The following Fedora 24 Security updates need testing: Age URL 198 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08 squid-3.5.23-1.fc24 192 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24 154 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba runc-1.0.0-5.rc2.gitc91b5be.fc24 90 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8330a48ca2 python-XStatic-jquery-ui-1.12.0.1-1.fc24 30 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5f1006afb1 libstaroffice-0.0.3-3.fc24 30 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a1f4c48c68 nodejs-brace-expansion-1.1.7-1.fc24 20 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bbae64fdc2 libmwaw-0.3.11-3.fc24 16 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b8d76bef4e chromium-native_client-59.0.3071.86-1.20170607gitaac1de2.fc24 16 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4932c9b886 c-ares-1.13.0-1.fc24 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2cfb239358 libsndfile-1.0.28-3.fc24 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e0a9e51dd5 graphite2-1.3.10-1.fc24 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-37f68e3534 webkitgtk4-2.16.5-1.fc24 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-299525e757 php-horde-Horde-Image-2.5.1-1.fc24 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6b1f07acd9 flatpak-0.8.7-1.fc24 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d26266eb32 libmtp-1.1.13-1.fc24 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-014d67fa9d libdb-5.3.28-24.fc24 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-56cf7067e7 irssi-1.0.3-1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cf9599a306 httpd-2.4.26-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3b70d0b976 libgcrypt-1.7.8-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1206f87545 jetty-9.3.7-3.v20160115.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-001f135337 bind-dyndb-ldap-10.1-2.fc24 bind-9.10.5-2.P2.fc24 dnsperf-2.1.0.0-3.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-749f4c7d2a mosquitto-1.4.13-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-47487b1223 yara-3.6.2-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f6361db8fd jabberd-2.6.1-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fba331bb86 GraphicsMagick-1.3.26-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3db2a34403 cacti-1.1.12-2.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5ade380ab2 php-5.6.31-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a44f9aa38b expat-2.2.1-1.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 77 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e1905fd566 koji-1.12.0-2.fc24 23 https://bodhi.fedoraproject.org/updates/FEDORA-2017-07fed9b000 libteam-1.27-1.fc24 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2cfb239358 libsndfile-1.0.28-3.fc24 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e0a9e51dd5 graphite2-1.3.10-1.fc24 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-014d67fa9d libdb-5.3.28-24.fc24 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6b1f07acd9 flatpak-0.8.7-1.fc24 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3e62f0d34b perl-5.22.3-371.fc24 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-37f68e3534 webkitgtk4-2.16.5-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6c2a7b1453 thunderbird-52.2.1-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3b70d0b976 libgcrypt-1.7.8-1.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8100aed299 rsync-3.1.2-4.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-af79986d5f libsoup-2.54.1-2.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e8cb8fdad5 gsm-1.0.17-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-655837782e json-c-0.12.1-2.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f1cfcaee24 hwdata-0.302-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bc6b0dec8a gnome-keyring-3.20.1-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a44f9aa38b expat-2.2.1-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fe6fdc16d0 kernel-4.11.9-100.fc24 The following builds have been pushed to Fedora 24 updates-testing apt-cacher-ng-3-1.fc24 cacti-1.1.12-2.fc24 camotics-1.1.1-7.fc24 expat-2.2.1-1.fc24 globus-ftp-client-8.36-1.fc24 globus-gram-client-13.18-1.fc24 globus-gram-job-manager-condor-2.6-5.fc24 globus-gssapi-gsi-12.17-1.fc24 globus-xio-udt-driver-1.28-1.fc24 js-jquery-prettyphoto-3.1.6-1.fc24 kernel-4.11.9-100.fc24 lizardfs-3.11.2-1.fc24 mate-themes-3.20.22-1.fc24 mozilla-https-everywhere-5.2.20-1.fc24 nordugrid-arc-5.3.2-1.fc24 nordugrid-arc-doc-2.0.16-1.fc24 nordugrid-arc-nagios-plugins-1.9.1-1.fc24 nrpe-3.1.1-2.fc24 origin-1.5.1-2.fc24 php-5.6.31-1.fc24 php-akamai-open-edgegrid-auth-1.0.0-1.fc24 pyproj-1.9.5.1-8.fc24 python-ECPy-0.8.2-1.fc24 python-plaster-0.5-1.fc24 strace-4.18-1.fc24 the_silver_searcher-2.0.0-1.fc24 weechat-1.9-1.fc24 Details about