The following Fedora 24 Security updates need testing: Age URL 164 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08 squid-3.5.23-1.fc24 157 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24 120 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba runc-1.0.0-5.rc2.gitc91b5be.fc24 100 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4b176c1694 redis-3.2.8-1.fc24 56 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8330a48ca2 python-XStatic-jquery-ui-1.12.0.1-1.fc24 28 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7a0e2d58f8 thunderbird-52.1.0-1.fc24 21 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4de07172f4 postgresql-9.5.7-1.fc24 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1f11501a9f perltidy-20170521-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0a1b2d495a systemd-229-20.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d39099ea6a webkitgtk4-2.16.3-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b22de5c767 dropbear-2017.75-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f942f19ff4 picocom-2.2-2.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5c55ef46ee yara-3.6.0-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d6d0067f oniguruma-5.9.6-4.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-486a536b62 mosquitto-1.4.12-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7e6f5f6957 poppler-0.41.0-4.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3258a7e433 dolphin-emu-5.0-14.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-eadc5f410e mingw-poppler-0.41.0-2.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ed1c665a3f wget-1.18-2.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-facd994774 sudo-1.8.20p2-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-212f07c853 perl-File-Path-2.12-3.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6aff7475b7 ansible-2.3.1.0-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7e0ff7f73a log4j12-1.2.17-19.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 43 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e1905fd566 koji-1.12.0-2.fc24 28 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7a0e2d58f8 thunderbird-52.1.0-1.fc24 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6f5c3ec36e python-coverage-4.4.1-1.fc24 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3ca90a77bd libtiff-4.0.8-1.fc24 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c54e3353b6 p11-kit-0.23.2-4.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d39099ea6a webkitgtk4-2.16.3-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0a1b2d495a systemd-229-20.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-dc75cff415 firefox-53.0.3-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-212f07c853 perl-File-Path-2.12-3.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-facd994774 sudo-1.8.20p2-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-09ed8ebe2c sssd-1.15.2-5.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fabdb3303a testdisk-7.0-9.fc24 ntfs-3g-2017.3.23-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7e6f5f6957 poppler-0.41.0-4.fc24 The following builds have been pushed to Fedora 24 updates-testing RBTools-0.7.10-1.fc24 ansible-2.3.1.0-1.fc24 copr-dist-git-0.29-1.fc24 dovecot-2.2.30.1-1.fc24 groonga-7.0.3-1.fc24 hitch-1.4.5-1.fc24 ibus-table-1.9.17-1.fc24 librelp-1.2.14-1.fc24 lis-1.7.30-1.fc24 log4j12-1.2.17-19.fc24 loopabull-0.0.6-2.fc24 magic-8.1.168-1.fc24 notmuch-0.24.2-1.fc24 overpass-fonts-3.0.2-1.fc24 perl-Crypt-OpenSSL-EC-1.31-1.fc24 php-phpmyadmin-motranslator-3.3-1.fc24 php-phpmyadmin-sql-parser-4.1.6-1.fc24 varnish-modules-0.12.1-2.fc24 Details about builds: ================================================================================ RBTools-0.7.10-1.fc24 (FEDORA-2017-5ddd554564) Tools for use with ReviewBoard -------------------------------------------------------------------------------- Update Information: Update to RBTools 0.7.10 https://www.reviewboard.org/docs/releasenotes/dev/rbtools/0.7.10/ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1409935 - [abrt] RBTools: __init__.py:829:resolve:DistributionNotFound: The 'tqdm' distribution was not found and is required by RBTools https://bugzilla.redhat.com/show_bug.cgi?id=1409935 [ 2 ] Bug #1456326 - RBTools installation failed missing dependancy python2-tqdm https://bugzilla.redhat.com/show_bug.cgi?id=1456326 -------------------------------------------------------------------------------- ================================================================================ ansible-2.3.1.0-1.fc24 (FEDORA-2017-6aff7475b7) SSH-based configuration management, deployment, and task execution system -------------------------------------------------------------------------------- Update Information: Update to 2.3.1, with various bugfixes and fix for CVE-2017-7481. Full changes available at: https://github.com/ansible/ansible/blob/stable-2.3/CHANGELOG.md -------------------------------------------------------------------------------- References: [ 1 ] Bug #1450279 - CVE-2017-7481 ansible: Security issue with lookup return not tainting the jinja2 environment [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1450279 -------------------------------------------------------------------------------- ================================================================================ copr-dist-git-0.29-1.fc24 (FEDORA-2017-36abe662d0) Copr services for Dist Git server -------------------------------------------------------------------------------- Update Information: - add --depth 1 for git clone in GitProvider - add missing 'which' for tito && git-annex builds - arbitrary dist-git branching support - use MockScmProvider without mock-scm to solve performance problems - add "powerpc64le" into list of archs to allow building for - Bug 1457888 - Mock SCM method fails to build a package - increase depth for git clone so that required tags that tito needs are downloaded ---- Fixes problem with fedpkg builds, see https://bugzilla.redhat.com/show_bug.cgi?id=1447102 -------------------------------------------------------------------------------- ================================================================================ dovecot-2.2.30.1-1.fc24 (FEDORA-2017-c85cffed90) Secure imap and pop3 server -------------------------------------------------------------------------------- Update Information: - auth: Use timing safe comparisons for everything related to passwords. It's unlikely that these could have been used for practical attacks, especially because Dovecot delays and flushes all failed authentications in 2 second intervals. Also it could have worked only when passwords were stored in plaintext in the passdb. - master process sends SIGQUIT to all running children at shutdown, which instructs them to close all the socket listeners immediately. This way restarting Dovecot should no longer fail due to some processes keeping the listeners open for a long time. - auth: Add passdb { mechanisms=none } to match separate passdb lookup - auth: Add passdb { username_filter } to use passdb only if user matches the filter. See https://wiki2.dovecot.org/PasswordDatabase - dsync: Add dsync_commit_msgs_interval setting. It attempts to commit the transaction after saving this many new messages. Because of the way dsync works, it may not always be possible if mails are copied or UIDs need to change. - imapc: Support imapc_features=search without ESEARCH extension. - imapc: Add imapc_features=fetch-bodystructure to pass through remote server's FETCH BODY and BODYSTRUCTURE. - imapc: Add quota=imapc backend to use GETQUOTA/GETQUOTAROOT on the remote server. - passdb imap: Add allow_invalid_cert and ssl_ca_file parameters. - If dovecot.index.cache corruption is detected, reset only the one corrupted mail instead of the whole file. - doveadm mailbox status: Add "firstsaved" field. - director_flush_socket: Add old host's up/down and vhost count as parameters - More fixes to automatically fix corruption in dovecot.list.index - dsync-server: Fix support for dsync_features=empty-header- workaround - imapc: Various bugfixes, including infinite loops on some errors - IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't enabled modseq tracking via CONDSTORE/QRESYNC. - fts-lucene: Fix it to work again with mbox format - Some internal error messages may have contained garbage in v2.2.29 - mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys are used. Otherwise the copied mails can't be opened. -------------------------------------------------------------------------------- ================================================================================ groonga-7.0.3-1.fc24 (FEDORA-2017-218e8ae1f2) An Embeddable Fulltext Search Engine -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- ================================================================================ hitch-1.4.5-1.fc24 (FEDORA-2017-a33f8a6e04) Network proxy that terminates TLS/SSL connections -------------------------------------------------------------------------------- Update Information: New upstream release: A maintenance release with various bug fixes. See changelog at https://github.com/varnish/hitch/blob/master/CHANGES.rst#hitch-145-2017-05-31 for details. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1457256 - hitch-1.4.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1457256 -------------------------------------------------------------------------------- ================================================================================ ibus-table-1.9.17-1.fc24 (FEDORA-2017-c64344c9b4) The Table engine for IBus platform -------------------------------------------------------------------------------- Update Information: update to 1.9.17 -------------------------------------------------------------------------------- ================================================================================ librelp-1.2.14-1.fc24 (FEDORA-2017-6a549e4b8f) The Reliable Event Logging Protocol library -------------------------------------------------------------------------------- Update Information: rebase to 1.2.14 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1456621 - librelp-1.2.14 is available https://bugzilla.redhat.com/show_bug.cgi?id=1456621 -------------------------------------------------------------------------------- ================================================================================ lis-1.7.30-1.fc24 (FEDORA-2017-03c209cfac) A library for solving linear equations and eigenvalue problems -------------------------------------------------------------------------------- Update