The following Fedora 24 Security updates need testing: Age URL 184 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08 squid-3.5.23-1.fc24 177 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24 140 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba runc-1.0.0-5.rc2.gitc91b5be.fc24 76 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8330a48ca2 python-XStatic-jquery-ui-1.12.0.1-1.fc24 15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5f1006afb1 libstaroffice-0.0.3-3.fc24 15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a1f4c48c68 nodejs-brace-expansion-1.1.7-1.fc24 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e4638a345c tomcat-8.0.44-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bbae64fdc2 libmwaw-0.3.11-3.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b154ff2892 mercurial-3.7.3-2.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c2e1dc46a1 chromium-59.0.3071.104-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bff00a1c35 thunderbird-52.2.0-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-87aa9db27f firefox-54.0-2.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b8d76bef4e chromium-native_client-59.0.3071.86-1.20170607gitaac1de2.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4932c9b886 c-ares-1.13.0-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-698daef73c glibc-2.23.1-12.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-37f68e3534 webkitgtk4-2.16.4-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-05f10e29f4 kernel-4.11.6-101.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5596f2f94d openvpn-2.3.17-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2cfb239358 libsndfile-1.0.28-3.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3159dd230a drupal8-8.3.4-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5e34cd1c37 php-horde-Horde-Image-2.5.0-1.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 63 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e1905fd566 koji-1.12.0-2.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-07fed9b000 libteam-1.27-1.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ce8c7053eb audit-2.7.7-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-87aa9db27f firefox-54.0-2.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bff00a1c35 thunderbird-52.2.0-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-698daef73c glibc-2.23.1-12.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2cfb239358 libsndfile-1.0.28-3.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-05f10e29f4 kernel-4.11.6-101.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-37f68e3534 webkitgtk4-2.16.4-1.fc24 The following builds have been pushed to Fedora 24 updates-testing ardour5-5.10.0-1.fc24 autocloud-0.7.1-3.fc24 datagrepper-0.8.0-1.fc24 drupal8-8.3.4-1.fc24 esptool-2.0-1.fc24 golang-github-godbus-dbus-3-0.7.git3725288.fc24 kernel-4.11.6-101.fc24 libsndfile-1.0.28-3.fc24 mint-y-icons-1.0.8-1.fc24 mutt-1.8.3-1.fc24 nautilus-sendto-3.8.5-1.fc24 openvpn-2.3.17-1.fc24 pdc-client-1.2.0-3.fc24 perl-Term-Completion-1.00-9.fc24 php-aws-sdk3-3.30.0-1.fc24 php-horde-Horde-Image-2.5.0-1.fc24 python-argh-0.26.1-5.fc24 python-datanommer-consumer-0.8.0-1.fc24 python-datanommer-models-0.8.0-1.fc24 python-fedimg-0.7.2-1.fc24 sugar-speak-54-1.fc24 webkitgtk4-2.16.4-1.fc24 xorgxrdp-0.2.2-1.fc24 Details about builds: ================================================================================ ardour5-5.10.0-1.fc24 (FEDORA-2017-4a4cee4923) Digital Audio Workstation -------------------------------------------------------------------------------- Update Information: New upstream release. See [Ardour 5.10 released](https://community.ardour.org/node/15114) for details. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1462037 - ardour5-5.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1462037 -------------------------------------------------------------------------------- ================================================================================ autocloud-0.7.1-3.fc24 (FEDORA-2017-78ff1a0d78) A test framework to test Fedora cloud images -------------------------------------------------------------------------------- Update Information: Add python2-fedfind ---- updates to 0.7.1 -------------------------------------------------------------------------------- ================================================================================ datagrepper-0.8.0-1.fc24 (FEDORA-2017-e9e4626f45) A webapp to query fedmsg history -------------------------------------------------------------------------------- Update Information: Latest upstream. Includes improved support for stomp-based backends and some theme/UI improvements. -------------------------------------------------------------------------------- ================================================================================ drupal8-8.3.4-1.fc24 (FEDORA-2017-3159dd230a) An open source content management platform -------------------------------------------------------------------------------- Update Information: * [8.3.4](https://www.drupal.org/project/drupal/releases/8.3.4) * [Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-003](https://www.drupal.org/SA- CORE-2017-003) * [8.3.3](https://www.drupal.org/project/drupal/releases/8.3.3) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1459711 - drupal8-8.3.