The following Fedora 25 Security updates need testing: Age URL 190 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 89 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e python-XStatic-jquery-ui-1.12.0.1-4.fc25 33 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7dbbbafea6 runc-1.0.0-7.git6394544.fc25.2 28 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ec3c82e64d libstaroffice-0.0.3-3.fc25 28 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d7498559f nodejs-brace-expansion-1.1.7-1.fc25 19 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bcfa3569d6 libmwaw-0.3.11-3.fc25 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-708adeb9b6 libsndfile-1.0.28-3.fc25 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c3149b5fcb xen-4.7.2-7.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-372bb1edb3 libdb-5.3.28-24.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-75c571778e irssi-1.0.3-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-620085cede httpd-2.4.26-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-03954b6dc4 jetty-test-helper-3.1-3.fc25 jetty-alpn-8.1.11-2.v20170118.fc25 jetty-9.4.6-1.v20170531.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d3bc944153 pius-2.2.4-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-58cde32413 qt5-qtwebengine-5.9.0-4.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-79886ea453 mosquitto-1.4.13-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e5a34f1211 qt5-qtwebkit-5.212.0-0.4.alpha2.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-167cfa7b09 dhcp-4.3.5-3.fc25 bind99-9.9.10-1.P2.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fa52efdf32 yara-3.6.2-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9dd1004ad8 jabberd-2.6.1-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-486371ff24 perl-DBD-MySQL-4.043-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1ca18683e4 openldap-2.4.44-11.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3ac2e9b354 GraphicsMagick-1.3.26-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b674dc22ad php-7.0.21-1.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 33 https://bodhi.fedoraproject.org/updates/FEDORA-2017-613a72e282 lorax-25.22-1.fc25 16 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bd92718a5a pungi-4.1.16-3.fc25 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-708adeb9b6 libsndfile-1.0.28-3.fc25 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c3149b5fcb xen-4.7.2-7.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d90aa59a73 libguestfs-1.36.5-1.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0187b2a605 selinux-policy-3.13.1-225.19.fc25 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-80862de14e perl-Scalar-List-Utils-1.48-1.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-372bb1edb3 libdb-5.3.28-24.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-118505dd77 libsoup-2.56.0-3.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-caf28c1846 flatpak-0.9.7-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-167cfa7b09 dhcp-4.3.5-3.fc25 bind99-9.9.10-1.P2.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-26a4445e73 hwdata-0.302-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a90ed7e59d libtirpc-1.0.2-0.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1d2652d711 gnome-keyring-3.20.1-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b2b083d48d tracker-1.10.5-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d6039b8a9d fwupd-0.9.5-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1ca18683e4 openldap-2.4.44-11.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7cd9e81996 quota-4.03-8.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-dc8f6057d2 gnutls-3.5.14-1.fc25 The following builds have been pushed to Fedora 25 updates-testing GraphicsMagick-1.3.26-1.fc25 MUMPS-5.1.1-2.fc25 appcenter-0.2.4-1.fc25 arm-none-eabi-binutils-cs-2.28-2.fc25 arm-none-eabi-gcc-cs-7.1.0-2.fc25 arm-none-eabi-newlib-2.5.0-1.fc25 cacti-1.1.12-1.fc25 coin-or-Bonmin-1.8.4-7.fc25 coin-or-Couenne-0.5.6-7.fc25 coin-or-Ipopt-3.12.8-2.fc25 dovecot-2.2.31-2.fc25 doxygen-1.8.13-9.fc25 fwupd-0.9.5-1.fc25 globus-ftp-client-8.36-1.fc25 globus-gram-client-13.18-1.fc25 globus-gssapi-gsi-12.17-1.fc25 globus-xio-udt-driver-1.28-1.fc25 gnome-keyring-3.20.1-1.fc25 gnucash-2.6.17-1.fc25 gnucash-docs-2.6.17-1.fc25 gnutls-3.5.14-1.fc25 golang-github-cznic-zappy-0-0.1.20160723.git2533cb5.fc25 jabberd-2.6.1-1.fc25 libdxflib-3.17.0-2.fc25 libtirpc-1.0.2-0.fc25 lollypop-0.9.242-1.fc25 magic-8.1.175-1.fc25 mate-control-center-1.18.2-2.fc25 mate-desktop-1.18.0-2.fc25 metamath-0.146-1.fc25 nagios-plugins-2.2.1-2git.fc25 openldap-2.4.44-11.fc25 perl-DBD-MySQL-4.043-1.fc25 php-7.0.21-1.fc25 php-horde-Horde-Icalendar-2.1.7-1.fc25 php-phpunit-PHPUnit-MockObject-3.4.4-1.fc25 python-astroquery-0.3.6-1.fc25 python-cornice-1.1.0-6.fc25 python-vulture-0.14-3.fc25 quota-4.03-8.fc25 rubygem-generator_spec-0.9.4-1.fc25 tracker-1.10.5-2.fc25 trustedqsl-2.3.1-1.fc25 valgrind-3.12.0-9.fc25 xed-1.4.5-1.fc25 Details about builds: ================================================================================ GraphicsMagick-1.3.26-1.fc25 (FEDORA-2017-3ac2e9b354) An ImageMagick fork, offering faster image generation and better quality -------------------------------------------------------------------------------- Update Information: New stable upstream release, primarily includes security fixes for CVE-2017-10794, CVE-2017-10799, CVE-2017-10800 See also http://www.graphicsmagick.org/NEWS.html#july-4-2017 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1467378 - CVE-2017-10800 GraphicsMagick: out of memory in ReadMATImage() function https://bugzilla.redhat.com/show_bug.cgi?id=1467378 [ 2 ] Bug #1467372 - CVE-2017-10799 GraphicsMagick: out of memory in ReadDPXImage() function https://bugzilla.redhat.com/show_bug.cgi?id=1467372 [ 3 ] Bug #1467655 - CVE-2017-10794 GraphicsMagick: buffer overflow in QuantumTransferMode https://bugzilla.redhat.com/show_bug.cgi?id=1467655 -------------------------------------------------------------------------------- ================================================================================ MUMPS-5.1.1-2.fc25 (FEDORA-2017-c0e9637b10) A MUltifrontal Massively Parallel sparse direct Solver -------------------------------------------------------------------------------- Update Information: - Update MUMPS and Ipopt to newer versions -------------------------------------------------------------------------------- References: [ 1 ] Bug #1461038 - coin-or-Ipopt-3.12.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1461038 -------------------------------------------------------------------------------- ================================================================================ appcenter-0.2.4-1.fc25 (FEDORA-2017-cf7081927b) Software Center for the Pantheon desktop -------------------------------------------------------------------------------- Update Information: Update to version 0.2.4. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1467630 - appcenter-0.2.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1467630 -------------------------------------------------------------------------------- ================================================================================ arm-none-eabi-binutils-cs-2.28-2.fc25 (FEDORA-2017-0654bcc15d) GNU Binutils for cross-compilation for arm-none-eabi target -------------------------------------------------------------------------------- Update Information: arm-none-eabi updated to gcc 7.1.0 and newlib 2.5.0 -------------------------------------------------------------------------------- ================================================================================ arm-none-eabi-gcc-cs-7.1.0-2.fc25 (FEDORA-2017-0654bcc15d) GNU GCC for cross-compilation for arm-none-eabi target -------------------------------------------------------------------------------- Update Information: arm-none-eabi updated to gcc 7.1.0 and newlib 2.5.0 -------------------------------------------------------------------------------- ================================================================================ arm-none-eabi-newlib-2.5.0-1.fc25 (FEDORA-2017-0654bcc15d) C library intended for use on arm-none-eabi embedded systems -------------------------------------------------------------------------------- Update Information: arm-none-eabi updated to gcc 7.1.0 and newlib 2.5.0 -------------------------------------------------------------------------------- ================================================================================ cacti-1.1.12-1.fc25 (FEDORA-2017-f8e32f160e) An rrd based graphing tool -------------------------------------------------------------------------------- Update Information: - Update to 1.1.12 Release notes: https://www.cacti.net/release_notes.php?version=1.1.11 Release notes: https://www.cacti.net/release_notes.php?version=1.1.12 -------------------------------------------------------------------------------- ================================================================================ coin-or-Bonmin-1.8.4-7.fc25 (FEDORA-2017-c0e9637b10) Basic Open-source Nonlinear Mixed INteger programming -------------------------------------------------------------------------------- Update Information: - Update MUMPS and Ipopt to newer versions -------------------------------------------------------------------------------- References: [ 1 ] Bug #1461038 - coin-or-Ipopt-3.12.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1461038 -------------------------------------------------------------------------------- ================================================================================ coin-or-Couenne-0.5.6-7.fc25 (FEDORA-2017-c0e9637b10) An exact solver for nonconvex MINLPs -------------------------------------------------------------------------------- Update Information: - Update MUMPS and Ipopt to newer versions -------------------------------------------------------------------------------- References: [ 1 ] Bug #1461038 - coin-or-Ipopt-3.12.