The following Fedora 24 Security updates need testing: Age URL 188 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08 squid-3.5.23-1.fc24 182 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24 144 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba runc-1.0.0-5.rc2.gitc91b5be.fc24 80 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8330a48ca2 python-XStatic-jquery-ui-1.12.0.1-1.fc24 20 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5f1006afb1 libstaroffice-0.0.3-3.fc24 20 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a1f4c48c68 nodejs-brace-expansion-1.1.7-1.fc24 17 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e4638a345c tomcat-8.0.44-1.fc24 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bbae64fdc2 libmwaw-0.3.11-3.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bff00a1c35 thunderbird-52.2.0-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b8d76bef4e chromium-native_client-59.0.3071.86-1.20170607gitaac1de2.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4932c9b886 c-ares-1.13.0-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5596f2f94d openvpn-2.3.17-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2cfb239358 libsndfile-1.0.28-3.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3159dd230a drupal8-8.3.4-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b3bdaf58bc xen-4.6.5-7.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e0a9e51dd5 graphite2-1.3.10-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d191fb7fce zabbix-3.0.9-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5f8ebbd2b1 globus-xio-5.16-1.fc24 globus-net-manager-0.17-1.fc24 globus-gass-cache-program-6.7-1.fc24 globus-gass-copy-9.27-1.fc24 globus-gssapi-gsi-12.16-1.fc24 globus-gram-job-manager-14.36-1.fc24 globus-gridftp-server-12.2-1.fc24 globus-io-11.9-1.fc24 globus-xio-gsi-driver-3.11-1.fc24 globus-xio-pipe-driver-3.10-1.fc24 globus-xio-udt-driver-1.27-1.fc24 myproxy-6.1.28-1.fc24 globus-ftp-client-8.35-2.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e8a2017b3c drupal7-7.56-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-299525e757 php-horde-Horde-Image-2.5.1-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6b1f07acd9 flatpak-0.8.7-1.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 67 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e1905fd566 koji-1.12.0-2.fc24 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-07fed9b000 libteam-1.27-1.fc24 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ce8c7053eb audit-2.7.7-1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bff00a1c35 thunderbird-52.2.0-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2cfb239358 libsndfile-1.0.28-3.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e0a9e51dd5 graphite2-1.3.10-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6b1f07acd9 flatpak-0.8.7-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3e62f0d34b perl-5.22.3-371.fc24 The following builds have been pushed to Fedora 24 updates-testing CImg-202-1.fc24 flatpak-0.8.7-1.fc24 golang-github-pelletier-go-buffruneio-0.2.0-0.1.gitc37440a.fc24 golang-github-pelletier-go-toml-1.0.0-0.1.git5ccdfb1.fc24 golang-googlecode-go-exp-0-0.14.gitd00e13e.fc24 htmlcleaner-2.2.1-10.fc24 keepassxc-2.2.0-1.fc24 libtomcrypt-1.17-30.20160123git912eff4.fc24 libtommath-1.0-8.fc24 perl-5.22.3-371.fc24 perl-Parse-ErrorString-Perl-0.26-1.fc24 php-horde-Horde-Image-2.5.1-1.fc24 php-phpunit-PHPUnit-5.7.21-1.fc24 php-theseer-autoload-1.24.1-1.fc24 python-fedimg-0.7.3-2.fc24 python-moksha-hub-1.5.2-1.fc24 spandsp-0.0.6-3.fc24 Details about builds: ================================================================================ CImg-202-1.fc24 (FEDORA-2017-239f39c89d) C++ Template Image Processing Toolkit -------------------------------------------------------------------------------- Update Information: Update CImg to v202, also resolves legal issue with non-free embedded image. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1295246 - CImg contain problematic content https://bugzilla.redhat.com/show_bug.cgi?id=1295246 -------------------------------------------------------------------------------- ================================================================================ flatpak-0.8.7-1.fc24 (FEDORA-2017-6b1f07acd9) Application deployment framework for desktop apps -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-9780 Update to 0.8.7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1465025 - CVE-2017-9780 flatpak: Privilege escalation via setuid/world-writable file permissions https://bugzilla.redhat.com/show_bug.cgi?id=1465025 -------------------------------------------------------------------------------- ================================================================================ golang-github-pelletier-go-buffruneio-0.2.0-0.1.gitc37440a.fc24 (FEDORA-2017-e26cdd5339) Wrapper around bufio to provide buffered runes access with unlimited unreads -------------------------------------------------------------------------------- Update Information: Bump to v0.2.