The following Fedora 25 Security updates need testing: Age URL 223 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 122 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e python-XStatic-jquery-ui-1.12.0.1-4.fc25 61 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d7498559f nodejs-brace-expansion-1.1.7-1.fc25 26 https://bodhi.fedoraproject.org/updates/FEDORA-2017-90ad72e684 irssi-1.0.4-1.fc25 26 https://bodhi.fedoraproject.org/updates/FEDORA-2017-33c8085c5d groovy18-1.8.9-28.fc25 21 https://bodhi.fedoraproject.org/updates/FEDORA-2017-86cfcbbae8 libstaroffice-0.0.4-1.fc25 15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-82b5035f76 chicken-4.12.0-3.fc25 15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-99c0118c0c memcached-1.4.39-1.fc25 15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fe04b06b64 python-tablib-0.11.5-1.fc25 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7c039552fa community-mysql-5.7.19-1.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2232fe97b4 docker-distribution-2.6.2-1.git48294d9.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a1fe6d2b86 nasm-2.13.01-3.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-56b8f257af sscep-0.6.1-5.20160525git2052ee1.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4ede204115 python-dbusmock-0.11.1-6.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-be3df4fe14 java-1.8.0-openjdk-aarch32-1.8.0.141-1.170721.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b9433ad88e knot-resolver-1.3.2-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b812362f61 php-horde-Horde-Core-2.30.0-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-26f9e09c8a php-horde-Horde-Form-2.0.18-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-17f457262c php-horde-Horde-Url-2.2.6-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7c19905c9b php-horde-horde-5.2.16-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-692c05119d php-horde-kronolith-4.2.22-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-34d34904f5 php-horde-nag-4.2.15-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-449b22158f php-horde-turba-4.2.20-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ff06ff0ec9 gsoap-2.8.30-2.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f452765e1e jackson-databind-2.7.6-3.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bfbc5de1b1 varnish-5.0.0-4.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d7739ff31b potrace-1.15-1.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 65 https://bodhi.fedoraproject.org/updates/FEDORA-2017-613a72e282 lorax-25.22-1.fc25 21 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2312ac9d9 pungi-4.1.17-1.fc25 18 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6b67562744 ca-certificates-2017.2.16-1.0.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-91b708222e sssd-1.15.3-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-35ca60d005 upower-0.99.5-1.fc25.1 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-aa3d808449 gnome-online-accounts-3.22.6-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c9898a7430 expat-2.2.3-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-27b797304f appstream-data-25-21.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-226cbd995b libvirt-2.2.1-3.fc25 The following builds have been pushed to Fedora 25 updates-testing composer-1.4.3-1.fc25 fusioninventory-agent-2.3.21-1.fc25 gnome-shell-extension-freon-25-1.fc25 gtengine-3.9-1.fc25 mock-1.4.3-1.fc25 openblas-0.2.20-2.fc25 php-bartlett-PHP-CompatInfo-5.0.8-1.fc25 php-bartlett-php-compatinfo-db-1.23.0-1.fc25 php-latte-2.4.5-1.fc25 php-league-flysystem-1.0.41-1.fc25 php-nette-application-2.4.8-1.fc25 php-nette-bootstrap-2.4.4-1.fc25 php-nette-caching-2.5.4-1.fc25 php-nette-component-model-2.3.1-1.fc25 php-nette-database-2.4.4-1.fc25 php-nette-deprecated-2.4.1-1.fc25 php-nette-di-2.4.9-1.fc25 php-nette-finder-2.4.1-1.fc25 php-nette-forms-2.4.5-1.fc25 php-nette-http-2.4.6-1.fc25 php-nette-mail-2.4.3-1.fc25 php-nette-neon-2.4.2-1.fc25 php-nette-php-generator-2.6.3-1.fc25 php-nette-reflection-2.4.2-1.fc25 php-nette-robot-loader-2.4.3-1.fc25 php-nette-safe-stream-2.3.3-1.fc25 php-nette-security-2.4.2-1.fc25 php-nette-tester-2.0.0-0.4.20170731.900febd.fc25 php-nette-tokenizer-2.2.4-1.fc25 php-nette-utils-2.4.7-1.fc25 php-nikic-php-parser3-3.1.0-1.fc25 php-tracy-2.4.8-1.fc25 potrace-1.15-1.fc25 qpdf-6.0.0-5.fc25 Details about builds: ================================================================================ composer-1.4.3-1.fc25 (FEDORA-2017-8be6d1e423) Dependency Manager for PHP -------------------------------------------------------------------------------- Update Information: **Version 1.4.3** - 2017-08-06 * Fixed GitLab URLs * Fixed root package version detection using latest git versions * Fixed inconsistencies in date format in composer.lock when installing from source * Fixed Mercurial support regression * Fixed exclude-from-classmap not being applied when autoloading files for Composer plugins * Fixed exclude-from-classmap being ignored when cwd has the wrong case on case insensitive filesystems * Fixed several other minor issues -------------------------------------------------------------------------------- ================================================================================ fusioninventory-agent-2.3.21-1.fc25 (FEDORA-2017-6224bba817) FusionInventory agent -------------------------------------------------------------------------------- Update Information: Last upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1477175 - fusioninventory-agent-2.3.