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1461038 -------------------------------------------------------------------------------- ================================================================================ coin-or-Ipopt-3.12.8-2.fc25 (FEDORA-2017-c0e9637b10) Interior Point OPTimizer -------------------------------------------------------------------------------- Update Information: - Update MUMPS and Ipopt to newer versions -------------------------------------------------------------------------------- References: [ 1 ] Bug #1461038 - coin-or-Ipopt-3.12.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1461038 -------------------------------------------------------------------------------- ================================================================================ dovecot-2.2.31-2.fc25 (FEDORA-2017-698f4bc98e) Secure imap and pop3 server -------------------------------------------------------------------------------- Update Information: fix broken NOTIFY support ---- - dovecot updated to 2.2.31 - Various fixes to handling mailbox listing. Especially related to handling nonexistent autocreated/autosubscribed mailboxes and ACLs. - Global ACL file was parsed as if it was local ACL file. This caused some of the ACL rule interactions to not work exactly as intended. - Using mail_sort_max_read_count may have caused very high CPU usage. - Message address parsing could have crashed on invalid input. - imapc_features=fetch-headers wasn't always working correctly and caused the full header to be fetched. - imapc: Various bugfixes related to connection failure handling. - quota=count: quota_warning = -storage=.. was never executed - quota=count: Add support for "ns" parameter - dsync: Fix incremental syncing for mails that don't have Date or Message-ID headers. - imap: Fix hang when client sends pipelined SEARCH + EXPUNGE/CLOSE/LOGOUT. - oauth2: Token validation didn't accept empty server responses. - imap: NOTIFY command has been almost completely broken since the beginning. - pigeonhole updated to 0.4.19 - Fixed bug in handling of implicit keep in some cases. - include extension: Fixed segfault that (sometimes) occurred when the global script location was left unconfigured. ---- - auth: Multiple failed authentications within short time caused crashes - push-notification: OX driver crashed at deinit ---- - auth: Use timing safe comparisons for everything related to passwords. It's unlikely that these could have been used for practical attacks, especially because Dovecot delays and flushes all failed authentications in 2 second intervals. Also it could have worked only when passwords were stored in plaintext in the passdb. - master process sends SIGQUIT to all running children at shutdown, which instructs them to close all the socket listeners immediately. This way restarting Dovecot should no longer fail due to some processes keeping the listeners open for a long time. - auth: Add passdb { mechanisms=none } to match separate passdb lookup - auth: Add passdb { username_filter } to use passdb only if user matches the filter. See https://wiki2.dovecot.org/PasswordDatabase - dsync: Add dsync_commit_msgs_interval setting. It attempts to commit the transaction after saving this many new messages. Because of the way dsync works, it may not always be possible if mails are copied or UIDs need to change. - imapc: Support imapc_features=search without ESEARCH extension. - imapc: Add imapc_features=fetch-bodystructure to pass through remote server's FETCH BODY and BODYSTRUCTURE. - imapc: Add quota=imapc backend to use GETQUOTA/GETQUOTAROOT on the remote server. - passdb imap: Add allow_invalid_cert and ssl_ca_file parameters. - If dovecot.index.cache corruption is detected, reset only the one corrupted mail instead of the whole file. - doveadm mailbox status: Add "firstsaved" field. - director_flush_socket: Add old host's up/down and vhost count as parameters - More fixes to automatically fix corruption in dovecot.list.index - dsync-server: Fix support for dsync_features=empty-header- workaround - imapc: Various bugfixes, including infinite loops on some errors - IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't enabled modseq tracking via CONDSTORE/QRESYNC. - fts-lucene: Fix it to work again with mbox format - Some internal error messages may have contained garbage in v2.2.29 - mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys are used. Otherwise the copied mails can't be opened. -------------------------------------------------------------------------------- ================================================================================ doxygen-1.8.13-9.fc25 (FEDORA-2017-112e3cc3db) A documentation system for C/C++ -------------------------------------------------------------------------------- Update Information: - backport to fix C# property initializer parsing - backport to fix non reachable links and redirected links in documentation -------------------------------------------------------------------------------- ================================================================================ fwupd-0.9.5-1.fc25 (FEDORA-2017-d6039b8a9d) Firmware update daemon -------------------------------------------------------------------------------- Update Information: New upstream release - Add a plugin to get the version of the AMT ME interface - Allow flashing Unifying devices in bootloader modes - Filter by Unifying SwId when making HID++2.0 requests - Fix downgrades when version_lowest is set - Fix the self tests when running on PPC64 big endian - Use the UFY DeviceID prefix for Unifying devices -------------------------------------------------------------------------------- ================================================================================ globus-ftp-client-8.36-1.fc25 (FEDORA-2017-f3259362d4) Globus Toolkit - GridFTP Client Library -------------------------------------------------------------------------------- Update Information: Upstream updates with accepted Fedora patches (globus-ftp-client, globus-xio- udt-driver). Test fixes (globus-gssapi-gsi, globus-gram-client). -------------------------------------------------------------------------------- ================================================================================ globus-gram-client-13.18-1.fc25 (FEDORA-2017-f3259362d4) Globus Toolkit - GRAM Client Library -------------------------------------------------------------------------------- Update Information: Upstream updates with accepted Fedora patches (globus-ftp-client, globus-xio- udt-driver). Test fixes (globus-gssapi-gsi, globus-gram-client). -------------------------------------------------------------------------------- ================================================================================ globus-gssapi-gsi-12.17-1.fc25 (FEDORA-2017-f3259362d4) Globus Toolkit - GSSAPI library -------------------------------------------------------------------------------- Update Information: Upstream updates with accepted Fedora patches (globus-ftp-client, globus-xio- udt-driver). Test fixes (globus-gssapi-gsi, globus-gram-client). -------------------------------------------------------------------------------- ================================================================================ globus-xio-udt-driver-1.28-1.fc25 (FEDORA-2017-f3259362d4) Globus Toolkit - Globus XIO UDT Driver -------------------------------------------------------------------------------- Update Information: Upstream updates with accepted Fedora patches (globus-ftp-client, globus-xio- udt-driver). Test fixes (globus-gssapi-gsi, globus-gram-client). -------------------------------------------------------------------------------- ================================================================================ gnome-keyring-3.20.1-1.fc25 (FEDORA-2017-1d2652d711) Framework for managing passwords and other secrets -------------------------------------------------------------------------------- Update Information: * Fix boolean logic error in ssh-agent * Pass the correct argc to gkr_pam_client_run_operation [#766222] * Look for both dlopen and dlsym when configuring [#766221] * Fix .so link in gnome-keyring-3 man page [#767095] * Die if the XDG session we were started under goes away [#768943] * Shorten unlock keyring dialog title [#770170] * Updated translations -------------------------------------------------------------------------------- ================================================================================ gnucash-2.6.17-1.fc25 (FEDORA-2017-76bb250f69) Finance management application -------------------------------------------------------------------------------- Update Information: This updates GnuCash to the latest upstream bugfix release. For more information on changes in this release, see the upstream release notes at: https://gnucash.org/#n-170702-2.6.17.news -------------------------------------------------------------------------------- References: [ 1 ] Bug #1467327 - gnucash-2.6.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1467327 -------------------------------------------------------------------------------- ================================================================================ gnucash-docs-2.6.17-1.fc25 (FEDORA-2017-76bb250f69) Help files and documentation for the GnuCash personal finance manager -------------------------------------------------------------------------------- Update Information: This updates GnuCash to the latest upstream bugfix release. For more information on changes in this release, see the upstream release notes at: https://gnucash.org/#n-170702-2.6.17.news -------------------------------------------------------------------------------- References: [ 1 ] Bug #1467327 - gnucash-2.6.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1467327 -------------------------------------------------------------------------------- ================================================================================ gnutls-3.5.14-1.fc25 (FEDORA-2017-dc8f6057d2) A TLS protocol implementation -------------------------------------------------------------------------------- Update Information: - Update to upstream 3.5.14 release -------------------------------------------------------------------------------- ================================================================================ golang-github-cznic-zappy-0-0.1.20160723.git2533cb5.fc25 (FEDORA-2017-c0cf3a18e9) Block-based compression format implementation in Go -------------------------------------------------------------------------------- Update Information: Initial package for fedora. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1431743 - Review Request: golang-github-cznic-zappy - Block-based compression format implementation in Go https://bugzilla.redhat.com/show_bug.cgi?id=1431743 -------------------------------------------------------------------------------- ================================================================================ jabberd-2.6.1-1.fc25 (FEDORA-2017-9dd1004ad8) OpenSource server implementation of the Jabber protocols -------------------------------------------------------------------------------- Update Information: updated to 2.6.1 (security bugfix release) -------------------------------------------------------------------------------- ================================================================================ libdxflib-3.17.0-2.fc25 (FEDORA-2017-96b836bb86) A C++ library for reading and writing DXF files -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1457949 - Review Request: libdxflib - A C++ library for reading and writing DXF files https://bugzilla.redhat.com/show_bug.cgi?id=1457949 -------------------------------------------------------------------------------- ================================================================================ libtirpc-1.0.2-0.fc25 (FEDORA-2017-a90ed7e59d) Transport Independent RPC Library -------------------------------------------------------------------------------- Update Information: Updated to the latest upstream release: 1.0.2 -------------------------------------------------------------------------------- ================================================================================ lollypop-0.9.242-1.fc25 (FEDORA-2017-b6fc261b96) Music player for GNOME -------------------------------------------------------------------------------- Update Information: Update to 0.9.242-1 -------------------------------------------------------------------------------- ================================================================================ magic-8.1.175-1.fc25 (FEDORA-2017-9fe7524fcb) A very capable VLSI layout tool -------------------------------------------------------------------------------- Update Information: New version 8.1.175 is released. -------------------------------------------------------------------------------- ================================================================================ mate-control-center-1.18.2-2.fc25 (FEDORA-2017-0a2df5b815) MATE Desktop control-center -------------------------------------------------------------------------------- Update Information: - use https://github.com/mate-desktop/mate-control-center/pull/289 - warn about enabling multi-finger emulation, libinput may disables - software buttons when clickfinger is enabled. -------------------------------------------------------------------------------- ================================================================================ mate-desktop-1.18.0-2.fc25 (FEDORA-2017-8e68ed1af5) Shared code for mate-panel, mate-session, mate-file-manager, etc -------------------------------------------------------------------------------- Update Information: - update gsetting override file for touchpad settings with libinput - disable SNI-Support for na-tray applets in override file -------------------------------------------------------------------------------- ================================================================================ metamath-0.146-1.fc25 (FEDORA-2017-da06f04bec) Construct mathematics from basic axioms -------------------------------------------------------------------------------- Update Information: Changes in version 0.145: - fix bug 1741 during MINIMIZE_WITH - make duplicate bug numbers unique - adjust to prevent lcc compiler "Function too big for the optimizer" - take out extraneous <HTML>...</HTML> markup tags in HTML output so w3c validator will pass Changes in version 0.146: - fix handling of local labels in 'show proof.../tex' (bug 2341 reported by Eric Parfitt) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1462574 - metamath-0.145 is available https://bugzilla.redhat.com/show_bug.cgi?id=1462574 [ 2 ] Bug #1467070 - metamath-0.146 is available https://bugzilla.redhat.com/show_bug.cgi?id=1467070 -------------------------------------------------------------------------------- ================================================================================ nagios-plugins-2.2.1-2git.fc25 (FEDORA-2017-2a1f3cf59d) Host/service/network monitoring program plugins for Nagios -------------------------------------------------------------------------------- Update Information: Update to git for 20170703 -------------------------------------------------------------------------------- ================================================================================ openldap-2.4.44-11.fc25 (FEDORA-2017-1ca18683e4) LDAP support libraries -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-9287 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1456712 - CVE-2017-9287 openldap: Double free vulnerability in servers/slapd/back-mdb/search.c https://bugzilla.redhat.com/show_bug.cgi?id=1456712 -------------------------------------------------------------------------------- ================================================================================ perl-DBD-MySQL-4.043-1.fc25 (FEDORA-2017-486371ff24) A MySQL interface for Perl -------------------------------------------------------------------------------- Update Information: Updated to the latest version; Security fix for CVE-2017-10788 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1467600 - CVE-2017-10788 perl-DBD-MySQL: Use-after-free when calling mysql_stmt_error() after mysql_stmt_close() https://bugzilla.redhat.com/show_bug.cgi?id=1467600 -------------------------------------------------------------------------------- ================================================================================ php-7.0.21-1.fc25 (FEDORA-2017-b674dc22ad) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: **PHP version 7.0.21** (06 Jul 2017) **Core:** * Fixed bug php#74738 (Multiple [PATH=] and [HOST=] sections not properly parsed). (Manuel Mausz) * Fixed bug php#74658 (Undefined constants in array properties result in broken properties). (Laruence) * Fixed misparsing of abstract unix domain socket names. (Sara) * Fixed bug php#74101, bug php#74614 (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type). (Nikita) * Fixed bug php#74111 (Heap buffer overread (READ: 1) finish_nested_data from unserialize). (Nikita) * Fixed bug php#74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability). (Stas) * Fixed bug php#74819 (wddx_deserialize() heap out-of-bound read via php_parse_date()). (Derick) **DOM:** * Fixed bug php#69373 (References to deleted XPath query results). (ttoohey) **Intl:** * Fixed bug php#73473 (Stack Buffer Overflow in msgfmt_parse_message). (libnex) * Fixed bug php#74705 (Wrong reflection on Collator::getSortKey and collator_get_sort_key). (Tyson Andre, Remi) * Fixed bug php#73634 (grapheme_strpos illegal memory access). (Stas) **Mbstring:** * Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA) **Opcache:** * Fixed bug php#74663 (Segfault with opcache.memory_protect and validate_timestamp). (Laruence) **OpenSSL:** * Fixed bug php#74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). (Stas) **Reflection:** * Fixed bug php#74673 (Segfault when cast Reflection object to string with undefined constant). (Laruence) **SPL:** * Fixed bug php#74478 (null coalescing operator failing with SplFixedArray). (jhdxr) **Standard:** * Fixed bug php#74708 (Invalid Reflection signatures for random_bytes and random_int). (Tyson Andre, Remi) * Fixed bug php#73648 (Heap buffer overflow in substr). (Stas) **FTP:** * Fixed bug php#74598 (ftp:// wrapper ignores context arg). (Sara) **PHAR:** * Fixed bug php#74386 (Phar::__construct reflection incorrect). (villfa) **SOAP** * Fixed bug php#74679 (Incorrect conversion array with WSDL_CACHE_MEMORY). (Dmitry) **Streams:** * Fixed bug php#74556 (stream_socket_get_name() returns '\0'). (Sara) -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Icalendar-2.1.7-1.fc25 (FEDORA-2017-a373597b89) iCalendar API -------------------------------------------------------------------------------- Update Information: **Horde_Icalendar 2.1.7** * [jan] Fix unescaping of commas in ADR, N, and ORG attributes. -------------------------------------------------------------------------------- ================================================================================ php-phpunit-PHPUnit-MockObject-3.4.4-1.fc25 (FEDORA-2017-70fe278764) Mock Object library for PHPUnit -------------------------------------------------------------------------------- Update Information: >From git history: **Version 3.4.4** * Generate mock's class name using mt_rand() instead of microtime() -------------------------------------------------------------------------------- ================================================================================ python-astroquery-0.3.6-1.fc25 (FEDORA-2017-14e8569d0f) Python module to access astronomical online data resources -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1467325 - python-astroquery-0.3.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1467325 -------------------------------------------------------------------------------- ================================================================================ python-cornice-1.1.0-6.fc25 (FEDORA-2017-2c6c8702c9) Define Web Services in Pyramid -------------------------------------------------------------------------------- Update Information: Use python2- provides and requires where appropriate. -------------------------------------------------------------------------------- ================================================================================ python-vulture-0.14-3.fc25 (FEDORA-2017-1f151f810c) Find Dead Code -------------------------------------------------------------------------------- Update Information: Fix Changelog: release ---- Use versioned package, python2-setuptools(not python-setuptools) ---- Initial package import -------------------------------------------------------------------------------- References: [ 1 ] Bug #1463092 - Review Request: python-vulture - Find Dead Code