The following Fedora 25 Security updates need testing: Age URL 219 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 118 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e python-XStatic-jquery-ui-1.12.0.1-4.fc25 57 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d7498559f nodejs-brace-expansion-1.1.7-1.fc25 22 https://bodhi.fedoraproject.org/updates/FEDORA-2017-90ad72e684 irssi-1.0.4-1.fc25 22 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c844713925 qt5-qtwebkit-5.212.0-0.5.alpha2.fc25 22 https://bodhi.fedoraproject.org/updates/FEDORA-2017-33c8085c5d groovy18-1.8.9-28.fc25 17 https://bodhi.fedoraproject.org/updates/FEDORA-2017-86cfcbbae8 libstaroffice-0.0.4-1.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-82b5035f76 chicken-4.12.0-3.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-99c0118c0c memcached-1.4.39-1.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fe04b06b64 python-tablib-0.11.5-1.fc25 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b9e4c24094 subversion-1.9.6-2.fc25 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7c039552fa community-mysql-5.7.19-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2232fe97b4 docker-distribution-2.6.2-1.git48294d9.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a1fe6d2b86 nasm-2.13.01-3.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-56b8f257af sscep-0.6.1-5.20160525git2052ee1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7faa3d2e78 ruby-2.3.3-62.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ed31e1f941 remmina-1.2.0-0.39.20170724git0387ee0.fc25 freerdp-2.0.0-31.20170724gitf8c9f43.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4ede204115 python-dbusmock-0.11.1-6.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-85eb9f7a36 supervisor-3.2.4-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-127e76d78d cacti-1.1.16-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-be3df4fe14 java-1.8.0-openjdk-aarch32-1.8.0.141-1.170721.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b9433ad88e knot-resolver-1.3.2-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b812362f61 php-horde-Horde-Core-2.30.0-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-26f9e09c8a php-horde-Horde-Form-2.0.18-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-17f457262c php-horde-Horde-Url-2.2.6-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7c19905c9b php-horde-horde-5.2.16-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-692c05119d php-horde-kronolith-4.2.22-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-34d34904f5 php-horde-nag-4.2.15-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-449b22158f php-horde-turba-4.2.20-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ff06ff0ec9 gsoap-2.8.30-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f452765e1e jackson-databind-2.7.6-3.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5bca8ec531 qpdf-6.0.0-4.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 61 https://bodhi.fedoraproject.org/updates/FEDORA-2017-613a72e282 lorax-25.22-1.fc25 17 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2312ac9d9 pungi-4.1.17-1.fc25 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6b67562744 ca-certificates-2017.2.16-1.0.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-91b708222e sssd-1.15.3-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3c4c65666b vim-8.0.823-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-47ab4eb28e dbus-1.11.16-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6ba3c7e68e pcre2-10.23-9.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-14f47083d7 gdisk-1.0.3-2.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bda5c103f3 file-5.29-7.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-35ca60d005 upower-0.99.5-1.fc25.1 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f6246f77bc hwdata-0.303-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bed0d7ff15 libidn2-2.0.3-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-aa3d808449 gnome-online-accounts-3.22.6-1.fc25 The following builds have been pushed to Fedora 25 updates-testing akmods-0.5.6-10.fc25 boomaga-0.9.1-2.git5ae3c05.fc25 cmake-3.9.0-8.fc25 fts-3.6.10-1.fc25 gnome-online-accounts-3.22.6-1.fc25 ibus-table-1.9.18-1.fc25 jackson-databind-2.7.6-3.fc25 konversation-1.7.2-3.fc25 opusfile-0.9-1.fc25 pass-1.7.1-5.fc25 php-ast-0.1.5-1.fc25 php-cs-fixer-2.2.5-1.fc25 php-symfony-2.8.26-1.fc25 python-metar-1.5.0-3.fc25 python-nectar-1.5.5-1.fc25 qpdf-6.0.0-4.fc25 rear-2.2-1.fc25 wordpress-4.8.1-1.fc25 xscreensaver-5.37-5.fc25 Details about builds: ================================================================================ akmods-0.5.6-10.fc25 (FEDORA-2017-1ffd95c98c) Automatic kmods build and install tool -------------------------------------------------------------------------------- Update Information: - Enable suggests on fedora kernels - Add back el6 support in spec - Add Requires elfutils-libelf-devel -------------------------------------------------------------------------------- ================================================================================ boomaga-0.9.1-2.git5ae3c05.fc25 (FEDORA-2017-4aa847a395) A virtual printer for viewing a document before printing -------------------------------------------------------------------------------- Update Information: - Rebuild against older poppler 0.52 version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1476539 - Boomaga window doesn't display document https://bugzilla.redhat.com/show_bug.cgi?id=1476539 -------------------------------------------------------------------------------- ================================================================================ cmake-3.9.0-8.fc25 (FEDORA-2017-5ffad9e2ee) Cross-platform make system -------------------------------------------------------------------------------- Update Information: * Add cmake.req to autogenerate proper depency on cmake-filesystem ---- * Fix main package including cmake-gui ---- * Optimizations for filesystem-package -------------------------------------------------------------------------------- ================================================================================ fts-3.6.10-1.fc25 (FEDORA-2017-ec7144f83e) File Transfer Service V3 -------------------------------------------------------------------------------- Update Information: New upstream release 3.6.10 -------------------------------------------------------------------------------- ================================================================================ gnome-online-accounts-3.22.6-1.fc25 (FEDORA-2017-aa3d808449) Single sign-on framework for GNOME -------------------------------------------------------------------------------- Update Information: * 785726 facebook: Make it work with Graph API > 2.3 -------------------------------------------------------------------------------- ================================================================================ ibus-table-1.9.18-1.fc25 (FEDORA-2017-6acf01260a) The Table engine for IBus platform -------------------------------------------------------------------------------- Update Information: update to 1.9.18 -------------------------------------------------------------------------------- ================================================================================ jackson-databind-2.7.6-3.fc25 (FEDORA-2017-f452765e1e) General data-binding package for Jackson (2.x) -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-7525 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1462702 - CVE-2017-7525 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper https://bugzilla.redhat.com/show_bug.cgi?id=1462702 -------------------------------------------------------------------------------- ================================================================================ konversation-1.7.2-3.fc25 (FEDORA-2017-ed55bbd996) A user friendly IRC client -------------------------------------------------------------------------------- Update Information: Backport crash fix for upstream bug https://bugs.kde.org/show_bug.cgi?id=378854 -------------------------------------------------------------------------------- ================================================================================ opusfile-0.9-1.fc25 (FEDORA-2017-ccc0247e9f) A high-level API for decoding and seeking within .opus files -------------------------------------------------------------------------------- Update Information: Update to 0.9 -------------------------------------------------------------------------------- ================================================================================ pass-1.7.1-5.fc25 (FEDORA-2017-c4508b0a0d) A password manager using standard Unix tools -------------------------------------------------------------------------------- Update Information: - Passmenu requires pass -------------------------------------------------------------------------------- References: [ 1 ] Bug #1474833 - add passmenu subpackage https://bugzilla.redhat.com/show_bug.cgi?id=1474833 [ 2 ] Bug #1471608 - pass: change requires from git to git-core https://bugzilla.redhat.com/show_bug.cgi?id=1471608 -------------------------------------------------------------------------------- ================================================================================ php-ast-0.1.5-1.fc25 (FEDORA-2017-e2b1ed3d0b) Abstract Syntax Tree -------------------------------------------------------------------------------- Update Information: First release on PECL forge. **Version 0.1.4** (stable) - Fix issue #51: Make nullable array/callable have a flag of 0 in inner element, in version 40. - Added a constructor for the ast\Node class. - Added ast\flags\FUNC_GENERATOR constant, which is used since PHP 7.1. - Added ast\flags\FUNC_RETURNS_REF constant, intended to supersede ast\flags\RETURNS_REF. - Added ast\flags\CLOSURE_USE_REF constant, used by AST_CLOSURE_VAR nodes. Previously "1" was used. - Added version 45 with the following changes (PHP 7.2 support): - An `object` type annotation now returns