The following Fedora 24 Security updates need testing: Age URL 197 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08 squid-3.5.23-1.fc24 190 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24 153 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba runc-1.0.0-5.rc2.gitc91b5be.fc24 89 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8330a48ca2 python-XStatic-jquery-ui-1.12.0.1-1.fc24 28 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5f1006afb1 libstaroffice-0.0.3-3.fc24 28 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a1f4c48c68 nodejs-brace-expansion-1.1.7-1.fc24 19 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bbae64fdc2 libmwaw-0.3.11-3.fc24 15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b8d76bef4e chromium-native_client-59.0.3071.86-1.20170607gitaac1de2.fc24 15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4932c9b886 c-ares-1.13.0-1.fc24 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2cfb239358 libsndfile-1.0.28-3.fc24 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e0a9e51dd5 graphite2-1.3.10-1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-37f68e3534 webkitgtk4-2.16.5-1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-299525e757 php-horde-Horde-Image-2.5.1-1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6b1f07acd9 flatpak-0.8.7-1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d26266eb32 libmtp-1.1.13-1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-014d67fa9d libdb-5.3.28-24.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-56cf7067e7 irssi-1.0.3-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cf9599a306 httpd-2.4.26-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-06d7ff5a5d pius-2.2.4-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3b70d0b976 libgcrypt-1.7.8-1.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1206f87545 jetty-9.3.7-3.v20160115.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-001f135337 bind-dyndb-ldap-10.1-2.fc24 bind-9.10.5-2.P2.fc24 dnsperf-2.1.0.0-3.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-749f4c7d2a mosquitto-1.4.13-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-47487b1223 yara-3.6.2-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f6361db8fd jabberd-2.6.1-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fba331bb86 GraphicsMagick-1.3.26-1.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 76 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e1905fd566 koji-1.12.0-2.fc24 21 https://bodhi.fedoraproject.org/updates/FEDORA-2017-07fed9b000 libteam-1.27-1.fc24 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2cfb239358 libsndfile-1.0.28-3.fc24 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e0a9e51dd5 graphite2-1.3.10-1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-014d67fa9d libdb-5.3.28-24.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6b1f07acd9 flatpak-0.8.7-1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3e62f0d34b perl-5.22.3-371.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-37f68e3534 webkitgtk4-2.16.5-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6c2a7b1453 thunderbird-52.2.1-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3b70d0b976 libgcrypt-1.7.8-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8100aed299 rsync-3.1.2-4.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-af79986d5f libsoup-2.54.1-2.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e8cb8fdad5 gsm-1.0.17-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-655837782e json-c-0.12.1-2.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f1cfcaee24 hwdata-0.302-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bc6b0dec8a gnome-keyring-3.20.1-1.fc24 The following builds have been pushed to Fedora 24 updates-testing GraphicsMagick-1.3.26-1.fc24 arm-none-eabi-binutils-cs-2.28-2.fc24 arm-none-eabi-gcc-cs-7.1.0-2.fc24 arm-none-eabi-newlib-2.5.0-1.fc24 cacti-1.1.12-1.fc24 dovecot-2.2.31-2.fc24 globus-ftp-client-8.36-1.fc24 globus-gram-client-13.18-1.fc24 globus-gssapi-gsi-12.17-1.fc24 globus-xio-udt-driver-1.28-1.fc24 gnome-keyring-3.20.1-1.fc24 gnucash-2.6.17-1.fc24 gnucash-docs-2.6.17-1.fc24 golang-github-cznic-zappy-0-0.1.20160723.git2533cb5.fc24 jabberd-2.6.1-1.fc24 libdxflib-3.17.0-2.fc24 magic-8.1.175-1.fc24 nagios-plugins-2.2.1-2git.fc24 php-horde-Horde-Icalendar-2.1.7-1.fc24 php-phpunit-PHPUnit-MockObject-3.4.4-1.fc24 python-astroquery-0.3.6-1.fc24 python-cornice-1.1.0-4.fc24 quota-4.03-5.fc24 rubygem-generator_spec-0.9.4-1.fc24 valgrind-3.11.0-27.fc24 xed-1.4.5-1.fc24 Details about builds: ================================================================================ GraphicsMagick-1.3.26-1.fc24 (FEDORA-2017-fba331bb86) An ImageMagick fork, offering faster image generation and better quality -------------------------------------------------------------------------------- Update Information: New stable upstream release, primarily includes security fixes for CVE-2017-10794, CVE-2017-10799, CVE-2017-10800 See also http://www.graphicsmagick.org/NEWS.html#july-4-2017 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1467378 - CVE-2017-10800 GraphicsMagick: out of memory in ReadMATImage() function https://bugzilla.redhat.com/show_bug.cgi?id=1467378 [ 2 ] Bug #1467372 - CVE-2017-10799 GraphicsMagick: out of memory in ReadDPXImage() function https://bugzilla.redhat.com/show_bug.cgi?id=1467372 [ 3 ] Bug #1467655 - CVE-2017-10794 GraphicsMagick: buffer overflow in QuantumTransferMode https://bugzilla.redhat.com/show_bug.cgi?id=1467655 -------------------------------------------------------------------------------- ================================================================================ arm-none-eabi-binutils-cs-2.28-2.fc24 (FEDORA-2017-6d1d78d865) GNU Binutils for cross-compilation for arm-none-eabi target -------------------------------------------------------------------------------- Update Information: arm-none-eabi updated to gcc 7.1.0 and newlib 2.5.0 -------------------------------------------------------------------------------- ================================================================================ arm-none-eabi-gcc-cs-7.1.0-2.fc24 (FEDORA-2017-6d1d78d865) GNU GCC for cross-compilation for arm-none-eabi target -------------------------------------------------------------------------------- Update Information: arm-none-eabi updated to gcc 7.1.0 and newlib 2.5.0 -------------------------------------------------------------------------------- ================================================================================ arm-none-eabi-newlib-2.5.0-1.fc24 (FEDORA-2017-6d1d78d865) C library intended for use on arm-none-eabi embedded systems -------------------------------------------------------------------------------- Update Information: arm-none-eabi updated to gcc 7.1.0 and newlib 2.5.0 -------------------------------------------------------------------------------- ================================================================================ cacti-1.1.12-1.fc24 (FEDORA-2017-3db2a34403) An rrd based graphing tool -------------------------------------------------------------------------------- Update Information: - Update to 1.1.12 Release notes: https://www.cacti.net/release_notes.php?version=1.1.11 Release notes: https://www.cacti.net/release_notes.php?version=1.1.12 -------------------------------------------------------------------------------- ================================================================================ dovecot-2.2.31-2.fc24 (FEDORA-2017-9f67100715) Secure imap and pop3 server -------------------------------------------------------------------------------- Update Information: fix broken NOTIFY support ---- - dovecot updated to 2.2.31 - Various fixes to handling mailbox listing. Especially related to handling nonexistent autocreated/autosubscribed mailboxes and ACLs. - Global ACL file was parsed as if it was local ACL file. This caused some of the ACL rule interactions to not work exactly as intended. - Using mail_sort_max_read_count may have caused very high CPU usage. - Message address parsing could have crashed on invalid input. - imapc_features=fetch-headers wasn't always working correctly and caused the full header to be fetched. - imapc: Various bugfixes related to connection failure handling. - quota=count: quota_warning = -storage=.. was never executed - quota=count: Add support for "ns" parameter - dsync: Fix incremental syncing for mails that don't have Date or Message-ID headers. - imap: Fix hang when client sends pipelined SEARCH + EXPUNGE/CLOSE/LOGOUT. - oauth2: Token validation didn't accept empty server responses. - imap: NOTIFY command has been almost completely broken since the beginning. - pigeonhole updated to 0.4.19 - Fixed bug in handling of implicit keep in some cases. - include extension: Fixed segfault that (sometimes) occurred when the global script location was left unconfigured. ---- - auth: Multiple failed authentications within short time caused crashes - push-notification: OX driver crashed at deinit ---- - auth: Use timing safe comparisons for everything related to passwords. It's unlikely that these could have been used for practical attacks, especially because Dovecot delays and flushes all failed authentications in 2 second intervals. Also it could have worked only when passwords were stored in plaintext in the passdb. - master process sends SIGQUIT to all running children at shutdown, which instructs them to close all the socket listeners immediately. This way restarting Dovecot should no longer fail due to some processes keeping the listeners open for a long time. - auth: Add passdb { mechanisms=none } to match separate passdb lookup - auth: Add passdb { username_filter } to use passdb only if user matches the filter. See https://wiki2.dovecot.org/PasswordDatabase - dsync: Add dsync_commit_msgs_interval setting. It attempts to commit the transaction after saving this many new messages. Because of the way dsync works, it may not always be possible if mails are copied or UIDs need to change. - imapc: Support imapc_features=search without ESEARCH extension. - imapc: Add imapc_features=fetch-bodystructure to pass through remote server's FETCH BODY and BODYSTRUCTURE. - imapc: Add quota=imapc backend to use GETQUOTA/GETQUOTAROOT on the remote server. - passdb imap: Add allow_invalid_cert and ssl_ca_file parameters. - If dovecot.index.cache corruption is detected, reset only the one corrupted mail instead of the whole file. - doveadm mailbox status: Add "firstsaved" field. - director_flush_socket: Add old host's up/down and vhost count as parameters - More fixes to automatically fix corruption in dovecot.list.index - dsync-server: Fix support