https://bugzilla.redhat.com/show_bug.cgi?id=1463092 -------------------------------------------------------------------------------- ================================================================================ quota-4.03-8.fc25 (FEDORA-2017-7cd9e81996) System administration tools for monitoring users' disk usage -------------------------------------------------------------------------------- Update Information: This release fixes a race between checking for and opening a directory to be scanned and an undefined behavior on parsing yes-no answers. It also adds checks for setuid and setgid calls failure in edquota tool, failures when reading edquota input, and failures when duplicating a file handle. -------------------------------------------------------------------------------- ================================================================================ rubygem-generator_spec-0.9.4-1.fc25 (FEDORA-2017-a2be07cbf1) Test Rails generators with RSpec -------------------------------------------------------------------------------- Update Information: update to 0.9.4 -------------------------------------------------------------------------------- ================================================================================ tracker-1.10.5-2.fc25 (FEDORA-2017-b2b083d48d) Desktop-neutral search tool and indexer -------------------------------------------------------------------------------- Update Information: Disable libmediaart extraction because it kills tracker-extract with SIGSYS. -------------------------------------------------------------------------------- ================================================================================ trustedqsl-2.3.1-1.fc25 (FEDORA-2017-37def691b7) TrustedQSL ham-radio applications -------------------------------------------------------------------------------- Update Information: Defects Corrected: = * Added 'Saving QSOs' to the messages to be translated. * When renewing a callsign certificate and backing up to earlier pages in the wizard, TQSL could display an unexpected page for selecting the certificate type, which is not needed for renewals. TQSL will no longer display the unexpected page. * When editing an ADIF file that has an invalid mode setting, TQSL now notifies the user that the mode is being ignored. * For Unix systems, fix a defect that could cause the password prompt to not appear when the system has built the wxWidgets system with debug assertions enabled. Correct the invocation of the Windows Installer when an update is available. * Correct the counts reported when duplicate QSOs are found along with QSOs with other errors. * Fix formatting of the messages that appear when QSOs change values in the station location for duplicate QSOs. * Correct improperly formatted frequencies from ADIF files (values like '7.010.20') to remove the extra periods. * Revert the change that stripped spaces in the TQSL configuration file as that caused newlines to be removed in places like the station_data file. * Fix "OpenSSL error - bad end line" by ensuring that there's always a newline starting a new certificate. Feature Additions: = * Add Finnish translation from Juhani, OH8MXL. * Add the ADIF satellite name to the pulldown menu in the ADIF editor to allow satellites to be more easily looked up. * Allow 'LIGHT' in a Cabrillo file to represent 300 GHz and above. * Allow TQSL to build against OpenSSL 1.1.0. * Add the ability to pull DXCC Entity valid date ranges from the TQSL configuration file. -------------------------------------------------------------------------------- ================================================================================ valgrind-3.12.0-9.fc25 (FEDORA-2017-ffd8b851cc) Tool for finding memory management bugs in programs -------------------------------------------------------------------------------- Update Information: Various fixes for handling fatal signals, exit_group and clone flags. ppc64 fixes for handling xxsel, lxv, stxv, stxsd, stxssp, lxsd, lxssp instructions. Fix ppc64 issue clobbering register r2. Handle unknown HINT instructions on aarch64. Recognize various new syscalls on arm64 and ppc64. Fix arm32 ld.so index issue after glibc security hardening. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1466017 - valgrind reports errors for all applications linked with ld-2.25.so on ARM https://bugzilla.redhat.com/show_bug.cgi?id=1466017 [ 2 ] Bug #1424367 - valgrind: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1424367 [ 3 ] Bug #1390282 - valgrind subdir test triggers kojid problem https://bugzilla.redhat.com/show_bug.cgi?id=1390282 -------------------------------------------------------------------------------- ================================================================================ xed-1.4.5-1.fc25 (FEDORA-2017-5cd825a32f) X-Apps [Text] Editor (Cross-DE, backward-compatible, GTK3, traditional UI) -------------------------------------------------------------------------------- Update Information: * New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1467641 - xed-1.4.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1467641 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