an `AST_TYPE` with `TYPE_OBJECT` flag, rather than treating `object` as a class name. - Added version 50 with the following changes: - `ast\Node\Decl` nodes are no longer generated. AST kinds `AST_FUNCTION`, `AST_METHOD`, `AST_CLOSURE` and `AST_CLASS` now also use the normal `ast\Node` class. The `name` and `docComment` properties are now represented as children. The `endLineno` is still represented as an (undeclared) property. - An integer `__declId` has been added to declaration nodes of kind `AST_FUNCTION`, `AST_METHOD`, `AST_CLOSURE` and `AST_CLASS`. The `__declId` uniquely identifies a declaration within the parsed code and will remain the same if the code is parsed again. This is useful to distinguish closures declared on the same line, or multiple conditional declarations using the same name. The ID is not unique across different codes/files. - `\ast\parse_file` will now consistently return an empty statement list (similar to `\ast\parse_code`) if it is was passed a zero-byte file. Previously, it would return `null`. -------------------------------------------------------------------------------- ================================================================================ php-cs-fixer-2.2.5-1.fc25 (FEDORA-2017-90ba3614eb) A tool to automatically fix PHP code style -------------------------------------------------------------------------------- Update Information: **Version 2.2.5** * bug #2807 NoUselessElseFixer - Fix detection of conditional block (SpacePossum) * bug #2809 Phar release - fix readme generation (SpacePossum, keradus) * bug #2827 MethodArgumentSpaceFixer - Always remove trailing spaces (julienfalque) * bug #2835 SelfAcessorFixer - class property fix (mnabialek) * bug #2848 PhpdocIndentFixer - fix edge case with inline phpdoc (keradus) * bug #2849 BracesFixer - Fix indentation issues with comments (julienfalque) * bug #2851 Tokens - ensureWhitespaceAtIndex (GrahamCampbell, SpacePossum) * bug #2854 NoLeadingImportSlashFixer - Removing leading slash from import even when in global space (kubawerlos) * bug #2858 Support generic types (keradus) * bug #2869 Fix handling required configuration (keradus) * bug #2881 NoUnusedImportsFixer - Bug when trying to insert empty token (GrahamCampbell, keradus) * bug #2882 DocBlock\Annotation - Fix parsing of collections with multiple key types (julienfalque) * bug #2886 NoSpacesInsideParenthesisFixer - Do not remove whitespace if next token is comment (SpacePossum) * bug #2888 SingleImportPerStatementFixer - Add support for function and const (SpacePossum) * bug #2901 Add missing files to archive files (keradus) * bug #2914 HeredocToNowdocFixer - works with CRLF line ending (dg) * bug #2920 RuleSet - Update deprecated configuration of fixers (SpacePossum, keradus) * minor #1531 Update docs for few generic types (keradus) * minor #2793 COOKBOOK-FIXERS.md - update to current version, fix links (keradus) * minor #2812 ProcessLinter - compatibility with Symfony 3.3 (keradus) * minor #2816 Tokenizer - better docs and validation (keradus) * minor #2817 Tokenizer - use future-compatible interface (keradus) * minor #2819 Fix benchmark (keradus) * minor #2824 code grooming (keradus) * minor #2826 Exceptions - provide utests (localheinz) * minor #2828 Enhancement: Reference phpunit.xsd from phpunit.xml.dist (localheinz) * minor #2830 Differs - add tests (localheinz) * minor #2832 Fix: Use all the columns (localheinz) * minor #2833 Doctrine\Annotation\Token - provide utests (localheinz) * minor #2839 Use PHP 7.2 polyfill instead of xml one (keradus) * minor #2842 Move null to first position in PHPDoc types (julienfalque) * minor #2850 ReadmeCommandTest - Prevent diff output (julienfalque) * minor #2859 Fixed typo and dead code removal (GrahamCampbell) * minor #2863 FileSpecificCodeSample - add tests (localheinz) * minor #2864 WhitespacesAwareFixerInterface clean up (Slamdunk) * minor #2865 AutoReview\FixerTest - test configuration samples (SpacePossum, keradus) * minor #2867 VersionSpecification - Fix copy-paste typo (SpacePossum) * minor #2874 LineTest - fix typo (keradus) * minor #2875 HelpCommand - recursive layout fix (SpacePossum) * minor #2883 DescribeCommand - Show which sample uses the default configuration (SpacePossum) * minor #2887 Housekeeping - Strict whitespace checks (SpacePossum) * minor #2895 ProjectCodeTest - check that classes in no- tests exception exist (keradus) * minor #2896 Move testing related classes from src to tests (keradus) * minor #2904 Reapply CS (keradus) * minor #2910 PhpdocAnnotationWithoutDotFixer - Restrict lowercasing (oschwald) * minor #2913 Tests - tweaks (SpacePossum, keradus) * minor #2916 FixerFactory - drop return in sortFixers(), never used (TomasVotruba) -------------------------------------------------------------------------------- ================================================================================ php-symfony-2.8.26-1.fc25 (FEDORA-2017-68de87a708) PHP framework for web projects -------------------------------------------------------------------------------- Update