for dsync_features=empty-header- workaround - imapc: Various bugfixes, including infinite loops on some errors - IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't enabled modseq tracking via CONDSTORE/QRESYNC. - fts-lucene: Fix it to work again with mbox format - Some internal error messages may have contained garbage in v2.2.29 - mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys are used. Otherwise the copied mails can't be opened. -------------------------------------------------------------------------------- ================================================================================ globus-ftp-client-8.36-1.fc24 (FEDORA-2017-4a2d3d6c9c) Globus Toolkit - GridFTP Client Library -------------------------------------------------------------------------------- Update Information: Upstream updates with accepted Fedora patches (globus-ftp-client, globus-xio- udt-driver). Test fixes (globus-gssapi-gsi, globus-gram-client). -------------------------------------------------------------------------------- ================================================================================ globus-gram-client-13.18-1.fc24 (FEDORA-2017-4a2d3d6c9c) Globus Toolkit - GRAM Client Library -------------------------------------------------------------------------------- Update Information: Upstream updates with accepted Fedora patches (globus-ftp-client, globus-xio- udt-driver). Test fixes (globus-gssapi-gsi, globus-gram-client). -------------------------------------------------------------------------------- ================================================================================ globus-gssapi-gsi-12.17-1.fc24 (FEDORA-2017-4a2d3d6c9c) Globus Toolkit - GSSAPI library -------------------------------------------------------------------------------- Update Information: Upstream updates with accepted Fedora patches (globus-ftp-client, globus-xio- udt-driver). Test fixes (globus-gssapi-gsi, globus-gram-client). -------------------------------------------------------------------------------- ================================================================================ globus-xio-udt-driver-1.28-1.fc24 (FEDORA-2017-4a2d3d6c9c) Globus Toolkit - Globus XIO UDT Driver -------------------------------------------------------------------------------- Update Information: Upstream updates with accepted Fedora patches (globus-ftp-client, globus-xio- udt-driver). Test fixes (globus-gssapi-gsi, globus-gram-client). -------------------------------------------------------------------------------- ================================================================================ gnome-keyring-3.20.1-1.fc24 (FEDORA-2017-bc6b0dec8a) Framework for managing passwords and other secrets -------------------------------------------------------------------------------- Update Information: * Fix boolean logic error in ssh-agent * Pass the correct argc to gkr_pam_client_run_operation [#766222] * Look for both dlopen and dlsym when configuring [#766221] * Fix .so link in gnome-keyring-3 man page [#767095] * Die if the XDG session we were started under goes away [#768943] * Shorten unlock keyring dialog title [#770170] * Updated translations -------------------------------------------------------------------------------- ================================================================================ gnucash-2.6.17-1.fc24 (FEDORA-2017-3385b24169) Finance management application -------------------------------------------------------------------------------- Update Information: This updates GnuCash to the latest upstream bugfix release. For more information on changes in this release, see the upstream release notes at: https://gnucash.org/#n-170702-2.6.17.news -------------------------------------------------------------------------------- References: [ 1 ] Bug #1467327 - gnucash-2.6.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1467327 -------------------------------------------------------------------------------- ================================================================================ gnucash-docs-2.6.17-1.fc24 (FEDORA-2017-3385b24169) Help files and documentation for the GnuCash personal finance manager -------------------------------------------------------------------------------- Update Information: This updates GnuCash to the latest upstream bugfix release. For more information on changes in this release, see the upstream release notes at: https://gnucash.org/#n-170702-2.6.17.news -------------------------------------------------------------------------------- References: [ 1 ] Bug #1467327 - gnucash-2.6.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1467327 -------------------------------------------------------------------------------- ================================================================================ golang-github-cznic-zappy-0-0.1.20160723.git2533cb5.fc24 (FEDORA-2017-0688e785f5) Block-based compression format implementation in Go -------------------------------------------------------------------------------- Update Information: Initial package for fedora. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1431743 - Review Request: golang-github-cznic-zappy - Block-based compression format implementation in Go https://bugzilla.redhat.com/show_bug.cgi?id=1431743 -------------------------------------------------------------------------------- ================================================================================ jabberd-2.6.1-1.fc24 (FEDORA-2017-f6361db8fd) OpenSource server implementation of the Jabber protocols -------------------------------------------------------------------------------- Update Information: updated to 2.6.1 (security bugfix release) -------------------------------------------------------------------------------- ================================================================================ libdxflib-3.17.0-2.fc24 (FEDORA-2017-b692c4e5e1) A C++ library for reading and writing DXF files -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1457949 - Review Request: libdxflib - A C++ library for reading and writing DXF files https://bugzilla.redhat.com/show_bug.cgi?id=1457949 -------------------------------------------------------------------------------- ================================================================================ magic-8.1.175-1.fc24 (FEDORA-2017-db32341628) A very capable VLSI layout tool -------------------------------------------------------------------------------- Update Information: New version 8.1.175 is released. -------------------------------------------------------------------------------- ================================================================================ nagios-plugins-2.2.1-2git.fc24 (FEDORA-2017-15c68fac06) Host/service/network monitoring program plugins for Nagios -------------------------------------------------------------------------------- Update Information: Update to git for 20170703 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Icalendar-2.1.7-1.fc24 (FEDORA-2017-f5ffdf3eff) iCalendar API -------------------------------------------------------------------------------- Update Information: **Horde_Icalendar 2.1.7** * [jan] Fix unescaping of commas in ADR, N, and ORG attributes. -------------------------------------------------------------------------------- ================================================================================ php-phpunit-PHPUnit-MockObject-3.4.4-1.fc24 (FEDORA-2017-abdb177bad) Mock Object library for PHPUnit -------------------------------------------------------------------------------- Update Information: >From git history: **Version 3.4.4** * Generate mock's class name using mt_rand() instead of microtime() -------------------------------------------------------------------------------- ================================================================================ python-astroquery-0.3.6-1.fc24 (FEDORA-2017-56f4d5f804) Python module to access astronomical online data resources -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1467325 - python-astroquery-0.3.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1467325 -------------------------------------------------------------------------------- ================================================================================ python-cornice-1.1.0-4.fc24 (FEDORA-2017-b5c9de2b63) Define Web Services in Pyramid -------------------------------------------------------------------------------- Update Information: Provide and require python2- subpackages. -------------------------------------------------------------------------------- ================================================================================ quota-4.03-5.fc24 (FEDORA-2017-eab69a7c26) System administration tools for monitoring users' disk usage -------------------------------------------------------------------------------- Update Information: This release fixes a race between checking for and opening a directory to be scanned and an undefined behavior on parsing yes-no answers. It also adds checks for setuid and setgid calls failure in edquota tool, failures when reading edquota input, and failures when duplicating a file handle. -------------------------------------------------------------------------------- ================================================================================ rubygem-generator_spec-0.9.4-1.fc24 (FEDORA-2017-951496f865) Test Rails generators with RSpec -------------------------------------------------------------------------------- Update Information: update to 0.9.4 -------------------------------------------------------------------------------- ================================================================================ valgrind-3.11.0-27.fc24 (FEDORA-2017-1320773bc5) Tool for finding memory management bugs in programs -------------------------------------------------------------------------------- Update Information: Fix arm32 ld.so index issue after glibc security hardening. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1466017 - valgrind reports errors for all applications linked with ld-2.25.so on ARM https://bugzilla.redhat.com/show_bug.cgi?id=1466017 -------------------------------------------------------------------------------- ================================================================================ xed-1.4.5-1.fc24 (FEDORA-2017-e1b9dc2fe0) X-Apps [Text] Editor (Cross-DE, backward-compatible, GTK3, traditional UI) -------------------------------------------------------------------------------- Update Information: * New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1467641 - xed-1.4.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1467641 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