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1459711 -------------------------------------------------------------------------------- ================================================================================ esptool-2.0-1.fc24 (FEDORA-2017-5b7c3cc0cf) A utility to communicate with the ROM bootloader in Espressif ESP8266 -------------------------------------------------------------------------------- Update Information: New version 2.0 (#1425422) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1425422 - esptool-2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1425422 -------------------------------------------------------------------------------- ================================================================================ golang-github-godbus-dbus-3-0.7.git3725288.fc24 (FEDORA-2017-6a28ad76ff) Go client bindings for D-Bus -------------------------------------------------------------------------------- Update Information: Fix support for s390x -------------------------------------------------------------------------------- References: [ 1 ] Bug #1463511 - update to a newer snapshot to include big endian fix https://bugzilla.redhat.com/show_bug.cgi?id=1463511 -------------------------------------------------------------------------------- ================================================================================ kernel-4.11.6-101.fc24 (FEDORA-2017-05f10e29f4) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 4.11.6 update contains a number of important fixes across the tree, including the recently announced "stack clash" -------------------------------------------------------------------------------- References: [ 1 ] Bug #1461333 - CVE-2017-1000364 kernel: heap/stack gap jumping via unbounded stack allocations https://bugzilla.redhat.com/show_bug.cgi?id=1461333 -------------------------------------------------------------------------------- ================================================================================ libsndfile-1.0.28-3.fc24 (FEDORA-2017-2cfb239358) Library for reading and writing sound files -------------------------------------------------------------------------------- Update Information: fix CVE-2017-6892 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1463326 - CVE-2017-6892 libsndfile: Information disclosure via aiff_read_chanmap() function https://bugzilla.redhat.com/show_bug.cgi?id=1463326 -------------------------------------------------------------------------------- ================================================================================ mint-y-icons-1.0.8-1.fc24 (FEDORA-2017-555de876e0) The Mint-Y icon theme -------------------------------------------------------------------------------- Update Information: * New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1463454 - mint-y-icons-1.0.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1463454 -------------------------------------------------------------------------------- ================================================================================ mutt-1.8.3-1.fc24 (FEDORA-2017-df7bbf49f5) A text mode mail user agent -------------------------------------------------------------------------------- Update Information: update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1457011 - mutt-1.8.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1457011 -------------------------------------------------------------------------------- ================================================================================ nautilus-sendto-3.8.5-1.fc24 (FEDORA-2017-a82f85d3e3) Nautilus context menu for sending files -------------------------------------------------------------------------------- Update Information: * Add AppData to make it show up as a Files extension in Software * Fix crash when fast-content-type is unavailable * Updated translations -------------------------------------------------------------------------------- References: [ 1 ] Bug #1353282 - [abrt] nautilus-sendto: __strcmp_sse2_unaligned(): nautilus-sendto killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1353282 -------------------------------------------------------------------------------- ================================================================================ openvpn-2.3.17-1.fc24 (FEDORA-2017-5596f2f94d) A full-featured SSL VPN solution -------------------------------------------------------------------------------- Update Information: Updates to the latest upstream OpenVPN 2.3.17, containing security updates for CVE-2017-7508, CVE-2017-7520 and CVE-2017-7521. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1463643 - CVE-2017-7508 CVE-2017-7520 CVE-2017-7521 CVE-2017-7522 openvpn: Multiple security issues fixed in OpenVPN 2.4.3 and 2.3.17 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1463643 [ 2 ] Bug #1463647 - openvpn-2.4.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1463647 -------------------------------------------------------------------------------- ================================================================================ pdc-client-1.2.0-3.fc24 (FEDORA-2017-6ed761d387) Console client for interacting with Product Definition Center -------------------------------------------------------------------------------- Update Information: Fix dependencies to pull in packages for correct Python version. -------------------------------------------------------------------------------- ================================================================================ perl-Term-Completion-1.00-9.fc24 (FEDORA-2017-f6fbb679e7) Read one line of user input, with convenience functions -------------------------------------------------------------------------------- Update Information: Fixed handling of spaces and tabs after the end of completed file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458244 - [PATCH] - improve perl-Term-Completion handling of spaces https://bugzilla.redhat.com/show_bug.cgi?id=1458244 -------------------------------------------------------------------------------- ================================================================================ php-aws-sdk3-3.30.0-1.fc24 (FEDORA-2017-09bff36f7b) Amazon Web Services framework for PHP -------------------------------------------------------------------------------- Update Information: ## 3.30.0 - 2017-06-21 * `AwsDAX` - Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement - from milliseconds to microseconds - even at millions of requests per second. DAX does all the heavy lifting required to add in-memory acceleration to your DynamoDB tables, without requiring developers to manage cache invalidation, data population, or cluster management. * `AwsRoute53` - Amazon Route 53 now supports multivalue answers in response to DNS queries, which lets you route traffic approximately randomly to multiple resources, such as web servers. Create one multivalue answer record for each resource and, optionally, associate an Amazon Route 53 health check with each record, and Amazon Route 53 responds to DNS queries with up to eight healthy records. * `AwsSSM` - Adding hierarchy support to the SSM Parameter Store API. Added support tor tagging. New APIs: GetParameter - retrieves one parameter, DeleteParameters - deletes multiple parameters (max number 10), GetParametersByPath - retrieves parameters located in the hierarchy. Updated APIs: PutParameter - added ability to enforce parameter value by applying regex (AllowedPattern), DescribeParameters - modified to support Tag filtering. * `AwsWAF` - You can now create, edit, update, and delete a new type of WAF rule with a rate tracking component. ## 3.29.9 - 2017-06-20 * `AwsWorkDocs` - This release provides a new API to retrieve the activities performed by WorkDocs users. ## 3.29.8 - 2017-06-19 * `AwsOrganizations` - Improvements to Exception Modeling ## 3.29.7 - 2017-06-16 * `AwsBatch` - AWS Batch is now available in the ap-northeast-1 region. * `AwsXRay` - Add a response time histogram to the services in response of GetServiceGraph API. ## 3.29.6 - 2017-06-15 * `AwsEC2` - Adds API to describe Amazon FPGA Images (AFIs) available to customers, which includes public AFIs, private AFIs that you own, and AFIs owned by other AWS accounts for which you have load permissions. * `AwsECS` - Added support for cpu, memory, and memory reservation container overrides on the RunTask and StartTask APIs. * `AwsIoT` - Revert the last release: remove CertificatePem from DescribeCertificate API. * `AwsServiceCatalog` - Added ProvisioningArtifactSummaries to DescribeProductAsAdmin's output to show the provisioning artifacts belong to the product. Allow filtering by SourceProductId in SearchProductsAsAdmin for AWS Marketplace products. Added a verbose option to DescribeProvisioningArtifact to display the CloudFormation template used to create the provisioning artifact.Added DescribeProvisionedProduct API. Changed the type of ProvisionedProduct's Status to be distinct from Record's Status. New ProvisionedProduct's Status are AVAILABLE, UNDER_CHANGE, TAINTED, ERROR. Changed Record's Status set of values to CREATED, IN_PROGRESS, IN_PROGRESS_IN_ERROR, SUCCEEDED, FAILED. ## 3.29.5 - 2017-06-14 * `AwsApplicationAutoScaling` - Application Auto Scaling now supports automatic scaling of read and write throughput capacity for DynamoDB tables and global secondary indexes. * `AwsCloudDirectory` - Documentation