Information: Update to 1.7.30 ---- Add new gcc-gfortran to BR -------------------------------------------------------------------------------- ================================================================================ log4j12-1.2.17-19.fc24 (FEDORA-2017-7e0ff7f73a) Java logging package -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-5645 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1443635 -------------------------------------------------------------------------------- ================================================================================ loopabull-0.0.6-2.fc24 (FEDORA-2017-2b8f6040ed) Event loop driven Ansible playbook execution engine -------------------------------------------------------------------------------- Update Information: Fix python-enum34 dep requirement. -------------------------------------------------------------------------------- ================================================================================ magic-8.1.168-1.fc24 (FEDORA-2017-63c795dc45) A very capable VLSI layout tool -------------------------------------------------------------------------------- Update Information: New version 8.1.168 is released. -------------------------------------------------------------------------------- ================================================================================ notmuch-0.24.2-1.fc24 (FEDORA-2017-9d5a5b99a4) System for indexing, searching, and tagging email -------------------------------------------------------------------------------- Update Information: Latest upstream. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1457854 - notmuch-0.24.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1457854 -------------------------------------------------------------------------------- ================================================================================ overpass-fonts-3.0.2-1.fc24 (FEDORA-2017-893e905302) Typeface based on the U.S. interstate highway road signage type system -------------------------------------------------------------------------------- Update Information: Update to 3.0.2, move to otf files. -------------------------------------------------------------------------------- ================================================================================ perl-Crypt-OpenSSL-EC-1.31-1.fc24 (FEDORA-2017-ca8762d7f0) Perl extension for OpenSSL EC (Elliptic Curves) library -------------------------------------------------------------------------------- Update Information: This release fixes CPAN metadata. We deliver it only to provide up-to-date version string. ---- This release fixes a memory leak in Crypt::OpenSSL::EC::EC_POINT::point2hex() function. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458259 - perl-Crypt-OpenSSL-EC-1.31 is available https://bugzilla.redhat.com/show_bug.cgi?id=1458259 [ 2 ] Bug #1457844 - perl-Crypt-OpenSSL-EC-1.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1457844 -------------------------------------------------------------------------------- ================================================================================ php-phpmyadmin-motranslator-3.3-1.fc24 (FEDORA-2017-6cbe8ce1e8) Translation API for PHP using Gettext MO files -------------------------------------------------------------------------------- Update Information: **Version 3.3** * Released on 2017-06-01. * Add support for switching locales for Loader instance. -------------------------------------------------------------------------------- ================================================================================ php-phpmyadmin-sql-parser-4.1.6-1.fc24 (FEDORA-2017-841d6c5093) A validating SQL lexer and parser with a focus on MySQL dialect -------------------------------------------------------------------------------- Update Information: **Version 4.1.6** - 2017-06-01 * Fixed building query with GROUP BY clause. -------------------------------------------------------------------------------- ================================================================================ varnish-modules-0.12.1-2.fc24 (FEDORA-2017-9f99d33da0) A collection of modules ("vmods") extending Varnish VCL -------------------------------------------------------------------------------- Update Information: New package: varnish-modules --------------------------------------------- This is a collection of varnish modules ("vmods") extending the Varnish configuration language VCL used for describing HTTP request/response policies with additional capabilities. This collection contains the following vmods (previously kept individually): cookie, vsthrottle, header, saintmode, softpurge, tcp, var, xkey. ---- New package: varnish-modules --------------------------------------------- This is a collection of modules ("vmods") extending Varnish VCL used for describing HTTP request/response policies with additional capabilities. This collection contains the following vmods (previously kept individually): cookie, vsthrottle, header, saintmode, softpurge, tcp, var, xkey -------------------------------------------------------------------------------- References: [ 1 ] Bug #1324863 - Review Request: varnish-modules - A collection of modules extending varnish VCL https://bugzilla.redhat.com/show_bug.cgi?id=1324863 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