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1477175 -------------------------------------------------------------------------------- ================================================================================ gnome-shell-extension-freon-25-1.fc25 (FEDORA-2017-48b27bcd73) GNOME Shell extension to display system temperature, voltage, and fan speed -------------------------------------------------------------------------------- Update Information: Bump to upstream version 25, which adds German localization. -------------------------------------------------------------------------------- ================================================================================ gtengine-3.9-1.fc25 (FEDORA-2017-bc5292a040) Library for computations in mathematics, graphics, image analysis, and physics -------------------------------------------------------------------------------- Update Information: - Update to 3.9 -------------------------------------------------------------------------------- ================================================================================ mock-1.4.3-1.fc25 (FEDORA-2017-4ee5b66a4c) Builds packages inside chroots -------------------------------------------------------------------------------- Update Information: * --nocheck macro was not properly escaped [[RHBZ#1473359](https://bugzilla.redhat.com/show_bug.cgi?id=1473359)]. * Use python3 and dnf module on Fedoras to guess architecture in %post scriptlet [[RHBZ#1462310](https://bugzilla.redhat.com/show_bug.cgi?id=1462310)]. * enhanced detection of RHEL [[RHBZ#1470189](https://bugzilla.redhat.com/show_bug.cgi?id=1470189)]. * scm: define `_sourcedir` to checkout directory [[PR#98](https://github.com/rpm- software-management/mock/pull/98)]. * Mageia Cauldron releasever is now 7 [[PR#95](https://github.com/rpm-software-management/mock/pull/95)] * Create /dev nodes even when using nspawn [[RHBZ#1467299](https://bugzilla.redhat.com/show_bug.cgi?id=1467299)]. * selinux: do not try to import yum when PM is dnf [[RHBZ#1474513](https://bugzilla.redhat.com/show_bug.cgi?id=1474513)]. * When you have hundreds of volumes in LVM you can tell mock to wait longer using `config_opts['plugin_conf']['lvm_root_opts']['sleep_time'] = 1`. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1473359 - mock --nocheck -r fedora-26-x86_64 <whatever>.src.rpm consistently fails https://bugzilla.redhat.com/show_bug.cgi?id=1473359 [ 2 ] Bug #1470189 - Mock crashes because there is no dnf https://bugzilla.redhat.com/show_bug.cgi?id=1470189 [ 3 ] Bug #1462310 - missing default cfg on rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1462310 [ 4 ] Bug #1467299 - /dev/null dissapper for rpm scriptlet during mock build https://bugzilla.redhat.com/show_bug.cgi?id=1467299 [ 5 ] Bug #1474513 - Using --old-chroot, selinux plugin crashes if yum is not installed https://bugzilla.redhat.com/show_bug.cgi?id=1474513 -------------------------------------------------------------------------------- ================================================================================ openblas-0.2.20-2.fc25 (FEDORA-2017-5ef2bd46f9) An optimized BLAS library based on GotoBLAS2 -------------------------------------------------------------------------------- Update Information: Update to the newest release, including fixes to several race and locking bugs, a newer version of LAPACK, as well as support for several more processors on the x86_64 architecture. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1474554 - openblas-0.2.20 is available https://bugzilla.redhat.com/show_bug.cgi?id=1474554 -------------------------------------------------------------------------------- ================================================================================ php-bartlett-PHP-CompatInfo-5.0.8-1.fc25 (FEDORA-2017-8cc45f4428) Find out version and the extensions required for a piece of code to run -------------------------------------------------------------------------------- Update Information: **Version 5.0.8** * Fix #232 Support class constants -------------------------------------------------------------------------------- ================================================================================ php-bartlett-php-compatinfo-db-1.23.0-1.fc25 (FEDORA-2017-3a18013d66) Reference Database to be used with php-compatinfo library -------------------------------------------------------------------------------- Update Information: **Version 1.23.0** - 2017-07-17 * **Added** - Support to PHP 7.0.21 - Support to PHP 5.6.31 - New `db:build:ext` command to generate a draft (json format) of each components in one extension. - New `db:list` command to see what are extensions supported by the database. - New `ExtensionFactory::getExtensions()` method to retrieve all extensions informations (status/versions) - New `db:show` command to see details of extensions supported by the database. * **Changed** - Amqp reference updated to version 1.9.1 (stable) - Lzf reference updated to version 1.6.6 (stable) - Redis reference updated to version 3.1.2 (stable) - Ssh2 reference updated to version 1.1 (alpha) - Stomp reference updated to version 2.0.1 (stable) - Zip reference updated to version 1.15.1 (stable) - DataBase `compatinfo.sqlite` is copied in same directory (<user>\.bartlett) for both phar and non phar versions. - Console `db:backup` command did not used anymore the system temporary folder to save DB backup files (save in same folder as DB) -------------------------------------------------------------------------------- ================================================================================ php-latte-2.4.5-1.fc25 (FEDORA-2017-5d64a29e7c) Latte: the amazing template engine for PHP -------------------------------------------------------------------------------- Update Information: **Released version 2.4.5** * coding style: fixes, lowercase true/false/null * Engine::compile() fixed construction of CompileException, doesn't accept nullable type (#161) -------------------------------------------------------------------------------- ================================================================================ php-league-flysystem-1.0.41-1.fc25 (FEDORA-2017-0e31803fc1) Filesystem abstraction: Many filesystems, one API -------------------------------------------------------------------------------- Update Information: **Version 1.0.41** - 2017-08-06 * **Fixed** * Response array check mistake was corrected. * **Altered** * Removed support for HHVM. -------------------------------------------------------------------------------- ================================================================================ php-nette-application-2.4.8-1.fc25 (FEDORA-2017-2b2903eab8) Nette Application MVC Component -------------------------------------------------------------------------------- Update Information: **Released version 2.4.8** * Presenter::$absoluteUrls fixed ---- **Released version 2.4.7** * coding style: fixes, lowercase true/false/null * Presenter: added requestToUrl(), taken out from createRequest() -------------------------------------------------------------------------------- ================================================================================ php-nette-bootstrap-2.4.4-1.fc25 (FEDORA-2017-ead49056fa) Nette Bootstrap -------------------------------------------------------------------------------- Update Information: **Released version 2.4.4** * coding style: fixes, lowercase true/false/null -------------------------------------------------------------------------------- ================================================================================ php-nette-caching-2.5.4-1.fc25 (FEDORA-2017-bf303e67d8) Nette Caching Component -------------------------------------------------------------------------------- Update Information: **Released version 2.5.4** * coding style: fixes, lowercase true/false/null -------------------------------------------------------------------------------- ================================================================================ php-nette-component-model-2.3.1-1.fc25 (FEDORA-2017-6821d69219) Nette Component Model -------------------------------------------------------------------------------- Update Information: **Released version 2.3.1** * coding style: fixes, lowercase true/false/null * @return self -> static * composer: accepts nette 3.0 * renamed parameter $need -> $throw -------------------------------------------------------------------------------- ================================================================================ php-nette-database-2.4.4-1.fc25 (FEDORA-2017-03f0de3478) Nette Database Component -------------------------------------------------------------------------------- Update Information: **Released version 2.4.4** * SqlPreprocessor: workaround for PDO bug #74996 when looking for ? in prepared query #177 * composer: requires nette/utils 2.4 for PHP 7.2 ---- **Released version 2.4.3** * fetchPairs() supports floats in keys * coding style: fixes, lowercase true/false/null * SqliteDriver::getColumns() fix regexp for autoincrement recognition (#168) * DatabaseExtension: added support for constants in options values * OciDriver: do not use meta, driver is not meta-aware -------------------------------------------------------------------------------- ================================================================================ php-nette-deprecated-2.4.1-1.fc25 (FEDORA-2017-f8de601d0d) APIs and features removed from Nette Framework -------------------------------------------------------------------------------- Update Information: **Released version 2.4.1** * coding style: fixes, lowercase true/false/null * @return self -> static * added missing @deprecated annotations -------------------------------------------------------------------------------- ================================================================================ php-nette-di-2.4.9-1.fc25 (FEDORA-2017-d067a820eb) Nette Dependency Injection Component -------------------------------------------------------------------------------- Update Information: **Released version 