The following Fedora 24 Security updates need testing: Age URL 128 https://bodhi.fedoraproject.org/updates/FEDORA-2016-32eaf0c41e redis-3.2.3-1.fc24 111 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0ef628998f chicken-4.11.0-3.fc24 63 https://bodhi.fedoraproject.org/updates/FEDORA-2016-990e2012ea compat-guile18-1.8.8-14.fc24 25 https://bodhi.fedoraproject.org/updates/FEDORA-2016-93679a91df jenkins-1.651.3-2.fc24 jenkins-remoting-2.62.3-1.fc24 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b465090499 ipsilon-2.0.2-2.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e45a7e7b13 gd-2.2.3-5.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f4e992b0ac gstreamer-plugins-good-0.10.31-17.fc24 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a3bc78de2b gstreamer-plugins-bad-free-0.10.23-34.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-240fe757f8 mingw-openjpeg2-2.1.2-2.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bb22a24d3d dovecot-2.2.27-1.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4871c26b3c libgsf-1.14.33-4.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cb03b6b70f mapserver-6.2.3-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7de64a450f botan-1.10.14-3.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e5b72816d0 kernel-4.8.14-200.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e0e1cb2b2b chromium-55.0.2883.87-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bcbae0781f xen-4.6.4-4.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bd94ef48c8 firefox-50.1.0-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-80a2fba8aa unzip-6.0-31.fc24
The following Fedora 24 Critical Path updates have yet to be approved: Age URL 28 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cddf0ec383 nss-3.27.0-1.3.fc24 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e9b731e067 libimobiledevice-1.2.0-8.fc24 12 https://bodhi.fedoraproject.org/updates/FEDORA-2016-77e191e610 evolution-data-server-3.20.6-1.fc24 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-90bd4d7d33 selinux-policy-3.13.1-191.23.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6f054c8fa baloo-widgets-16.08.3-1.fc24 dolphin-16.08.3-1.fc24 dolphin-plugins-16.08.3-1.fc24 kate-16.08.3-1.fc24 kdelibs-4.14.26-2.fc24 kde-baseapps-16.08.3-1.fc24 kde-runtime-16.08.3-3.fc24 konsole5-16.08.3-1.fc24 khelpcenter-16.08.3-1.fc24 kde-l10n-16.08.3-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d4be615424 libfm-1.2.5-1.fc24 lxsession-0.5.3-2.fc24 pcmanfm-1.2.5-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-535670d69f hwdata-0.295-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-80a2fba8aa unzip-6.0-31.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bd94ef48c8 firefox-50.1.0-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e5b72816d0 kernel-4.8.14-200.fc24
The following builds have been pushed to Fedora 24 updates-testing
adwaita-qt-0.97-1.fc24 awscli-1.11.28-2.fc24 chromium-55.0.2883.87-1.fc24 cinnamon-3.2.6-1.fc24 cinnamon-control-center-3.2.1-1.fc24 cinnamon-desktop-3.2.4-1.fc24 cinnamon-screensaver-3.2.9-1.fc24 cinnamon-settings-daemon-3.2.1-1.fc24 cinnamon-translations-3.2.2-1.fc24 clufter-0.59.7-1.fc24 firefox-50.1.0-1.fc24 glusterfs-3.8.7-1.fc24 golang-github-coreos-go-iptables-0-0.6.gitfbb7337.fc24 golang-github-jonboulle-clockwork-0-0.8.gitfad208d.fc24 golang-github-vishvananda-netlink-0-0.11.gite73bad4.fc24 golang-github-vishvananda-netns-0-0.10.git8ba1072.fc24 ibus-typing-booster-1.5.15-1.fc24 kernel-4.8.14-200.fc24 kst-2.0.8-11.fc24 nemo-3.2.2-1.fc24 openconnect-7.08-1.fc24 opendmarc-1.3.2-0.10.fc24 php-pecl-dio-0.0.9-1.fc24 php-phpunit-DbUnit-2.0.3-1.fc24 php-phpunit-PHPUnit-5.7.4-1.fc24 php-phpunit-PHPUnit-MockObject-3.4.3-1.fc24 php-zendframework-zend-expressive-fastroute-1.2.1-1.fc24 python-boto-2.44.0-1.fc24 python-flufl-testing-0.4-1.fc24 qmapshack-1.7.2-1.fc24 scap-workbench-1.1.3-1.fc24 sssd-1.14.2-2.fc24 strace-4.15-1.fc24 tomboy-1.15.6-1.fc24 unzip-6.0-31.fc24 virt-manager-1.4.0-5.fc24 xen-4.6.4-4.fc24
Details about builds:
================================================================================ adwaita-qt-0.97-1.fc24 (FEDORA-2016-20b4dc23dc) Adwaita theme for Qt-based applications -------------------------------------------------------------------------------- Update Information:
