New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1451532 - lightdm-settings-1.0.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1451532 -------------------------------------------------------------------------------- ================================================================================ php-justinrainbow-json-schema5-5.2.1-1.fc24 (FEDORA-2017-9138c16825) A library to validate a json schema -------------------------------------------------------------------------------- Update Information: **Version 5.2.1** * fix #353 Validation of JSON-Schema * fix #405 fix bug when applying defaults * fix #408 SchemaStorage::addSchema() should call BaseConsstraint::arrayToObjectRecursive() on the provide schemas * fix #409 [BUGFIX] Cast empty schema arrays to object * fix #411 [BUGFIX] Split $objectDefinition into $schema and $properties * fix #415 Issue-414: Allow The Option of T or space for Date time. * fix #416 Testcase for minProperties with properties defined + Fix Test * fix #419 [BUGFIX] Split "uri" format into "uri" & "uri-reference", fix meta-schema bug * fix #421 [BUGFIX] Tweak phpdocumentor dependency to avoid install conflicts -------------------------------------------------------------------------------- ================================================================================ python-acme-0.14.1-1.fc24 (FEDORA-2017-c651872919) Python library for the ACME protocol -------------------------------------------------------------------------------- Update Information: * Update to 0.14.1 * Tweaks to the renew timer (bz#1444814 bz#1441846) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441846 - Improvements to timer randomization https://bugzilla.redhat.com/show_bug.cgi?id=1441846 [ 2 ] Bug #1448431 - python-certbot-apache-0.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1448431 [ 3 ] Bug #1448423 - python-acme-0.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1448423 [ 4 ] Bug #1444814 - certbot: error: argument --pre-hook: expected one argument https://bugzilla.redhat.com/show_bug.cgi?id=1444814 [ 5 ] Bug #1448430 - certbot-0.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1448430 -------------------------------------------------------------------------------- ================================================================================ python-certbot-apache-0.14.1-1.fc24 (FEDORA-2017-c651872919) The apache plugin for certbot -------------------------------------------------------------------------------- Update Information: * Update to 0.14.1 * Tweaks to the renew timer (bz#1444814 bz#1441846) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441846 - Improvements to timer randomization https://bugzilla.redhat.com/show_bug.cgi?id=1441846 [ 2 ] Bug #1448431 - python-certbot-apache-0.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1448431 [ 3 ] Bug #1448423 - python-acme-0.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1448423 [ 4 ] Bug #1444814 - certbot: error: argument --pre-hook: expected one argument https://bugzilla.redhat.com/show_bug.cgi?id=1444814 [ 5 ] Bug #1448430 - certbot-0.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1448430 -------------------------------------------------------------------------------- ================================================================================ root-6.08.06-7.fc24 (FEDORA-2017-13bcac36bb) Numerical data analysis framework -------------------------------------------------------------------------------- Update Information: Backport python 3 compatibility fixes from upstream. Fix for macro scope issue. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1437135 - Upstream Bug in python3-jupyroot https://bugzilla.redhat.com/show_bug.cgi?id=1437135 [ 2 ] Bug #1448289 - variables declared in gROOT->Macro lost from scope https://bugzilla.redhat.com/show_bug.cgi?id=1448289 [ 3 ] Bug #1451362 - CMake config refers to the wrong libJupyROOT.so https://bugzilla.redhat.com/show_bug.cgi?id=1451362 -------------------------------------------------------------------------------- ================================================================================ tigervnc-1.8.0-1.fc24 (FEDORA-2017-e2c9e5e8fe) A TigerVNC remote display system -------------------------------------------------------------------------------- Update Information: Tigervnc 1.8.0 release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1451535 - tigervnc-1.8.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1451535 -------------------------------------------------------------------------------- ================================================================================ wordpress-4.7.5-1.fc24 (FEDORA-2017-46fcfd8c98) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: **WordPress 4.7.5** is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.4 and earlier are affected by six security issues: * Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing. * Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas. * Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team. * A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster. * A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing. * A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team. Thank you to the reporters of these issues for practicing responsible disclosure. In addition to the security issues above, WordPress 4.7.5 contains 3 maintenance fixes to the 4.7 release series. For more information, see the [release notes](https://codex.wordpress.org/Version_4.7.5) or consult the [list of changes](https://core.trac.wordpress.org/query?status=cl osed&milestone=4.7.5&group=component&col=id&col=summary&col=component&col=status &col=owner&col=type&col=priority&col=keywords&order=priority). -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