2.4.9** * coding style: fixes, lowercase true/false/null * added support for class aliases created via class_alias() #156 * DependencyChecker: class is expired when parent/interfaces/traits was changed * DecoratorExtension: accepts setup syntax '$prop = val' * ContainerBuilder: allows ::Namespace\func as factory name * generated factories: fix return type, PHP does not support return type covariance (#152) * removed unnecessary ltrim($class, '\') -------------------------------------------------------------------------------- ================================================================================ php-nette-finder-2.4.1-1.fc25 (FEDORA-2017-25b9c0a60f) Nette Finder: Files Searching -------------------------------------------------------------------------------- Update Information: **Released version 2.4.1** * coding style: fixes, lowercase true/false/null * variadics methods accepts no arguments #5 * folder /Finder renamed to /Utils * composer: accepts nette 3.0 * @return self -> static -------------------------------------------------------------------------------- ================================================================================ php-nette-forms-2.4.5-1.fc25 (FEDORA-2017-04a79038f3) Nette Forms: greatly facilitates web forms -------------------------------------------------------------------------------- Update Information: **Released version 2.4.5** * coding style: fixes, lowercase true/false/null * $onClick handlers are called with argument $values (as $onSuccess) tests: improved $onSuccess & $onClick etc. tests * DefaultFormRenderer: translates object 'label' & 'description' #142 * tests: added rendering + localization (#149) * DefaultRenderer: fix for calling renderErrors() from renderPair() which was caused by #145 (->form = NULL) (#150) * ControlGroup: added remove() and removeOrphans() #155 * SelectBox: only one item can be rendered as selected at the same time -------------------------------------------------------------------------------- ================================================================================ php-nette-http-2.4.6-1.fc25 (FEDORA-2017-1271f3c4d3) Nette HTTP Component -------------------------------------------------------------------------------- Update Information: **Released version 2.4.6** * coding style: fixes, lowercase true/false/null * RequestFactory: when proxy is used and HTTP_X_FORWARDED_PORT is not available, uses default port #124 * RequestFactory: test that HTTP_X_FORWARDED_PROTO doesn't change the port typo * RequestFactory: correctly ignores not-ip values in HTTP_X_FORWARDED_FOR & REMOTE_ADDR (#122) -------------------------------------------------------------------------------- ================================================================================ php-nette-mail-2.4.3-1.fc25 (FEDORA-2017-affa1e63c1) Nette Mail: Sending E-mails -------------------------------------------------------------------------------- Update Information: **Released version 2.4.3** * coding style: fixes, lowercase true/false/null -------------------------------------------------------------------------------- ================================================================================ php-nette-neon-2.4.2-1.fc25 (FEDORA-2017-d2cf8db5e6) Nette NEON: parser and generator for Nette Object Notation -------------------------------------------------------------------------------- Update Information: **Released version 2.4.2** * coding style: fixes, lowercase true/false/null -------------------------------------------------------------------------------- ================================================================================ php-nette-php-generator-2.6.3-1.fc25 (FEDORA-2017-bcb06d8d2d) Nette PHP Generator -------------------------------------------------------------------------------- Update Information: **Released version 3.0.1** * added support for class constants (#25) * dumps true/false/null in lowercase * coding style: fixes, lowercase true/false/null * ClassType: removed some blank lines -------------------------------------------------------------------------------- ================================================================================ php-nette-reflection-2.4.2-1.fc25 (FEDORA-2017-bb48d626a0) Nette PHP Reflection Component -------------------------------------------------------------------------------- Update Information: **Released version 2.4.2** * coding style: fixes, lowercase true/false/null * each() replaced with current() and next() -------------------------------------------------------------------------------- ================================================================================ php-nette-robot-loader-2.4.3-1.fc25 (FEDORA-2017-96b2497e0e) Nette RobotLoader: comfortable autoloading -------------------------------------------------------------------------------- Update Information: **Released version 2.4.3** * coding style: fixes, lowercase true/false/null -------------------------------------------------------------------------------- ================================================================================ php-nette-safe-stream-2.3.3-1.fc25 (FEDORA-2017-b2fbea5b92) Nette SafeStream: Atomic Operations -------------------------------------------------------------------------------- Update