The following Fedora 25 Security updates need testing: Age URL 230 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 129 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e python-XStatic-jquery-ui-1.12.0.1-4.fc25 68 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d7498559f nodejs-brace-expansion-1.1.7-1.fc25 34 https://bodhi.fedoraproject.org/updates/FEDORA-2017-33c8085c5d groovy18-1.8.9-28.fc25 28 https://bodhi.fedoraproject.org/updates/FEDORA-2017-86cfcbbae8 libstaroffice-0.0.4-1.fc25 22 https://bodhi.fedoraproject.org/updates/FEDORA-2017-82b5035f76 chicken-4.12.0-3.fc25 22 https://bodhi.fedoraproject.org/updates/FEDORA-2017-99c0118c0c memcached-1.4.39-1.fc25 22 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fe04b06b64 python-tablib-0.11.5-1.fc25 19 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2232fe97b4 docker-distribution-2.6.2-1.git48294d9.fc25 19 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a1fe6d2b86 nasm-2.13.01-3.fc25 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-be3df4fe14 java-1.8.0-openjdk-aarch32-1.8.0.141-1.170721.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d7739ff31b potrace-1.15-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a05e2b8545 cups-filters-1.10.0-4.fc25 qpdf-6.0.0-6.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-866fc566e0 torbrowser-launcher-0.2.8-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f318871e3b ruby-2.3.4-63.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f6e3215f2b mingw-openjpeg2-2.2.0-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c9d8011d69 mingw-libsoup-2.56.1-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9148fe36b9 postgresql-9.5.8-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1d1a38bdd1 subversion-1.9.7-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f98cef571d kernel-4.12.5-200.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7e5ac0896e botan-1.10.16-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fa1d8ad61a mercurial-3.8.1-4.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-97eb475d93 cvs-1.11.23-41.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 73 https://bodhi.fedoraproject.org/updates/FEDORA-2017-613a72e282 lorax-25.22-1.fc25 28 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2312ac9d9 pungi-4.1.17-1.fc25 25 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6b67562744 ca-certificates-2017.2.16-1.0.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-226cbd995b libvirt-2.2.1-3.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bb07876a1c nspr-4.16.0-1.fc25 nss-3.32.0-1.0.fc25 nss-softokn-3.32.0-1.1.fc25 nss-util-3.32.0-1.0.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f98cef571d kernel-4.12.5-200.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ba3e72c511 osinfo-db-20170813-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-67705933e3 glusterfs-3.10.5-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-837f04c39a selinux-policy-3.13.1-225.20.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a1a0a83099 firefox-55.0.1-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-97eb475d93 cvs-1.11.23-41.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0c6291cd4b pango-1.40.9-1.fc25 The following builds have been pushed to Fedora 25 updates-testing RemoteBox-2.3-1.fc25 audience-0.2.4-1.fc25 bpython-0.17-1.fc25 cabal-rpm-0.11.2-1.fc25 cacti-1.1.17-1.fc25 cvs-1.11.23-41.fc25 danmaq-0.2-1.fc25 enki-17.03.0-6.fc25 f2fs-tools-1.8.0-1.fc25 firefox-55.0.1-1.fc25 fuse-encfs-1.9.2-3.fc25 fusioninventory-agent-2.3.21-2.fc25 gimp-luminosity-masks-0-3.fc25 icecream-1.1-2.fc25 mercurial-3.8.1-4.fc25 pango-1.40.9-1.fc25 pantheon-calculator-0.1.3-1.fc25 perl-Time-OlsonTZ-Download-0.006-2.fc25 pioneer-20170813-1.fc25 qpid-dispatch-0.8.0-2.fc25 rabbitvcs-0.17-1.fc25 rubygem-gettext-3.2.4-1.fc25 selinux-policy-3.13.1-225.20.fc25 snapd-2.27.1-1.fc25 snapd-glib-1.16-1.fc25 vulkan-1.0.57.0-1.fc25 winetricks-20170731-1.fc25 wingpanel-indicator-session-2.0.3-1.fc25 Details about builds: ================================================================================ RemoteBox-2.3-1.fc25 (FEDORA-2017-4cff58124c) Open Source VirtualBox Client with Remote Management -------------------------------------------------------------------------------- Update Information: Update to 2.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1448436 - RemoteBox-2.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1448436 -------------------------------------------------------------------------------- ================================================================================ audience-0.2.4-1.fc25 (FEDORA-2017-7c7d5ace89) Audience video player -------------------------------------------------------------------------------- Update Information: Update to version 0.2.4. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1480857 - audience-0.2.