Update to 0.97 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1318782 - missing space for the chosen item in QComboBox https://bugzilla.redhat.com/show_bug.cgi?id=1318782 [ 2 ] Bug #1318790 - Missing icons on menu's items https://bugzilla.redhat.com/show_bug.cgi?id=1318790 [ 3 ] Bug #1326055 - Applications using Qt 5 are not displaying spin box controls and checked menu items properly. https://bugzilla.redhat.com/show_bug.cgi?id=1326055 [ 4 ] Bug #1342605 - inconsistencies in size of a few Qt window components (in LyX) https://bugzilla.redhat.com/show_bug.cgi?id=1342605 [ 5 ] Bug #1318779 - wrong rendering of QSpinBox in adwaita w/ Qt 5.6.0 https://bugzilla.redhat.com/show_bug.cgi?id=1318779 [ 6 ] Bug #1358660 - Avidemux 2.6.12 Qt4 GUI hangs if adwaita-qt4 is installed https://bugzilla.redhat.com/show_bug.cgi?id=1358660 [ 7 ] Bug #1374226 - Update adwaita-qt5 package to 0.5 https://bugzilla.redhat.com/show_bug.cgi?id=1374226 [ 8 ] Bug #1265480 - adwaita-qt: Konversation - Channel Names Unreadable when Selected https://bugzilla.redhat.com/show_bug.cgi?id=1265480 --------------------------------------------------------------------------------
================================================================================ awscli-1.11.28-2.fc24 (FEDORA-2016-ca1b7c7836) Universal Command Line Environment for AWS -------------------------------------------------------------------------------- Update Information:
Fix pyyaml dependency -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1404255 - awscli requires python3-PyYAML https://bugzilla.redhat.com/show_bug.cgi?id=1404255 --------------------------------------------------------------------------------
================================================================================ chromium-55.0.2883.87-1.fc24 (FEDORA-2016-e0e1cb2b2b) A WebKit (Blink) powered web browser -------------------------------------------------------------------------------- Update Information:
Update to Chromium 55. Security fix for CVE-2016-5199, CVE-2016-5200, CVE-2016-5201, CVE-2016-5202, CVE-2016-9651, CVE-2016-5208, CVE-2016-5207, CVE-2016-5206, CVE-2016-5205, CVE-2016-5204, CVE-2016-5209, CVE-2016-5203, CVE-2016-5210, CVE-2016-5212, CVE-2016-5211, CVE-2016-5213, CVE-2016-5214, CVE-2016-5216, CVE-2016-5215, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5221, CVE-2016-5220, CVE-2016-5222, CVE-2016-9650, CVE-2016-5223, CVE-2016-5226, CVE-2016-5225, CVE-2016-5224, CVE-2016-9652 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1393734 - CVE-2016-5202 chromium-browser: various fixes from internal audits https://bugzilla.redhat.com/show_bug.cgi?id=1393734 [ 2 ] Bug #1393733 - CVE-2016-5201 chromium-browser: info leak in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1393733 [ 3 ] Bug #1393732 - CVE-2016-5200 chromium-browser: out of bounds memory access in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1393732 [ 4 ] Bug #1393731 - CVE-2016-5199 chromium-browser: heap corruption in ffmpeg https://bugzilla.redhat.com/show_bug.cgi?id=1393731 [ 5 ] Bug #1400879 - CVE-2016-9652 chromium-browser: various fixes from internal audits https://bugzilla.redhat.com/show_bug.cgi?id=1400879 [ 6 ] Bug #1400878 - CVE-2016-5224 chromium-browser: same-origin bypass in svg https://bugzilla.redhat.com/show_bug.cgi?id=1400878 [ 7 ] Bug #1400877 - CVE-2016-5225 chromium-browser: csp bypass in blink https://bugzilla.redhat.com/show_bug.cgi?id=1400877 [ 8 ] Bug #1400876 - CVE-2016-5226 chromium-browser: limited xss in blink https://bugzilla.redhat.com/show_bug.cgi?id=1400876 [ 9 ] Bug #1400875 - CVE-2016-5223 chromium-browser: integer overflow in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1400875 [ 10 ] Bug #1400873 - CVE-2016-9650 chromium-browser: csp referrer disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1400873 [ 11 ] Bug #1400872 - CVE-2016-5222 chromium-browser: address spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1400872 [ 12 ] Bug #1400871 - CVE-2016-5220 chromium-browser: local file access in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1400871 [ 13 ] Bug #1400870 - CVE-2016-5221 chromium-browser: integer overflow in angle https://bugzilla.redhat.com/show_bug.cgi?id=1400870 [ 14 ] Bug #1400869 - CVE-2016-5219 chromium-browser: use after free in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1400869 [ 15 ] Bug #1400868 - CVE-2016-5218 chromium-browser: address spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1400868 [ 16 ] Bug #1400867 - CVE-2016-5217 chromium-browser: use of unvalidated data in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1400867 [ 17 ] Bug #1400866 - CVE-2016-5215 chromium-browser: use after free in webaudio https://bugzilla.redhat.com/show_bug.cgi?id=1400866 [ 18 ] Bug #1400865 - CVE-2016-5216 chromium-browser: use after free in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1400865 [ 19 ] Bug #1400864 - CVE-2016-5214 chromium-browser: file download protection bypass https://bugzilla.redhat.com/show_bug.cgi?id=1400864 [ 20 ] Bug #1400863 - CVE-2016-5213 chromium-browser: use after free in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1400863 [ 21 ] Bug #1400862 - CVE-2016-5211 chromium-browser: use after free in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1400862 [ 22 ] Bug #1400861 - CVE-2016-5212 chromium-browser: local file disclosure in devtools https://bugzilla.redhat.com/show_bug.cgi?id=1400861 [ 23 ] Bug #1400859 - CVE-2016-5210 chromium-browser: out of bounds write in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1400859 [ 24 ] Bug #1400857 - CVE-2016-5203 chromium-browser: use after free in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1400857 [ 25 ] Bug #1400856 - CVE-2016-5209 chromium-browser: out of bounds write in blink https://bugzilla.redhat.com/show_bug.cgi?id=1400856 [ 26 ] Bug #1400855 - CVE-2016-5204 chromium-browser: universal xss in blink https://bugzilla.redhat.com/show_bug.cgi?id=1400855 [ 27 ] Bug #1400854 - CVE-2016-5205 chromium-browser: universal xss in blink https://bugzilla.redhat.com/show_bug.cgi?id=1400854 [ 28 ] Bug #1400853 - CVE-2016-5206 chromium-browser: same-origin bypass in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1400853 [ 29 ] Bug #1400852 - CVE-2016-5207 chromium-browser: universal xss in blink https://bugzilla.redhat.com/show_bug.cgi?id=1400852 [ 30 ] Bug #1400851 - CVE-2016-5208 chromium-browser: universal xss in blink https://bugzilla.redhat.com/show_bug.cgi?id=1400851 [ 31 ] Bug #1400850 - CVE-2016-9651 chromium-browser: private property access in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1400850 --------------------------------------------------------------------------------
================================================================================ cinnamon-3.2.6-1.fc24 (FEDORA-2016-17c4e9a42c) Window management and application launching for GNOME -------------------------------------------------------------------------------- Update Information:
Release update - add missing requires python3-setproctitle ---- - Change default settings for two and three finger click, disabling them enables clickpad button areas to function (for libinput). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1402335 - [abrt] cinnamon: subprocess.py:1551:_execute_child:FileNotFoundError: [Errno 2] No such file or directory: 'wget' https://bugzilla.redhat.com/show_bug.cgi?id=1402335 [ 2 ] Bug #1284929 - cinnamon-settings uses wrong python https://bugzilla.redhat.com/show_bug.cgi?id=1284929 [ 3 ] Bug #1404426 - [abrt] cinnamon-screensaver: cinnamon-screensaver-main.py:13:<module>:ImportError: No module named 'setproctitle' https://bugzilla.redhat.com/show_bug.cgi?id=1404426 --------------------------------------------------------------------------------
================================================================================ cinnamon-control-center-3.2.1-1.fc24 (FEDORA-2016-17c4e9a42c) Utilities to configure the Cinnamon desktop -------------------------------------------------------------------------------- Update Information:
Release update - add missing requires python3-setproctitle ---- - Change default settings for two and three finger click, disabling them enables clickpad button areas to function (for libinput). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1402335 - [abrt] cinnamon: subprocess.py:1551:_execute_child:FileNotFoundError: [Errno 2] No such file or directory: 'wget' https://bugzilla.redhat.com/show_bug.cgi?id=1402335 [ 2 ] Bug #1284929 - cinnamon-settings uses wrong python https://bugzilla.redhat.com/show_bug.cgi?id=1284929 [ 3 ] Bug #1404426 - [abrt] cinnamon-screensaver: cinnamon-screensaver-main.py:13:<module>:ImportError: No module named 'setproctitle' https://bugzilla.redhat.com/show_bug.cgi?id=1404426 --------------------------------------------------------------------------------
================================================================================ cinnamon-desktop-3.2.4-1.fc24 (FEDORA-2016-17c4e9a42c) Shared code among cinnamon-session, nemo, etc -------------------------------------------------------------------------------- Update Information:
Release update - add missing requires python3-setproctitle ---- - Change default settings for two and three finger click, disabling them enables clickpad button areas to function (for libinput). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1402335 - [abrt] cinnamon: subprocess.py:1551:_execute_child:FileNotFoundError: [Errno 2] No such file or directory: 'wget' https://bugzilla.redhat.com/show_bug.cgi?id=1402335 [ 2 ] Bug #1284929 - cinnamon-settings uses wrong python https://bugzilla.redhat.com/show_bug.cgi?id=1284929 [ 3 ] Bug #1404426 - [abrt] cinnamon-screensaver: cinnamon-screensaver-main.py:13:<module>:ImportError: No module named 'setproctitle' https://bugzilla.redhat.com/show_bug.cgi?id=1404426 --------------------------------------------------------------------------------