builds: ================================================================================ apt-cacher-ng-3-1.fc24 (FEDORA-2017-3ac2f958d3) Caching proxy for package files from Debian -------------------------------------------------------------------------------- Update Information: update to 3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1467107 - Default configuration does not seem to work https://bugzilla.redhat.com/show_bug.cgi?id=1467107 -------------------------------------------------------------------------------- ================================================================================ cacti-1.1.12-2.fc24 (FEDORA-2017-3db2a34403) An rrd based graphing tool -------------------------------------------------------------------------------- Update Information: - Update to 1.1.12 - Fix Cross-site Scripting (XSS) issue with link.php Release notes: https://www.cacti.net/release_notes.php?version=1.1.11 Release notes: https://www.cacti.net/release_notes.php?version=1.1.12 -------------------------------------------------------------------------------- ================================================================================ camotics-1.1.1-7.fc24 (FEDORA-2017-25c9eb1f73) Open-Source Simulation & Computer Aided Machining - A 3-axis CNC GCode simulator -------------------------------------------------------------------------------- Update Information: Arm run test would be nice. *Requires libdxflib also in testing process. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1432983 - Review Request: camotics - Open-Source Simulation & Computer Aided Machining - A 3-axis CNC GCode simulator https://bugzilla.redhat.com/show_bug.cgi?id=1432983 -------------------------------------------------------------------------------- ================================================================================ expat-2.2.1-1.fc24 (FEDORA-2017-a44f9aa38b) An XML parser library -------------------------------------------------------------------------------- Update Information: https://github.com/libexpat/libexpat/blob/R_2_2_1/expat/Changes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1462735 - CVE-2017-9233 expat: Inifinite loop due to invalid XML in external entity [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1462735 [ 2 ] Bug #1462474 - expat-2.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1462474 [ 3 ] Bug #1462756 - CVE-2016-9063 expat: firefox: Possible integer overflow to fix inside XML_Parse in Expat [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1462756 -------------------------------------------------------------------------------- ================================================================================ globus-ftp-client-8.36-1.fc24 (FEDORA-2017-4a2d3d6c9c) Globus Toolkit - GridFTP Client Library -------------------------------------------------------------------------------- Update Information: Upstream updates with accepted Fedora patches (globus-ftp-client, globus-xio- udt-driver). Test fixes (globus-gssapi-gsi, globus-gram-client). Make noarch build arch independent (globus-gram-job-manager-condor). -------------------------------------------------------------------------------- ================================================================================ globus-gram-client-13.18-1.fc24 (FEDORA-2017-4a2d3d6c9c) Globus Toolkit - GRAM Client Library -------------------------------------------------------------------------------- Update Information: Upstream updates with accepted Fedora patches (globus-ftp-client, globus-xio- udt-driver). Test fixes (globus-gssapi-gsi, globus-gram-client). Make noarch build arch independent (globus-gram-job-manager-condor). -------------------------------------------------------------------------------- ================================================================================ globus-gram-job-manager-condor-2.6-5.fc24 (FEDORA-2017-4a2d3d6c9c) Globus Toolkit - Condor Job Manager Support -------------------------------------------------------------------------------- Update Information: Upstream updates with accepted Fedora patches (globus-ftp-client, globus-xio- udt-driver). Test fixes (globus-gssapi-gsi, globus-gram-client). Make noarch build arch independent (globus-gram-job-manager-condor). -------------------------------------------------------------------------------- ================================================================================ globus-gssapi-gsi-12.17-1.fc24 (FEDORA-2017-4a2d3d6c9c) Globus Toolkit - GSSAPI library -------------------------------------------------------------------------------- Update Information: Upstream updates with accepted Fedora patches (globus-ftp-client, globus-xio- udt-driver). Test fixes (globus-gssapi-gsi, globus-gram-client). Make noarch build arch independent (globus-gram-job-manager-condor). -------------------------------------------------------------------------------- ================================================================================ globus-xio-udt-driver-1.28-1.fc24 (FEDORA-2017-4a2d3d6c9c) Globus Toolkit - Globus XIO UDT Driver -------------------------------------------------------------------------------- Update Information: Upstream updates with accepted Fedora patches (globus-ftp-client, globus-xio- udt-driver). Test fixes (globus-gssapi-gsi, globus-gram-client). Make noarch build arch independent (globus-gram-job-manager-condor). -------------------------------------------------------------------------------- ================================================================================ js-jquery-prettyphoto-3.1.6-1.fc24 (FEDORA-2017-8cdf8c4d94) PrettyPhoto is a jQuery based lightbox clone -------------------------------------------------------------------------------- Update Information: Initial release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1421480 - Review Request: js-jquery-prettyphoto - PrettyPhoto is a jQuery based lightbox clone https://bugzilla.redhat.com/show_bug.cgi?id=1421480 -------------------------------------------------------------------------------- ================================================================================ kernel-4.11.9-100.fc24 (FEDORA-2017-fe6fdc16d0) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 4.11.9 update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ================================================================================ lizardfs-3.11.2-1.fc24 (FEDORA-2017-2b747a9cab) Distributed, fault tolerant file system -------------------------------------------------------------------------------- Update Information: This is a point release that fixes a few bugs, mainly in readahead and caching. -------------------------------------------------------------------------------- ================================================================================ mate-themes-3.20.22-1.fc24 (FEDORA-2017-72c7a0e3f7) MATE Desktop themes -------------------------------------------------------------------------------- Update Information: update to latest upstream release -------------------------------------------------------------------------------- ================================================================================ mozilla-https-everywhere-5.2.20-1.fc24 (FEDORA-2017-e24614fac1) HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey -------------------------------------------------------------------------------- Update Information: When launching fireworks, the answer to "Should the discard pile be smoking like that?" is always no. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1468231 - mozilla-https-everywhere-5.2.20 is available https://bugzilla.redhat.com/show_bug.cgi?id=1468231 -------------------------------------------------------------------------------- ================================================================================ nordugrid-arc-5.3.2-1.fc24 (FEDORA-2017-5e7e1448e7) Advanced Resource Connector Grid Middleware -------------------------------------------------------------------------------- Update Information: http://www.nordugrid.org/arc/releases/15.03u15/release_notes_15.03u15.html -------------------------------------------------------------------------------- ================================================================================ nordugrid-arc-doc-2.0.16-1.fc24 (FEDORA-2017-5e7e1448e7) Advanced Resource Connector Documentation -------------------------------------------------------------------------------- Update Information: http://www.nordugrid.org/arc/releases/15.03u15/release_notes_15.03u15.html -------------------------------------------------------------------------------- ================================================================================ nordugrid-arc-nagios-plugins-1.9.1-1.fc24 (FEDORA-2017-5e7e1448e7) Nagios plugins for ARC -------------------------------------------------------------------------------- Update Information: http://www.nordugrid.org/arc/releases/15.03u15/release_notes_15.03u15.html -------------------------------------------------------------------------------- ================================================================================ nrpe-3.1.1-2.fc24 (FEDORA-2017-faa5439f4c) Host/service/network monitoring agent for Nagios -------------------------------------------------------------------------------- Update Information: Fix bug due to /etc/nrpe.d/ includes was above other defined entries BZ# 1467971 -------------------------------------------------------------------------------- ================================================================================ origin-1.5.1-2.fc24 (FEDORA-2017-e1376cf6ce) Open Source Container Management by Red Hat -------------------------------------------------------------------------------- Update Information: Exclude the ppc64 architecture, there is no docker on that