update for Cloud Directory ## 3.29.4 - 2017-06-13 * `AwsConfigService` - With this release AWS Config supports the Amazon CloudWatch alarm resource type. ## 3.29.3 - 2017-06-12 * `AwsRDS` - API Update for RDS: this update enables copy-on-write, a new Aurora MySQL Compatible Edition feature that allows users to restore their database, and support copy of TDE enabled snapshot cross region. ## 3.29.2 - 2017-06-09 * `AwsOpsWorks` - Tagging Support for AWS OpsWorks Stacks ## 3.29.1 - 2017-06-08 * `AwsIoT` - In addition to using certificate ID, AWS IoT customers can now obtain the description of a certificate with the certificate PEM. * `AwsPinpoint` - Starting today Amazon Pinpoint adds SMS Text and Email Messaging support in addition to Mobile Push Notifications, providing developers, product managers and marketers with multi-channel messaging capabilities to drive user engagement in their applications. Pinpoint also enables backend services and applications to message users directly and provides advanced user and app analytics to understand user behavior and messaging performance. * `AwsRekognition` - API Update for AmazonRekognition: Adding RecognizeCelebrities API ## 3.29.0 - 2017-06-07 * `AwsCodeBuild` - Add support to APIs for privileged containers. This change would allow performing privileged operations like starting the Docker daemon inside builds possible in custom docker images. * `AwsGreengrass` - AWS Greengrass is software that lets you run local compute, messaging, and device state synchronization for connected devices in a secure way. With AWS Greengrass, connected devices can run AWS Lambda functions, keep device data in sync, and communicate with other devices securely even when not connected to the Internet. Using AWS Lambda, Greengrass ensures your IoT devices can respond quickly to local events, operate with intermittent connections, and minimize the cost of transmitting IoT data to the cloud. ## 3.28.10 - 2017-06-06 * `AwsACM` - Documentation update for AWS Certificate Manager. * `AwsCloudFront` - Doc update to fix incorrect prefix in S3OriginConfig * `AwsIoT` - Update client side validation for SalesForce action. ## 3.28.9 - 2017-06-05 * `AwsAppStream` - AppStream 2.0 Custom Security Groups allows you to easily control what network resources your streaming instances and images have access to. You can assign up to 5 security groups per Fleet to control the inbound and outbound network access to your streaming instances to specific IP ranges, network protocols, or ports. * `AwsAutoScaling` - Autoscaling resource model update. * `AwsIoT` - Added Salesforce action to IoT Rules Engine. ## 3.28.8 - 2017-06-02 * `AwsKinesisAnalytics` - Kinesis Analytics publishes error messages CloudWatch logs in case of application misconfigurations * `AwsWorkDocs` - This release includes new APIs to manage tags and custom metadata on resources and also new APIs to add and retrieve comments at the document level. ## 3.28.7 - 2017-06-01 * `AwsCodeDeploy` - AWS CodeDeploy has improved how it manages connections to GitHub accounts and repositories. You can now create and store up to 25 connections to GitHub accounts in order to associate AWS CodeDeploy applications with GitHub repositories. Each connection can support multiple repositories. You can create connections to up to 25 different GitHub accounts, or create more than one connection to a single account. The ListGitHubAccountTokenNames command has been introduced to retrieve the names of stored connections to GitHub accounts that you have created. The name of the connection to GitHub used for an AWS CodeDeploy application is also included in the ApplicationInfo structure. Two new fields, lastAttemptedDeployment and lastSuccessfulDeployment, have been added to DeploymentGroupInfo to improve the handling of deployment group information in the AWS CodeDeploy console. Information about these latest deployments can also be retrieved using the GetDeploymentGroup and BatchGetDeployment group requests. Also includes a region update (us-gov- west-1). * `AwsCognitoIdentityProvider` - Added support within Amazon Cognito User Pools for 1) a customizable hosted UI for user sign up and sign in and 2) integration of external identity providers. * `AwsElasticLoadBalancingv2` - Update the existing DescribeRules API to support pagination. * `AwsLexModelBuildingService` - Updated documentation and added examples for Amazon Lex Runtime Service. ## 3.28.6 - 2017-05-31 * `AwsRDS` - Amazon RDS customers can now easily and quickly stop and start their DB instances. ## 3.28.5 - 2017-05-30 * `AwsCloudDirectory` - Cloud Directory has launched support for Typed Links, enabling customers to create object-to-object relationships that are not hierarchical in nature. Typed Links enable customers to quickly query for data along these relationships. Customers can also enforce referential integrity