================================================================================ cinnamon-screensaver-3.2.9-1.fc24 (FEDORA-2016-17c4e9a42c) Cinnamon Screensaver -------------------------------------------------------------------------------- Update Information:
Release update - add missing requires python3-setproctitle ---- - Change default settings for two and three finger click, disabling them enables clickpad button areas to function (for libinput). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1402335 - [abrt] cinnamon: subprocess.py:1551:_execute_child:FileNotFoundError: [Errno 2] No such file or directory: 'wget' https://bugzilla.redhat.com/show_bug.cgi?id=1402335 [ 2 ] Bug #1284929 - cinnamon-settings uses wrong python https://bugzilla.redhat.com/show_bug.cgi?id=1284929 [ 3 ] Bug #1404426 - [abrt] cinnamon-screensaver: cinnamon-screensaver-main.py:13:<module>:ImportError: No module named 'setproctitle' https://bugzilla.redhat.com/show_bug.cgi?id=1404426 --------------------------------------------------------------------------------
================================================================================ cinnamon-settings-daemon-3.2.1-1.fc24 (FEDORA-2016-17c4e9a42c) The daemon sharing settings from CINNAMON to GTK+/KDE applications -------------------------------------------------------------------------------- Update Information:
Release update - add missing requires python3-setproctitle ---- - Change default settings for two and three finger click, disabling them enables clickpad button areas to function (for libinput). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1402335 - [abrt] cinnamon: subprocess.py:1551:_execute_child:FileNotFoundError: [Errno 2] No such file or directory: 'wget' https://bugzilla.redhat.com/show_bug.cgi?id=1402335 [ 2 ] Bug #1284929 - cinnamon-settings uses wrong python https://bugzilla.redhat.com/show_bug.cgi?id=1284929 [ 3 ] Bug #1404426 - [abrt] cinnamon-screensaver: cinnamon-screensaver-main.py:13:<module>:ImportError: No module named 'setproctitle' https://bugzilla.redhat.com/show_bug.cgi?id=1404426 --------------------------------------------------------------------------------
================================================================================ cinnamon-translations-3.2.2-1.fc24 (FEDORA-2016-17c4e9a42c) Translations for Cinnamon and Nemo -------------------------------------------------------------------------------- Update Information:
Release update - add missing requires python3-setproctitle ---- - Change default settings for two and three finger click, disabling them enables clickpad button areas to function (for libinput). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1402335 - [abrt] cinnamon: subprocess.py:1551:_execute_child:FileNotFoundError: [Errno 2] No such file or directory: 'wget' https://bugzilla.redhat.com/show_bug.cgi?id=1402335 [ 2 ] Bug #1284929 - cinnamon-settings uses wrong python https://bugzilla.redhat.com/show_bug.cgi?id=1284929 [ 3 ] Bug #1404426 - [abrt] cinnamon-screensaver: cinnamon-screensaver-main.py:13:<module>:ImportError: No module named 'setproctitle' https://bugzilla.redhat.com/show_bug.cgi?id=1404426 --------------------------------------------------------------------------------
================================================================================ clufter-0.59.7-1.fc24 (FEDORA-2016-15e23dab74) Tool/library for transforming/analyzing cluster configuration formats -------------------------------------------------------------------------------- Update Information:
- bump upstream package, see https://github.com/jnpkrn/clufter/releases/tag/v0.59.7 --------------------------------------------------------------------------------
================================================================================ firefox-50.1.0-1.fc24 (FEDORA-2016-bd94ef48c8) Mozilla Firefox Web browser -------------------------------------------------------------------------------- Update Information:
- update to the new upstream version (50.1.0) - fixed X Window crashes (mozbz#1271100) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1403420 - firefox crashes with Gdk-ERROR BadAccess https://bugzilla.redhat.com/show_bug.cgi?id=1403420 --------------------------------------------------------------------------------
