The following Fedora 24 Security updates need testing:
Age URL
138
https://bodhi.fedoraproject.org/updates/FEDORA-2016-32eaf0c41e redis-3.2.3-1.fc24
121
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0ef628998f
chicken-4.11.0-3.fc24
73
https://bodhi.fedoraproject.org/updates/FEDORA-2016-990e2012ea
compat-guile18-1.8.8-14.fc24
35
https://bodhi.fedoraproject.org/updates/FEDORA-2016-93679a91df
jenkins-1.651.3-2.fc24 jenkins-remoting-2.62.3-1.fc24
19
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b465090499
ipsilon-2.0.2-2.fc24
9
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a1f774c3d7
FlightGear-2016.1.2-5.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-04383482b4
game-music-emu-0.6.1-1.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-608be17784
python-wikitcms-2.1.10-1.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-631737a49a
tracker-1.8.2-1.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d337166907
freeipa-4.3.2-4.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8586235698
nagios-plugins-2.1.4-2.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c7e60a9fd4
community-mysql-5.7.17-1.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b7f39a8c1
openjpeg2-2.1.2-3.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-52a1b18397
mingw-openjpeg2-2.1.2-3.fc24
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-09dc3efcd2 samba-4.4.8-0.fc24
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08
squid-3.5.23-1.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-76b646637e
tor-0.2.8.12-1.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-06e8a3f776
js-jquery1-1.12.4-2.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8516b7d6fb
js-jquery-2.2.4-1.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-1185de6aa6
php-zendframework-zend-mail-2.7.2-1.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-54a717d5d6
zookeeper-3.4.9-1.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-bc02bff7f5 xen-4.6.4-5.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5c3d057783
libbsd-0.8.3-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-86d2b5aefb
curl-7.47.1-10.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-55f912fcdc
seamonkey-2.46-1.fc24
The following Fedora 24 Critical Path updates have yet to be approved:
Age URL
38
https://bodhi.fedoraproject.org/updates/FEDORA-2016-cddf0ec383
nss-3.27.0-1.3.fc24
18
https://bodhi.fedoraproject.org/updates/FEDORA-2016-90bd4d7d33
selinux-policy-3.13.1-191.23.fc24
12
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d4be615424 libfm-1.2.5-1.fc24
lxsession-0.5.3-2.fc24 pcmanfm-1.2.5-1.fc24
9
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d2820fc67d
libvorbis-1.3.5-1.fc24
9
https://bodhi.fedoraproject.org/updates/FEDORA-2016-700f16d3f3
gnome-online-accounts-3.20.5-1.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0281ab71ff vim-8.0.134-2.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ab5b9ae96b audit-2.7-1.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8b3063d71c meson-0.36.0-4.fc24
redhat-rpm-config-42-2.fc24
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-09dc3efcd2 samba-4.4.8-0.fc24
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-85dffa754f
perl-5.22.2-365.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f5c57e05b6
openssl-1.0.2j-3.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b938403605 gcc-6.3.1-1.fc24
libtool-2.4.6-13.fc24 gcc-python-plugin-0.15-8.1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-86d2b5aefb
curl-7.47.1-10.fc24
The following builds have been pushed to Fedora 24 updates-testing
cinnamon-3.2.7-1.fc24
cinnamon-screensaver-3.2.12-1.fc24
composer-1.3.0-1.fc24
curl-7.47.1-10.fc24
frepple-3.1-1.fc24
java-1.8.0-openjdk-aarch32-1.8.0.112-1.161109.fc24
kf5-libktorrent-2.0.1-5.fc24
lirc-0.9.4c-6.fc24
mate-session-manager-1.16.0-2.fc24
nfs-ganesha-2.4.1-2.fc24
odb-2.4.0-16.fc24
perl-B-Debug-1.24-1.fc24
php-akamai-open-edgegrid-auth-0.6.1-1.fc24
php-akamai-open-edgegrid-client-0.6.2-2.fc24
php-deepend-Mockery-0.9.7-1.fc24
php-react-promise-2.5.0-1.fc24
php-zendframework-zend-expressive-helpers-2.2.0-1.fc24
seamonkey-2.46-1.fc24
tuxguitar-1.4-1.fc24
wine-2.0-0.1.rc2.fc24
wine-mono-4.6.4-1.fc24
Details about builds:
================================================================================
cinnamon-3.2.7-1.fc24 (FEDORA-2016-6bebfa24d5)
Window management and application launching for GNOME
--------------------------------------------------------------------------------
Update Information:
- Update
--------------------------------------------------------------------------------
================================================================================
cinnamon-screensaver-3.2.12-1.fc24 (FEDORA-2016-6bebfa24d5)
Cinnamon Screensaver
--------------------------------------------------------------------------------
Update Information:
- Update
--------------------------------------------------------------------------------
================================================================================
composer-1.3.0-1.fc24 (FEDORA-2016-83d812ade8)
Dependency Manager for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 1.3.0** - 2016-12-24 * Fixed handling of annotated git tags vs
lightweight tags leading to useless updates sometimes * Fixed ext-xdebug not
being require-able anymore due to automatic xdebug disabling * Fixed case
insensitivity of remove command **Version 1.3.0-RC** - 2016-12-11 * Added
workaround for xdebug performance impact by restarting PHP without xdebug
automatically in case it is enabled * Added `--minor-only` to the `outdated`
command to only show updates to minor versions and ignore new major versions *
Added `--apcu-autoloader` to the `update`/`install` commands and `--apcu` to
`dump-autoload` to enable an APCu-caching autoloader, which can be more
efficient than --classmap-authoritative if you attempt to autoload many classes
that do not exist, or if you can not use authoritative classmaps for some reason
* Added summary of operations to be executed before they run, and made execution
output more compact * Added `php-debug` and `php-zts` virtual platform
packages * Added `gitlab-token` auth config for GitLab private tokens *
Added `--strict` to the `outdated` command to return a non-zero exit code when
there are outdated packages * Added ability to call php scripts using the
