The following Fedora 24 Security updates need testing:
Age URL
93
https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08
squid-3.5.23-1.fc24
86
https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24
48
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba
runc-1.0.0-5.rc2.gitc91b5be.fc24
29
https://bodhi.fedoraproject.org/updates/FEDORA-2017-4b176c1694 redis-3.2.8-1.fc24
8
https://bodhi.fedoraproject.org/updates/FEDORA-2017-922652dd9c
mbedtls-2.4.2-1.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-68cdc567e9
php-onelogin-php-saml-2.10.5-1.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-05010f0b46
drupal8-8.2.7-1.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-66593c367e
qbittorrent-3.3.11-2.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-0f38995622
webkitgtk4-2.16.0-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-cdc90243db
kernel-4.9.16-100.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-712ffce24d sscg-2.0.4-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2480c7f50
erlang-18.3.4.5-2.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-0fcaf52f1a
moodle-3.1.5-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-9e1ccfe586
firefox-52.0-6.fc24
The following Fedora 24 Critical Path updates have yet to be approved:
Age URL
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-da0912d205
cryptsetup-1.7.4-1.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b643ea40f4 nss-3.29.3-1.0.fc24
nss-softokn-3.29.3-1.0.fc24 nss-util-3.29.3-1.0.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-9850301127
kde-settings-24-8.fc24.1
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-9e1ccfe586
firefox-52.0-6.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-604155a301 vim-8.0.502-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-773986b76c vim-8.0.497-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-cdc90243db
kernel-4.9.16-100.fc24
The following builds have been pushed to Fedora 24 updates-testing
389-ds-base-1.3.5.16-1.fc24
clufter-0.70.0-1.fc24
duplicity-0.7.12-1.fc24
firefox-52.0-6.fc24
haxe-3.4.2-1.fc24
heaptrack-1.0.0-3.fc24
moodle-3.1.5-1.fc24
myman-0.7.0-1.fc24
perl-DateTime-TimeZone-2.01-8.fc24
php-cs-fixer-2.1.2-1.fc24
php-justinrainbow-json-schema5-5.2.0-1.fc24
php-league-flysystem-1.0.37-1.fc24
php-zendframework-zend-navigation-2.8.2-1.fc24
python-ansible-tower-cli-3.1.3-1.fc24
rubygem-fog-libvirt-0.0.3-3.fc24
rubygem-ruby-libvirt-0.7.0-1.fc24
torrent-file-editor-0.3.2-1.fc24
vim-8.0.502-1.fc24
virt-manager-1.4.1-2.fc24
youtube-dl-2017.03.22-1.fc24
Details about builds:
================================================================================
389-ds-base-1.3.5.16-1.fc24 (FEDORA-2017-820e759d0f)
389 Directory Server (base)
--------------------------------------------------------------------------------
Update Information:
Bump version to 1.3.5.16-1
--------------------------------------------------------------------------------
================================================================================
clufter-0.70.0-1.fc24 (FEDORA-2017-f54a74ef5f)
Tool/library for transforming/analyzing cluster configuration formats
--------------------------------------------------------------------------------
Update Information:
- split `-bin` and `-common` packages, the former becoming the only arch-
specific - also move python-specific (entry points, main files) back from `-cli`
package - also rename `python-clufter` to `python2-clufter` (former is a legacy
alias) - also leverage the above modularization to package `python3-clufter` in
parallel - bump upstream package (version rolling the above changes out)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1428382 - clufter shall support Python 3 (follow the distro preference +
enable pcs auxiliary commands to work properly)
https://bugzilla.redhat.com/show_bug.cgi?id=1428382
--------------------------------------------------------------------------------
================================================================================
duplicity-0.7.12-1.fc24 (FEDORA-2017-6403d3a962)
Encrypted bandwidth-efficient backup using rsync algorithm
--------------------------------------------------------------------------------
Update Information:
https://launchpad.net/duplicity/+announcement/14536
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1434625 - duplicity-0.7.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1434625
--------------------------------------------------------------------------------
================================================================================
firefox-52.0-6.fc24 (FEDORA-2017-9e1ccfe586)
Mozilla Firefox Web browser
--------------------------------------------------------------------------------
Update Information:
- Added fix for CVE-2017-5428 - Added fix for mozbz#1158076
--------------------------------------------------------------------------------
================================================================================
haxe-3.4.2-1.fc24 (FEDORA-2017-c31cd5fce4)
Multi-target universal programming language
--------------------------------------------------------------------------------
Update Information:
Update the haxe packages from 3.4.0 to 3.4.2, which is mostly a bug fix release
with non-breaking changes. Details can be found in the changelog:
https://github.com/HaxeFoundation/haxe/blob/3.4.2/extra/CHANGES.txt#L1-L35
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1433543 - haxe-3.4.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1433543
--------------------------------------------------------------------------------
================================================================================
heaptrack-1.0.0-3.fc24 (FEDORA-2017-e960458286)
A heap memory profiler for Linux
--------------------------------------------------------------------------------
Update Information:
Heaptrack traces all memory allocations and annotates these events with stack
traces.Dedicated analysis tools then allow you to interpret the heap memory
profile to: - find hotspots that need to be optimized to reduce the memory
footprint of your application - find memory leaks, i.e. locations that allocate
memory which is never deallocated - find allocation hotspots, i.e. code
locations that trigger a lot of memory allocation calls - find temporary
allocations, which are allocations that are directly followed by their
deallocation
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1431019 - Review Request: heaptrack - A heap memory profiler for Linux
https://bugzilla.redhat.com/show_bug.cgi?id=1431019
--------------------------------------------------------------------------------
================================================================================
moodle-3.1.5-1.fc24 (FEDORA-2017-0fcaf52f1a)
A Course Management System
--------------------------------------------------------------------------------
Update Information:
Update for multiple CVEs
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1434720 - CVE-2017-2641 CVE-2017-2643 CVE-2017-2644 CVE-2017-2645 moodle:
Multiple security vulnerabilities [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1434720
--------------------------------------------------------------------------------
================================================================================
myman-0.7.0-1.fc24 (FEDORA-2017-d5594bf58f)
Text-mode video-game inspired by Namco's Pac-Man
--------------------------------------------------------------------------------
Update Information:
New package - pacman inspired terminal mode game
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1402445 - Review Request: myman - text mode videogame
https://bugzilla.redhat.com/show_bug.cgi?id=1402445
--------------------------------------------------------------------------------
================================================================================
perl-DateTime-TimeZone-2.01-8.fc24 (FEDORA-2017-fab7342cc5)
Time zone object base class and factory
--------------------------------------------------------------------------------
Update Information:
Updated to the latest version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1434807 - perl-DateTime-TimeZone-2.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1434807
--------------------------------------------------------------------------------
================================================================================
php-cs-fixer-2.1.2-1.fc24 (FEDORA-2017-56e216e3c0)
A tool to automatically fix PHP code style
--------------------------------------------------------------------------------
Update Information:
**Changelog for v2.1.2** * bug #2580 NoSpacesAfterFunctionNameFixer - Fix after
dynamic call (SpacePossum, keradus) * bug #2586 NoUnusedImportsFixerTest -
handle FQCN import (keradus) * bug #2587 NoClosingTagFixerTest - handle file
without operations (keradus, SpacePossum) * minor #2552 Initial compatibility
with PHP 7.2-DEV (keradus) * minor #2582 Improve AppVeyor and Travis CI build
time (julienfalque) * minor #2584 NoUnreachableDefaultArgumentValueFixer - fix
typo (chadburrus) * minor #2593 PhpUnitFqcnAnnotationFixer - move test to proper
namespace (keradus) * minor #2596 AppVeyor - update PHP versions (keradus)
**Changelog for v2.1.1** * bug #2547 NoUnneededControlParenthesesFixer - Handle
T_COALESCE in clone (keksa) * bug #2557 BracesFixer - Better comments handling
(SpacePossum) * bug #2558 require symfony/polyfill-xml (SpacePossum) * bug #2560
PhpdocNoAliasTagFixer - Fix circular replacements detection (julienfalque) * bug
#2567 Filename with spaces usage (jaymecd) * bug #2572
NoUnreachableDefaultArgumentValueFixer - Mark as risky (SpacePossum) * minor
#2533 AppVeyor - adjust phpunit version (keradus) * minor #2535 Make .gitignore
entries more specific (julienfalque) * minor #2541 README.rst - provide download
link for latest version (keradus) * minor #2562 Add schema.json (keradus) *
minor #2563 Add deprecation notices tests (julienfalque) * minor #2564 Add rules
configuration by passing json encode config by CLI (SpacePossum) * minor #2569
Make symfony/phpunit-bridge a dev dependency only (julienfalque) * minor #2574
Add xml.xsd (keradus)
--------------------------------------------------------------------------------
================================================================================
php-justinrainbow-json-schema5-5.2.0-1.fc24 (FEDORA-2017-3b442ce6cb)
A library to validate a json schema
--------------------------------------------------------------------------------
Update Information:
A PHP Implementation for validating JSON Structures against a given Schema.
