The following Fedora 24 Security updates need testing:
Age URL
53
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2e339a7779
optipng-0.7.6-1.fc24
25
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4a4d504509
obs-signd-2.2.1-8.fc24
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-95edf19d8a
squid-3.5.19-2.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b86ae2068d
openslp-2.0.0-9.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-dfa325d31b
community-mysql-5.7.12-1.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b967ac1a74 php-5.6.22-1.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e21eeb4202
docker-1.10.3-11.git8ecd47f.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e3240782ec
phpMyAdmin-4.6.2-1.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d23d2712de
roundcubemail-1.2.0-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-cfea37952b xen-4.6.1-10.fc24
The following Fedora 24 Critical Path updates have yet to be approved:
Age URL
12
https://bodhi.fedoraproject.org/updates/FEDORA-2016-aa49938267
pungi-4.0.15-2.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3d4c0d27b6
sqlite-3.12.2-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c36f610022 krb5-1.14.1-6.fc24
The following builds have been pushed to Fedora 24 updates-testing
atoum-2.7.0-1.fc24
chck-0-1.20160408git5275403.fc24
edgar-1.24-1.fc24
gnome-software-3.20.3-1.fc24
knot-2.2.0-3.fc24
kubernetes-1.2.0-0.22.git4a3f9c5.fc24
ndctl-53.1-1.fc24
nvml-1.0-2.fc24
pcsc-cyberjack-3.99.5final.SP09-1.fc24
perl-MCE-1.708-1.fc24
php-bartlett-php-compatinfo-db-1.9.0-1.fc24
php-phpunit-git-2.1.2-1.fc24
python-hypothesis-3.4.0-1.fc24
python-shapely-1.5.16-1.fc24
python-werkzeug-0.11.10-1.fc24
xemacs-21.5.34-16.20160507hgd5b51c618ef8.fc24
xen-4.6.1-10.fc24
Details about builds:
================================================================================
atoum-2.7.0-1.fc24 (FEDORA-2016-72c43f8365)
PHP Unit Testing framework
--------------------------------------------------------------------------------
Update Information:
**Version 2.7.0** - 2016-06-20 *
[#594](https://github.com/atoum/atoum/pull/594) Add telemtry report to CI builds
([jubianchi]) * [#600](https://github.com/atoum/atoum/pull/600) Reports override
correctly when using -ulr/-utr ([jubianchi]) *
[#593](https://github.com/atoum/atoum/pull/593) Assertions on PHP 7
exceptions/throwables/errors are now working correctly ([jubianchi])
--------------------------------------------------------------------------------
================================================================================
chck-0-1.20160408git5275403.fc24 (FEDORA-2016-c1c4dd94aa)
Collection of C utilities
--------------------------------------------------------------------------------
Update Information:
Update to more recent git commit
--------------------------------------------------------------------------------
================================================================================
edgar-1.24-1.fc24 (FEDORA-2016-9458a607e5)
A platform game
--------------------------------------------------------------------------------
Update Information:
* Updated Brazilian Portuguese and German translations * The ice blocks dropped
by the large blue book's third form now shatter if they land on lifts
--------------------------------------------------------------------------------
================================================================================
gnome-software-3.20.3-1.fc24 (FEDORA-2016-2be09c9861)
A software center for GNOME
--------------------------------------------------------------------------------
Update Information:
gnome-software 3.20.3. This stable release fixes the following bugs: * Fix
several issues with system upgrades * Fix several issues with the Ubuntu
reviews dialog * Fix an issue that caused incorrect package versions to be
shown in the update panel * Fix an issue that caused offline updates to not
start under certain conditions This release also updates translations.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1337336 - gnome-software shows updates but "Restart & Install"
button doesn't install them
https://bugzilla.redhat.com/show_bug.cgi?id=1337336
[ 2 ] Bug #1336482 - Change label "Installing" to "Downloading"
https://bugzilla.redhat.com/show_bug.cgi?id=1336482
[ 3 ] Bug #1335414 - Graphical upgrade failed with error with no details
https://bugzilla.redhat.com/show_bug.cgi?id=1335414
[ 4 ] Bug #1336459 - installing a package between Download and Install actions of
graphical upgrade breaks graphical upgrade
https://bugzilla.redhat.com/show_bug.cgi?id=1336459
--------------------------------------------------------------------------------
================================================================================
knot-2.2.0-3.fc24 (FEDORA-2016-13d3faa3f0)
High-performance authoritative DNS server
--------------------------------------------------------------------------------
Update Information:
Fix default configuration file.
--------------------------------------------------------------------------------
================================================================================
kubernetes-1.2.0-0.22.git4a3f9c5.fc24 (FEDORA-2016-d79a8ed83c)
Container cluster management
--------------------------------------------------------------------------------
Update Information:
Bump to origin v1.2.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1340643 - Update to origin v1.2.0
https://bugzilla.redhat.com/show_bug.cgi?id=1340643
--------------------------------------------------------------------------------
================================================================================
ndctl-53.1-1.fc24 (FEDORA-2016-8505baabe1)
Manage "libnvdimm" subsystem devices (Non-volatile Memory)
--------------------------------------------------------------------------------
Update Information:
- Fix up tag format vs source url confusion - add daxctl-libs + daxctl-devel
packages - add bash completion
--------------------------------------------------------------------------------
================================================================================
nvml-1.0-2.fc24 (FEDORA-2016-1ba843f879)
Non-Volatile Memory Library
--------------------------------------------------------------------------------
Update Information:
Exclude PPC architecture
--------------------------------------------------------------------------------
================================================================================
pcsc-cyberjack-3.99.5final.SP09-1.fc24 (FEDORA-2016-e672c38dd8)
PC/SC driver for REINER SCT cyberjack USB chip card reader
--------------------------------------------------------------------------------
Update Information:
New upstream, which fixes an usb-bug. Gui finally removed by upstream, was not
build/packaged anyway. The cyberjack binary, used for troubleshooting the
install, was also removed upstream.
