The following Fedora 25 Security updates need testing: Age URL 197 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 95 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e python-XStatic-jquery-ui-1.12.0.1-4.fc25 39 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7dbbbafea6 runc-1.0.0-7.git6394544.fc25.2 35 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ec3c82e64d libstaroffice-0.0.3-3.fc25 35 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d7498559f nodejs-brace-expansion-1.1.7-1.fc25 25 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bcfa3569d6 libmwaw-0.3.11-3.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9dd1004ad8 jabberd-2.6.1-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-486371ff24 perl-DBD-MySQL-4.043-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1ca18683e4 openldap-2.4.44-11.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b674dc22ad php-7.0.21-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f8e32f160e cacti-1.1.12-2.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b9e4c24094 subversion-1.9.6-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b0a2770a9b knot-2.4.5-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-90ad72e684 irssi-1.0.4-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-efdd962fee putty-0.70-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c844713925 qt5-qtwebkit-5.212.0-0.5.alpha2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-33c8085c5d groovy18-1.8.9-28.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a7a488d8d0 qt5-qtwebengine-5.9.1-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-92643d70b7 knot-resolver-1.3.1-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9ded7c5670 httpd-2.4.27-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-447e926933 sqlite-3.14.2-2.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 39 https://bodhi.fedoraproject.org/updates/FEDORA-2017-613a72e282 lorax-25.22-1.fc25 17 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0187b2a605 selinux-policy-3.13.1-225.19.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-118505dd77 libsoup-2.56.0-3.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-caf28c1846 flatpak-0.9.7-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a90ed7e59d libtirpc-1.0.2-0.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1d2652d711 gnome-keyring-3.20.1-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1ca18683e4 openldap-2.4.44-11.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7cd9e81996 quota-4.03-8.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b18eded0a5 glusterfs-3.10.4-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-00d20db471 samba-4.5.11-0.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-efabd0d782 ostree-2017.8-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-447e926933 sqlite-3.14.2-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ebeb4bb332 mariadb-10.1.25-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fad15283f8 koji-1.13.0-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9075f30365 vim-8.0.705-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e719edea40 koji-1.13.0-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ddd2aa1a04 xen-4.7.3-1.fc25 The following builds have been pushed to Fedora 25 updates-testing fedrepo-req-0.1.9-1.fc25 gabedit-2.5.0-1.fc25 gnome-pkg-tools-0.19.8-1.fc25 gnome-shell-extension-activities-configurator-57-1.fc25 httpd-2.4.27-2.fc25 koji-1.13.0-2.fc25 libreoffice-5.2.7.2-5.fc25 mariadb-10.1.25-1.fc25 mod_http2-1.10.7-1.fc25 module-build-service-1.3.24-3.fc25 mosquitto-1.4.14-1.fc25 nrpe-3.1.1-6.fc25 openzwave-1.4.164-1.fc25 perl-ExtUtils-MakeMaker-7.24-2.fc25 php-zendframework-zend-modulemanager-2.7.3-1.fc25 python-async-timeout-1.2.0-1.fc25 python-biopython-1.70-1.fc25 python-multidict-2.1.4-1.fc25.2 python-trezor-0.7.16-2.fc25 sqlite-3.14.2-2.fc25 Details about builds: ================================================================================ fedrepo-req-0.1.9-1.fc25 (FEDORA-2017-ceb22cc89a) CLI for Fedora package repo requests -------------------------------------------------------------------------------- Update Information: Initial release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1469331 - Review Request: fedrepo-req - A CLI tool that provides an easy way to submit ticket requests for packaging tasks in Fedora https://bugzilla.redhat.com/show_bug.cgi?id=1469331 -------------------------------------------------------------------------------- ================================================================================ gabedit-2.5.0-1.fc25 (FEDORA-2017-e923985870) GUI for computational chemistry -------------------------------------------------------------------------------- Update Information: * Minor bugs fixed. * New tools for VASP : * read geometries (Optimization or M. Dynamic) from VASP OUTCAR file * read geometry from VASP POSCAR file. * Create VASP POSCAR file. * Read dielectric function from a VASP xml file and compute optic properties : the refractive index n(w), the extinction coefficient k(w), the absorption coefficient alpha(w), the reflectivity R(w), the energy loss spectrum L(w), and the optical conductivity sigma(w). * read data from vasprun.xml and plot DOS, pDOS and, Bands structures * Gabedit can now read the hessian from .hess orca file. After reading of the hessian, Gabedit compute frequencies, modes and effective masses. * Export in CChemI : update * Tv accepted (used by Gaussian and Mopac for periodic system). Using Tv, Gabedit can generate other cells * deMon2k is now supported (Thanks to Dennis Salahub, Mauricio Chagas da Silva, Jonathan Kung and Morteza Chehelamirani for their suggestions, corrections, comments,...) * Gabedit can now compute the anharmonic spectrum by QM/MMFF94 method using iGVPT2 program. Gabedit can read the harmonic and anharmonic spectra from an iGVPT2 output file. * Energy, geometry optimization, MD, MD Conformations search by MMFF94, MMFF94s, UFF and Ghemical potentials are now supported by Gabedit via Open Babel. * Energy, geometry optimization, MD, MD Conformations search using your own program (potential) are now supported. DFTB+ is supported via this new tool. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1469316 - gabedit-250 is available https://bugzilla.redhat.com/show_bug.cgi?id=1469316 -------------------------------------------------------------------------------- ================================================================================ gnome-pkg-tools-0.19.8-1.fc25 (FEDORA-2017-d3fdda2180) Tools for the Debian GNOME Packaging Team -------------------------------------------------------------------------------- Update Information: Update to version 0.19.8, see http://metadata.ftp- master.debian.org/changelogs/main/g/gnome-pkg-tools/gnome-pkg- tools_0.19.8_changelog for details. -------------------------------------------------------------------------------- ================================================================================ gnome-shell-extension-activities-configurator-57-1.fc25 (FEDORA-2017-8ccad9a6eb) Configure the top bar and Activities button in GNOME Shell -------------------------------------------------------------------------------- Update Information: Bump to upstream version 57, which fixes a translation error. -------------------------------------------------------------------------------- ================================================================================ httpd-2.4.27-2.fc25 (FEDORA-2017-9ded7c5670) Apache HTTP Server -------------------------------------------------------------------------------- Update Information: File /etc/sysconfig/httpd is ghosted now ---- Version update ---- Security fix for CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1463207 - CVE-2017-7679 httpd: mod_mime buffer overread https://bugzilla.redhat.com/show_bug.cgi?id=1463207 [ 2 ] Bug #1463205 - CVE-2017-7668 httpd: ap_find_token() buffer overread https://bugzilla.redhat.com/show_bug.cgi?id=1463205 [ 3 ] Bug #1463199 - CVE-2017-7659 httpd: mod_http2 NULL pointer dereference https://bugzilla.redhat.com/show_bug.cgi?id=1463199 [ 4 ] Bug #1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference https://bugzilla.redhat.com/show_bug.cgi?id=1463197 [ 5 ] Bug #1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass https://bugzilla.redhat.com/show_bug.cgi?id=1463194 -------------------------------------------------------------------------------- ================================================================================ koji-1.13.0-2.fc25 (FEDORA-2017-fad15283f8) Build system tools -------------------------------------------------------------------------------- Update Information: Require python2-koji on Fedora <= 26. -------------------------------------------------------------------------------- ================================================================================ libreoffice-5.2.7.2-5.fc25 (FEDORA-2017-ddbfbff881) Free Software Productivity Suite -------------------------------------------------------------------------------- Update Information: Resolves: rhbz#1463839 libanimcore is needed by Draw too -------------------------------------------------------------------------------- References: [ 1 ] Bug #1463839 - LibreOffice Draw crash on document save on F25 due to missing dependencies https://bugzilla.redhat.com/show_bug.cgi?id=1463839 -------------------------------------------------------------------------------- ================================================================================ mariadb-10.1.25-1.fc25 (FEDORA-2017-ebeb4bb332) A community developed branch of MySQL -------------------------------------------------------------------------------- Update Information: Smaller update fixing few bugs: * CrackLib and GSSApi plugins disabled by default - rhbz#1468028, rhbz#1464070 * First build to include fix for rhbz#1455811 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1455811 - fix %global pidfiledir and other references to legacy /var/run https://bugzilla.redhat.com/show_bug.cgi?id=1455811 [ 2 ] Bug #1464070 - The default config is incompatible with mysqladmin password https://bugzilla.redhat.com/show_bug.cgi?id=1464070 [ 3 ] Bug #1468028 - auth_gssapi plugin should be disabled by default https://bugzilla.redhat.com/show_bug.cgi?id=1468028 -------------------------------------------------------------------------------- ================================================================================ mod_http2-1.10.7-1.fc25 (FEDORA-2017-1c3f0d47c7) module implementing HTTP/2 for Apache 2 -------------------------------------------------------------------------------- Update Information: Version update -------------------------------------------------------------------------------- ================================================================================ module-build-service-1.3.24-3.fc25 (FEDORA-2017-b5cc34d02b) The Module Build Service for Modularity -------------------------------------------------------------------------------- Update Information: Fix the pdc-client runtime dep. /cc @langdon. ---- Update to new version 1.3.24. ---- New version 1.3.22. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1456336 - FTBFS on epel-testing https://bugzilla.redhat.com/show_bug.cgi?id=1456336 [ 2 ] Bug #1457276 - module-build-service-1.3.23 is available https://bugzilla.redhat.com/show_bug.cgi?id=1457276 [ 3 ] Bug #1435222 - module-build-service-1.3.22 is available https://bugzilla.redhat.com/show_bug.cgi?id=1435222 -------------------------------------------------------------------------------- ================================================================================ mosquitto-1.4.14-1.fc25 (FEDORA-2017-04d1b03ff1) An Open Source MQTT v3.1/v3.1.1 Broker -------------------------------------------------------------------------------- Update Information: Update to new upstream version 1.4.14 -------------------------------------------------------------------------------- ================================================================================ nrpe-3.1.1-6.fc25 (FEDORA-2017-ec253d8f54) Host/service/network monitoring agent for Nagios -------------------------------------------------------------------------------- Update Information: Put in fix for 1204683 ---- Fix patch name. Silly human. Do a fedpkg srpm before build. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1204683 - check_ide_smart cannot be started by nrpe https://bugzilla.redhat.com/show_bug.cgi?id=1204683 [ 2 ] Bug #1318773 - nrpe.service sets User/Group, prevents normal .cfg user/group setting https://bugzilla.redhat.com/show_bug.cgi?id=1318773 [ 3 ] Bug #1467808 - Segfault when starting epel https://bugzilla.redhat.com/show_bug.cgi?id=1467808 [ 4 ] Bug #1467971 - Regression to Bug 963703 - nrpe.cfg sets config values after including user configuration https://bugzilla.redhat.com/show_bug.cgi?id=1467971 [ 5 ] Bug #1469210 - None https://bugzilla.redhat.com/show_bug.cgi?id=1469210 -------------------------------------------------------------------------------- ================================================================================ openzwave-1.4.164-1.fc25 (FEDORA-2017-e568d4629e) Sample Executables for OpenZWave -------------------------------------------------------------------------------- Update Information: Initial package release. http://www.openzwave.net/ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1468766 - Review Request: openzwave - OpenZWave is a library to support for Z-Wave home-automation devices https://bugzilla.redhat.com/show_bug.cgi?id=1468766 -------------------------------------------------------------------------------- ================================================================================ perl-ExtUtils-MakeMaker-7.24-2.fc25 (FEDORA-2017-4a8b19dde0) Create a module Makefile -------------------------------------------------------------------------------- Update Information: This release fixes a test that started to fail due to bad order of setting permissions for a file and removing the file. -------------------------------------------------------------------------------- ================================================================================ php-zendframework-zend-modulemanager-2.7.3-1.fc25 (FEDORA-2017-43062f7321) Zend Framework ModuleManager component -------------------------------------------------------------------------------- Update Information: **Version 2.7.3** - 2017-07-11 - [#39](https://github.com/zendframework/zend- modulemanager/pull/39) and [#53](https://github.com/zendframework/zend- modulemanager/pull/53) prevent race conditions when writing cache files (merged configuration). - [#36](https://github.com/zendframework/zend- modulemanager/pull/36) removes a throw from `ServiceListener::onLoadModulesPost()` that was previously emitted when a named plugin manager did not have an associated service present yet. Doing so allows plugin managers to be registered after configuration is fully merged, instead of requiring they be defined early. This change allows components to define their plugin managers via their `Module` classes. - [#58](https://github.com/zendframework/zend-modulemanager/pull/58) corrects the typehint for the `ServiceListener::$listeners` property. -------------------------------------------------------------------------------- ================================================================================ python-async-timeout-1.2.0-1.fc25 (FEDORA-2017-9ddb8e0d03) asyncio-compatible timeout context manager -------------------------------------------------------------------------------- Update Information: Update to 1.2.0 Fixes using python-aiohttp -------------------------------------------------------------------------------- References: [ 1 ] Bug #1470019 - Upgrade on F25 to 1.2+ https://bugzilla.redhat.com/show_bug.cgi?id=1470019 -------------------------------------------------------------------------------- ================================================================================ python-biopython-1.70-1.fc25 (FEDORA-2017-5cff526e10) Python tools for computational molecular biology -------------------------------------------------------------------------------- Update Information: - Update to biopython-1.70 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440337 - python-biopython-1.70 is available https://bugzilla.redhat.com/show_bug.cgi?id=1440337 -------------------------------------------------------------------------------- ================================================================================ python-multidict-2.1.4-1.fc25.2 (FEDORA-2017-06b3d478f3) MultiDict implementation -------------------------------------------------------------------------------- Update Information: Update to 2.1.4 Fixes using python-aiohttp -------------------------------------------------------------------------------- ================================================================================ python-trezor-0.7.16-2.fc25 (FEDORA-2017-a21d887fc9) Python library for communicating with TREZOR Hardware Wallet -------------------------------------------------------------------------------- Update Information: Included another patch to have it work with Fedora 25 with protobuf2 ---- Updated to latest version and fixed bug on f25 related to protobuffer 2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1462577 - python-trezor-0.7.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1462577 -------------------------------------------------------------------------------- ================================================================================ sqlite-3.14.2-2.fc25 (FEDORA-2017-447e926933) Library that implements an embeddable SQL database engine -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-10989: Heap-buffer overflow in the getNodeSize function -------------------------------------------------------------------------------- References: [ 1 ] Bug #1469672 - CVE-2017-10989 sqlite: Heap-buffer overflow in the getNodeSize function https://bugzilla.redhat.com/show_bug.cgi?id=1469672 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