architecture. ---- Update to latest stable upstream v1.5.1 -------------------------------------------------------------------------------- ================================================================================ php-5.6.31-1.fc24 (FEDORA-2017-5ade380ab2) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: **PHP version 5.6.31** (06 Jul 2017) **Core:** * Fixed bug php#73807 (Performance problem with processing post request over 2000000 chars). (Nikita) * Fixed bug php#74111 (Heap buffer overread (READ: 1) finish_nested_data from unserialize). (Nikita) * Fixed bug php#74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability). (Stas) * Fixed bug php#74819 (wddx_deserialize() heap out-of-bound read via php_parse_date()). (Derick) **mbstring:** * Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA) **OpenSSL:** * Fixed bug php#74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). (Stas) **WDDX:** * Fixed bug php#74145 (wddx parsing empty boolean tag leads to SIGSEGV). (Stas) -------------------------------------------------------------------------------- ================================================================================ php-akamai-open-edgegrid-auth-1.0.0-1.fc24 (FEDORA-2017-be5264edd9) Implements the Akamai {OPEN} EdgeGrid Authentication -------------------------------------------------------------------------------- Update Information: 1.0.0 --- [19 May, 2017] * No changes from 1.0.0beta2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1452924 - php-akamai-open-edgegrid-auth-1.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1452924 -------------------------------------------------------------------------------- ================================================================================ pyproj-1.9.5.1-8.fc24 (FEDORA-2017-8c206fa1c9) Cython wrapper to provide python interfaces to Proj -------------------------------------------------------------------------------- Update Information: * Rename pyproj to python2-pyproj following the new package naming scheme * Setup filtering for private libs correctly * Move package specific (Build)Requires in the correspondig sub-packages -------------------------------------------------------------------------------- References: [ 1 ] Bug #1467366 - pyproj: python2-pyproj-1.9.5.1-6 and python3-pyproj-1.9.5.1-6 do not have a dependency on Python https://bugzilla.redhat.com/show_bug.cgi?id=1467366 -------------------------------------------------------------------------------- ================================================================================ python-ECPy-0.8.2-1.fc24 (FEDORA-2017-2f45bf510d) Python Elliptic Curve Library -------------------------------------------------------------------------------- Update Information: Update to 0.8.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458615 - python-ECPy-0.8.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1458615 -------------------------------------------------------------------------------- ================================================================================ python-plaster-0.5-1.fc24 (FEDORA-2017-e95a7a2230) Application configuration settings abstraction layer -------------------------------------------------------------------------------- Update Information: Initial release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1467417 - Review Request: python-plaster - Application configuration settings abstraction layer https://bugzilla.redhat.com/show_bug.cgi?id=1467417 -------------------------------------------------------------------------------- ================================================================================ strace-4.18-1.fc24 (FEDORA-2017-2d2a9005d0) Tracks and displays system calls associated with a running process -------------------------------------------------------------------------------- Update Information: v4.17 -> v4.18. -------------------------------------------------------------------------------- ================================================================================ the_silver_searcher-2.0.0-1.fc24 (FEDORA-2017-59035d4272) Super-fast text searching tool (ag) -------------------------------------------------------------------------------- Update Information: update to 2.0.0 -------------------------------------------------------------------------------- ================================================================================ weechat-1.9-1.fc24 (FEDORA-2017-8a478fcfa3) Portable, fast, light and extensible IRC client -------------------------------------------------------------------------------- Update Information: New upstream version 1.9 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1464190 - New upstream version - 1.8 https://bugzilla.redhat.com/show_bug.cgi?id=1464190 [ 2 ] Bug #1450583 - weechat-1.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1450583 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
