The following Fedora 25 Security updates need testing: Age URL 254 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 153 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e python-XStatic-jquery-ui-1.12.0.1-4.fc25 92 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d7498559f nodejs-brace-expansion-1.1.7-1.fc25 52 https://bodhi.fedoraproject.org/updates/FEDORA-2017-86cfcbbae8 libstaroffice-0.0.4-1.fc25 46 https://bodhi.fedoraproject.org/updates/FEDORA-2017-99c0118c0c memcached-1.4.39-1.fc25 43 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2232fe97b4 docker-distribution-2.6.2-1.git48294d9.fc25 25 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7e5ac0896e botan-1.10.16-1.fc25 23 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fa1d8ad61a mercurial-3.8.1-4.fc25 15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a00a087fd4 tomcat-8.0.46-1.fc25 15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-902970c18f drupal8-8.3.7-1.fc25 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7dacb3c21c augeas-1.8.1-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3a568adb31 ImageMagick-6.9.9.9-1.fc25 WindowMaker-0.95.7-3.fc25.1 autotrace-0.31.1-49.fc25 converseen-0.9.6.2-3.fc25 drawtiming-0.7.1-22.fc25 emacs-25.2-5.fc25 gtatool-2.2.0-6.fc25 imageinfo-0.05-27.fc25 inkscape-0.92.1-4.20170510bzr15686.fc25.1 k3d-0.8.0.6-8.fc25 kxstitch-1.2.0-9.fc25 perl-Image-SubImageFind-0.03-13.fc25 pfstools-2.0.6-3.fc25 php-pecl-imagick-3.4.3-2.fc25 psiconv-0.9.8-22.fc25 q-7.11-29.fc25 ripright-0.11-5.fc25 rss-glx-0.9.1.p-27.fc25.1 rubygem-rmagick-2.16.0-4.fc25.2 synfig-1.2.0-1.fc25.1 synfigstudio-1.2.0-5.fc25 techne-0.2.3-20.fc25 vdr-scraper2vdr-1.0.5-4.20170611git254122b.fc25 vips-8.4.4-1.fc25.1 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3abea58794 mbedtls-2.6.0-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c708c044e3 chromium-60.0.3112.113-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ed735463e3 xen-4.7.3-4.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f285db3668 openjpeg2-2.2.0-3.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f7a73de98d mingw-openjpeg2-2.2.0-3.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-15ad4721e3 mimedefang-2.81-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-66adafeb3b lightdm-1.18.3-5.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e136d63c99 ruby-2.3.4-64.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c5d7fd07c5 LibRaw-0.17.2-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-56e23bc2b5 krb5-1.14.4-9.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-292c77b3c1 FlightGear-2016.3.1-5.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-40a66b18c8 libwpd-0.10.1-8.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 96 https://bodhi.fedoraproject.org/updates/FEDORA-2017-613a72e282 lorax-25.22-1.fc25 18 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e22c6d53db mariadb-10.1.26-2.fc25 15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a2f2ef5a3c NetworkManager-1.4.6-1.fc25 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7dacb3c21c augeas-1.8.1-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ed735463e3 xen-4.7.3-4.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3a568adb31 ImageMagick-6.9.9.9-1.fc25 WindowMaker-0.95.7-3.fc25.1 autotrace-0.31.1-49.fc25 converseen-0.9.6.2-3.fc25 drawtiming-0.7.1-22.fc25 emacs-25.2-5.fc25 gtatool-2.2.0-6.fc25 imageinfo-0.05-27.fc25 inkscape-0.92.1-4.20170510bzr15686.fc25.1 k3d-0.8.0.6-8.fc25 kxstitch-1.2.0-9.fc25 perl-Image-SubImageFind-0.03-13.fc25 pfstools-2.0.6-3.fc25 php-pecl-imagick-3.4.3-2.fc25 psiconv-0.9.8-22.fc25 q-7.11-29.fc25 ripright-0.11-5.fc25 rss-glx-0.9.1.p-27.fc25.1 rubygem-rmagick-2.16.0-4.fc25.2 synfig-1.2.0-1.fc25.1 synfigstudio-1.2.0-5.fc25 techne-0.2.3-20.fc25 vdr-scraper2vdr-1.0.5-4.20170611git254122b.fc25 vips-8.4.4-1.fc25.1 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d0b5a22cb8 sssd-1.15.3-3.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cd99047b28 vim-8.0.1030-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f285db3668 openjpeg2-2.2.0-3.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ddd99a339e samba-4.5.13-0.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fade6f459c hwdata-0.304-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-84eddbed75 publicsuffix-list-20170828-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3d979eabcb gnome-online-accounts-3.22.7-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bc3c16a54f kobo-0.6.0-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0eba05e47 linux-firmware-20170828-76.gitb78acc9.