The following Fedora 24 Security updates need testing: Age URL 168 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08 squid-3.5.23-1.fc24 162 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24 124 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba runc-1.0.0-5.rc2.gitc91b5be.fc24 104 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4b176c1694 redis-3.2.8-1.fc24 60 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8330a48ca2 python-XStatic-jquery-ui-1.12.0.1-1.fc24 32 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7a0e2d58f8 thunderbird-52.1.0-1.fc24 25 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4de07172f4 postgresql-9.5.7-1.fc24 15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1f11501a9f perltidy-20170521-1.fc24 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0a1b2d495a systemd-229-20.fc24 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d39099ea6a webkitgtk4-2.16.3-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f942f19ff4 picocom-2.2-2.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5c55ef46ee yara-3.6.0-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d6d0067f oniguruma-5.9.6-4.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-486a536b62 mosquitto-1.4.12-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7e6f5f6957 poppler-0.41.0-4.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3258a7e433 dolphin-emu-5.0-14.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-eadc5f410e mingw-poppler-0.41.0-2.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ed1c665a3f wget-1.18-2.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-facd994774 sudo-1.8.20p2-1.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-212f07c853 perl-File-Path-2.12-3.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6aff7475b7 ansible-2.3.1.0-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7e0ff7f73a log4j12-1.2.17-19.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d5e7e65f30 mariadb-10.1.24-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-36c7e7ef06 ettercap-0.8.2-4.2.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a3d6e1a7bf libsndfile-1.0.28-2.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fa8a043555 kernel-4.11.3-101.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5f1006afb1 libstaroffice-0.0.3-3.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-62547837ba gajim-0.16.8-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a1f4c48c68 nodejs-brace-expansion-1.1.7-1.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 47 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e1905fd566 koji-1.12.0-2.fc24 32 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7a0e2d58f8 thunderbird-52.1.0-1.fc24 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c54e3353b6 p11-kit-0.23.2-4.fc24 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d39099ea6a webkitgtk4-2.16.3-1.fc24 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0a1b2d495a systemd-229-20.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-dc75cff415 firefox-53.0.3-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-09ed8ebe2c sssd-1.15.2-5.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fabdb3303a testdisk-7.0-9.fc24 ntfs-3g-2017.3.23-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7e6f5f6957 poppler-0.41.0-4.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-212f07c853 perl-File-Path-2.12-3.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-facd994774 sudo-1.8.20p2-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d5e7e65f30 mariadb-10.1.24-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a3d6e1a7bf libsndfile-1.0.28-2.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-41792497d9 vim-8.0.617-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2f817084d3 hwdata-0.301-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fa8a043555 kernel-4.11.3-101.fc24 The following builds have been pushed to Fedora 24 updates-testing deluge-1.3.15-2.fc24 gajim-0.16.8-1.fc24 kernel-4.11.3-101.fc24 libratbag-0.9-1.fc24 libstaroffice-0.0.3-3.fc24 minetest-0.4.16-1.fc24 mozilla-https-everywhere-5.2.18-1.fc24 nodejs-brace-expansion-1.1.7-1.fc24 pacman-5.0.2-1.fc24 php-phpmyadmin-sql-parser-4.1.7-1.fc24 php-phpseclib-2.0.6-1.fc24 relval-2.1.8-1.fc24 translate-shell-0.9.6.4-3.fc24 vrms-rpm-1.2-2.fc24 Details about builds: ================================================================================ deluge-1.3.15-2.fc24 (FEDORA-2017-1fd93ab8db) A GTK+ BitTorrent client with support for DHT, UPnP, and PEX -------------------------------------------------------------------------------- Update Information: Fix http://dev.deluge-torrent.org/ticket/3039 -------------------------------------------------------------------------------- ================================================================================ gajim-0.16.8-1.fc24 (FEDORA-2017-62547837ba) Jabber client written in PyGTK -------------------------------------------------------------------------------- Update Information: Gajim 0.16.8 * Fix rejoining MUCs after connection loss * Fix Groupchat invites * Fix encoding problems with newer GnuPG versions * Fix old messages randomly reappearing in the chat window * Fix some problems with IBB filetransfer * Make XEP-0146 Commands opt-in * Improve sending messages to your own resources * Improve reliability of delivery recipes * Many minor bugfixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1456364 - CVE-2016-10376 gajim: XEP-0146 makes it possible to extract plain-text from OTR sessions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1456364 [ 2 ] Bug #1458616 - gajim-0.16.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1458616 -------------------------------------------------------------------------------- ================================================================================ kernel-4.11.3-101.fc24 (FEDORA-2017-fa8a043555) The Linux kernel -------------------------------------------------------------------------------- Update Information: This is a rebase to the 4.11 series of kernels. It includes all fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1452744 - CVE-2017-9077 kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance https://bugzilla.redhat.com/show_bug.cgi?id=1452744 [ 2 ] Bug #1452688 - CVE-2017-9076 kernel: net: IPv6 DCCP implementation mishandles inheritance https://bugzilla.redhat.com/show_bug.cgi?id=1452688 [ 3 ] Bug #1452691 - CVE-2017-9075 kernel: net: sctp_v6_create_accept_sk function mishandles inheritance https://bugzilla.redhat.com/show_bug.cgi?id=1452691 [ 4 ] Bug #1452679 - CVE-2017-9074 kernel: net: IPv6 fragmentation implementation of