using Typed Links, ensuring data in use is not inadvertently deleted. * `AwsS3` - New example snippets for Amazon S3. * `AwsS3` - S3 calls are now done with a host style URL by default. Options for path style on the client and command levels are available as `use_path_style_endpoint` and `@use_path_style_endpoint`, respectively. [More details on the differences between the styles can be found here.](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access- bucket-intro) ## 3.28.4 - 2017-05-25 * `AwsAppStream` - Support added for persistent user storage, backed by S3. * `AwsRekognition` - Updated the CompareFaces API response to include orientation information, unmatched faces, landmarks, pose, and quality of the compared faces. ## 3.28.3 - 2017-05-24 * `AwsIAM` - The unique ID and access key lengths were extended from 32 to 128 * `AwsSTS` - The unique ID and access key lengths were extended from 32 to 128. * `AwsStorageGateway` - Two Storage Gateway data types, Tape and TapeArchive, each have a new response element, TapeUsedInBytes. This element helps you manage your virtual tapes. By using TapeUsedInBytes, you can see the amount of data written to each virtual tape. ## 3.28.2 - 2017-05-23 * `AwsDatabaseMigrationService` - This release adds support for using Amazon S3 and Amazon DynamoDB as targets for database migration, and using MongoDB as a source for database migration. For more information, see the AWS Database Migration Service documentation. ## 3.28.1 - 2017-05-22 * `AwsResourceGroupsTaggingAPI` - You can now specify the number of resources returned per page in GetResources operation, as an optional parameter, to easily manage the list of resources returned by your queries. * `AwsSQS` - MD5 Validation of `MessageAttributes` is now being performed on `ReceiveMessage` calls. SQS uses a custom encoding for generating the hash input, [details on that scheme are available here.](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide /sqs-message-attributes.html#sqs-attrib-md5) ## 3.28.0 - 2017-05-18 * `AwsAthena` - This release adds support for Amazon Athena. Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run. * `AwsLightsail` - This release adds new APIs that make it easier to set network port configurations on Lightsail instances. Developers can now make a single request to both open and close public ports on an instance using the PutInstancePublicPorts operation. ## 3.27.5 - 2017-05-17 * `AwsAutoScaling` - Various Auto Scaling documentation updates * `AwsCloudWatchEvents` - Various CloudWatch Events documentation updates. * `AwsCloudWatchLogs` - Various CloudWatch Logs documentation updates. * `AwsPolly` - Amazon Polly adds new German voice "Vicki" ## 3.27.4 - 2017-05-16 * `AwsCodeDeploy` - This release introduces the previousRevision field in the responses to the GetDeployment and BatchGetDeployments actions. previousRevision provides information about the application revision that was deployed to the deployment group before the most recent successful deployment. Also, the fileExistsBehavior parameter has been added for CreateDeployment action requests. In the past, if the AWS CodeDeploy agent detected files in a target location that weren't part of the application revision from the most recent successful deployment, it would fail the current deployment by default. This new parameter provides options for how the agent handles these files: fail the deployment, retain the content, or overwrite the content. * `AwsGameLift` - Allow developers to specify how metrics are grouped in CloudWatch for their GameLift fleets. Developers can also specify how many concurrent game sessions activate on a per-instance basis. * `AwsInspector` - Adds ability to produce an assessment report that includes detailed and comprehensive results of a specified assessment run. * `AwsKMS` - Update documentation for KMS. ## 3.27.3 - 2017-05-15 * `AwsSSM` - UpdateAssociation API now supports updating document name and targets of an association. GetAutomationExecution API can return FailureDetails as an optional field to the StepExecution Object, which contains failure type, failure stage as well as other failure related information for a failed step. ## 3.27.2 - 2017-05-11 * `AwsElasticLoadBalancing` - Add a new API to allow customers to describe their account limits, such as load balancer limit, target group limit etc. * `AwsElasticLoadBalancingv2` - Add a new API to allow customers to describe their account limits, such as load balancer limit, target group limit etc. * `AwsLexModelBuildingService` - Releasing new DeleteBotVersion, DeleteIntentVersion and DeleteSlotTypeVersion APIs. * `AwsOrganizations` - AWS Organizations APIs that return an Account object now include the email address associated with the account's root user. ## 3.27.1 - 2017-05-09 * `AwsCodeStar` - Updated documentation for AWS CodeStar. * `AwsWorkSpaces` - Doc-only Update for WorkSpaces -------------------------------------------------------------------------------- References: [ 1 ] Bug #1449422 - php-aws-sdk3-3.30.