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1480857 -------------------------------------------------------------------------------- ================================================================================ bpython-0.17-1.fc25 (FEDORA-2017-8e57f5707f) Fancy curses interface to the Python interactive interpreter -------------------------------------------------------------------------------- Update Information: Update to latest upstream release bpython 0.17. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1471375 - bpython-0.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1471375 -------------------------------------------------------------------------------- ================================================================================ cabal-rpm-0.11.2-1.fc25 (FEDORA-2017-5d7eb580c9) RPM packaging tool for Haskell Cabal-based packages -------------------------------------------------------------------------------- Update Information: - fix cblrpm update --subpackage - fix rpm installation when no sudo (#49) - fix handling of no exposed modules (#50) - fix license handling for selfdep binlib (#51) 0.11.1 - support building meta (compat) packages - invocation of optional stackage-query to update to LTS now works - initial --subpackage support for %{subpkgs} of missing deps: including downloading, but update is not properly implemented yet - new %{pkgver} macro - update no longer resets release for %{subpkgs} -------------------------------------------------------------------------------- ================================================================================ cacti-1.1.17-1.fc25 (FEDORA-2017-e600616548) An rrd based graphing tool -------------------------------------------------------------------------------- Update Information: - Update to 1.1.17 Release notes: https://www.cacti.net/release_notes.php?version=1.1.17 -------------------------------------------------------------------------------- ================================================================================ cvs-1.11.23-41.fc25 (FEDORA-2017-97eb475d93) Concurrent Versions System -------------------------------------------------------------------------------- Update Information: This relase fixes CVE-2017-12836 vulerbaility (command injection via malicious SSH URL). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1480800 - CVE-2017-12836 cvs: Command injection via malicious ssh URLs https://bugzilla.redhat.com/show_bug.cgi?id=1480800 -------------------------------------------------------------------------------- ================================================================================ danmaq-0.2-1.fc25 (FEDORA-2017-54ba15430a) A small client side Qt program to play danmaku on any screen -------------------------------------------------------------------------------- Update Information: Add new package danmaq -------------------------------------------------------------------------------- ================================================================================ enki-17.03.0-6.fc25 (FEDORA-2017-bd3f078ebf) Text editor for programmers -------------------------------------------------------------------------------- Update Information: add dependency python3-sphinx -------------------------------------------------------------------------------- References: [ 1 ] Bug #1460445 - pkg_resources.DistributionNotFound: The 'Sphinx' distribution was not found and is required by enki https://bugzilla.redhat.com/show_bug.cgi?id=1460445 -------------------------------------------------------------------------------- ================================================================================ f2fs-tools-1.8.0-1.fc25 (FEDORA-2017-190f1247da) Tools for Flash-Friendly File System (F2FS) -------------------------------------------------------------------------------- Update Information: Update to 1.8.0 -------------------------------------------------------------------------------- ================================================================================ firefox-55.0.1-1.fc25 (FEDORA-2017-a1a0a83099) Mozilla Firefox Web browser -------------------------------------------------------------------------------- Update Information: For changes see: https://www.mozilla.org/en-US/firefox/55.0.1/releasenotes/ -------------------------------------------------------------------------------- ================================================================================ fuse-encfs-1.9.2-3.fc25 (FEDORA-2017-c8bd7edd2f) Encrypted pass-thru filesystem in userspace -------------------------------------------------------------------------------- Update Information: Correct exec permission (rhbz #1382894) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1382894 - encfssh should be executable https://bugzilla.redhat.com/show_bug.cgi?id=1382894 -------------------------------------------------------------------------------- ================================================================================ fusioninventory-agent-2.3.21-2.fc25 (FEDORA-2017-9ba9dbb757) FusionInventory agent -------------------------------------------------------------------------------- Update Information: Add missing provides on perl(setup) ---- Last upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1477175 - fusioninventory-agent-2.3.