The following Fedora 25 Security updates need testing: Age URL 347 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 184 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d7498559f nodejs-brace-expansion-1.1.7-1.fc25 135 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2232fe97b4 docker-distribution-2.6.2-1.git48294d9.fc25 50 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7089c6e789 suricata-3.2.4-1.fc25 42 https://bodhi.fedoraproject.org/updates/FEDORA-2017-51f49ebbce apr-1.6.3-1.fc25 42 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f563b201ba apr-util-1.5.4-4.fc25 42 https://bodhi.fedoraproject.org/updates/FEDORA-2017-45ed341e61 httpd-2.4.29-1.fc25 27 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6e67e4e45b poppler-0.45.0-10.fc25 27 https://bodhi.fedoraproject.org/updates/FEDORA-2017-481e4f6f8c ldns-1.6.17-22.fc25 27 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e5bbb657c5 chromium-62.0.3202.89-1.fc25 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7e5afe777a docker-1.12.6-8.gitbe5610c.fc25 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c6722f0b3c linux-firmware-20171126-80.git17e62881.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-832dbdac75 python-dulwich-0.18.6-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e584e3c8a3 thunderbird-52.5.0-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9ae6e39bde mupdf-1.11-9.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-81fe39ad9f pdns-recursor-4.0.7-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2c15e19fb5 firefox-57.0.1-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ca05b30e86 rubygem-yard-0.8.7.6-4.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fe6c2e9c76 optipng-0.7.6-6.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-07d79c83b1 python3-3.5.4-3.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a77559576d evince-3.22.1-7.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7102e55117 shellinabox-2.20-5.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 189 https://bodhi.fedoraproject.org/updates/FEDORA-2017-613a72e282 lorax-25.22-1.fc25 68 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3fc5429e7e iproute-4.12.0-1.fc25 37 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b89e9f62d8 bind99-9.9.10-3.P3.fc25 27 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6e67e4e45b poppler-0.45.0-10.fc25 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-779d5b7efb pcre2-10.23-11.fc25 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c6722f0b3c linux-firmware-20171126-80.git17e62881.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2c15e19fb5 firefox-57.0.1-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-06c5efa39f glusterfs-3.10.8-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c0f2ceb7bc mariadb-10.1.29-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e584e3c8a3 thunderbird-52.5.0-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1080b160b3 lua-5.3.4-7.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a0c8ee41d0 hwdata-0.307-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-07d79c83b1 python3-3.5.4-3.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-48f2bcf170 perl-Data-Dumper-2.161-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9bbe262ea8 sssd-1.16.0-4.fc25 The following builds have been pushed to Fedora 25 updates-testing bandit-1.4.0-5.fc25 chirp-20171204-1.fc25 evince-3.22.1-7.fc25 fedora-easy-karma-0-0.35.20171129gita8fe9cbc.fc25 fuse-zip-0.4.4-1.fc25 gajim-0.16.9-2.fc25 gsmartcontrol-1.1.3-1.fc25 ixpdimm_sw-01.00.00.2381-1.fc25 lcgdm-1.9.1-1.fc25 libebur128-1.2.3-1.fc25 optipng-0.7.6-6.fc25 pdc-client-1.8.0-4.fc25 perl-BibTeX-Parser-1.01-1.fc25 perl-Data-Dumper-2.161-2.fc25 perl-Iterator-Simple-0.07-1.fc25 perl-experimental-0.019-1.fc25 python-nbxmpp-0.6.1-1.fc25 python-pymediainfo-2.2.0-1.fc25 python-wikitcms-2.2.2-1.fc25 python-yattag-1.9.2-1.fc25 python3-3.5.4-3.fc25 redis-4.0.6-1.fc25 relval-2.2.1-1.fc25 shellinabox-2.20-5.fc25 spamassassin-iXhash2-2.05-12.fc25 sssd-1.16.0-4.fc25 Details about builds: ================================================================================ bandit-1.4.0-5.fc25 (FEDORA-2017-8eee379bfa) A framework for performing security analysis of Python source code -------------------------------------------------------------------------------- Update Information: Updates to the bandit security analysis - New formatters have been added -> yaml, custom - on f25, f26 pbr version demand reduced to pbr>=1.8 to preserve functionality - other minor changes -------------------------------------------------------------------------------- ================================================================================ chirp-20171204-1.fc25 (FEDORA-2017-3a2d91a253) A tool for programming two-way radio equipment -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- ================================================================================ evince-3.22.1-7.fc25 (FEDORA-2017-a77559576d) Document viewer -------------------------------------------------------------------------------- Update Information: CVE-2017-1000159 Command injection when exporting DVI to PDF -------------------------------------------------------------------------------- References: [ 1 ] Bug #1521212 - CVE-2017-1000159 evince: Command injection when exporting to PDF [fedora-26] https://bugzilla.redhat.com/show_bug.cgi?id=1521212 [ 2 ] Bug #1521211 - CVE-2017-1000159 evince: Command injection when exporting to PDF [fedora-25] https://bugzilla.redhat.com/show_bug.cgi?id=1521211 -------------------------------------------------------------------------------- ================================================================================ fedora-easy-karma-0-0.35.20171129gita8fe9cbc.fc25 (FEDORA-2017-340f3da6ee) Fedora update feedback made easy -------------------------------------------------------------------------------- Update Information: Reduce amount of updates requested from Bodhi at once. -------------------------------------------------------------------------------- ================================================================================ fuse-zip-0.4.4-1.fc25 (FEDORA-2017-4cb41301f0) Filesystem to navigate, extract, create and modify ZIP archives -------------------------------------------------------------------------------- Update Information: Update to 0.4.4. -------------------------------------------------------------------------------- ================================================================================ gajim-0.16.9-2.fc25 (FEDORA-2017-8d5b556209) Jabber client written in PyGTK -------------------------------------------------------------------------------- Update Information: Gajim 0.16.9 * Improve Zeroconf behavior * Fix showing normal message event * remove usage of OpenSSL.rand * a few minor bugfixes -------------------------------------------------------------------------------- ================================================================================ gsmartcontrol-1.1.3-1.fc25 (FEDORA-2017-5a2ab6c943) Graphical user interface for smartctl -------------------------------------------------------------------------------- Update Information: Update to 1.1.3. -------------------------------------------------------------------------------- ================================================================================ ixpdimm_sw-01.00.00.2381-1.fc25 (FEDORA-2017-d54ba8b1d4) API for development of IXPDIMM management utilities -------------------------------------------------------------------------------- Update Information: Release v01.00.00.2381 -------------------------------------------------------------------------------- ================================================================================ lcgdm-1.9.1-1.fc25 (FEDORA-2017-79cce16ef8) LHC Computing Grid Data Management -------------------------------------------------------------------------------- Update Information: * new upstream release -------------------------------------------------------------------------------- ================================================================================ libebur128-1.2.3-1.fc25 (FEDORA-2017-0860094755) A library that implements the EBU R 128 standard for loudness normalization -------------------------------------------------------------------------------- Update Information: Update to 1.2.3. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1514281 - libebur128-v1.2.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1514281 -------------------------------------------------------------------------------- ================================================================================ optipng-0.7.6-6.fc25 (FEDORA-2017-fe6c2e9c76) PNG optimizer and converter -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-1000229 and CVE-2017-16938 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1520234 - CVE-2017-1000229 optipng: integer overflow in tiffread.c:minitiff_read_info() allows for arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=1520234 [ 2 ] Bug #1520227 - CVE-2017-16938 optipng: global buffer overflow in gifread.c:LZWReadByte when parsing malicious GIF https://bugzilla.redhat.com/show_bug.cgi?id=1520227 -------------------------------------------------------------------------------- ================================================================================ pdc-client-1.8.0-4.fc25 (FEDORA-2017-697b3fa6ad) Console client for interacting with Product Definition Center -------------------------------------------------------------------------------- Update Information: # Notable Changes All errors are reported by `pdc_client` on stderr output and exit code is non-zero if an error occurs. It possible to override default plugin paths with `PDC_CLIENT_PLUGIN_PATH` environment variable. E.g. ```bash export PDC_CLIENT_PLUGIN_PATHS="$HOME/pdc-plugins:/usr/share/pdc-client/plugins" pdc --help ``` Simpler access to a specific page with `pdc --page`. Method `PDCClient.get_paged()` in Python API is deprecated and can be replaced by `results()` method. Both methods return iterator simplifying accessing to pages with results. ```python client = PDCClient(server) # Old way (deprecated) for result in client.get_paged(client.products): ... # New way for result in client.products.results(): ... ``` Simpler access to endpoints with dashes in name. ```python client = PDCClient(server) # Old way branches = client ['component-branches'] # New way branches = client.component_branches ``` # Changelog - Add the page argument on pdc - Get endpoints containing dash as attributes - Override plugin paths with `PDC_CLIENT_PLUGIN_PATH` - Update documentation - Add documentation link to README file - Add description of page_size=-1 in help doc - Add PDCClient tests and fix the discovered bugs - Close plugin files when not needed - Fix printing errors and exit code for `pdc_client` - Install bytecode for plugins only for correct version of Python -------------------------------------------------------------------------------- ================================================================================ perl-BibTeX-Parser-1.01-1.fc25 (FEDORA-2017-19c15a7e6e) Pure Perl BibTeX parser -------------------------------------------------------------------------------- Update Information: This release adds support for type and field capitalization. It also allows controlling printing preceding entry. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1522709 - Upgrade perl-BibTeX-Parser to 1.01 https://bugzilla.redhat.com/show_bug.cgi?id=1522709 -------------------------------------------------------------------------------- ================================================================================ perl-Data-Dumper-2.161-2.fc25 (FEDORA-2017-48f2bcf170) Stringify perl data structures, suitable for printing and eval -------------------------------------------------------------------------------- Update Information: This release fixes quoting glob names. -------------------------------------------------------------------------------- ================================================================================ perl-Iterator-Simple-0.07-1.fc25 (FEDORA-2017-b4277f16f9) Simple iterator and utilities -------------------------------------------------------------------------------- Update Information: This release fixes how islice handles undefined values. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1523427 - perl-Iterator-Simple-0.07 is available https://bugzilla.redhat.com/show_bug.cgi?id=1523427 -------------------------------------------------------------------------------- ================================================================================ perl-experimental-0.019-1.fc25 (FEDORA-2017-99702e925c) Experimental features made easy -------------------------------------------------------------------------------- Update Information: This release has cleaner source archive. We deliver it only to provide up-to- date version string. ---- This release fixes execution when warnings are enabled. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1522699 - Upgrade perl-experimental to 0.019 https://bugzilla.redhat.com/show_bug.cgi?id=1522699 -------------------------------------------------------------------------------- ================================================================================ python-nbxmpp-0.6.1-1.fc25 (FEDORA-2017-8d5b556209) Python library for non-blocking use of Jabber/XMPP -------------------------------------------------------------------------------- Update Information: Gajim 0.16.9 * Improve Zeroconf behavior * Fix showing normal message event * remove usage of OpenSSL.rand * a few minor bugfixes -------------------------------------------------------------------------------- ================================================================================ python-pymediainfo-2.2.0-1.fc25 (FEDORA-2017-6afa5933af) Python wrapper around the MediaInfo library -------------------------------------------------------------------------------- Update Information: Added python wrapper around MediaInfo library. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1519844 - Review Request: python-pymediainfo - Python wrapper around the MediaInfo library https://bugzilla.redhat.com/show_bug.cgi?id=1519844 -------------------------------------------------------------------------------- ================================================================================ python-wikitcms-2.2.2-1.fc25 (FEDORA-2017-6ed22c3684) Fedora QA wiki test management Python library -------------------------------------------------------------------------------- Update Information: This update provides minor bug fixes for relval and python-wikitcms. It prevents `relval report-results` from unnecessarily asking again if the compose for which results are being submitted is a Modular compose, on some workflows. It also prevents a (harmless) mwclient warning message sometimes being printed when a page is being edited by python-wikitcms. -------------------------------------------------------------------------------- ================================================================================ python-yattag-1.9.2-1.fc25 (FEDORA-2017-5b4cd2c18d) Pure python alternative to web template engines -------------------------------------------------------------------------------- Update Information: New upstream release 1.9.2 -------------------------------------------------------------------------------- ================================================================================ python3-3.5.4-3.fc25 (FEDORA-2017-07d79c83b1) Version 3 of the Python programming language aka Python 3000 -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-1000158 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1519595 - CVE-2017-1000158 python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1519595 -------------------------------------------------------------------------------- ================================================================================ redis-4.0.6-1.fc25 (FEDORA-2017-57468d2c9b) A persistent key-value database -------------------------------------------------------------------------------- Update Information: Upstream 4.0.6 release. ---- Redis 4.0.5 - Released Thu Dec 1 16:03:32 CET 2017 ---- Upstream 4.0.4 release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1513594 - man pages in unexpected package https://bugzilla.redhat.com/show_bug.cgi?id=1513594 [ 2 ] Bug #1515417 - file /usr/share/doc/redis is not owned by any package https://bugzilla.redhat.com/show_bug.cgi?id=1515417 -------------------------------------------------------------------------------- ================================================================================ relval-2.2.1-1.fc25 (FEDORA-2017-6ed22c3684) Tool for interacting with Fedora QA wiki pages -------------------------------------------------------------------------------- Update Information: This update provides minor bug fixes for relval and python-wikitcms. It prevents `relval report-results` from unnecessarily asking again if the compose for which results are being submitted is a Modular compose, on some workflows. It also prevents a (harmless) mwclient warning message sometimes being printed when a page is being edited by python-wikitcms. -------------------------------------------------------------------------------- ================================================================================ shellinabox-2.20-5.fc25 (FEDORA-2017-7102e55117) Web based AJAX terminal emulator -------------------------------------------------------------------------------- Update Information: Disable SSHv1 options. -------------------------------------------------------------------------------- ================================================================================ spamassassin-iXhash2-2.05-12.fc25 (FEDORA-2017-2ddcb3e023) SpamAssassin plugin to lookup e-mail checksums in blacklists -------------------------------------------------------------------------------- Update Information: Remove retired iXhash blacklists from default configuration -------------------------------------------------------------------------------- ================================================================================ sssd-1.16.0-4.fc25 (FEDORA-2017-9bbe262ea8) System Security Services Daemon -------------------------------------------------------------------------------- Update Information: Backport most important bug fixes * Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout * Resolves: upstream#3562 - Use-after free if more sudo requests run and one of them fails, causing a fail-over to a next server * Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps * Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 * Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds * Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD * Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed * Resolves: #1479283 - proxy to files does not work with implicit_files_domain * Resolves: #1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system -------------------------------------------------------------------------------- References: [ 1 ] Bug #1479283 - proxy to files does not work with implicit_files_domain https://bugzilla.redhat.com/show_bug.cgi?id=1479283 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