================================================================================ glusterfs-3.8.7-1.fc24 (FEDORA-2016-6e41643387) Distributed File System -------------------------------------------------------------------------------- Update Information:
3.8.7 GA --------------------------------------------------------------------------------
================================================================================ golang-github-coreos-go-iptables-0-0.6.gitfbb7337.fc24 (FEDORA-2016-12feb21da7) Go wrapper around iptables utility -------------------------------------------------------------------------------- Update Information:
Bump to upstream fbb73372b87f6e89951c2b6b31470c2c9d5cfae3 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1262543 - Tracker for golang-github-coreos-go-iptables https://bugzilla.redhat.com/show_bug.cgi?id=1262543 --------------------------------------------------------------------------------
================================================================================ golang-github-jonboulle-clockwork-0-0.8.gitfad208d.fc24 (FEDORA-2016-e446f1ca5c) A fake clock for golang -------------------------------------------------------------------------------- Update Information:
Bump to upstream fad208dd89dbc316a149043e332a192477f0e2a2 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1250489 - Tracker for golang-github-jonboulle-clockwork https://bugzilla.redhat.com/show_bug.cgi?id=1250489 --------------------------------------------------------------------------------
================================================================================ golang-github-vishvananda-netlink-0-0.11.gite73bad4.fc24 (FEDORA-2016-22579f80fd) Simple netlink library for go -------------------------------------------------------------------------------- Update Information:
Polish the spec file ---- Bump to upstream e73bad418fd727ed3a02830b1af1ad0283a1de6c -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1398575 - FTBFS on s390x and ppc64 https://bugzilla.redhat.com/show_bug.cgi?id=1398575 --------------------------------------------------------------------------------
================================================================================ golang-github-vishvananda-netns-0-0.10.git8ba1072.fc24 (FEDORA-2016-a64d49b544) Simple network namespace handling for go -------------------------------------------------------------------------------- Update Information:
Polish the spec file ---- Bump to upstream 8ba1072b58e0c2a240eb5f6120165c7776c3e7b8 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1248150 - Tracker for golang-github-vishvananda-netns https://bugzilla.redhat.com/show_bug.cgi?id=1248150 --------------------------------------------------------------------------------
================================================================================ ibus-typing-booster-1.5.15-1.fc24 (FEDORA-2016-20efccc966) A completion input method -------------------------------------------------------------------------------- Update Information:
Add an option to choose the orientation of the lookup table; Default value for self._show_status_info_in_auxiliary_text should be True; Don���t use keyword arguments when instantiating IBus.LookupTable() --------------------------------------------------------------------------------
================================================================================ kernel-4.8.14-200.fc24 (FEDORA-2016-e5b72816d0) The Linux kernel -------------------------------------------------------------------------------- Update Information:
The 4.8.14 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1403833 - CVE-2016-8399 kernel: net: Out of bounds stack read in memcpy_fromiovec https://bugzilla.redhat.com/show_bug.cgi?id=1403833 --------------------------------------------------------------------------------
================================================================================ kst-2.0.8-11.fc24 (FEDORA-2016-4cef6c27a3) A data viewing program -------------------------------------------------------------------------------- Update Information:
gcc rebuild. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1394506 - Most of plugins fail to load https://bugzilla.redhat.com/show_bug.cgi?id=1394506 --------------------------------------------------------------------------------
================================================================================ nemo-3.2.2-1.fc24 (FEDORA-2016-17c4e9a42c) File manager for Cinnamon -------------------------------------------------------------------------------- Update Information:
Release update - add missing requires python3-setproctitle ---- - Change default settings for two and three finger click, disabling them enables clickpad button areas to function (for libinput). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1402335 - [abrt] cinnamon: subprocess.py:1551:_execute_child:FileNotFoundError: [Errno 2] No such file or directory: 'wget' https://bugzilla.redhat.com/show_bug.cgi?id=1402335 [ 2 ] Bug #1284929 - cinnamon-settings uses wrong python https://bugzilla.redhat.com/show_bug.cgi?id=1284929 [ 3 ] Bug #1404426 - [abrt] cinnamon-screensaver: cinnamon-screensaver-main.py:13:<module>:ImportError: No module named 'setproctitle' https://bugzilla.redhat.com/show_bug.cgi?id=1404426 --------------------------------------------------------------------------------
================================================================================ openconnect-7.08-1.fc24 (FEDORA-2016-4e680d77fa) Open client for Cisco AnyConnect VPN -------------------------------------------------------------------------------- Update Information:
Update to OpenConnect 7.08. This fixes a number of compatibility issues with Juniper VPN, and implements automatic MTU detection. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1380503 - Please apply patch to resolve HTTP error 400 with Pulse latest version https://bugzilla.redhat.com/show_bug.cgi?id=1380503 [ 2 ] Bug #1268847 - ssh fails to connect to VPN hosts - hangs at "expecting SSH2_MSG_KEX_ECDH_REPLY" https://bugzilla.redhat.com/show_bug.cgi?id=1268847 [ 3 ] Bug #1249126 - Comma in resolv.conf using openconnect https://bugzilla.redhat.com/show_bug.cgi?id=1249126 --------------------------------------------------------------------------------
================================================================================ opendmarc-1.3.2-0.10.fc24 (FEDORA-2016-dfebe30cda) A Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and library -------------------------------------------------------------------------------- Update Information:
This update fixes a bug that would cause opendmarc to crash soon after starting up. See [RHBZ #1398444](https://bugzilla.redhat.com/show_bug.cgi?id=1398444) and upstream [#185](https://sourceforge.net/p/opendmarc/tickets/185/). It also includes many other bug fixes from Juri Haberland's [tracking page](http://batleth.sapienti-sat.org/projects/opendmarc/). ---- Fixed path in import-stats patch ---- Updating to 1.3.2.Beta0 release, in anticipation of full release. This version incorporates a number of patches since the 1.3.1 release. See: https://sourceforge.net/p/opendmarc/activity/ -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1398444 - [abrt] opendmarc: mlfi_connect(): opendmarc killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1398444 [ 2 ] Bug #1293279 - opendkim miss LDAP support https://bugzilla.redhat.com/show_bug.cgi?id=1293279 [ 3 ] Bug #1287176 - OpenDMARC does not accept valid mail size limiting syntax in DMARC record https://bugzilla.redhat.com/show_bug.cgi?id=1287176 [ 4 ] Bug #1331971 - wrong result with self SPF check https://bugzilla.redhat.com/show_bug.cgi?id=1331971 [ 5 ] Bug #1332521 - opendmarc always adds spf=pass https://bugzilla.redhat.com/show_bug.cgi?id=1332521 --------------------------------------------------------------------------------
================================================================================ php-pecl-dio-0.0.9-1.fc24 (FEDORA-2016-0bfedb4d19) Direct I/O functions -------------------------------------------------------------------------------- Update Information:
PHP supports the direct io functions as described in the Posix Standard (Section 6) for performing I/O functions at a lower level than the C-Language stream I/O functions (fopen(), fread(),..). DIO provides functions and stream wrappers which provide raw and serial low level IO support. The use of the DIO functions should be considered only when direct control of a device is needed. In all other cases, the standard filesystem functions are more than adequate. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1404217 - Review Request: php-pecl-dio - Direct I/O functions https://bugzilla.redhat.com/show_bug.cgi?id=1404217 --------------------------------------------------------------------------------
================================================================================ php-phpunit-DbUnit-2.0.3-1.fc24 (FEDORA-2016-28e703df35) DbUnit port for PHP/PHPUnit -------------------------------------------------------------------------------- Update Information:
Update to latest upstream version See [Release Announcement for PHPUnit 5.7.0](https://github.com/sebastianbergmann/phpunit/wiki/Release-Announcement- for-PHPUnit-5.7.0) and the [CHANGELOG](https://github.com/sebastianbergmann/phpu nit/blob/5.7.4/ChangeLog-5.7.md) --------------------------------------------------------------------------------