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1477175 -------------------------------------------------------------------------------- ================================================================================ gimp-luminosity-masks-0-3.fc25 (FEDORA-2017-88fc3cc994) Luminosity mask channels plug-in for Gimp -------------------------------------------------------------------------------- Update Information: New add-on for Gimp. More details on [its functionality](https://patdavid.net/2011/10/getting-around-in-gimp-luminosity- masks.html) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1476440 - Review Request: gimp-luminosity-masks - Luminosity mask channels plug-in for Gimp https://bugzilla.redhat.com/show_bug.cgi?id=1476440 -------------------------------------------------------------------------------- ================================================================================ icecream-1.1-2.fc25 (FEDORA-2017-45e3e90f38) Distributed compiler -------------------------------------------------------------------------------- Update Information: icecream 1.1 has been released. Fedora already shipped a pre-release version of 1.1, so this is mainly a bugfix update. For an upstream list of changes see: ht tps://github.com/icecc/icecream/blob/8954f27aee0955053ef29493d8de8832d1d84d69/NE WS -------------------------------------------------------------------------------- ================================================================================ mercurial-3.8.1-4.fc25 (FEDORA-2017-fa1d8ad61a) Mercurial -- a distributed SCM -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-1000115, CVE-2017-1000116 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1480330 - CVE-2017-1000115 Mercurial: pathaudit: path traversal via symlink https://bugzilla.redhat.com/show_bug.cgi?id=1480330 [ 2 ] Bug #1479915 - CVE-2017-1000116 mercurial: command injection on clients through malicious ssh URLs https://bugzilla.redhat.com/show_bug.cgi?id=1479915 -------------------------------------------------------------------------------- ================================================================================ pango-1.40.9-1.fc25 (FEDORA-2017-0c6291cd4b) System for layout and rendering of internationalized text -------------------------------------------------------------------------------- Update Information: Containing a fix of the random crash issue on terminal apps -------------------------------------------------------------------------------- References: [ 1 ] Bug #1476206 - [abrt] xfce4-terminal: pango_glyph_item_iter_next_cluster(): xfce4-terminal killed by signal 6 https://bugzilla.redhat.com/show_bug.cgi?id=1476206 -------------------------------------------------------------------------------- ================================================================================ pantheon-calculator-0.1.3-1.fc25 (FEDORA-2017-104f1ffe51) A tiny, simple calculator written in GTK+ and Vala -------------------------------------------------------------------------------- Update Information: Update to version 0.1.3. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1481054 - pantheon-calculator-0.1.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1481054 -------------------------------------------------------------------------------- ================================================================================ perl-Time-OlsonTZ-Download-0.006-2.fc25 (FEDORA-2017-1f27e8b172) Olson time zone database from source -------------------------------------------------------------------------------- Update Information: This release corrects a dependency on gunzip tool. ---- This release fixes parsing iso3166.tab with non-ASCII characters. It also improves documentation. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1479680 - perl-Time-OlsonTZ-Download-0.006 is available https://bugzilla.redhat.com/show_bug.cgi?id=1479680 -------------------------------------------------------------------------------- ================================================================================ pioneer-20170813-1.fc25 (FEDORA-2017-06afa2c622) A game of lonely space adventure -------------------------------------------------------------------------------- Update Information: 20170813 -------------------------------------------------------------------------------- ================================================================================ qpid-dispatch-0.8.0-2.fc25 (FEDORA-2017-170e9d7fc8) Dispatch router for Qpid -------------------------------------------------------------------------------- Update Information: Added a fix for DISPATCH-727. -------------------------------------------------------------------------------- ================================================================================ rabbitvcs-0.17-1.fc25 (FEDORA-2017-f5d9e8090b) Graphical user interface to version control systems -------------------------------------------------------------------------------- Update Information: Update to 0.17 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1464713 - rabbitvcs-v0.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1464713 -------------------------------------------------------------------------------- ================================================================================ rubygem-gettext-3.2.4-1.fc25 (FEDORA-2017-b51d907f40) RubyGem of Localization Library and Tools for Ruby -------------------------------------------------------------------------------- Update Information: New version 3.2.4 is released. -------------------------------------------------------------------------------- ================================================================================ selinux-policy-3.13.1-225.20.fc25 (FEDORA-2017-837f04c39a) SELinux policy configuration -------------------------------------------------------------------------------- Update Information: More info: https://koji.fedoraproject.org/koji/buildinfo?buildID=953062 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1468095 - SELinux is preventing postgres from 'remove_name' accesses on the directory postmaster.pid. https://bugzilla.redhat.com/show_bug.cgi?id=1468095 [ 2 ] Bug #1440187 - SELinux is preventing 57656220436F6E74656E74 from 'create' accesses on the file 1934492876-Suivi_poste-canada. https://bugzilla.redhat.com/show_bug.cgi?id=1440187 [ 3 ] Bug #1436026 - selinux prevents postfix cleanup from accessing socket based non_smtpd_milters https://bugzilla.redhat.com/show_bug.cgi?id=1436026 [ 4 ] Bug #1417512 - SELinux is preventing dovecot connection to Postgresql (policy is not included) https://bugzilla.redhat.com/show_bug.cgi?id=1417512 [ 5 ] Bug #1412696 - PrivateDevices=true in systemd unit file prevents postfix from starting https://bugzilla.redhat.com/show_bug.cgi?id=1412696 [ 6 ] Bug #1409107 - SELinux prevents Postfix from starting https://bugzilla.redhat.com/show_bug.cgi?id=1409107 [ 7 ] Bug #1403186 - cannot start postfix anymore with selinux https://bugzilla.redhat.com/show_bug.cgi?id=1403186 [ 8 ] Bug #1398007 - postfix: no log entries for sent mails https://bugzilla.redhat.com/show_bug.cgi?id=1398007 [ 9 ] Bug #1395018 - SELinux is preventing postalias from 'read' accesses on the lnk_file log. https://bugzilla.redhat.com/show_bug.cgi?id=1395018 [ 10 ] Bug #1389863 - postfix service fails to start, unable to access /dev/null https://bugzilla.redhat.com/show_bug.cgi?id=1389863 [ 11 ] Bug #1383905 - SELinux is preventing postfix from 'read' accesses on the lnk_file log. https://bugzilla.redhat.com/show_bug.cgi?id=1383905 [ 12 ] Bug #1323224 - mailx fails when used with mail server other than Sendmail Inc sendmail or postfix https://bugzilla.redhat.com/show_bug.cgi?id=1323224 [ 13 ] Bug #1389882 - SELinux is preventing postgrey from execute access on the file /usr/bin/perl https://bugzilla.redhat.com/show_bug.cgi?id=1389882 -------------------------------------------------------------------------------- ================================================================================ snapd-2.27.1-1.fc25 (FEDORA-2017-4f8de51e27) A transactional software package manager -------------------------------------------------------------------------------- Update Information: Some highlights of snapd 2.27 from upstream: * updated interfaces: `default`, `mir`, `optical-observe`, `system-observe`, `screen-inhibit-control`, `unity`, `network-control` * new interfaces: `greengrass-support`, `password-manager- service` * snapctl work inside the snap context too (outside of hooks) * forced- devmode information is available via the sysinfo API now * seccomp argument filtering re-enabled * add `--listswitch` to `snap abort` and `snap watch` * add new snap commandline aliases: `snap search` and `snap change` * many test improvements * many bugfixes * shellcheck everywhere * `snap list` now shows the snap type in the notes (if it is not `type: app`) * support "title" via the store/rest-api * `syslogIdentifier` is now written to the generated systemd unit files * make snapd itself a "type=notify" daemon * auto-import system-user assertion only from ext4,vfat partitions * show sha3-384 hash in `snap info --verbose <snapfile>` * show snap-id in snap info * make config defaults from gadget work also at first boot * add support for android-boot * implement `snap- update-ns` * use `/etc/ssl` from the core snap * implement shortcut `snap install --unaliased` to install a snap without its automatic aliases Some highlights of snapd-glib 1.16 from upstream: * Bring introspection and vapigen m4 macros into the source so can build without them installed. * Fix snapd-qt build failure due to conflict of 'signals' variable with GDBus. * Set a user agent when sending requests to snapd-glib -------------------------------------------------------------------------------- References: [ 1 ] Bug #1471771 - snapd-glib-1.