This package provides the library version 5. See
http://json-schema.org/
Autoloader: /usr/share/php/JsonSchema5/autoload.php
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1428926 - Review Request: php-justinrainbow-json-schema5 - A library to
validate a json schema
https://bugzilla.redhat.com/show_bug.cgi?id=1428926
--------------------------------------------------------------------------------
================================================================================
php-league-flysystem-1.0.37-1.fc24 (FEDORA-2017-55eebdf539)
Filesystem abstraction: Many filesystems, one API
--------------------------------------------------------------------------------
Update Information:
**Version 1.0.37** - 2017-03-22 * Space escaping for Pure-FTPd in the FTP
adapter. ---- **Version 1.0.36** - 2017-03-18 * Ensure an FTP connection is
still a resource before closing it. * Made return values of some internal
adapters consistent. * Made 0 a valid FTP username. * Docblock class reference
fixes. * Created a more specific exception for when a mount manage is not found
(with BC).
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zend-navigation-2.8.2-1.fc24 (FEDORA-2017-e9c7359c57)
Zend Framework Navigation component
--------------------------------------------------------------------------------
Update Information:
**Version 2.8.2** - 2017-03-22 - [#40](https://github.com/zendframework/zend-
navigation/pull/40) fixes an incorrect exception thrown from
`Zend\Navigation\Page\Mvc`.
--------------------------------------------------------------------------------
================================================================================
python-ansible-tower-cli-3.1.3-1.fc24 (FEDORA-2017-14c987e166)
A CLI tool for Ansible Tower
--------------------------------------------------------------------------------
Update Information:
update ---- update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1434636 - python-ansible-tower-cli-v3.1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1434636
--------------------------------------------------------------------------------
================================================================================
rubygem-fog-libvirt-0.0.3-3.fc24 (FEDORA-2016-69519948a5)
Module for the 'fog' gem to support libvirt
--------------------------------------------------------------------------------
Update Information:
Update ruby-libvirt to upstream 0.7.0 release. This requires to relax dependency
in fog-libvirt.
--------------------------------------------------------------------------------
================================================================================
rubygem-ruby-libvirt-0.7.0-1.fc24 (FEDORA-2016-69519948a5)
Ruby bindings for LIBVIRT
--------------------------------------------------------------------------------
Update Information:
Update ruby-libvirt to upstream 0.7.0 release. This requires to relax dependency
in fog-libvirt.
--------------------------------------------------------------------------------
================================================================================
torrent-file-editor-0.3.2-1.fc24 (FEDORA-2017-3b52a71657)
Qt based GUI tool designed to create and edit .torrent files
--------------------------------------------------------------------------------
Update Information:
Bump to v0.3.2 ---- Bump to v0.3.1
--------------------------------------------------------------------------------
================================================================================
vim-8.0.502-1.fc24 (FEDORA-2017-604155a301)
The VIM editor
--------------------------------------------------------------------------------
Update Information:
RFE - make vim 8.0 do Rust syntax highlighting
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1406553 - RFE: make vim 8.0 do Rust syntax highlighting
https://bugzilla.redhat.com/show_bug.cgi?id=1406553
--------------------------------------------------------------------------------
================================================================================
virt-manager-1.4.1-2.fc24 (FEDORA-2017-8a1c21cf03)
Desktop tool for managing virtual machines via libvirt
--------------------------------------------------------------------------------
Update Information:
* Fix broken it/ko translations (bz #1433800) ---- * Rebased to version 1.4.1
* storage/nodedev event API support (Jovanka Gulicoska) * UI options for
enabling spice GL (Marc-Andr�� Lureau) * Add default virtio-rng /dev/urandom for
supported guest OS * Cloning and rename support for UEFI VMs (Pavel Hrdina) *
libguestfs inspection UI improvements (Pino Toscano) * virt-install: Add --qemu-
commandline * virt-install: Add --network vhostuser (Chen Hanxiao) * virt-
install: Add --sysinfo (Charles Arnold) * Fix renaming UEFI VMs (bz #1265697) *
Fix unintentional virtio-vga default (bz #1368867) * Use storage events to avoid
incorrect USB dev listing (bz #1389662) * Fix missing dep on libvirt-client (bz
#1416752)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1265697 - Problems with renaming of UEFI VMs
https://bugzilla.redhat.com/show_bug.cgi?id=1265697
--------------------------------------------------------------------------------
================================================================================
youtube-dl-2017.03.22-1.fc24 (FEDORA-2017-b4ee090550)
A small command-line program to download online videos
--------------------------------------------------------------------------------
Update Information:
Updates to the latest release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1424672 - youtube-dl-2017.03.22 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1424672
--------------------------------------------------------------------------------