The following Fedora 25 Security updates need testing: Age URL 213 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 112 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e python-XStatic-jquery-ui-1.12.0.1-4.fc25 51 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d7498559f nodejs-brace-expansion-1.1.7-1.fc25 16 https://bodhi.fedoraproject.org/updates/FEDORA-2017-90ad72e684 irssi-1.0.4-1.fc25 16 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c844713925 qt5-qtwebkit-5.212.0-0.5.alpha2.fc25 16 https://bodhi.fedoraproject.org/updates/FEDORA-2017-33c8085c5d groovy18-1.8.9-28.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-86cfcbbae8 libstaroffice-0.0.4-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-82b5035f76 chicken-4.12.0-3.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-20cdb2063a runc-1.0.1-1.gitc5ec254.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b0918e3905 moodle-3.1.7-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-99c0118c0c memcached-1.4.39-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fe04b06b64 python-tablib-0.11.5-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b9e4c24094 subversion-1.9.6-2.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-05254795cf mingw-c-ares-1.13.0-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cd5d8cac23 seamonkey-2.48-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2ec83f11c1 glpi-9.1.6-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-73d6a0dfbb webkitgtk4-2.16.6-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4b4154d6f6 open-vm-tools-10.1.5-5.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7c039552fa community-mysql-5.7.19-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2232fe97b4 docker-distribution-2.6.2-1.git48294d9.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-01ce69c6bf rt-4.4.1-9.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a1fe6d2b86 nasm-2.13.01-3.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-56b8f257af sscep-0.6.1-5.20160525git2052ee1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7faa3d2e78 ruby-2.3.3-62.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ed31e1f941 remmina-1.2.0-0.39.20170724git0387ee0.fc25 freerdp-2.0.0-31.20170724gitf8c9f43.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4ede204115 python-dbusmock-0.11.1-6.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 55 https://bodhi.fedoraproject.org/updates/FEDORA-2017-613a72e282 lorax-25.22-1.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2312ac9d9 pungi-4.1.17-1.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6b67562744 ca-certificates-2017.2.16-1.0.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-73d6a0dfbb webkitgtk4-2.16.6-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c75f9d414a ibus-1.5.14-6.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b6e69c8a5b gdk-pixbuf2-2.36.7-2.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-612ec6607c net-snmp-5.7.3-15.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-91b708222e sssd-1.15.3-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-842bdbd2da libepoxy-1.4.3-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f5ef3fa669 emacs-25.2-3.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5dd799cd50 glusterfs-3.10.4-2.fc25 The following builds have been pushed to Fedora 25 updates-testing 0ad-0.0.22-1.fc25 0ad-data-0.0.22-1.fc25 cmake-fedora-2.9.1-1.fc25 elixir-1.4.5-2.fc25 emacs-25.2-3.fc25 freerdp-2.0.0-31.20170724gitf8c9f43.fc25 giac-1.2.3-8.57.fc25 glusterfs-3.10.4-2.fc25 golang-github-google-go-genproto-0-0.1.git411e09b.fc25 libepoxy-1.4.3-1.fc25 link-grammar-5.4.0-1.fc25 nuvola-app-bandcamp-2.2-2.fc25 php-aws-sdk3-3.32.0-1.fc25 ptpython-0.41-1.fc25 pysnmp-4.3.9-1.fc25 python-ansicolors-1.1.8-1.fc25 python-dbusmock-0.11.1-6.fc25 python-rhsm-1.20.1-1.fc25 remmina-1.2.0-0.39.20170724git0387ee0.fc25 rpkg-client-0.8-1.fc25 subscription-manager-1.20.1-1.fc25 Details about builds: ================================================================================ 0ad-0.0.22-1.fc25 (FEDORA-2017-7875b80d1b) Cross-Platform RTS Game of Ancient Warfare -------------------------------------------------------------------------------- Update Information: # New Release: 0 A.D. Alpha 22 Venustas ## Top New Features - Remake of many models, animations and textures, two new music tracks - Configuration-free Multiplayer Hosting - Capture the Relic Gamemode - Aura and Heal Range Visualization - Twelve new maps, including scripted enemies, rising water and a tutorial - Espionage Technology, Team Bonuses and Hero Auras - Petra AI Diplomacy and Attack Strategies - Summary Screen Graphs - Cinema Path Editing - Buddy System [See more](https://play0ad.com/new- release-0-a-d-alpha-22-venustas/) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1475579 - None https://bugzilla.redhat.com/show_bug.cgi?id=1475579 -------------------------------------------------------------------------------- ================================================================================ 0ad-data-0.0.22-1.fc25 (FEDORA-2017-7875b80d1b) The Data Files for 0 AD -------------------------------------------------------------------------------- Update Information: # New Release: 0 A.D. Alpha 22 Venustas ## Top New Features - Remake of many models, animations and textures, two new music tracks - Configuration-free Multiplayer Hosting - Capture the Relic Gamemode - Aura