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1471771 [ 2 ] Bug #1458086 - snapd-2.27 is available https://bugzilla.redhat.com/show_bug.cgi?id=1458086 [ 3 ] Bug #1481247 - snapd-2.27.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1481247 -------------------------------------------------------------------------------- ================================================================================ snapd-glib-1.16-1.fc25 (FEDORA-2017-4f8de51e27) Library providing a GLib interface to snapd -------------------------------------------------------------------------------- Update Information: Some highlights of snapd 2.27 from upstream: * updated interfaces: `default`, `mir`, `optical-observe`, `system-observe`, `screen-inhibit-control`, `unity`, `network-control` * new interfaces: `greengrass-support`, `password-manager- service` * snapctl work inside the snap context too (outside of hooks) * forced- devmode information is available via the sysinfo API now * seccomp argument filtering re-enabled * add `--listswitch` to `snap abort` and `snap watch` * add new snap commandline aliases: `snap search` and `snap change` * many test improvements * many bugfixes * shellcheck everywhere * `snap list` now shows the snap type in the notes (if it is not `type: app`) * support "title" via the store/rest-api * `syslogIdentifier` is now written to the generated systemd unit files * make snapd itself a "type=notify" daemon * auto-import system-user assertion only from ext4,vfat partitions * show sha3-384 hash in `snap info --verbose <snapfile>` * show snap-id in snap info * make config defaults from gadget work also at first boot * add support for android-boot * implement `snap- update-ns` * use `/etc/ssl` from the core snap * implement shortcut `snap install --unaliased` to install a snap without its automatic aliases Some highlights of snapd-glib 1.16 from upstream: * Bring introspection and vapigen m4 macros into the source so can build without them installed. * Fix snapd-qt build failure due to conflict of 'signals' variable with GDBus. * Set a user agent when sending requests to snapd-glib -------------------------------------------------------------------------------- References: [ 1 ] Bug #1471771 - snapd-glib-1.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1471771 [ 2 ] Bug #1458086 - snapd-2.27 is available https://bugzilla.redhat.com/show_bug.cgi?id=1458086 [ 3 ] Bug #1481247 - snapd-2.27.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1481247 -------------------------------------------------------------------------------- ================================================================================ vulkan-1.0.57.0-1.fc25 (FEDORA-2017-ac42db920f) Vulkan loader and validation layers -------------------------------------------------------------------------------- Update Information: Update -------------------------------------------------------------------------------- ================================================================================ winetricks-20170731-1.fc25 (FEDORA-2017-6e03f963c4) Work around common problems in Wine -------------------------------------------------------------------------------- Update Information: snapshot of 20170731 - - improve russian and ukrainian translations - fix bashate issues - small other fixes - add appdata see full changelog: https://gi thub.com/Winetricks/winetricks/commits/43314ed7895396bfd625824d88b5e19c25f46cac -------------------------------------------------------------------------------- References: [ 1 ] Bug #1476494 - AppStream metadata for Winetricks package are missing https://bugzilla.redhat.com/show_bug.cgi?id=1476494 [ 2 ] Bug #1461836 - winetricks-20170614 is available https://bugzilla.redhat.com/show_bug.cgi?id=1461836 -------------------------------------------------------------------------------- ================================================================================ wingpanel-indicator-session-2.0.3-1.fc25 (FEDORA-2017-74752230f0) Session Indicator for wingpanel -------------------------------------------------------------------------------- Update Information: Update to version 2.0.3. -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