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d1d3177f00 firefox-55.0.3-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e8578552e1 libsolv-0.6.29-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-504aeb74ba rpcbind-0.2.4-7.rc2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-56e23bc2b5 krb5-1.14.4-9.fc25 The following builds have been pushed to Fedora 25 updates-testing FlightGear-2016.3.1-5.fc25 IQmol-2.9.1-1.fc25 LibRaw-0.17.2-2.fc25 copr-backend-1.102-1.fc25 copr-dist-git-0.37-1.fc25 copr-frontend-1.119-1.fc25 copr-rpmbuild-0.7-1.fc25 electrum-2.9.3-1.fc25 gap-4.8.8-1.fc25 golang-github-templexxx-reedsolomon-0.1.0-2.fc25 java-1.8.0-openjdk-aarch32-1.8.0.144-1.170809.fc25 krb5-1.14.4-9.fc25 libsolv-0.6.29-1.fc25 libwpd-0.10.1-8.fc25 nut-2.7.4-12.fc25 php-phpmyadmin-sql-parser-4.2.0-1.fc25 rdopkg-0.45.0-4.fc25 rpcbind-0.2.4-7.rc2.fc25 ruby-2.3.4-64.fc25 sensible-utils-0.0.9-8.fc25 stlink-1.4.0-2.fc25 strace-4.19-1.fc25 Details about builds: ================================================================================ FlightGear-2016.3.1-5.fc25 (FEDORA-2017-292c77b3c1) The FlightGear Flight Simulator -------------------------------------------------------------------------------- Update Information: This update fixes a security bug in the FGLogger subsystem, to prevent it from overwriting arbitrary files the user has write access to (CVE-2017-13709) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1485915 - CVE-2017-13709 flightgear: Arbitrary file overwrite via resource affecting global Property Tree [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1485915 -------------------------------------------------------------------------------- ================================================================================ IQmol-2.9.1-1.fc25 (FEDORA-2017-53990cd05c) A free open-source molecular editor and visualization package -------------------------------------------------------------------------------- Update Information: Update to 2.9.1 with expanded fragment library and other features, see list at http://iqmol.org/features.html -------------------------------------------------------------------------------- ================================================================================ LibRaw-0.17.2-2.fc25 (FEDORA-2017-c5d7fd07c5) Library for reading RAW files obtained from digital photo cameras -------------------------------------------------------------------------------- Update Information: Patch for CVE-2017-13735. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1488947 - CVE-2017-13735 libraw: Floating point exception in kodak_radc_load_raw function in internal/dcraw_common.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1488947 -------------------------------------------------------------------------------- ================================================================================ copr-backend-1.102-1.fc25 (FEDORA-2017-598fd885d8) Backend for Copr -------------------------------------------------------------------------------- Update Information: - srpms are now being built from upstream on builders -------------------------------------------------------------------------------- ================================================================================ copr-dist-git-0.37-1.fc25 (FEDORA-2017-2bee4b572b) Copr services for Dist Git server -------------------------------------------------------------------------------- Update Information: - most of the logic moved to copr-rpmbuild ---- Security fix: parse spec file in isolation. ---- fix cvs-data ignore regular expression ---- - remove --global for git config in tests so that it does not modify ~/.gitconfig - fix #106 Renaming a spec file in a newer version causes the build to fail - make get_package_name more robust - add DistGitProvider with support for multiple distgits -------------------------------------------------------------------------------- ================================================================================ copr-frontend-1.119-1.fc25 (FEDORA-2017-730f54feeb) Frontend for Copr -------------------------------------------------------------------------------- Update Information: - add dist_git_clone_url property of package and use it on /backend - pg#68 Building SRPMs on builder - append / to result_dir_url - pg#119 python-copr client_v2 BuildHandler limits builds to the 100 most recent builds - Fix tab vs spaces errors - [*] Spelling fixes - Invalid escape sequence fixes - Bug 1471285 - Webhook triggers all changed specs even without new tito tag - api for obtaining queue information ---- - fork all succeeded buildchroots in RawhideToRelease - follow Fedora branching project's option added - allow to modify copr chroots - syntax highlight in project description and instructions - fix 500 on /api/coprs/build/ for auto-rebuilds - Bug 1409894 - COPR invalidly renders markdown - basic rebuild all packages feature added ---- - Bug 1473361 - New SCM 2 build does not recall the 'Subdirectory' setting - Deprecation warnings on F25 - hotfix for monitor page with jinja 2.9 - bug 1460399 - Build breadcrumb incorrect for group project -------------------------------------------------------------------------------- ================================================================================ copr-rpmbuild-0.7-1.fc25 (FEDORA-2017-834d45ffba) Run COPR build tasks -------------------------------------------------------------------------------- Update Information: - rewrite to python - build-srpm from upstream ability added -------------------------------------------------------------------------------- ================================================================================ electrum-2.9.3-1.fc25 (FEDORA-2017-a380df8f98) A lightweight Bitcoin Client -------------------------------------------------------------------------------- Update Information: New upstream version -------------------------------------------------------------------------------- ================================================================================ gap-4.8.8-1.fc25 (FEDORA-2017-026df61dc9) Computational discrete algebra -------------------------------------------------------------------------------- Update Information: See http://www.gap-system.org/Manuals/doc/changes/chap2.html#X822D0A3E85F800B3 for changes in gap version 4.8.8. -------------------------------------------------------------------------------- ================================================================================ golang-github-templexxx-reedsolomon-0.1.0-2.fc25 (FEDORA-2017-0dcf2cc006) Reed-Solomon Erasure Code engine in Go -------------------------------------------------------------------------------- Update Information: Initial package for fedora. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1488498 - Review Request: golang-github-templexxx-reedsolomon - Reed-Solomon Erasure Code engine in Go https://bugzilla.redhat.com/show_bug.cgi?id=1488498 -------------------------------------------------------------------------------- ================================================================================ java-1.8.0-openjdk-aarch32-1.8.0.144-1.170809.fc25 (FEDORA-2017-c7aa0647fa) OpenJDK Runtime Environment in a preview of the OpenJDK AArch32 project -------------------------------------------------------------------------------- Update Information: 8u144 update -------------------------------------------------------------------------------- ================================================================================ krb5-1.14.4-9.fc25 (FEDORA-2017-56e23bc2b5) The Kerberos network authentication system -------------------------------------------------------------------------------- Update Information: - Prevent applications from accidentally implementing CVE-2017-11462 (double free if sec_context is copied). - fc26+: Add ccselect hostrealm module for ccache selection based on service hostname. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1488873 - CVE-2017-11462 krb5: Automatic sec context deletion could lead to double-free https://bugzilla.redhat.com/show_bug.cgi?id=1488873 -------------------------------------------------------------------------------- ================================================================================ libsolv-0.6.29-1.fc25 (FEDORA-2017-e8578552e1) Package dependency solver -------------------------------------------------------------------------------- Update Information: # New features - support for `REL_UNLESS` dependencies - `solver_get_recommendations` available in bindings -------------------------------------------------------------------------------- ================================================================================ libwpd-0.10.1-8.fc25 (FEDORA-2017-40a66b18c8) A library for import of WordPerfect documents -------------------------------------------------------------------------------- Update Information: * heap overflow in libwpd -------------------------------------------------------------------------------- References: [ 1 ] Bug #1489337 - There is a heap overflow in libwpd. This vulnerability has been triggered in libreoffice. https://bugzilla.redhat.com/show_bug.cgi?id=1489337 -------------------------------------------------------------------------------- ================================================================================ nut-2.7.4-12.fc25 (FEDORA-2017-6f4cfb0182) Network UPS Tools -------------------------------------------------------------------------------- Update Information: rebuild for new freeipmi -------------------------------------------------------------------------------- References: [ 1 ] Bug #1489040 - nut needs to be rebuilt for the freeipmi update on F26 https://bugzilla.redhat.com/show_bug.cgi?id=1489040 -------------------------------------------------------------------------------- ================================================================================ php-phpmyadmin-sql-parser-4.2.0-1.fc25 (FEDORA-2017-109be1d0d9) A validating SQL lexer and parser with a focus on MySQL dialect -------------------------------------------------------------------------------- Update Information: **Version 4.2.0** - 2017-08-30 * Initial support for MariaDB SQL contexts. * Add support for MariaDB 10.3 INTERSECT and EXCEPT. -------------------------------------------------------------------------------- ================================================================================ rdopkg-0.45.0-4.fc25 (FEDORA-2017-626631cdf5) RPM packaging automation tool CLI -------------------------------------------------------------------------------- Update Information: First Fedora release -------------------------------------------------------------------------------- ================================================================================ rpcbind-0.2.4-7.rc2.fc25 (FEDORA-2017-504aeb74ba) Universal Addresses to RPC Program Number Mapper -------------------------------------------------------------------------------- Update Information: Create and formally own the state directory so the directory is available from the time of first installation until reboot -------------------------------------------------------------------------------- References: [ 1 ] Bug #1450484 - Rpcbind fail to start at boot https://bugzilla.redhat.com/show_bug.cgi?id=1450484 -------------------------------------------------------------------------------- ================================================================================ ruby-2.3.4-64.fc25 (FEDORA-2017-e136d63c99) An interpreter of object-oriented scripting language -------------------------------------------------------------------------------- Update Information: * Fix ANSI escape sequence vulnerability (CVE-2017-0899). * Fix DoS vulnerability in the query command (CVE-2017-0900). * Fix a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files (CVE-2017-0901). * Fix DNS request hijacking vulnerability (CVE-2017-0902). * Fix arbitrary heap exposure during a JSON.generate call (CVE-2017-14064). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487590 - CVE-2017-0899 rubygems: Escape sequence in the "summary" field of gemspec https://bugzilla.redhat.com/show_bug.cgi?id=1487590 [ 2 ] Bug #1487588 - CVE-2017-0900 rubygems: No size limit in summary length of gem spec https://bugzilla.redhat.com/show_bug.cgi?id=1487588 [ 3 ] Bug #1487587 - CVE-2017-0901 rubygems: Arbitrary file overwrite due to incorrect validation of specification name https://bugzilla.redhat.com/show_bug.cgi?id=1487587 [ 4 ] Bug #1487589 - CVE-2017-0902 rubygems: DNS hijacking vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1487589 [ 5 ] Bug #1487552 - CVE-2017-14064 ruby: Arbitrary heap exposure during a JSON.generate call https://bugzilla.redhat.com/show_bug.cgi?id=1487552 -------------------------------------------------------------------------------- ================================================================================ sensible-utils-0.0.9-8.fc25 (FEDORA-2017-e1f633661f) Utilities for sensible alternative selection -------------------------------------------------------------------------------- Update Information: This update fixes the invocation of update-alternatives by sensible-editor. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1489159 - Bogus output from select-editor https://bugzilla.redhat.com/show_bug.cgi?id=1489159 -------------------------------------------------------------------------------- ================================================================================ stlink-1.4.0-2.fc25 (FEDORA-2017-008c669f80) STM32 discovery line Linux programmer -------------------------------------------------------------------------------- Update Information: Added new package for programming STM32 microcontrollers. -------------------------------------------------------------------------------- ================================================================================ strace-4.19-1.fc25 (FEDORA-2017-0891360580) Tracks and displays system calls associated with a running process -------------------------------------------------------------------------------- Update Information: v4.18 -> v4.19. -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