--------------------------------------------------------------------------------
================================================================================
perl-MCE-1.708-1.fc24 (FEDORA-2016-ff73f4e786)
Many-core Engine for Perl providing parallel processing capabilities
--------------------------------------------------------------------------------
Update Information:
Current upstream maintenance release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1339851 - perl-MCE-1.707 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1339851
--------------------------------------------------------------------------------
================================================================================
php-bartlett-php-compatinfo-db-1.9.0-1.fc24 (FEDORA-2016-8b44a1f34e)
Reference Database to be used with php-compatinfo library
--------------------------------------------------------------------------------
Update Information:
**Version 1.9.0** - 2016-05-27 - Support to PHP 7.0.7 - Support to PHP 5.6.22 -
Support to PHP 5.5.36
--------------------------------------------------------------------------------
================================================================================
php-phpunit-git-2.1.2-1.fc24 (FEDORA-2016-7055fb1db1)
Simple wrapper for Git
--------------------------------------------------------------------------------
Update Information:
**Version 2.1.2** * Fix getCurrentBranch() to support branches with slashes
--------------------------------------------------------------------------------
================================================================================
python-hypothesis-3.4.0-1.fc24 (FEDORA-2016-e14755683c)
A library for property based testing
--------------------------------------------------------------------------------
Update Information:
Latest release, see
https://hypothesis.readthedocs.io/en/latest/changes.html for
changelog
--------------------------------------------------------------------------------
================================================================================
python-shapely-1.5.16-1.fc24 (FEDORA-2016-6763413e23)
Manipulation and analysis of geometric objects in the Cartesian plane
--------------------------------------------------------------------------------
Update Information:
- Bug fix: eliminate memory leak when unpickling geometry objects (#384, #385).
- Bug fix: prevent crashes when attempting to pickle a prepared geometry,
raising ``PicklingError`` instead (#386).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1340577 - python-shapely-1.5.16 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1340577
--------------------------------------------------------------------------------
================================================================================
python-werkzeug-0.11.10-1.fc24 (FEDORA-2016-d8698f4a8d)
The Swiss Army knife of Python web development
--------------------------------------------------------------------------------
Update Information:
Upstream 0.11.10 ---- Upstream 0.11.6 (upstream #822)
--------------------------------------------------------------------------------
================================================================================
xemacs-21.5.34-16.20160507hgd5b51c618ef8.fc24 (FEDORA-2016-d104d3608c)
Different version of Emacs
--------------------------------------------------------------------------------
Update Information:
This update fixes a problem that prevents M-x shell from working under tcsh.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1222897 - Warning: no access to tty (Inappropriate ioctl for device). When
opening a shell
https://bugzilla.redhat.com/show_bug.cgi?id=1222897
[ 2 ] Bug #1260785 - TCSH shells have process control problems in Xemacs
https://bugzilla.redhat.com/show_bug.cgi?id=1260785
--------------------------------------------------------------------------------
================================================================================
xen-4.6.1-10.fc24 (FEDORA-2016-cfea37952b)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
cleaner way to set kernel module load list Unrestricted qemu logging [XSA-180,
CVE-2014-3672] (#1339125) Qemu: scsi: esp: OOB write while writing to
's->cmdbuf' in esp_reg_write [CVE-2016-4439] (#1337502) Qemu: scsi: esp: OOB
write while writing to 's->cmdbuf' in get_cmd [CVE-2016-4441] (#1337505) Qemu:
scsi: megasas: out-of-bounds write while setting controller properties
[CVE-2016-5106] (#1339578) Qemu: scsi: megasas: stack information leakage while
reading configuration [CVE-2016-5105] (#1339583)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1337502 - CVE-2016-4439 Qemu: scsi: esp: OOB write while writing to
's->cmdbuf' in esp_reg_write
https://bugzilla.redhat.com/show_bug.cgi?id=1337502
[ 2 ] Bug #1337505 - CVE-2016-4441 Qemu: scsi: esp: OOB write while writing to
's->cmdbuf' in get_cmd
https://bugzilla.redhat.com/show_bug.cgi?id=1337505
[ 3 ] Bug #1339578 - CVE-2016-5106 Qemu: scsi: megasas: out-of-bounds write while
setting controller properties
https://bugzilla.redhat.com/show_bug.cgi?id=1339578
[ 4 ] Bug #1339583 - CVE-2016-5105 Qemu: scsi: megasas: stack information leakage while
reading configuration
https://bugzilla.redhat.com/show_bug.cgi?id=1339583
[ 5 ] Bug #1339123 - CVE-2014-3672 xen: Unrestricted qemu logging
https://bugzilla.redhat.com/show_bug.cgi?id=1339123
--------------------------------------------------------------------------------