current php interpreter (instead of finding php in PATH by default) in script
handlers via `@php ...` * Added `COMPOSER_ALLOW_XDEBUG` env var to circumvent
the xdebug-disabling behavior * Added `COMPOSER_MIRROR_PATH_REPOS` env var to
force mirroring of path repositories vs symlinking * Added `COMPOSER_DEV_MODE`
env var that is set by Composer to forward the dev mode to script handlers *
Fixed support for git 2.11 * Fixed output from zip and rar leaking out when an
error occured * Removed `hash` from composer.lock, only `content-hash` is now
used which should reduce conflicts * Minor fixes and performance improvements
--------------------------------------------------------------------------------
================================================================================
curl-7.47.1-10.fc24 (FEDORA-2016-86d2b5aefb)
A utility for getting files from remote servers (FTP, HTTP, and others)
--------------------------------------------------------------------------------
Update Information:
- fix floating point buffer overflow issues (CVE-2016-9586)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1406716 - CVE-2016-9586 curl: printf floating point buffer overflow
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1406716
--------------------------------------------------------------------------------
================================================================================
frepple-3.1-1.fc24 (FEDORA-2016-bc46764d7d)
Free Production PLanning
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
================================================================================
java-1.8.0-openjdk-aarch32-1.8.0.112-1.161109.fc24 (FEDORA-2016-c4b7b63beb)
OpenJDK Runtime Environment in a preview of the OpenJDK AArch32 project
--------------------------------------------------------------------------------
Update Information:
8u112 feature update, sync with mainline package
--------------------------------------------------------------------------------
================================================================================
kf5-libktorrent-2.0.1-5.fc24 (FEDORA-2016-1d2a0ef47f)
Library providing torrent downloading code
--------------------------------------------------------------------------------
Update Information:
KDE Framework providing torrent downloading code.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1386774 - Review Request: kf5-libktorrent - Library providing torrent
downloading code
https://bugzilla.redhat.com/show_bug.cgi?id=1386774
--------------------------------------------------------------------------------
================================================================================
lirc-0.9.4c-6.fc24 (FEDORA-2016-dc3f1b4a61)
The Linux Infrared Remote Control package
--------------------------------------------------------------------------------
Update Information:
Fixes bug in parsing --listen option (#249) ---- Fix missing lircd-
setup.service file
--------------------------------------------------------------------------------
================================================================================
mate-session-manager-1.16.0-2.fc24 (FEDORA-2016-0ed144b91a)
MATE Desktop session manager
--------------------------------------------------------------------------------
Update Information:
fix resizing the startup applications preferences window
--------------------------------------------------------------------------------
================================================================================
nfs-ganesha-2.4.1-2.fc24 (FEDORA-2016-9b8e81133d)
NFS-Ganesha is a NFS Server running in user space
--------------------------------------------------------------------------------
Update Information:
nfs-ganesha 2.4.1 w/ glusterfs-3.8.6 upcall fix
--------------------------------------------------------------------------------
================================================================================
odb-2.4.0-16.fc24 (FEDORA-2016-23fb7e6072)
Object-relational mapping (ORM) system for C++
--------------------------------------------------------------------------------
Update Information:
Fix for [gcc
6](http://codesynthesis.com/pipermail/odb-
users/2016-December/003581.html)
--------------------------------------------------------------------------------
================================================================================
perl-B-Debug-1.24-1.fc24 (FEDORA-2016-02ca7e6d41)
Walk Perl syntax tree, print debug information about op-codes
--------------------------------------------------------------------------------
Update Information:
This release adapts tests to Perl 5.25.6. We deliver only to provide newer
version string.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1408456 - perl-B-Debug-1.24 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1408456
--------------------------------------------------------------------------------
================================================================================
php-akamai-open-edgegrid-auth-0.6.1-1.fc24 (FEDORA-2016-09fde30d7a)
Implements the Akamai {OPEN} EdgeGrid Authentication
--------------------------------------------------------------------------------
Update Information:
### 0.6.1 [17 Dec, 2016] * Fix PHP 7.1 compatibility (@remicollet)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1405779 - php-akamai-open-edgegrid-auth-0.6.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1405779
--------------------------------------------------------------------------------
================================================================================
php-akamai-open-edgegrid-client-0.6.2-2.fc24 (FEDORA-2016-2dcbdd47db)
Implements the Akamai {OPEN} EdgeGrid Authentication
--------------------------------------------------------------------------------
Update Information:
### 0.6.2 [17 Dec, 2016] * Update to akamai-open/edgegrid-auth 0.6.1 (PHP 7.1
compatibility)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1405781 - php-akamai-open-edgegrid-client-0.6.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1405781
--------------------------------------------------------------------------------
================================================================================
php-deepend-Mockery-0.9.7-1.fc24 (FEDORA-2016-dd95eda64c)
Mockery is a simple but flexible PHP mock object framework
--------------------------------------------------------------------------------
Update Information:
**Version 0.9.7** * Clear the _filesToCleanUp array after unlink.
--------------------------------------------------------------------------------
================================================================================
php-react-promise-2.5.0-1.fc24 (FEDORA-2016-ee02b6126a)
A lightweight implementation of CommonJS Promises/A for PHP
--------------------------------------------------------------------------------
Update Information:
### 2.5.0 (2016-12-22) * Revert automatic cancellation of pending collection
promises once the output promise resolves. This was introduced in 42d86b7 (PR
#36, released in
[
v2.3.0](https://github.com/reactphp/promise/releases/tag/v2.3.0)) and was
both unintended and backward incompatible. If you need automatic cancellation,
you can use something like: ``` function allAndCancel(array $promises) {
return \React\Promise\all($promises) ->always(function() use ($promises)
{ foreach ($promises as $promise) { if ($promise
instanceof \React\Promise\CancellablePromiseInterface) {
$promise->cancel(); } } }); } ``` * `all()` and
`map()` functions now preserve the order of the array (#77). * Fix circular
references when resolving a promise with itself (#71).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1408344 - php-react-promise-2.5.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1408344
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zend-expressive-helpers-2.2.0-1.fc24 (FEDORA-2016-abc5584b14)
Helper/Utility classes for Expressive
--------------------------------------------------------------------------------
Update Information:
**Version 2.2.0** - 2016-12-23 - [#30](https://github.com/zendframework/zend-
expressive-helpers/pull/30) Use new ZF coding standard -
[#31](https://github.com/zendframework/zend-expressive-helpers/pull/32) Check to
ensure 100% test coverage is retained **Version 2.1.1** - 2016-12-23 -
[#29](https://github.com/zendframework/zend-expressive-helpers/pull/29) Don't
throw exception on empty JSON body
--------------------------------------------------------------------------------
================================================================================
seamonkey-2.46-1.fc24 (FEDORA-2016-55f912fcdc)
Web browser, e-mail, news, IRC client, HTML editor
--------------------------------------------------------------------------------
Update Information:
Update to 2.46 Fixes various security issues, see
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html for more
info. No more includes Chatzilla and DOM Inspector in the package -- install
them yourself now (as usual other addons) from
https://addons.mozilla.org
--------------------------------------------------------------------------------
================================================================================
tuxguitar-1.4-1.fc24 (FEDORA-2016-f9dc76f6dc)
A multitrack tablature editor and player written in Java-SWT
--------------------------------------------------------------------------------
Update Information:
* New edit Toolbar * Several bugs fixed
--------------------------------------------------------------------------------
================================================================================
wine-2.0-0.1.rc2.fc24 (FEDORA-2016-91267b0c0e)
A compatibility layer for windows applications
--------------------------------------------------------------------------------
Update Information:
- Bug fix update of the Mono engine. - Support for IDN name resolution. - Many
more Shader Model 5 operations. - Still more fixes in the regression tests. -
Various bug fixes.
https://www.winehq.org/announce/2.0-rc2 - Bug fixes only,
we are in code freeze.
https://wine-
staging.com/news/2016-12-21-release-2.0-rc2.html - Implement basic AES support
in bcrypt. - Remove GnuTLS / CommonCrypto dependency for hash calculations in
bcrypt. - Improve TIFF support in windoscodecs. - Various improvements in
user32, winhttp and other dlls.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1398794 - wine-mono 4.6.3 is broken
https://bugzilla.redhat.com/show_bug.cgi?id=1398794
--------------------------------------------------------------------------------
================================================================================
wine-mono-4.6.4-1.fc24 (FEDORA-2016-91267b0c0e)
Mono library required for Wine
--------------------------------------------------------------------------------
Update Information:
- Bug fix update of the Mono engine. - Support for IDN name resolution. - Many
more Shader Model 5 operations. - Still more fixes in the regression tests. -
Various bug fixes.
https://www.winehq.org/announce/2.0-rc2 - Bug fixes only,
we are in code freeze.
https://wine-
staging.com/news/2016-12-21-release-2.0-rc2.html - Implement basic AES support
in bcrypt. - Remove GnuTLS / CommonCrypto dependency for hash calculations in
bcrypt. - Improve TIFF support in windoscodecs. - Various improvements in
user32, winhttp and other dlls.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1398794 - wine-mono 4.6.3 is broken
https://bugzilla.redhat.com/show_bug.cgi?id=1398794
--------------------------------------------------------------------------------