Information: **Released version 2.3.3** * coding style: fixes, lowercase true/false/null -------------------------------------------------------------------------------- ================================================================================ php-nette-security-2.4.2-1.fc25 (FEDORA-2017-87a8e5a30f) Nette Security: Access Control Component -------------------------------------------------------------------------------- Update Information: **Released version 2.4.2** * coding style: fixes, lowercase true/false/null -------------------------------------------------------------------------------- ================================================================================ php-nette-tester-2.0.0-0.4.20170731.900febd.fc25 (FEDORA-2017-2a91f4131d) An easy-to-use PHP unit testing framework -------------------------------------------------------------------------------- Update Information: more recent git snapshot -------------------------------------------------------------------------------- ================================================================================ php-nette-tokenizer-2.2.4-1.fc25 (FEDORA-2017-878a4fdad1) Nette Tokenizer -------------------------------------------------------------------------------- Update Information: **Released version 2.2.4** * coding style: fixes, lowercase true/false/null * @return self -> static -------------------------------------------------------------------------------- ================================================================================ php-nette-utils-2.4.7-1.fc25 (FEDORA-2017-17c6760c37) Nette Utility Classes -------------------------------------------------------------------------------- Update Information: **Released version 2.4.7** * coding style: fixes, lowercase true/false/null * Image: attempt to serialize throws exception -------------------------------------------------------------------------------- ================================================================================ php-nikic-php-parser3-3.1.0-1.fc25 (FEDORA-2017-c1ee3b9672) A PHP parser written in PHP -------------------------------------------------------------------------------- Update Information: **Version 3.1.0** (2017-07-28) * **Added** * [PHP 7.2] Added support for trailing comma in group use statements. * [PHP 7.2] Added support for `object` type. This means `object` types will now be represented as a builtin type (a simple `"object"` string), rather than a class `Name`. * **Fixed** * Floating-point numbers are now printed correctly if the LC_NUMERIC locale uses a comma as decimal separator. * **Changed** * `Name::$parts` is no longer deprecated. -------------------------------------------------------------------------------- ================================================================================ php-tracy-2.4.8-1.fc25 (FEDORA-2017-8fa6b27b00) Tracy: useful PHP debugger -------------------------------------------------------------------------------- Update Information: **Released version 2.4.8** * dumps true/false/null in lowercase * coding style: fixes, lowercase true/false/null * examples: added info about DEVELOPMENT vs DETECT mode * Show date/time error occured on error 500 (#258) -------------------------------------------------------------------------------- ================================================================================ potrace-1.15-1.fc25 (FEDORA-2017-d7739ff31b) Transform bitmaps into vector graphics -------------------------------------------------------------------------------- Update Information: This release consists of bugfixes and minor portability improvements. Some potential buffer overflows and arithmetic overflows were fixed, including CVE-2017-12067. A bug triggered by very large bitmaps has been fixed. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1477104 - CVE-2017-12067 potrace: heap-based buffer over-read in the interpolate_cubic function [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1477104 [ 2 ] Bug #1385513 - CVE-2016-8685 CVE-2016-8686 CVE-2016-8694 CVE-2016-8695 CVE-2016-8696 CVE-2016-8697 CVE-2016-8698 CVE-2016-8699 CVE-2016-8700 CVE-2016-8701 CVE-2016-8702 CVE-2016-8703 CVE-2017-7263 potrace: Multiple security issues [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1385513 [ 3 ] Bug #1477105 - CVE-2017-12067 potrace: heap-based buffer over-read in the interpolate_cubic function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1477105 [ 4 ] Bug #1385512 - CVE-2016-8685 CVE-2016-8686 CVE-2016-8694 CVE-2016-8695 CVE-2016-8696 CVE-2016-8697 CVE-2016-8698 CVE-2016-8699 CVE-2016-8700 CVE-2016-8701 CVE-2016-8702 CVE-2016-8703 CVE-2017-7263 potrace: Multiple security issues [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1385512 -------------------------------------------------------------------------------- ================================================================================ qpdf-6.0.0-5.fc25 (FEDORA-2017-988a15106c) Command-line tools and library for transforming PDF files -------------------------------------------------------------------------------- Update Information: Reverting changes from previous update -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