================================================================================ php-phpunit-PHPUnit-5.7.4-1.fc24 (FEDORA-2016-28e703df35) The PHP Unit Testing framework -------------------------------------------------------------------------------- Update Information:
Update to latest upstream version See [Release Announcement for PHPUnit 5.7.0](https://github.com/sebastianbergmann/phpunit/wiki/Release-Announcement- for-PHPUnit-5.7.0) and the [CHANGELOG](https://github.com/sebastianbergmann/phpu nit/blob/5.7.4/ChangeLog-5.7.md) --------------------------------------------------------------------------------
================================================================================ php-phpunit-PHPUnit-MockObject-3.4.3-1.fc24 (FEDORA-2016-28e703df35) Mock Object library for PHPUnit -------------------------------------------------------------------------------- Update Information:
Update to latest upstream version See [Release Announcement for PHPUnit 5.7.0](https://github.com/sebastianbergmann/phpunit/wiki/Release-Announcement- for-PHPUnit-5.7.0) and the [CHANGELOG](https://github.com/sebastianbergmann/phpu nit/blob/5.7.4/ChangeLog-5.7.md) --------------------------------------------------------------------------------
================================================================================ php-zendframework-zend-expressive-fastroute-1.2.1-1.fc24 (FEDORA-2016-899336f6a4) FastRoute integration for Expressive -------------------------------------------------------------------------------- Update Information:
**Version 1.2.1** - 2016-12-13 - [#19](https://github.com/zendframework/zend- expressive-fastroute/pull/19) fixes route generation for optional segments with regex char classes: e.g. `[/{param:my-[a-z]+}]` --------------------------------------------------------------------------------
================================================================================ python-boto-2.44.0-1.fc24 (FEDORA-2016-4489582274) A simple, lightweight interface to Amazon Web Services -------------------------------------------------------------------------------- Update Information:
This update adds support for AWS's new `ca-central-1` region in Montr��al, Canada. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1403362 - Update boto 2 package to version 2.44.0 to support AWS ca-central-1 (Montreal) region https://bugzilla.redhat.com/show_bug.cgi?id=1403362 --------------------------------------------------------------------------------
================================================================================ python-flufl-testing-0.4-1.fc24 (FEDORA-2016-dc14d6a476) Small collection of test tool plugins -------------------------------------------------------------------------------- Update Information:
Initial package. --------------------------------------------------------------------------------
================================================================================ qmapshack-1.7.2-1.fc24 (FEDORA-2016-9878df7554) GPS mapping and management tool -------------------------------------------------------------------------------- Update Information:
- updated to 1.7.2 - see https://bitbucket.org/maproom/qmapshack/src/240e7a2a21b a06fccc2420be36cc25f8781378ec/changelog.txt?at=default&fileviewer=file-view- default for full changelog --------------------------------------------------------------------------------
================================================================================ scap-workbench-1.1.3-1.fc24 (FEDORA-2016-4be5bb13c1) Scanning, tailoring, editing and validation tool for SCAP content -------------------------------------------------------------------------------- Update Information:
Updated to new upstream release 1.1.3 --------------------------------------------------------------------------------
================================================================================ sssd-1.14.2-2.fc24 (FEDORA-2016-b04d690b49) System Security Services Daemon -------------------------------------------------------------------------------- Update Information:
- rhbz#1369130 - nss_sss should not link against libpthread - rhbz#1392916 - sssd failes to start after updat- rhbz#1398789 - SELinux is preventing sssd from 'write' accessess on the directory /etc/sssd -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd. https://bugzilla.redhat.com/show_bug.cgi?id=1398789 [ 2 ] Bug #1392916 - sssd failes to start after update https://bugzilla.redhat.com/show_bug.cgi?id=1392916 [ 3 ] Bug #1369130 - nss_sss should not link against libpthread https://bugzilla.redhat.com/show_bug.cgi?id=1369130 --------------------------------------------------------------------------------