nexthdr field may be associated with an invalid option https://bugzilla.redhat.com/show_bug.cgi?id=1452679 [ 5 ] Bug #1450972 - CVE-2017-8890 kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c https://bugzilla.redhat.com/show_bug.cgi?id=1450972 -------------------------------------------------------------------------------- ================================================================================ libratbag-0.9-1.fc24 (FEDORA-2017-fd47f0067e) Programmable input device library -------------------------------------------------------------------------------- Update Information: libratbag v0.9 -------------------------------------------------------------------------------- ================================================================================ libstaroffice-0.0.3-3.fc24 (FEDORA-2017-5f1006afb1) A library for import of binary StarOffice documents -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-9432 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458799 - CVE-2017-9432 libstaroffice: Stack-buffer overflow in the StarWriterStruct::DatabaseName::read https://bugzilla.redhat.com/show_bug.cgi?id=1458799 -------------------------------------------------------------------------------- ================================================================================ minetest-0.4.16-1.fc24 (FEDORA-2017-08df95e543) Multiplayer infinite-world block sandbox with survival mode -------------------------------------------------------------------------------- Update Information: 0.4.16 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1421412 - minetest included font is licensing problem https://bugzilla.redhat.com/show_bug.cgi?id=1421412 [ 2 ] Bug #1458530 - minetest-0.4.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1458530 -------------------------------------------------------------------------------- ================================================================================ mozilla-https-everywhere-5.2.18-1.fc24 (FEDORA-2017-e8e401584d) HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey -------------------------------------------------------------------------------- Update Information: Stop submitting to SSL Observatory when connected to Tor. More ruleset fixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1454510 - mozilla-https-everywhere-5.2.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1454510 -------------------------------------------------------------------------------- ================================================================================ nodejs-brace-expansion-1.1.7-1.fc24 (FEDORA-2017-a1f4c48c68) Brace expansion as known from sh/bash -------------------------------------------------------------------------------- Update Information: Update to upstream 1.1.7 release to remediate DoS issue npm:brace- expansion:20170302 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1448380 - nodejs-brace-expansion: Regular expression denial-of-service https://bugzilla.redhat.com/show_bug.cgi?id=1448380 -------------------------------------------------------------------------------- ================================================================================ pacman-5.0.2-1.fc24 (FEDORA-2017-734e1cda3d) Package manager for the Arch distribution -------------------------------------------------------------------------------- Update Information: Latest update, mostly bugfixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458966 - pacman-5.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1458966 -------------------------------------------------------------------------------- ================================================================================ php-phpmyadmin-sql-parser-4.1.7-1.fc24 (FEDORA-2017-f3990eb1a9) A validating SQL lexer and parser with a focus on MySQL dialect -------------------------------------------------------------------------------- Update Information: **Version 4.1.7** - 2017-06-06 * Fixed setting combination SQL Modes. ---- **Version 4.1.6** - 2017-06-01 * Fixed building query with GROUP BY clause. -------------------------------------------------------------------------------- ================================================================================ php-phpseclib-2.0.6-1.fc24 (FEDORA-2017-2a6173277c) PHP Secure Communications Library -------------------------------------------------------------------------------- Update Information: **Version 2.0.6** - 2017-06-05 - Crypt: fix OpenSSL engine on <= PHP 5.3.6 (#1122) - Random: suppress possible E_DEPRECATED errors - RSA: reset variables if bad key was loaded ---- **Version 2.0.5** - 2017-05-07 - SSH2: don't use timeout value of 0 for fsockopen (#775) - SSH2: make it so disabling PTY closes exec() channel if it's open (#1009) - SSH2: include `<pre>` tags in getLog result when SAPI isn't CLI - SFTP: don't assume current directory when $path parameter for delete is null (#1059) - SFTP: fix put() with php://input as source (#1119) - ASN1: fix UTCTime parsing (#1110) - X509: ignore certificate transparency extension (#1073) - Crypt: OpenSSL apparently supports variable size keys (#1085) -------------------------------------------------------------------------------- ================================================================================ relval-2.1.8-1.fc24 (FEDORA-2017-cbceea5fea) Tool for interacting with Fedora QA wiki pages -------------------------------------------------------------------------------- Update Information: This update provides a new minor relval release. The only change is an update to the target size of the KDE live image (for the `size-check` subcommand) to 2GB, the new target size set by the KDE SIG for Fedora 26. -------------------------------------------------------------------------------- ================================================================================ translate-shell-0.9.6.4-3.fc24 (FEDORA-2017-102b964f46) A command-line online translator -------------------------------------------------------------------------------- Update Information: Initial release for Fedora. -------------------------------------------------------------------------------- ================================================================================ vrms-rpm-1.2-2.fc24 (FEDORA-2017-b845d4ecb4) Report non-free software -------------------------------------------------------------------------------- Update Information: New package - initial build & update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1433749 - Review Request: vrms-rpm - report of installed nonfree software https://bugzilla.redhat.com/show_bug.cgi?id=1433749 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
