The following Fedora 25 Security updates need testing: Age URL 160 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 59 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e python-XStatic-jquery-ui-1.12.0.1-4.fc25 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a3c7d077c7 perltidy-20170521-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ac7fc2fd8c picocom-2.2-2.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-926e11c76e yara-3.6.0-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-60997f0d14 oniguruma-6.1.3-2.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c2113aacd2 mosquitto-1.4.12-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e698bba980 freeradius-3.0.14-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5e28afa2dd dolphin-emu-5.0-14.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0ee7b8dd2a mingw-poppler-0.45.0-2.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-dd42592f9a perl-File-Path-2.12-366.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-87a64155eb ansible-2.3.1.0-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-278f46fcd6 golang-1.7.6-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7dbbbafea6 runc-1.0.0-7.git6394544.fc25.2 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8348115acd log4j12-1.2.17-19.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ae00b2a30a mariadb-10.1.24-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8722576148 ettercap-0.8.2-4.2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-abbac6c64b libsndfile-1.0.28-2.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6dcf888128 iproute-4.11.0-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-daacf63973 glusterfs-3.10.3-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-dd42592f9a perl-File-Path-2.12-366.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-306f90d297 sssd-1.15.2-5.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ad6a31ebe1 libvirt-2.2.1-2.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9382fc88db testdisk-7.0-9.fc25 ntfs-3g-2017.3.23-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-613a72e282 lorax-25.22-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ae00b2a30a mariadb-10.1.24-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-abbac6c64b libsndfile-1.0.28-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5e99fe2ca1 perl-threads-shared-1.57-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d052b4c0b0 vim-8.0.617-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fe59b56d77 perl-threads-2.16-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0de5787a68 hwdata-0.301-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-09045f42cd qrencode-3.4.4-1.fc25 The following builds have been pushed to Fedora 25 updates-testing BackupPC-XS-0.55-1.fc25 ettercap-0.8.2-4.2.fc25 fedora-review-0.6.1-6.fc25 hwdata-0.301-1.fc25 libsndfile-1.0.28-2.fc25 parcimonie.sh-0-0.8.20170704git5aa21ef.fc25 perl-DateTime-TimeZone-2.13-1.fc25 perl-PAR-Packer-1.035-2.fc25 perl-threads-2.16-1.fc25 perl-threads-shared-1.57-1.fc25 python-py-1.4.34-1.fc25 qrencode-3.4.4-1.fc25 scorep-3.1-2.fc25 switchboard-plug-pantheon-shell-0.2.5-1.20170519.git8f0b853.fc25 the-new-hotness-0.8.1-2.fc25 vim-8.0.617-1.fc25 vocal-2.0.19-1.fc25 waf-1.9.12-1.fc25 yank-0.8.3-1.fc25 Details about builds: ================================================================================ BackupPC-XS-0.55-1.fc25 (FEDORA-2017-d121ac795a) Implementation of various BackupPC functions in a perl-callable module -------------------------------------------------------------------------------- Update Information: * Merged pull requests: #109, #114 * Fixed editing of compound menu variables (eg: BackupFilesOnly). * Made tarPipe in lib/BackupPC/Xfer/Tar.pm non-blocking to avoid a reported deadlock when BackupPC's select() returns ok for reading, but there are no bytes to read from the client tar's log/stdout output. Thanks to Matt Bedynek for running various tests and providing debugging insights to track this down. * Better error checking when using $f->read() on pool files. Thanks to Cody Jackson for tracking down this issue, related to reading corrupted compressed pool files. There's also an additional fix in backuppc-xs (version 0.54). * Cleans up any orphan temporary pool writing files. * Fixed utf-8 output in SCGI. * Fixed a reference counting bug in BackupPC_tarExtract. * Fixed rsync restore transfer byte total, reported by Alexander Moisseev * Replaced logo href with https://backuppc.github.io/backuppc. * On a v3->v4 upgrade, remove the new --one-file-system flag from the new RsyncArgs if it wasn't there before. * Added /usr/local/bin to search path in configure.pl from Alexander Moisseev (#109). * Avoid missing or extra quotes when replacing misused undef or empty string values in configure.pl from Alexander Moisseev (#114). * Chasing down a still unsolved bug with help from Lano and Dieter Fauth where newly added pool files in uncompressed backups get removed by BackupPC_refCountUpdate during a long-running backup, or if BackupPC_migrateV3toV4 is running. Two workarounds added in this release: BackupPC_migrateV3toV4 will now exit if BackupPC is running, and BackupPC_refCountUpdate only removes pool files that are more than a week old. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458612 - BackupPC-XS-0.55 is available https://bugzilla.redhat.com/show_bug.cgi?id=1458612 -------------------------------------------------------------------------------- ================================================================================ ettercap-0.8.2-4.2.fc25 (FEDORA-2017-8722576148) Network traffic sniffer/analyser, NCURSES interface version -------------------------------------------------------------------------------- Update Information: FIx for CVE-2017-8366 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1447318 - CVE-2017-8366 ettercap: Heap-based buffer overflow in strescape function in ec_strings.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1447318 -------------------------------------------------------------------------------- ================================================================================ fedora-review-0.6.1-6.fc25 (FEDORA-2017-17a82ba45a) Review tool for fedora rpm packages -------------------------------------------------------------------------------- Update Information: * This update fixes issues when installing built packages when using mock >= 1.4.1 while keeping compatibility with earlier versions of mock. * Fix shebangs in %{_bindir}. -------------------------------------------------------------------------------- ================================================================================ hwdata-0.301-1.fc25 (FEDORA-2017-0de5787a68) Hardware identification and configuration data -------------------------------------------------------------------------------- Update Information: Updated pci, usb and vendor ids. -------------------------------------------------------------------------------- ================================================================================ libsndfile-1.0.28-2.fc25 (FEDORA-2017-abbac6c64b) Library for reading and writing sound files -------------------------------------------------------------------------------- Update Information: fixes buffer overflows for flac and pcm -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458694 - CVE-2017-8363 libsndfile: Heap buffer over-read in the flac_buffer_copy function https://bugzilla.redhat.com/show_bug.cgi?id=1458694 [ 2 ] Bug #1449520 - CVE-2017-8365 libsndfile: Buffer over-read in the l2les_array function https://bugzilla.redhat.com/show_bug.cgi?id=1449520 [ 3 ] Bug #1449519 - CVE-2017-8362 libsndfile: Out-of-bounds read in the flac_buffer_copy function https://bugzilla.redhat.com/show_bug.cgi?id=1449519 [ 4 ] Bug #1449518 - CVE-2017-8361 libsndfile: Buffer overflow in the flac_buffer_copy function https://bugzilla.redhat.com/show_bug.cgi?id=1449518 -------------------------------------------------------------------------------- ================================================================================ parcimonie.sh-0-0.8.20170704git5aa21ef.fc25 (FEDORA-2017-6e279c8c1c) Refresh your GnuPG keyring over Tor -------------------------------------------------------------------------------- Update Information: Update to latest upstream commit -------------------------------------------------------------------------------- ================================================================================ perl-DateTime-TimeZone-2.13-1.fc25 (FEDORA-2017-3d05b011a9) Time zone object base class and factory -------------------------------------------------------------------------------- Update Information: Updated to the latest version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458072 - perl-DateTime-TimeZone-2.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1458072 -------------------------------------------------------------------------------- ================================================================================ perl-PAR-Packer-1.035-2.fc25 (FEDORA-2017-f2dec97c8a) PAR Packager -------------------------------------------------------------------------------- Update Information: This release fixes displaying Tkpp icon in a desktop menu. -------------------------------------------------------------------------------- ================================================================================ perl-threads-2.16-1.fc25 (FEDORA-2017-fe59b56d77) Perl interpreter-based threads -------------------------------------------------------------------------------- Update Information: This release fixes building with clang and improves tests. We deliver it only to provide up-to-date version string. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458267 - perl-threads-2.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1458267 -------------------------------------------------------------------------------- ================================================================================ perl-threads-shared-1.57-1.fc25 (FEDORA-2017-5e99fe2ca1) Perl extension for sharing data structures between threads -------------------------------------------------------------------------------- Update Information: This release fixes a memory leak and building with clang. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458268 - perl-threads-shared-1.57 is available https://bugzilla.redhat.com/show_bug.cgi?id=1458268 -------------------------------------------------------------------------------- ================================================================================ python-py-1.4.34-1.fc25 (FEDORA-2017-b61583274a) Library with cross-python path, ini-parsing, io, code, log facilities -------------------------------------------------------------------------------- Update Information: #### 1.4.34 ### - fix issue119 / pytest issue708 where tmpdir may fail to make numbered directories when the filesystem is case-insensitive. -------------------------------------------------------------------------------- ================================================================================ qrencode-3.4.4-1.fc25 (FEDORA-2017-09045f42cd) Generate QR 2D barcodes -------------------------------------------------------------------------------- Update Information: Update to new upstream release (3.4.4). This fixes several bugs, and also adds the '--rle' and '--verbose' command-line tool options. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1446937 - update 3.4.4 https://bugzilla.redhat.com/show_bug.cgi?id=1446937 -------------------------------------------------------------------------------- ================================================================================ scorep-3.1-2.fc25 (FEDORA-2017-d4e803de3e) Scalable Performance Measurement Infrastructure for Parallel Codes -------------------------------------------------------------------------------- Update Information: New version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1457285 - scorep-3.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1457285 -------------------------------------------------------------------------------- ================================================================================ switchboard-plug-pantheon-shell-0.2.5-1.20170519.git8f0b853.fc25 (FEDORA-2017-847747ba54) Switchboard Pantheon Shell plug -------------------------------------------------------------------------------- Update Information: Initial package for fedora. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1453005 - Review Request: switchboard-plug-pantheon-shell - Switchboard Pantheon Shell plug https://bugzilla.redhat.com/show_bug.cgi?id=1453005 -------------------------------------------------------------------------------- ================================================================================ the-new-hotness-0.8.1-2.fc25 (FEDORA-2017-ead2373543) Consume Anitya fedmsg messages to file bugzilla bugs -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- ================================================================================ vim-8.0.617-1.fc25 (FEDORA-2017-d052b4c0b0) The VIM editor -------------------------------------------------------------------------------- Update Information: The newest upstream commit. -------------------------------------------------------------------------------- ================================================================================ vocal-2.0.19-1.fc25 (FEDORA-2017-5ce9dfbb54) Powerful, beautiful, and simple podcast client -------------------------------------------------------------------------------- Update Information: Initial package for fedora. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1456244 - Review Request: vocal - Powerful, beautiful, and simple podcast client https://bugzilla.redhat.com/show_bug.cgi?id=1456244 -------------------------------------------------------------------------------- ================================================================================ waf-1.9.12-1.fc25 (FEDORA-2017-367df429d1) A Python-based build system -------------------------------------------------------------------------------- Update Information: #### Waf 1.9.12 #### * Work around config.log encoding issues on windows/Python3.6/console #1974 * Handle spaces in python path detection on windows #1973 * Set a better default path for windows import libraries #1959 * Fix variable propagation for javac targets #1969 * Various cpplint enhancements #1961 #1963 * Various eclipse project generator enhancements #1967 #1968 #1970 * Various C# enhancements #1975 #1976 #1977 * Override resx namespaces #1978 -------------------------------------------------------------------------------- ================================================================================ yank-0.8.3-1.fc25 (FEDORA-2017-fd2add0b8f) Tool for selecting and copying text from stdin without a mouse -------------------------------------------------------------------------------- Update Information: Update to 0.8.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458771 - yank-0.8.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1458771 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