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1449422 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Image-2.5.0-1.fc24 (FEDORA-2017-5e34cd1c37) Horde Image API -------------------------------------------------------------------------------- Update Information: **Horde_Image 2.5.0** * [mjr] **SECURITY**: Prevent DOS attack by preventing an infinite loop in certain conditions (CVE-2017-9773, reported by Fariskhi Vidyan). * [mjr] **SECURITY**: Prevent RCE attacks by properly sanitizing shell arguments (CVE-2017-9774, reported by Fariskhi Vidyan). * [jan] Add blur effect. -------------------------------------------------------------------------------- ================================================================================ python-argh-0.26.1-5.fc24 (FEDORA-2017-c4ae888be4) Unobtrusive argparse wrapper with natural syntax -------------------------------------------------------------------------------- Update Information: * Adapt spec-file to recent guidelines * Initial build for EPEL 7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1181845 - Request for EPEL7 build of python-argh https://bugzilla.redhat.com/show_bug.cgi?id=1181845 -------------------------------------------------------------------------------- ================================================================================ python-datanommer-consumer-0.8.0-1.fc24 (FEDORA-2017-e9e4626f45) Hub consumer plugin for datanommer -------------------------------------------------------------------------------- Update Information: Latest upstream. Includes improved support for stomp-based backends and some theme/UI improvements. -------------------------------------------------------------------------------- ================================================================================ python-datanommer-models-0.8.0-1.fc24 (FEDORA-2017-e9e4626f45) SQLAlchemy models for datanommer -------------------------------------------------------------------------------- Update Information: Latest upstream. Includes improved support for stomp-based backends and some theme/UI improvements. -------------------------------------------------------------------------------- ================================================================================ python-fedimg-0.7.2-1.fc24 (FEDORA-2017-7128106ce2) Automatically upload Fedora Cloud images to cloud providers -------------------------------------------------------------------------------- Update Information: Updates to 0.7.2 ---- Updates to 0.7.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1463975 - python-fedimg-0.7.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1463975 [ 2 ] Bug #1423753 - Cloud images on AWS account 125523088429 cannot be copied https://bugzilla.redhat.com/show_bug.cgi?id=1423753 [ 3 ] Bug #1459576 - python-fedimg-0.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1459576 -------------------------------------------------------------------------------- ================================================================================ sugar-speak-54-1.fc24 (FEDORA-2017-ef95755ffc) Speak for Sugar -------------------------------------------------------------------------------- Update Information: Release version 54 -------------------------------------------------------------------------------- ================================================================================ webkitgtk4-2.16.4-1.fc24 (FEDORA-2017-37f68e3534) GTK+ Web content engine library -------------------------------------------------------------------------------- Update Information: This update addresses the following vulnerabilities: * [CVE-2017-2538](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2538) Additional fixes: * Fix web process deadlock when seeking youtube videos. * Fix blob downloads. * Improve theme rendering performance when using GTK+ >= 3.20. * Fix positioning of popup menus in Wayland. * Fix several crashes and rendering issues. * Fix JavaScriptCore crashes on big-endian architectures -------------------------------------------------------------------------------- ================================================================================ xorgxrdp-0.2.2-1.fc24 (FEDORA-2017-4f1c3d3cc0) Implementation of xrdp backend as Xorg modules -------------------------------------------------------------------------------- Update Information: This version includes: - RemoteFX codec bandwidth optimization when app redraws aggressively - Some cleanups ex. use const pointer, use more suitable variable types -------------------------------------------------------------------------------- References: [ 1 ] Bug #1437053 - xorgxrdp-0.2.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1437053 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