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1464885 - Tracker for golang-github-pelletier-go-buffruneio https://bugzilla.redhat.com/show_bug.cgi?id=1464885 [ 2 ] Bug #1430564 - golang-github-pelletier-go-buffruneio-v0.2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1430564 -------------------------------------------------------------------------------- ================================================================================ golang-github-pelletier-go-toml-1.0.0-0.1.git5ccdfb1.fc24 (FEDORA-2017-d70448df06) Go library for the TOML language -------------------------------------------------------------------------------- Update Information: Bump to v1.0.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1464882 - Tracker for golang-github-pelletier-go-toml https://bugzilla.redhat.com/show_bug.cgi?id=1464882 [ 2 ] Bug #1430562 - golang-github-pelletier-go-toml-v1.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1430562 -------------------------------------------------------------------------------- ================================================================================ golang-googlecode-go-exp-0-0.14.gitd00e13e.fc24 (FEDORA-2017-7781171e4e) Experimental tools and packages for Go -------------------------------------------------------------------------------- Update Information: Remove superfluous dependencies -------------------------------------------------------------------------------- References: [ 1 ] Bug #1456243 - golang-googlecode-go-exp: FTBFS due to missing dependencies on Fedora 26+ https://bugzilla.redhat.com/show_bug.cgi?id=1456243 [ 2 ] Bug #1423669 - golang-googlecode-go-exp: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1423669 -------------------------------------------------------------------------------- ================================================================================ htmlcleaner-2.2.1-10.fc24 (FEDORA-2017-2718bcb905) HTML parser written in Java -------------------------------------------------------------------------------- Update Information: * Fix build on recent Fedora releases -------------------------------------------------------------------------------- References: [ 1 ] Bug #1423721 - htmlcleaner: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1423721 [ 2 ] Bug #1307624 - htmlcleaner: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1307624 -------------------------------------------------------------------------------- ================================================================================ keepassxc-2.2.0-1.fc24 (FEDORA-2017-1c50b11dd4) Cross-platform password manager -------------------------------------------------------------------------------- Update Information: 2.2.0 release. Enabled yubikey support -------------------------------------------------------------------------------- ================================================================================ libtomcrypt-1.17-30.20160123git912eff4.fc24 (FEDORA-2017-7a7e076af8) A comprehensive, portable cryptographic toolkit -------------------------------------------------------------------------------- Update Information: Update release to packaging guidelines format, update URL -------------------------------------------------------------------------------- References: [ 1 ] Bug #1463608 - libtommath + libtomcrypt: Wrong URL in .spec https://bugzilla.redhat.com/show_bug.cgi?id=1463608 [ 2 ] Bug #1463547 - libtommath + libtomcrypt: Wrong URL in .spec https://bugzilla.redhat.com/show_bug.cgi?id=1463547 -------------------------------------------------------------------------------- ================================================================================ libtommath-1.0-8.fc24 (FEDORA-2017-7a7e076af8) A portable number theoretic multiple-precision integer library -------------------------------------------------------------------------------- Update Information: Update release to packaging guidelines format, update URL -------------------------------------------------------------------------------- References: [ 1 ] Bug #1463608 - libtommath + libtomcrypt: Wrong URL in .spec https://bugzilla.redhat.com/show_bug.cgi?id=1463608 [ 2 ] Bug #1463547 - libtommath + libtomcrypt: Wrong URL in .spec https://bugzilla.redhat.com/show_bug.cgi?id=1463547 -------------------------------------------------------------------------------- ================================================================================ perl-5.22.3-371.fc24 (FEDORA-2017-3e62f0d34b) Practical Extraction and Report Language -------------------------------------------------------------------------------- Update Information: This release fixes a memory wrap in sv_vcatpvfn_flags(), a crash when calling a subroutine from a stash, an improper cast of a negative integer to an unsigned 8-bit type, cloning :via handles on a thread creation, glob UTF-8 flag on a glob reassignment, a buffer overflow in my_atof2(), checks for tainted directory in $ENV{PATH} if a backslash escape presents, and handling backslashes in PATH environment variable when executing "perl -S". It also makes File::Glob more resistant against degenerative matching. It also adds "perl-interpreter" RPM dependency symbol to ease reusing spec files from Fedora 27. -------------------------------------------------------------------------------- ================================================================================ perl-Parse-ErrorString-Perl-0.26-1.fc24 (FEDORA-2017-9630795d9d) Module for parsing error messages -------------------------------------------------------------------------------- Update Information: Updated to the latest version ---- This release corrects misspellings in the documentation. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1464674 - perl-Parse-ErrorString-Perl-0.26 is available https://bugzilla.redhat.com/show_bug.cgi?id=1464674 [ 2 ] Bug #1464431 - perl-Parse-ErrorString-Perl-0.24 is available https://bugzilla.redhat.com/show_bug.cgi?id=1464431 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Image-2.5.1-1.fc24 (FEDORA-2017-299525e757) Horde Image API -------------------------------------------------------------------------------- Update Information: **Horde_Image 2.5.1** * [mjr] SECURITY: Fix more potential places for command injections. ---- **Horde_Image 2.5.0** * [mjr] **SECURITY**: Prevent DOS attack by preventing an infinite loop in certain conditions (CVE-2017-9773, reported by Fariskhi Vidyan). * [mjr] **SECURITY**: Prevent RCE attacks by properly sanitizing shell arguments (CVE-2017-9774, reported by Fariskhi Vidyan). * [jan] Add blur effect. -------------------------------------------------------------------------------- ================================================================================ php-phpunit-PHPUnit-5.7.21-1.fc24 (FEDORA-2017-a88e573132) The PHP Unit Testing framework -------------------------------------------------------------------------------- Update Information: **Version 5.7.21** - 2017-06-21 * Added `PHPUnit\Framework\AssertionFailedError`, `PHPUnit\Framework\Test`, and `PHPUnit\Framework\TestSuite` to the forward compatibility layer for PHPUnit 6 * Fixed [#2705](https://github.com/sebastianbergmann/phpunit/issues/2705): `stderr` parameter in `phpunit.xml` always considered `true` ---- **Version 5.7.20** - 2017-05-22 * Fixed [#2563](https://github.com/sebastianbergmann/phpunit/pull/2563): `phpunit --version` does not display version when running unsupported PHP -------------------------------------------------------------------------------- ================================================================================ php-theseer-autoload-1.24.1-1.fc24 (FEDORA-2017-1946b16e86) A tool and library to generate autoload code -------------------------------------------------------------------------------- Update Information: **Release 1.24.1** * Merge PR [#78](https://github.com/theseer/Autoload/pull/78): Restore PHP 5.3 compatibility [Remi] ---- **Release 1.24.0** * [#77](https://github.com/theseer/Autoload/issues/77): Change duplicate detection to collect all rather than exit on first -------------------------------------------------------------------------------- ================================================================================ python-fedimg-0.7.3-2.fc24 (FEDORA-2017-5585f84c07) Automatically upload Fedora Cloud images to cloud providers -------------------------------------------------------------------------------- Update Information: Updates to 0.7.3 ---- Updates to 0.7.2 ---- Updates to 0.7.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1464796 - python-fedimg-0.7.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1464796 [ 2 ] Bug #1463975 - python-fedimg-0.7.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1463975 [ 3 ] Bug #1423753 - Cloud images on AWS account 125523088429 cannot be copied https://bugzilla.redhat.com/show_bug.cgi?id=1423753 [ 4 ] Bug #1459576 - python-fedimg-0.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1459576 -------------------------------------------------------------------------------- ================================================================================ python-moksha-hub-1.5.2-1.fc24 (FEDORA-2017-92cf88cbcb) Hub components for Moksha -------------------------------------------------------------------------------- Update Information: A few more fixes for the STOMP backend (topic header and a fix to ack mode). ---- Small bugfix: https://github.com/mokshaproject/moksha/pull/43 ---- Latest upstream. - One bugfix: https://github.com/mokshaproject/moksha/pull/41 - And one feature: https://github.com/mokshaproject/moksha/pull/42 The feature enables STOMP consumers to switch from 'auto' ack mode to 'client' ack mode. ACKs will be automatically sent to the broker if the consumer does not raise an Exception. Exceptions raised by consumers will result in a NACK. Please test with care. ---- One bugfix for STOMP users, which unescapes headers: https://github.com/mokshaproject/moksha/pull/40 One new feature to properly support users interacting with durable broker queues: https://github.com/mokshaproject/moksha/pull/39 -------------------------------------------------------------------------------- ================================================================================ spandsp-0.0.6-3.fc24 (FEDORA-2017-d3b5188cb0) A DSP library for telephony -------------------------------------------------------------------------------- Update Information: Remove non-free (non-distributable) lena image. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1295194 - spandsp contain problematic content https://bugzilla.redhat.com/show_bug.cgi?id=1295194 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