and Heal Range Visualization - Twelve new maps, including scripted enemies, rising water and a tutorial - Espionage Technology, Team Bonuses and Hero Auras - Petra AI Diplomacy and Attack Strategies - Summary Screen Graphs - Cinema Path Editing - Buddy System [See more](https://play0ad.com/new- release-0-a-d-alpha-22-venustas/) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1475579 - None https://bugzilla.redhat.com/show_bug.cgi?id=1475579 -------------------------------------------------------------------------------- ================================================================================ cmake-fedora-2.9.1-1.fc25 (FEDORA-2017-8aea61923b) CMake helper modules for fedora developers -------------------------------------------------------------------------------- Update Information: Fixed the cmake-fedora-fedpkg related path SRPM bug - Bugs: + Fixed RHBZ#1475682 - ChangeLog failed to update after doing the git reset --hard HEAD ---- Migrate changes like fedorahosted to pagure. And move from pkgdb to product definition center (PDC). - Enhancement: + cmake-fedora-pkgdb new sub- commands: - git-branch package: List the git-branches of package - newest-nvr: Return NVR of master branch - newest-changelog: Return the latest ChangeLog in master branch. - Changes: + koji-build-scratch is now back to use koji build --scratch + MANAGE_UPLOAD_FEDORAHOSTED is marked as depreciated But MANAGE_UPLOAD_PAGURE is not implemented yet, as pagure does not support scp upload yet - Bugs: + Fixed RHBZ#1424757 - cmake-fedora: failed to handle f26-pending + Fixed RHBZ#1425263 - cmake-fedora: migrate from fedorahosted to pagure + Fixed fedpkg --dist depreciate warning -------------------------------------------------------------------------------- References: [ 1 ] Bug #1475682 - ChangeLog failed to update after doing the git reset --hard HEAD https://bugzilla.redhat.com/show_bug.cgi?id=1475682 -------------------------------------------------------------------------------- ================================================================================ elixir-1.4.5-2.fc25 (FEDORA-2017-4d2482da2c) A modern approach to programming for the Erlang VM -------------------------------------------------------------------------------- Update Information: Make arch specific, fixes #1470583 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1470583 - Elixir built with wrong endianness https://bugzilla.redhat.com/show_bug.cgi?id=1470583 -------------------------------------------------------------------------------- ================================================================================ emacs-25.2-3.fc25 (FEDORA-2017-f5ef3fa669) GNU Emacs text editor -------------------------------------------------------------------------------- Update Information: rhbz#1471258 - Add emacs build with LUCID X toolkit -------------------------------------------------------------------------------- References: [ 1 ] Bug #1471258 - Add emacs build with LUCID X toolkit https://bugzilla.redhat.com/show_bug.cgi?id=1471258 -------------------------------------------------------------------------------- ================================================================================ freerdp-2.0.0-31.20170724gitf8c9f43.fc25 (FEDORA-2017-ed31e1f941) Free implementation of the Remote Desktop Protocol (RDP) -------------------------------------------------------------------------------- Update Information: Update to latest snapshot that contains fixes for the latest Talos discovered CVEs. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1475240 - CVE-2017-2836 freerdp: Rdp Client Read Server Proprietary Certificate Denial of Service https://bugzilla.redhat.com/show_bug.cgi?id=1475240 [ 2 ] Bug #1475239 - CVE-2017-2837 freerdp: Rdp Client GCC Read Server Security Data Denial of Service https://bugzilla.redhat.com/show_bug.cgi?id=1475239 [ 3 ] Bug #1475236 - CVE-2017-2838 freerdp: Rdp Client License Read Product Info Denial of Service https://bugzilla.redhat.com/show_bug.cgi?id=1475236 [ 4 ] Bug #1475234 - CVE-2017-2839 freerdp: Rdp Client License Read Challenge Packet Denial of Service https://bugzilla.redhat.com/show_bug.cgi?id=1475234 [ 5 ] Bug #1475233 - CVE-2017-2835 freerdp: Out-of-bounds write in rdp_recv_tpkt_pdu https://bugzilla.redhat.com/show_bug.cgi?id=1475233 [ 6 ] Bug #1475224 - CVE-2017-2834 freerdp: Out-of-bounds write in license_recv() https://bugzilla.redhat.com/show_bug.cgi?id=1475224 -------------------------------------------------------------------------------- ================================================================================ giac-1.2.3-8.57.fc25 (FEDORA-2017-03b247a023) Computer Algebra System, Symbolic calculus, Geometry -------------------------------------------------------------------------------- Update Information: - Update to 1.2.3 sub-57 -------------------------------------------------------------------------------- ================================================================================ glusterfs-3.10.4-2.fc25 (FEDORA-2017-5dd799cd50) Distributed File System -------------------------------------------------------------------------------- Update Information: 3.10.4, bz #1473197 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1473197 - glusterfs should own its directories https://bugzilla.redhat.com/show_bug.cgi?id=1473197 -------------------------------------------------------------------------------- ================================================================================ golang-github-google-go-genproto-0-0.1.git411e09b.fc25 (FEDORA-2017-f8525e32d4) Go generated proto packages -------------------------------------------------------------------------------- Update Information: New package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1475778 - Review Request: golang-github-google-go-genproto - Go generated proto packages https://bugzilla.redhat.com/show_bug.cgi?id=1475778 -------------------------------------------------------------------------------- ================================================================================ libepoxy-1.4.3-1.fc25 (FEDORA-2017-842bdbd2da) epoxy runtime library -------------------------------------------------------------------------------- Update Information: libepoxy 1.4.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1431994 - Missing extern "C" around epoxy/gl_generated.h https://bugzilla.redhat.com/show_bug.cgi?id=1431994 -------------------------------------------------------------------------------- ================================================================================ link-grammar-5.4.0-1.fc25 (FEDORA-2017-3684e1b920) A full-service natural language dependency parser -------------------------------------------------------------------------------- Update Information: Version 5.4.0 (26 July 2017) Notable: This reorganizes the source code into subdirectories, grouped according to the processing stage. This should make it easier to understand what the major components are, and which files & functions are a part of each component. Fix for missing locale info in Windows XP. Empty out the post-processing tables for the any, ady, amy languages Remove left_print_string() from the API. Recover pp_lexer.l from ancient version 2.2! Fix unusual crash in post-processing for the "any" language. Remove three deprecated post-processing functions from API. Major reorganization of code base into more modular directories. Revive the sqlite3 dictionary into operational form. Add double-quotes to splittable punctuation for the "any" language. Add API functions to get linkage word positions in the sentence. Fix printing of diagrams containing Chinese or other wide glyphs. Fix `make distclean` when ant not installed. -------------------------------------------------------------------------------- ================================================================================ nuvola-app-bandcamp-2.2-2.fc25 (FEDORA-2017-bce18151d7) Bandcamp for Nuvola Player 3 -------------------------------------------------------------------------------- Update Information: - correct the extends/name-tag in %%{name}.metainfo.xml -------------------------------------------------------------------------------- ================================================================================ php-aws-sdk3-3.32.0-1.fc25 (FEDORA-2017-c9b0ede04d) Amazon Web Services framework for PHP -------------------------------------------------------------------------------- Update Information: ## 3.32.0 - 2017-07-26 * `Aws\` - Support for changes regarding PHP 7.2 releases. * `Aws\CloudWatch` - This release adds high resolution features to CloudWatch, with support for Custom Metrics down to 1 second and Alarms down to 10 seconds. * `Aws\DynamoDB` - Corrected a typo. * `Aws\EC2` - Amazon EC2 Elastic GPUs allow you to easily attach low-cost graphics acceleration to current generation EC2 instances. With Amazon EC2 Elastic GPUs, you can configure the right amount of graphics acceleration to your particular workload without being constrained by fixed hardware configurations and limited GPU selection. ## 3.31.10 - 2017-07-25 * `Aws\CloudDirectory` - Cloud Directory adds support for additional batch operations. * `Aws\CloudFormation` - AWS CloudFormation StackSets enables you to manage stacks across multiple accounts and regions. ## 3.31.9 - 2017-07-24 * `Aws\AppStream` - Amazon AppStream 2.0 image builders and fleets can now access applications and network resources that rely on Microsoft Active Directory (AD) for authentication and permissions. This new feature allows you to join your streaming instances to your AD, so you can use your existing AD user management tools. * `Aws\EC2` - Spot Fleet tagging capability allows customers to automatically tag instances launched by Spot Fleet. You can use this feature to label or distinguish instances created by distinct Spot Fleets. Tagging your EC2 instances also enables you to see instance cost allocation by tag in your AWS bill. ## 3.31.8 - 2017-07-20 * `Aws\EMR` - Amazon EMR now includes the ability to use a custom Amazon Linux AMI and adjustable root volume size when launching a cluster. ## 3.31.7 - 2017-07-19 * `Aws\Budgets` - Update budget Management API's to list/create/update RI_UTILIZATION type budget. Update budget Management API's to support DAILY timeUnit for RI_UTILIZATION type budget. * `Aws\S3` - Properly handle reading mismatched regions from S3's AuthorizationHeaderMalformed exception for S3MultiRegionClient. ## 3.31.6 - 2017-07-17 * `Aws\CognitoIdentityProvider` - Allows developers to configure user pools for email/phone based signup and sign-in. * `Aws\Lambda` - Lambda@Edge lets you run code closer to your end users without provisioning or managing servers. With Lambda@Edge, your code runs in AWS edge locations, allowing you to respond to your end users at the lowest latency. Your code is triggered by Amazon CloudFront events, such as requests to and from origin servers and viewers, and it is ready to execute at every AWS edge location whenever a request for content is received. You just upload your Node.js code to AWS Lambda and Lambda takes care of everything required to run and scale your code with high availability. You only pay for the compute time you consume - there is no charge when your code is not running. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1472012 - php-aws-sdk3-3.32.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1472012 -------------------------------------------------------------------------------- ================================================================================ ptpython-0.41-1.fc25 (FEDORA-2017-7d0a09ff8c) Python REPL build on top of prompt_toolkit -------------------------------------------------------------------------------- Update Information: https://github.com/jonathanslenders/ptpython/blob/da2c5281f60c2d8a92749709219771 ffaa84220f/CHANGELOG#L4-L20 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1475813 - ptpython-0.41 is available https://bugzilla.redhat.com/show_bug.cgi?id=1475813 -------------------------------------------------------------------------------- ================================================================================ pysnmp-4.3.9-1.fc25 (FEDORA-2017-b0afa4e11e) An SNMP engine written in Python -------------------------------------------------------------------------------- Update Information: Updated to new upstream version 4.3.9 -------------------------------------------------------------------------------- ================================================================================ python-ansicolors-1.1.8-1.fc25 (FEDORA-2017-4a59a33161) ANSI colors for Python -------------------------------------------------------------------------------- Update Information: Initial 1.1.8 package version -------------------------------------------------------------------------------- ================================================================================ python-dbusmock-0.11.1-6.fc25 (FEDORA-2017-4ede204115) Mock D-Bus objects -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-1326 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1223312 - CVE-2015-1326 python-dbusmock: arbitrary code execution or file overwrite when templates are loaded from /tmp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1223312 -------------------------------------------------------------------------------- ================================================================================ python-rhsm-1.20.1-1.fc25 (FEDORA-2017-07c1f0a75c) A Python library to communicate with a Red Hat Unified Entitlement Platform -------------------------------------------------------------------------------- Update Information: Numerous bugfixes. -------------------------------------------------------------------------------- ================================================================================ remmina-1.2.0-0.39.20170724git0387ee0.fc25 (FEDORA-2017-ed31e1f941) Remote Desktop Client -------------------------------------------------------------------------------- Update Information: Update to latest snapshot that contains fixes for the latest Talos discovered CVEs. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1475240 - CVE-2017-2836 freerdp: Rdp Client Read Server Proprietary Certificate Denial of Service https://bugzilla.redhat.com/show_bug.cgi?id=1475240 [ 2 ] Bug #1475239 - CVE-2017-2837 freerdp: Rdp Client GCC Read Server Security Data Denial of Service https://bugzilla.redhat.com/show_bug.cgi?id=1475239 [ 3 ] Bug #1475236 - CVE-2017-2838 freerdp: Rdp Client License Read Product Info Denial of Service https://bugzilla.redhat.com/show_bug.cgi?id=1475236 [ 4 ] Bug #1475234 - CVE-2017-2839 freerdp: Rdp Client License Read Challenge Packet Denial of Service https://bugzilla.redhat.com/show_bug.cgi?id=1475234 [ 5 ] Bug #1475233 - CVE-2017-2835 freerdp: Out-of-bounds write in rdp_recv_tpkt_pdu https://bugzilla.redhat.com/show_bug.cgi?id=1475233 [ 6 ] Bug #1475224 - CVE-2017-2834 freerdp: Out-of-bounds write in license_recv() https://bugzilla.redhat.com/show_bug.cgi?id=1475224 -------------------------------------------------------------------------------- ================================================================================ rpkg-client-0.8-1.fc25 (FEDORA-2017-62332736ec) DistGit command-line client -------------------------------------------------------------------------------- Update Information: - fix man pages to only include actually provided part of pyrpkg functionality - add rpkglib to provide functional interface - change summary of wrapper package - use %%py2_build and %%py2_install macros - explicitly invoke python2 for doc generation - remove no longer needed $BUILDROOT removal in %%install clause - add missing BuildRequires on python-setuptools -------------------------------------------------------------------------------- ================================================================================ subscription-manager-1.20.1-1.fc25 (FEDORA-2017-07c1f0a75c) Tools and libraries for subscription and repository management -------------------------------------------------------------------------------- Update Information: Numerous bugfixes. -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