================================================================================ strace-4.15-1.fc24 (FEDORA-2016-08675323e3) Tracks and displays system calls associated with a running process -------------------------------------------------------------------------------- Update Information:
v4.14 -> v4.15. --------------------------------------------------------------------------------
================================================================================ tomboy-1.15.6-1.fc24 (FEDORA-2016-f1933633b0) Note-taking application -------------------------------------------------------------------------------- Update Information:
### Version 1.15.6 ### * Translation updates: pl, lt, sr, sv, cs, hu, da, pt, pt_BR, de, fr * Multiple build infrastructure updates and general cleanup (Alex Tereschenko with contribution from Philip Withnall) * Updates for modern versions of Mono, make and autotools * Migrated off of gnome-common infrastructure * We are now using Yelp for doc generation * Fixed building on Debian and derivatives with DBus 2.0 (inspired by Debian's distro- level patch by Iain Lane, gh9) * Added a copy of ax_require_config macro into our repo to fix building on Ubuntu 14 (gh26) * Fixed bug with note still being shown in Search All after deletion from Note window (gh13, David Bannon) * Removed GNOME panel mention from Start Here note (bgo559723, Jared Jennings) * Made FUSE module load dialog more readable (gh21, bgo595283, Alex Tereschenko) * Reworked note saving exception handling to avoid program crashes on disk full (gh24, Alex Tereschenko) * Fixed crash upon exporting notes to HTML when a linked note is not found (gh25, Alex Tereschenko) * Windows: fixed URL generation for drag'n'drop, updated GTK# download link (gh22, bgo604671, Alex Tereschenko) * Some housekeeping (Alex Tereschenko): * Removed unused files (Changelog.pre-git, MAINTAINERS) * Updated information in NEWS and main README files * Added contribution guidelines * .gitignore updates --------------------------------------------------------------------------------
================================================================================ unzip-6.0-31.fc24 (FEDORA-2016-80a2fba8aa) A utility for unpacking zip files -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2016-9844 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1404283 - CVE-2016-9844 unzip: methbuf[] buffer overflow in zipinfo's zi_short() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1404283 --------------------------------------------------------------------------------
================================================================================ virt-manager-1.4.0-5.fc24 (FEDORA-2016-e5ca071bf0) Desktop tool for managing virtual machines via libvirt -------------------------------------------------------------------------------- Update Information:
* Fix version check for spice GL support * Don't return virtio1.0-net as a valid device name (bz #1399083) * Fix window size tracking on wayland (bz #1375175) * Fix 'resize to VM' on wayland (bz #1397598) --------------------------------------------------------------------------------
================================================================================ xen-4.6.4-4.fc24 (FEDORA-2016-bcbae0781f) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information:
x86 CMPXCHG8B emulation fails to ignore operand size override [XSA-200, CVE-2016-9932] (#1404262) ---- ARM guests may induce host asynchronous abort [XSA-201, CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818] (#1399747) qemu: Divide by zero vulnerability in cirrus_do_copy (#1399055) [CVE-2016-9921, CVE-2016-9922] Qemu: 9pfs: memory leakage via proxy/handle callbacks (#1402278) qemu ioport array overflow [XSA-199, CVE-2016-9637] -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1399745 - CVE-2016-9932 xsa200 xen: x86 CMPXCHG8B emulation fails to ignore operand size override (XSA-200) https://bugzilla.redhat.com/show_bug.cgi?id=1399745 [ 2 ] Bug #1399746 - CVE-2016-9815 CVE-2016-9816 CVE-2016-9817 CVE-2016-9818 xsa201 xen: ARM guests may induce host asynchronous abort (XSA-201) https://bugzilla.redhat.com/show_bug.cgi?id=1399746 [ 3 ] Bug #1334398 - CVE-2016-9921 CVE-2016-9922 Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy https://bugzilla.redhat.com/show_bug.cgi?id=1334398 [ 4 ] Bug #1402276 - CVE-2016-9913 CVE-2016-9914 CVE-2016-9915 CVE-2016-9916 Qemu: 9pfs: memory leakage via proxy/handle callbacks https://bugzilla.redhat.com/show_bug.cgi?id=1402276 --------------------------------------------------------------------------------