Information: **Version 2.8.26** (2017-08-01) * bug #22244 [Console] Fix passing options with defaultCommand (Jakub Sacha) * bug #23684 [Debug] Missing escape in debug output (c960657) * bug #23662 [VarDumper] Adapt to php 7.2 changes (nicolas- grekas) * bug #23649 [Form][TwigBridge] Don't render _method in form_rest() for a child form (fmarchalemisys) * bug #23023 [DoctrineBridge][PropertyInfo] Added support for Doctrine Embeddables (vudaltsov) * bug #23619 [Validator] Fix IbanValidator for ukrainian IBANs (paroe) * bug #23238 [Security] ensure the 'route' index is set before attempting to use it (gsdevme) * bug #23330 [WebProfilerBundle] Fix full sized dump hovering in toolbar (ogizanagi) * bug #23580 Fix login redirect when referer contains a query string (fabpot) * bug #23574 [VarDumper] Move locale sniffing to dump() time (nicolas-grekas) -------------------------------------------------------------------------------- ================================================================================ python-metar-1.5.0-3.fc25 (FEDORA-2017-e9b859521b) Coded METAR and SPECI weather reports parser for Python -------------------------------------------------------------------------------- Update Information: undo spec file name change since this seems not allowed -------------------------------------------------------------------------------- ================================================================================ python-nectar-1.5.5-1.fc25 (FEDORA-2017-e5dab248ee) A download library that separates workflow from implementation details -------------------------------------------------------------------------------- Update Information: Making a new release of package -------------------------------------------------------------------------------- ================================================================================ qpdf-6.0.0-4.fc25 (FEDORA-2017-5bca8ec531) Command-line tools and library for transforming PDF files -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-11627, CVE-2017-11626, CVE-2017-11625, CVE-2017-11624, CVE-2017-9208, CVE-2017-9209, CVE-2017-9210. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1475510 - CVE-2017-11625 qpdf: Infinite loop in QPDF::resolveObjectsInStream function in QPDF.cc https://bugzilla.redhat.com/show_bug.cgi?id=1475510 [ 2 ] Bug #1475514 - CVE-2017-11626 qpdf: Infinite loop in QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc https://bugzilla.redhat.com/show_bug.cgi?id=1475514 [ 3 ] Bug #1475517 - CVE-2017-11627 qpdf: Infinite loop in PointerHolder function in PointerHolder.hh https://bugzilla.redhat.com/show_bug.cgi?id=1475517 [ 4 ] Bug #1475507 - CVE-2017-11624 qpdf: Infinite loop in QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc https://bugzilla.redhat.com/show_bug.cgi?id=1475507 [ 5 ] Bug #1454819 - CVE-2017-9210 qpdf: Infinite loop related to unparse functions https://bugzilla.redhat.com/show_bug.cgi?id=1454819 [ 6 ] Bug #1454816 - CVE-2017-9209 qpdf: Infinite loop related to QPDFObjectHandle::parseInternal https://bugzilla.redhat.com/show_bug.cgi?id=1454816 [ 7 ] Bug #1454815 - CVE-2017-9208 qpdf: Infinite loop related to releaseResolved functions https://bugzilla.redhat.com/show_bug.cgi?id=1454815 -------------------------------------------------------------------------------- ================================================================================ rear-2.2-1.fc25 (FEDORA-2017-a60546ceb6) Relax-and-Recover is a Linux disaster recovery and system migration tool -------------------------------------------------------------------------------- Update Information: New release rear-2.2 -------------------------------------------------------------------------------- ================================================================================ wordpress-4.8.1-1.fc25 (FEDORA-2017-700d818ec7) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: **WordPress 4.8.1** Maintenance Release This release contains 29 maintenance fixes and enhancements, chief among them are fixes to the rich Text widget and the introduction of the Custom HTML widget. For a full list of changes, consult the [release notes](https://codex.wordpress.org/Version_4.8.1), the [tickets clo sed](https://core.trac.wordpress.org/query?status=closed&milestone=4.8.1&group=c omponent), and the [list of changes](https://core.trac.wordpress.org/log/branche s/4.8?rev=41210&stop_rev=40891). -------------------------------------------------------------------------------- ================================================================================ xscreensaver-5.37-5.fc25 (FEDORA-2017-e1ba2f993d) X screen saver and locker -------------------------------------------------------------------------------- Update Information: Some invalid stack variable usages after scope were found on xscreensaver code, which may cause unpredictable behavior. Also, some buffer overrun was found on vigilance. This new rpm will fix the issues. -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
