The following Fedora 25 Security updates need testing: Age URL 269 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 167 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e python-XStatic-jquery-ui-1.12.0.1-4.fc25 107 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d7498559f nodejs-brace-expansion-1.1.7-1.fc25 61 https://bodhi.fedoraproject.org/updates/FEDORA-2017-99c0118c0c memcached-1.4.39-1.fc25 57 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2232fe97b4 docker-distribution-2.6.2-1.git48294d9.fc25 39 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7e5ac0896e botan-1.10.16-1.fc25 38 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fa1d8ad61a mercurial-3.8.1-4.fc25 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-56e23bc2b5 krb5-1.14.4-9.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6e66393536 libwpd-0.10.2-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e314044789 oniguruma-6.1.3-3.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f7fd3fe7eb xen-4.7.3-5.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-aa7a8871b7 mingw-LibRaw-0.17.2-3.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-172410ec92 mpg123-1.25.6-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b97f9d82dc libmspack-0.6-0.1.alpha.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7b4da5faba php-horde-Horde-Image-2.5.2-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3bf0bd9c0c wordpress-4.8.2-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ea57ed609f pkgconf-1.3.9-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c840f79347 moodle-3.1.8-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-581be259ef samba-4.5.14-0.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7a3ddf2484 kernel-4.12.14-200.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e3bf383b11 gnome-shell-3.22.3-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9d14020761 php-horde-passwd-5.0.7-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-037e1b31a0 php-horde-wicked-2.0.8-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f14c38d58f php-horde-nag-4.2.17-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-01ab87482e httpd-2.4.27-4.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 111 https://bodhi.fedoraproject.org/updates/FEDORA-2017-613a72e282 lorax-25.22-1.fc25 15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3d979eabcb gnome-online-accounts-3.22.7-1.fc25 15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bc3c16a54f kobo-0.6.0-1.fc25 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-504aeb74ba rpcbind-0.2.4-7.rc2.fc25 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-56e23bc2b5 krb5-1.14.4-9.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a44008dd1d python-pysocks-1.6.7-1.fc25 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d41fab42fc libssh2-1.8.0-5.fc25 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-43b6d5bc6b sssd-1.15.3-4.fc25 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-27ed767ca1 upower-0.99.6-1.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9126f38bc2 libatasmart-0.19-13.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2802f82ef1 webkitgtk4-2.18.0-1.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6ec9b7110a menu-cache-1.0.2-6.D20170913gitfd52af607c.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f7fd3fe7eb xen-4.7.3-5.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f8059ac0e5 nss-3.32.1-1.0.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ff140ad922 libguestfs-1.36.6-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-235298fa58 python-cryptography-2.0.2-2.fc25 python-cryptography-vectors-2.0.2-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-31d7cd5eab pyOpenSSL-16.2.0-2.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7c8a36f37e audit-2.7.8-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bd488c853f libsolv-0.6.29-2.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d2803ce4f5 linux-firmware-20170828-77.gitb78acc9.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-00cfac3370 pungi-4.1.17-4.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e3bf383b11 gnome-shell-3.22.3-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7a3ddf2484 kernel-4.12.14-200.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-581be259ef samba-4.5.14-0.fc25 The following builds have been pushed to Fedora 25 updates-testing abook-0.6.1-3.fc25 ansible-lint-3.4.15-1.fc25 cmst-2017.09.01-1.gitdc8c83b.fc25 gala-0.3.0-0.git126.4fe5.1.fc25 gnome-shell-3.22.3-2.fc25 gnome-shell-extension-topicons-plus-21-1.fc25 golang-github-calmh-luhn-2.0.0-1.fc25 golang-github-dgrijalva-jwt-go-2.2.0-8.fc25 golang-github-golang-sys-0-0.14.gite48874b.fc25 golang-github-olekukonko-tablewriter-0-0.8.gita0225b3.fc25 gsmartcontrol-1.1.0-2.fc25 httpd-2.4.27-4.fc25 kernel-4.12.14-200.fc25 light-1.0-1.fc25 mate-themes-3.22.14-1.fc25 module-build-service-1.3.30-2.fc25 moodle-3.1.8-1.fc25 ndctl-58.2-1.fc25 perl-CPAN-Perl-Releases-3.36-1.fc25 perl-Module-CoreList-5.20170920-1.fc25 php-horde-nag-4.2.17-1.fc25 php-horde-passwd-5.0.7-1.fc25 php-horde-wicked-2.0.8-1.fc25 samba-4.5.14-0.fc25 siril-0.9.7-1.fc25 smb4k-2.0.2-1.fc25 tiled-1.0.3-1.fc25 vulkan-1.0.61.1-1.fc25 wine-2.17-1.fc25 Details about builds: ================================================================================ abook-0.6.1-3.fc25 (FEDORA-2017-bde147ecc8) Text-based addressbook program for mutt -------------------------------------------------------------------------------- Update Information: Minor update fixing two bugs: [file descriptor leak](https://sourceforge.net/p/abook/bugs/6/) and [man page update](https://sourceforge.net/p/abook/bugs/8/). -------------------------------------------------------------------------------- ================================================================================ ansible-lint-3.4.15-1.fc25 (FEDORA-2017-d91a6f5460) Best practices checker for Ansible -------------------------------------------------------------------------------- Update Information: Update to 3.4.15 version -------------------------------------------------------------------------------- ================================================================================ cmst-2017.09.01-1.gitdc8c83b.fc25 (FEDORA-2017-07481a076b) A Qt based GUI front end for the connman connection manager with systemtray icon -------------------------------------------------------------------------------- Update Information: Update to 2017.09.01-1.gitdc8c83b -------------------------------------------------------------------------------- References: [ 1 ] Bug #1493528 - cmst-2017-09-19 is available https://bugzilla.redhat.com/show_bug.cgi?id=1493528 -------------------------------------------------------------------------------- ================================================================================ gala-0.3.0-0.git126.4fe5.1.fc25 (FEDORA-2017-a01db21b92) Gala window manager -------------------------------------------------------------------------------- Update Information: Bump to git snapshot 126 (commit 4fe5dea). -------------------------------------------------------------------------------- ================================================================================ gnome-shell-3.22.3-2.fc25 (FEDORA-2017-e3bf383b11) Window management and application launching for GNOME -------------------------------------------------------------------------------- Update Information: Fix crash on fast status icon remapping -------------------------------------------------------------------------------- References: [ 1 ] Bug #1492007 - gnome-shell: Use-after-free due to icon remapping https://bugzilla.redhat.com/show_bug.cgi?id=1492007 -------------------------------------------------------------------------------- ================================================================================ gnome-shell-extension-topicons-plus-21-1.fc25 (FEDORA-2017-6648746320) Move all legacy tray icons to the top panel -------------------------------------------------------------------------------- Update Information: Bump to upstream version 21, which includes new translations and code optimizations. -------------------------------------------------------------------------------- ================================================================================ golang-github-calmh-luhn-2.0.0-1.fc25 (FEDORA-2017-da8b9f54b2) Luhn-mod-N implementation in Go -------------------------------------------------------------------------------- Update Information: Update to version 2.0.0. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1493803 - golang-github-calmh-luhn-v2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1493803 -------------------------------------------------------------------------------- ================================================================================ golang-github-dgrijalva-jwt-go-2.2.0-8.fc25 (FEDORA-2017-16f8bdd7a4) Golang implementation of JSON Web Tokens (JWT) -------------------------------------------------------------------------------- Update Information: Bump to upstream d2709f9f1f31ebcda9651b03077758c1f3a0018c -------------------------------------------------------------------------------- References: [ 1 ] Bug #1494131 - Tracker for golang-github-dgrijalva-jwt-go https://bugzilla.redhat.com/show_bug.cgi?id=1494131 -------------------------------------------------------------------------------- ================================================================================ golang-github-golang-sys-0-0.14.gite48874b.fc25 (FEDORA-2017-aee857aa7f) Go packages for low-level interaction with the operating system -------------------------------------------------------------------------------- Update Information: Bump to upstream e48874b42435b4347fc52bdee0424a52abc974d7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1362531 - Tracker for golang-github-golang-sys https://bugzilla.redhat.com/show_bug.cgi?id=1362531 -------------------------------------------------------------------------------- ================================================================================ golang-github-olekukonko-tablewriter-0-0.8.gita0225b3.fc25 (FEDORA-2017-f91ee19282) ASCII table in golang -------------------------------------------------------------------------------- Update Information: Bump to upstream a0225b3f23b5ce0cbec6d7a66a968f8a59eca9c4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1320304 - Tracker for golang-github-olekukonko-tablewriter https://bugzilla.redhat.com/show_bug.cgi?id=1320304 -------------------------------------------------------------------------------- ================================================================================ gsmartcontrol-1.1.0-2.fc25 (FEDORA-2017-7df4fd0709) Graphical user interface for smartctl -------------------------------------------------------------------------------- Update Information: Drop consolehelper. ---- Update to 1.1.0. -------------------------------------------------------------------------------- ================================================================================ httpd-2.4.27-4.fc25 (FEDORA-2017-01ab87482e) Apache HTTP Server -------------------------------------------------------------------------------- Update Information: This is a release fixing a security fix applied upstream, known as "optionsbleed" in popular parlance. It is relevant for hosted and co-located instances of Fedora (and why wouldn't you?). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1490344 - CVE-2017-9798 httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed) https://bugzilla.redhat.com/show_bug.cgi?id=1490344 -------------------------------------------------------------------------------- ================================================================================ kernel-4.12.14-200.fc25 (FEDORA-2017-7a3ddf2484) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 4.12.14 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1492593 - CVE-2017-14497 kernel: buffer overflow in tpacket_rcv() in net/packet/af_packet.c https://bugzilla.redhat.com/show_bug.cgi?id=1492593 [ 2 ] Bug #1493435 - kernel: NULL pointer dereference due to KEYCTL_READ on negative key https://bugzilla.redhat.com/show_bug.cgi?id=1493435 -------------------------------------------------------------------------------- ================================================================================ light-1.0-1.fc25 (FEDORA-2017-b9e37168f8) Control backlight controllers -------------------------------------------------------------------------------- Update Information: initial package -------------------------------------------------------------------------------- ================================================================================ mate-themes-3.22.14-1.fc25 (FEDORA-2017-dabc04b440) MATE Desktop themes -------------------------------------------------------------------------------- Update Information: - update to 3.22.14 -------------------------------------------------------------------------------- ================================================================================ module-build-service-1.3.30-2.fc25 (FEDORA-2017-43541952b5) The Module Build Service for Modularity -------------------------------------------------------------------------------- Update Information: Latest upstream. ---- Some fixes: - https://pagure.io/fm-orchestrator/pull- request/698 - https://pagure.io/fm-orchestrator/pull-request/697 - https://pagure.io/fm-orchestrator/pull-request/693 - https://pagure.io/fm- orchestrator/pull-request/692 - https://pagure.io/fm-orchestrator/pull- request/691 ---- Latest upstream. - Optional Kerberos + LDAP Authentication for the server. - Correct "filtering" at build time: conflict with packages filtered out from the build-requires to ensure they won't appear in a buildroot. - Wait for components to be tagged also in final tag before marking module as done. This should fix an issue for the F27 compose. - Local mock builds no longer hardcode`x86_64` for architecture. ---- Latest upstream. ---- Backport patches to fix skiptests behavior -------------------------------------------------------------------------------- ================================================================================ moodle-3.1.8-1.fc25 (FEDORA-2017-c840f79347) A Course Management System -------------------------------------------------------------------------------- Update Information: Patches for CVE-2017-12156, CVE-2017-12157. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1493515 - CVE-2017-12156 CVE-2017-12157 moodle: Multiple vulnerabilities [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1493515 [ 2 ] Bug #1493516 - CVE-2017-12156 CVE-2017-12157 moodle: Multiple vulnerabilities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1493516 -------------------------------------------------------------------------------- ================================================================================ ndctl-58.2-1.fc25 (FEDORA-2017-97895849e2) Manage "libnvdimm" subsystem devices (Non-volatile Memory) -------------------------------------------------------------------------------- Update Information: release v58.2 ---- release v58 -------------------------------------------------------------------------------- ================================================================================ perl-CPAN-Perl-Releases-3.36-1.fc25 (FEDORA-2017-c35562ef9b) Mapping Perl releases on CPAN to the location of the tarballs -------------------------------------------------------------------------------- Update Information: Updated to the latest version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1493797 - perl-CPAN-Perl-Releases-3.36 is available https://bugzilla.redhat.com/show_bug.cgi?id=1493797 -------------------------------------------------------------------------------- ================================================================================ perl-Module-CoreList-5.20170920-1.fc25 (FEDORA-2017-e3e52de757) What modules are shipped with versions of perl -------------------------------------------------------------------------------- Update Information: This release brings data about Perl 5.27.4. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1493804 - perl-Module-CoreList-5.20170920 is available https://bugzilla.redhat.com/show_bug.cgi?id=1493804 -------------------------------------------------------------------------------- ================================================================================ php-horde-nag-4.2.17-1.fc25 (FEDORA-2017-f14c38d58f) A web based task list manager -------------------------------------------------------------------------------- Update Information: **nag 4.2.17** * [jan] SECURITY: Fix unauthorized access to task exports. * [jan] Fix regression when exporting single tags to iCalendar CATEGORIES. * [jan] Officially support PHP 7. -------------------------------------------------------------------------------- ================================================================================ php-horde-passwd-5.0.7-1.fc25 (FEDORA-2017-9d14020761) Horde password changing application -------------------------------------------------------------------------------- Update Information: **passwd 5.0.7** * [jan] Officially support PHP 7. * [jan] SECURITY: Fix open redirects. -------------------------------------------------------------------------------- ================================================================================ php-horde-wicked-2.0.8-1.fc25 (FEDORA-2017-037e1b31a0) Wiki application -------------------------------------------------------------------------------- Update Information: **wicked 2.0.8** * [jan] SECURITY: Fix unauthorized access to page attachments. -------------------------------------------------------------------------------- ================================================================================ samba-4.5.14-0.fc25 (FEDORA-2017-581be259ef) Server and Client software to interoperate with Windows machines -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1488400 - CVE-2017-12150 samba: Some code path don't enforce smb signing, when they should https://bugzilla.redhat.com/show_bug.cgi?id=1488400 -------------------------------------------------------------------------------- ================================================================================ siril-0.9.7-1.fc25 (FEDORA-2017-a25bb3fe3c) Astronomical image processing software -------------------------------------------------------------------------------- Update Information: Update to 0.9.7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1493939 - New upstream version of Siril https://bugzilla.redhat.com/show_bug.cgi?id=1493939 [ 2 ] Bug #1457759 - siril: Do not interpose reallocarray in /usr/bin/siril https://bugzilla.redhat.com/show_bug.cgi?id=1457759 -------------------------------------------------------------------------------- ================================================================================ smb4k-2.0.2-1.fc25 (FEDORA-2017-87d5a292a3) The SMB/CIFS Share Browser for KDE -------------------------------------------------------------------------------- Update Information: Update smb4k to 2.0.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1483983 - smb4k-2.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1483983 -------------------------------------------------------------------------------- ================================================================================ tiled-1.0.3-1.fc25 (FEDORA-2017-cca618b432) Tiled Map Editor -------------------------------------------------------------------------------- Update Information: New release 1.0.3 Release news can be found at: - http://www.mapeditor.org/2017/05/24/tiled-1-0-0-released.html - http://www.mapeditor.org/2017/06/13/tiled-1-0-1-released.html - http://www.mapeditor.org/2017/06/27/tiled-1-0-2-released.html - http://www.mapeditor.org/2017/08/29/tiled-1-0-3-released.html -------------------------------------------------------------------------------- References: [ 1 ] Bug #1455911 - tiled-1.0.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1455911 -------------------------------------------------------------------------------- ================================================================================ vulkan-1.0.61.1-1.fc25 (FEDORA-2017-2c94fda435) Vulkan loader and validation layers -------------------------------------------------------------------------------- Update Information: Update to 1.0.61.1 release ---- Update to 1.0.61.0 release -------------------------------------------------------------------------------- ================================================================================ wine-2.17-1.fc25 (FEDORA-2017-661b9ecb24) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information: Wine Staging * Support for interpolation modifiers in pixel shaders. * Support for generating mipmap levels based on shader resource views. * Various smaller improvements and bug fixes. Wine-hq.org - Better support for grayscale mode in DirectWrite. - Per-application StartupWMClass in desktop files. - Virtual memory compatibility improvements. - Palette handling improvements in WindowsCodecs. - Reply messages improvements in WebServices. - Various bug fixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1492265 - wine-2.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1492265 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx