The following Fedora 24 Security updates need testing:
Age URL
23
https://bodhi.fedoraproject.org/updates/FEDORA-2016-71b4804526
imlib2-1.4.8-1.fc24
21
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2e339a7779
optipng-0.7.6-1.fc24
21
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c3387a7dad
squid-3.5.16-1.fc24
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-679c4ddd3c
ansible-2.0.2.0-1.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-aff691237e
roundcubemail-1.1.5-1.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-852a39e085
cacti-0.8.8g-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f3b40fcbc3
jenkins-mailer-plugin-1.17-1.fc24 jenkins-credentials-plugin-1.27-1.fc24
jenkins-script-security-plugin-1.18.1-1.fc24 jenkins-junit-plugin-1.12-1.fc24
jenkins-1.651.1-1.fc24 stapler-1.242-1.fc24 tiger-types-2.2-1.fc24
owasp-java-html-sanitizer-20160422.1-1.fc24 jenkins-remoting-2.57-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8f4b54b005
pgpdump-0.30-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f4e73663f4 php-5.6.21-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0c57b12c7b gd-2.1.1-7.fc24
The following Fedora 24 Critical Path updates have yet to be approved:
Age URL
23
https://bodhi.fedoraproject.org/updates/FEDORA-2016-71b4804526
imlib2-1.4.8-1.fc24
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5e070dcb15 lorax-24.18-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e9df4ff923
libdrm-2.4.68-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-83d227000d
libtdb-1.3.9-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-bb42aec129
selinux-policy-3.13.1-183.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d0e6f02aea
kernel-4.5.2-302.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0f939ef633
firefox-46.0-4.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f104225abc
evolution-data-server-3.20.1-2.fc24 evolution-ews-3.20.1-3.fc24 libsoup-2.54.1-1.fc24
The following builds have been pushed to Fedora 24 updates-testing
RBTools-0.7.6-1.fc24
atomic-devmode-0.3.2-1.fc24
cockpit-0.104-1.fc24
csmock-1.9.2-1.fc24
eclipse-dtp-1.12.0-7.fc24
eclipse-moreunit-3.1.0-2.fc24
erlang-18.3.2-1.fc24
evolution-data-server-3.20.1-2.fc24
evolution-ews-3.20.1-3.fc24
f24-backgrounds-24.1.1-1.fc24
fedora-motd-0.1.2-1.fc24
firefox-46.0-4.fc24
gd-2.1.1-7.fc24
gimagereader-3.1.90-1.fc24
gnome-builder-3.20.2-1.fc24
gnome-sound-recorder-3.19.92-1.fc24
gnome-todo-3.20.1-1.fc24
gperftools-2.5-2.fc24
ibus-typing-booster-1.4.3-1.fc24
jabberpy-0.5-0.31.fc24
jenkins-1.651.1-1.fc24
jenkins-credentials-plugin-1.27-1.fc24
jenkins-junit-plugin-1.12-1.fc24
jenkins-mailer-plugin-1.17-1.fc24
jenkins-remoting-2.57-1.fc24
jenkins-script-security-plugin-1.18.1-1.fc24
kernel-4.5.2-302.fc24
libdrm-2.4.68-1.fc24
libhif-0.2.2-3.fc24
libocrdma-1.0.8-3.fc24
libsoup-2.54.1-1.fc24
libtdb-1.3.9-1.fc24
logwatch-7.4.3-1.fc24
lxc-2.0.0-1.fc24
nodejs-4.4.3-1.fc24
nodejs-buffertools-2.1.3-12.fc24.1
nodejs-fs-ext-0.5.0-9.fc24.1
nodejs-gdal-0.9.0-1.fc24.1
nodejs-i2c-0.2.1-6.fc24.1
nodejs-iconv-2.1.11-8.fc24.1
nodejs-libxmljs-0.17.1-4.fc24.1
nodejs-mapnik-3.5.6-2.fc24.1
nodejs-node-expat-2.3.11-8.fc24.1
nodejs-node-stringprep-0.7.3-9.fc24.1
nodejs-sqlite3-3.1.2-3.fc24.1
nodejs-zipfile-0.5.9-7.fc24.1
owasp-java-html-sanitizer-20160422.1-1.fc24
pencil-2.0.18-1.fc24
perl-CPAN-Perl-Releases-2.68-1.fc24
pgpdump-0.30-1.fc24
php-5.6.21-1.fc24
php-league-flysystem-1.0.22-1.fc24
php-zendframework-zend-servicemanager-2.7.6-1.fc24
primitive-1.2.2-2.fc24
python-astroid-1.4.5-2.fc24
python-eventlet-0.18.4-1.fc24
python-ldap-2.4.25-1.fc24
python-pyldap-2.4.25.1-1.fc24
quassel-0.12.4-1.fc24
scanmem-0.15.7-1.fc24
selinux-policy-3.13.1-183.fc24
shotwell-0.23.0-1.fc24
spyder-2.3.9-1.fc24
stapler-1.242-1.fc24
tiger-types-2.2-1.fc24
traceroute-2.1.0-2.fc24
tripwire-2.4.3.1-10.fc24
vdsm-4.17.9-18.git1379158.fc24
webkitgtk4-2.12.2-1.fc24
wireshark-2.0.3-1.fc24
Details about builds:
================================================================================
RBTools-0.7.6-1.fc24 (FEDORA-2016-6c1818d558)
Tools for use with ReviewBoard
--------------------------------------------------------------------------------
Update Information:
https://www.reviewboard.org/docs/releasenotes/rbtools/0.7.6/
--------------------------------------------------------------------------------
================================================================================
atomic-devmode-0.3.2-1.fc24 (FEDORA-2016-13608a33ba)
Atomic Developer Mode
--------------------------------------------------------------------------------
Update Information:
- Add a new `showpasswd` alias to easily recall the randomly-generated root
password. - Make sure cloud-init doesn't create the default `fedora` user when
running devmode. - Make sure cloud-init doesn't remember anything about this
boot so that per-instance modules are rerun even if the instance-id is the same
(which can happen if a drive with cloud-init metadata is attached; cloud-init
mistakenly merges the drive config info the devmode config and overwrites our
instance-id).
--------------------------------------------------------------------------------
================================================================================
cockpit-0.104-1.fc24 (FEDORA-2016-e5ac6ff0bb)
A user interface for Linux servers
--------------------------------------------------------------------------------
Update Information:
- * Show errors correctly when deleting or modifying user accounts - * Add
support for iSCSI cluster volumes - * Strict Content-Security-Policy in the
dashboard, sosreport and realmd code - * Better list expansion and navigation
behavior across Cockpit - * Don't show 'Computer OU' field when leaving a
domain
- * Remove usage of bootstrap-select - * Show errors properly in performance
profile dialog - * Fix Cluster sidebar to react to window size - * Allow
specifying specific tags in registry image streams - * Make registry project
access policy more visible
--------------------------------------------------------------------------------
================================================================================
csmock-1.9.2-1.fc24 (FEDORA-2016-94edac9199)
A mock wrapper for Static Analysis tools
--------------------------------------------------------------------------------
Update Information:
- update to the latest upstream bugfix release
--------------------------------------------------------------------------------
================================================================================
eclipse-dtp-1.12.0-7.fc24 (FEDORA-2016-9287b54ead)
Eclipse Data Tools Platform
--------------------------------------------------------------------------------
Update Information:
Enable more documentation bundles during the build so as to be more in line with
what is distributed by upstream. Also contains packaging changes to build as a
droplet instead of a dropin on Fedora releases that support that (this helps
with improving Eclipse startup speed.)
--------------------------------------------------------------------------------
================================================================================
eclipse-moreunit-3.1.0-2.fc24 (FEDORA-2016-f7509b46c8)
An Eclipse plugin that assists with writing more unit tests
--------------------------------------------------------------------------------
Update Information:
Patch added to allow building/running on Eclipse Neon.
--------------------------------------------------------------------------------
================================================================================
erlang-18.3.2-1.fc24 (FEDORA-2016-bc253885a7)
General-purpose programming language and runtime environment
--------------------------------------------------------------------------------
Update Information:
* Ver. 18.3.2
--------------------------------------------------------------------------------
================================================================================
evolution-data-server-3.20.1-2.fc24 (FEDORA-2016-f104225abc)
Backend data server for Evolution
--------------------------------------------------------------------------------
Update Information:
Update to the latest upstream release.
--------------------------------------------------------------------------------
================================================================================
evolution-ews-3.20.1-3.fc24 (FEDORA-2016-f104225abc)
Evolution extension for Exchange Web Services
--------------------------------------------------------------------------------
Update Information:
Update to the latest upstream release.
--------------------------------------------------------------------------------
================================================================================
f24-backgrounds-24.1.1-1.fc24 (FEDORA-2016-b5b1c46d5f)
Fedora 24 default desktop background
--------------------------------------------------------------------------------
Update Information:
New version of default wallpaper and its supplements for Fedora 24 are now
available. To use those supplemental wallpapers, install f24-backgrounds-
extras-base and its derivate depending of the desktop environment i.e. f24
-backgrounds-extras-gnome f24-backgrounds-extras-kde f24-backgrounds-
extras-mate f24-backgrounds-extras-xfce
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1329891 - f24-backgrounds-24.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1329891
[ 2 ] Bug #1331122 - f24-backgrounds-24.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1331122
--------------------------------------------------------------------------------
================================================================================
fedora-motd-0.1.2-1.fc24 (FEDORA-2016-7764c675d9)
Fedora MOTD
--------------------------------------------------------------------------------
Update Information:
- Fix detecting rpm-ostree based system - Don't use predicatable name in /tmp -
Cache updateinfo in background on first login post fedora-motd installation -
Don't wait for background jobs to complete in motdgen scripts
--------------------------------------------------------------------------------
================================================================================
firefox-46.0-4.fc24 (FEDORA-2016-0f939ef633)
Mozilla Firefox Web browser
--------------------------------------------------------------------------------
Update Information:
Fix locales Fix builds on secondary arches ---- - New upstream version (46.0)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1315225 - firefox build failure on ppc64le/arm64
https://bugzilla.redhat.com/show_bug.cgi?id=1315225
--------------------------------------------------------------------------------
================================================================================
gd-2.1.1-7.fc24 (FEDORA-2016-0c57b12c7b)
A graphics library for quick creation of PNG or JPEG images
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-3074
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1321893 - CVE-2016-3074 php: Signedness vulnerability causing heap overflow
in libgd
https://bugzilla.redhat.com/show_bug.cgi?id=1321893
--------------------------------------------------------------------------------
================================================================================
gimagereader-3.1.90-1.fc24 (FEDORA-2016-e7a087ea88)
A front-end to tesseract-ocr
--------------------------------------------------------------------------------
Update Information:
Update to version 3.1.90, see
https://github.com/manisandro/gImageReader/releases/tag/v3.1.90 for details.
--------------------------------------------------------------------------------
================================================================================
gnome-builder-3.20.2-1.fc24 (FEDORA-2016-df21d65a46)
IDE for writing GNOME-based software
--------------------------------------------------------------------------------
Update Information:
Update to 3.20.2
--------------------------------------------------------------------------------
================================================================================
gnome-sound-recorder-3.19.92-1.fc24 (FEDORA-2016-8c877aa197)
Make simple recordings from your desktop
--------------------------------------------------------------------------------
Update Information:
Update to 3.19.92 (#1331379)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1331379 - gnome-sound-recorder-3.19.92 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1331379
--------------------------------------------------------------------------------
================================================================================
gnome-todo-3.20.1-1.fc24 (FEDORA-2016-db729be3e1)
Personal task manager for GNOME
--------------------------------------------------------------------------------
Update Information:
Update to 3.20.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1330531 - gnome-todo-3.20.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1330531
--------------------------------------------------------------------------------
================================================================================
gperftools-2.5-2.fc24 (FEDORA-2016-35905c1b42)
Very fast malloc and performance analysis tools
--------------------------------------------------------------------------------
Update Information:
Power64 has libunwind now ---- Update to 2.5 final.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1317206 - gperftools-2.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1317206
--------------------------------------------------------------------------------
================================================================================
ibus-typing-booster-1.4.3-1.fc24 (FEDORA-2016-362d994af3)
A typing booster engine for the IBus platform
--------------------------------------------------------------------------------
Update Information:
update to 1.4.3 ---- update to 1.4.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1331338 - [abrt] ibus-typing-booster:
hunspell_table.py:1278:_process_key_event:AttributeError: 'editor' object has no
attribute 'trans'
https://bugzilla.redhat.com/show_bug.cgi?id=1331338
[ 2 ] Bug #1330461 - [abrt] ibus-typing-booster:
hunspell_table.py:444:update_candidates:AttributeError: 'editor' object has no
attribute '_transliterated_string'
https://bugzilla.redhat.com/show_bug.cgi?id=1330461
--------------------------------------------------------------------------------
================================================================================
jabberpy-0.5-0.31.fc24 (FEDORA-2016-f2860eeeda)
Python xmlstream and jabber IM protocol libs
--------------------------------------------------------------------------------
Update Information:
* provide python3 subpackage * rename jabberpy to python2-jabberpy
--------------------------------------------------------------------------------
================================================================================
jenkins-1.651.1-1.fc24 (FEDORA-2016-f3b40fcbc3)
An extendable open source continuous integration server
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-3102. Update to 1.651.1. Fix dangling symlink
(rhbz#1330472)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1326403 - CVE-2016-3102 jenkins: Groovy sandbox protection incomplete in
Script Security Plugin (SECURITY-258)
https://bugzilla.redhat.com/show_bug.cgi?id=1326403
--------------------------------------------------------------------------------
================================================================================
jenkins-credentials-plugin-1.27-1.fc24 (FEDORA-2016-f3b40fcbc3)
Jenkins Credentials Plugin
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-3102. Update to 1.651.1. Fix dangling symlink
(rhbz#1330472)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1326403 - CVE-2016-3102 jenkins: Groovy sandbox protection incomplete in
Script Security Plugin (SECURITY-258)
https://bugzilla.redhat.com/show_bug.cgi?id=1326403
--------------------------------------------------------------------------------
================================================================================
jenkins-junit-plugin-1.12-1.fc24 (FEDORA-2016-f3b40fcbc3)
Jenkins JUnit Plugin
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-3102. Update to 1.651.1. Fix dangling symlink
(rhbz#1330472)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1326403 - CVE-2016-3102 jenkins: Groovy sandbox protection incomplete in
Script Security Plugin (SECURITY-258)
https://bugzilla.redhat.com/show_bug.cgi?id=1326403
--------------------------------------------------------------------------------
================================================================================
jenkins-mailer-plugin-1.17-1.fc24 (FEDORA-2016-f3b40fcbc3)
Jenkins Mailer Plugin
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-3102. Update to 1.651.1. Fix dangling symlink
(rhbz#1330472)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1326403 - CVE-2016-3102 jenkins: Groovy sandbox protection incomplete in
Script Security Plugin (SECURITY-258)
https://bugzilla.redhat.com/show_bug.cgi?id=1326403
--------------------------------------------------------------------------------
================================================================================
jenkins-remoting-2.57-1.fc24 (FEDORA-2016-f3b40fcbc3)
Jenkins remoting module
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-3102. Update to 1.651.1. Fix dangling symlink
(rhbz#1330472)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1326403 - CVE-2016-3102 jenkins: Groovy sandbox protection incomplete in
Script Security Plugin (SECURITY-258)
https://bugzilla.redhat.com/show_bug.cgi?id=1326403
--------------------------------------------------------------------------------
================================================================================
jenkins-script-security-plugin-1.18.1-1.fc24 (FEDORA-2016-f3b40fcbc3)
Jenkins Script Security Plugin
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-3102. Update to 1.651.1. Fix dangling symlink
(rhbz#1330472)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1326403 - CVE-2016-3102 jenkins: Groovy sandbox protection incomplete in
Script Security Plugin (SECURITY-258)
https://bugzilla.redhat.com/show_bug.cgi?id=1326403
--------------------------------------------------------------------------------
================================================================================
kernel-4.5.2-302.fc24 (FEDORA-2016-d0e6f02aea)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
fix imx-ipuv3-crtc module autoloading
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1321330 - on i.mx6 systems the console does not start correctly
https://bugzilla.redhat.com/show_bug.cgi?id=1321330
--------------------------------------------------------------------------------
================================================================================
libdrm-2.4.68-1.fc24 (FEDORA-2016-e9df4ff923)
Direct Rendering Manager runtime library
--------------------------------------------------------------------------------
Update Information:
Update to 2.4.68
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1331381 - libdrm-2.4.68 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1331381
--------------------------------------------------------------------------------
================================================================================
libhif-0.2.2-3.fc24 (FEDORA-2016-1f7048425f)
Simple package library built on top of hawkey and librepo
--------------------------------------------------------------------------------
Update Information:
This update fixes an issue where installs / updates done through PackageKit
incorrectly marked packages as dependencies where they should have been marked
as user installed, causing 'dnf autoremove' to subsequently remove them.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1259865 - call `dnf mark install <pkgs...>`on packages installed from
PK
https://bugzilla.redhat.com/show_bug.cgi?id=1259865
--------------------------------------------------------------------------------
================================================================================
libocrdma-1.0.8-3.fc24 (FEDORA-2016-c22b459394)
User-space Library for Emulex ROCE Device
--------------------------------------------------------------------------------
Update Information:
Initial submission of user-space library for Emulex RoCE adapters
--------------------------------------------------------------------------------
================================================================================
libsoup-2.54.1-1.fc24 (FEDORA-2016-f104225abc)
Soup, an HTTP library implementation
--------------------------------------------------------------------------------
Update Information:
Update to the latest upstream release.
--------------------------------------------------------------------------------
================================================================================
libtdb-1.3.9-1.fc24 (FEDORA-2016-83d227000d)
The tdb library
--------------------------------------------------------------------------------
Update Information:
New tdb upstream release, required for samba-ad-dc work
--------------------------------------------------------------------------------
================================================================================
logwatch-7.4.3-1.fc24 (FEDORA-2016-0f06ad0395)
A log file analysis program
--------------------------------------------------------------------------------
Update Information:
Update to 7.4.3 (#1331255)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1331255 - Update logwatch to 7.4.3
https://bugzilla.redhat.com/show_bug.cgi?id=1331255
--------------------------------------------------------------------------------
================================================================================
lxc-2.0.0-1.fc24 (FEDORA-2016-a8d8b3db26)
Linux Resource Containers
--------------------------------------------------------------------------------
Update Information:
Update LXC to the latest released version.
--------------------------------------------------------------------------------
================================================================================
nodejs-4.4.3-1.fc24 (FEDORA-2016-2d314bc898)
JavaScript runtime
--------------------------------------------------------------------------------
Update Information:
The Fedora Project has elected to downgrade to the Node.js 4.x LTS release for
its stable releases due to the short compatibility lifecycle of the 5.x feature
releases. The Node.js 4.x release will be supported upstream for the full
lifetime of Fedora 24.
--------------------------------------------------------------------------------
================================================================================
nodejs-buffertools-2.1.3-12.fc24.1 (FEDORA-2016-2d314bc898)
Working with node.js buffers made easy
--------------------------------------------------------------------------------
Update Information:
The Fedora Project has elected to downgrade to the Node.js 4.x LTS release for
its stable releases due to the short compatibility lifecycle of the 5.x feature
releases. The Node.js 4.x release will be supported upstream for the full
lifetime of Fedora 24.
--------------------------------------------------------------------------------
================================================================================
nodejs-fs-ext-0.5.0-9.fc24.1 (FEDORA-2016-2d314bc898)
Extensions to core 'fs' module for Node.js
--------------------------------------------------------------------------------
Update Information:
The Fedora Project has elected to downgrade to the Node.js 4.x LTS release for
its stable releases due to the short compatibility lifecycle of the 5.x feature
releases. The Node.js 4.x release will be supported upstream for the full
lifetime of Fedora 24.
--------------------------------------------------------------------------------
================================================================================
nodejs-gdal-0.9.0-1.fc24.1 (FEDORA-2016-2d314bc898)
Node.js bindings to GDAL
--------------------------------------------------------------------------------
Update Information:
The Fedora Project has elected to downgrade to the Node.js 4.x LTS release for
its stable releases due to the short compatibility lifecycle of the 5.x feature
releases. The Node.js 4.x release will be supported upstream for the full
lifetime of Fedora 24.
--------------------------------------------------------------------------------
================================================================================
nodejs-i2c-0.2.1-6.fc24.1 (FEDORA-2016-2d314bc898)
Node.js native bindings for i2c-dev
--------------------------------------------------------------------------------
Update Information:
The Fedora Project has elected to downgrade to the Node.js 4.x LTS release for
its stable releases due to the short compatibility lifecycle of the 5.x feature
releases. The Node.js 4.x release will be supported upstream for the full
lifetime of Fedora 24.
--------------------------------------------------------------------------------
================================================================================
nodejs-iconv-2.1.11-8.fc24.1 (FEDORA-2016-2d314bc898)
Text recoding in JavaScript for fun and profit
--------------------------------------------------------------------------------
Update Information:
The Fedora Project has elected to downgrade to the Node.js 4.x LTS release for
its stable releases due to the short compatibility lifecycle of the 5.x feature
releases. The Node.js 4.x release will be supported upstream for the full
lifetime of Fedora 24.
--------------------------------------------------------------------------------
================================================================================
nodejs-libxmljs-0.17.1-4.fc24.1 (FEDORA-2016-2d314bc898)
Node.js module that provides libxml bindings for the v8 javascript engine
--------------------------------------------------------------------------------
Update Information:
The Fedora Project has elected to downgrade to the Node.js 4.x LTS release for
its stable releases due to the short compatibility lifecycle of the 5.x feature
releases. The Node.js 4.x release will be supported upstream for the full
lifetime of Fedora 24.
--------------------------------------------------------------------------------
================================================================================
nodejs-mapnik-3.5.6-2.fc24.1 (FEDORA-2016-2d314bc898)
Bindings to Mapnik tile rendering library for Node.js
--------------------------------------------------------------------------------
Update Information:
The Fedora Project has elected to downgrade to the Node.js 4.x LTS release for
its stable releases due to the short compatibility lifecycle of the 5.x feature
releases. The Node.js 4.x release will be supported upstream for the full
lifetime of Fedora 24.
--------------------------------------------------------------------------------
================================================================================
nodejs-node-expat-2.3.11-8.fc24.1 (FEDORA-2016-2d314bc898)
Fast libexpat XML SAX parser binding for Node.js
--------------------------------------------------------------------------------
Update Information:
The Fedora Project has elected to downgrade to the Node.js 4.x LTS release for
its stable releases due to the short compatibility lifecycle of the 5.x feature
releases. The Node.js 4.x release will be supported upstream for the full
lifetime of Fedora 24.
--------------------------------------------------------------------------------
================================================================================
nodejs-node-stringprep-0.7.3-9.fc24.1 (FEDORA-2016-2d314bc898)
ICU StringPrep profiles for Node.js
--------------------------------------------------------------------------------
Update Information:
The Fedora Project has elected to downgrade to the Node.js 4.x LTS release for
its stable releases due to the short compatibility lifecycle of the 5.x feature
releases. The Node.js 4.x release will be supported upstream for the full
lifetime of Fedora 24.
--------------------------------------------------------------------------------
================================================================================
nodejs-sqlite3-3.1.2-3.fc24.1 (FEDORA-2016-2d314bc898)
Asynchronous, non-blocking SQLite3 bindings for Node.js
--------------------------------------------------------------------------------
Update Information:
The Fedora Project has elected to downgrade to the Node.js 4.x LTS release for
its stable releases due to the short compatibility lifecycle of the 5.x feature
releases. The Node.js 4.x release will be supported upstream for the full
lifetime of Fedora 24.
--------------------------------------------------------------------------------
================================================================================
nodejs-zipfile-0.5.9-7.fc24.1 (FEDORA-2016-2d314bc898)
C++ library for handling zipfiles in Node.js
--------------------------------------------------------------------------------
Update Information:
The Fedora Project has elected to downgrade to the Node.js 4.x LTS release for
its stable releases due to the short compatibility lifecycle of the 5.x feature
releases. The Node.js 4.x release will be supported upstream for the full
lifetime of Fedora 24.
--------------------------------------------------------------------------------
================================================================================
owasp-java-html-sanitizer-20160422.1-1.fc24 (FEDORA-2016-f3b40fcbc3)
A fast HTML Sanitizer written in Java
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-3102. Update to 1.651.1. Fix dangling symlink
(rhbz#1330472)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1326403 - CVE-2016-3102 jenkins: Groovy sandbox protection incomplete in
Script Security Plugin (SECURITY-258)
https://bugzilla.redhat.com/show_bug.cgi?id=1326403
--------------------------------------------------------------------------------
================================================================================
pencil-2.0.18-1.fc24 (FEDORA-2016-ed4511dab5)
A sketching and GUI prototyping tool
--------------------------------------------------------------------------------
Update Information:
New upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1327652 - Pencil continues under a new upstream maintainer
https://bugzilla.redhat.com/show_bug.cgi?id=1327652
--------------------------------------------------------------------------------
================================================================================
perl-CPAN-Perl-Releases-2.68-1.fc24 (FEDORA-2016-23bb741cf6)
Mapping Perl releases on CPAN to the location of the tarballs
--------------------------------------------------------------------------------
Update Information:
Updated to the latest version ---- Updated to the latest version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1331193 - perl-CPAN-Perl-Releases-2.68 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1331193
[ 2 ] Bug #1329860 - perl-CPAN-Perl-Releases-2.66 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1329860
--------------------------------------------------------------------------------
================================================================================
pgpdump-0.30-1.fc24 (FEDORA-2016-8f4b54b005)
PGP packet visualizer
--------------------------------------------------------------------------------
Update Information:
CVE-2016-4021 pgpdump: endless loop parsing specially crafted input
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1328351 - CVE-2016-4021 pgpdump: endless loop parsing specially crafted
input
https://bugzilla.redhat.com/show_bug.cgi?id=1328351
--------------------------------------------------------------------------------
================================================================================
php-5.6.21-1.fc24 (FEDORA-2016-f4e73663f4)
PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:
28 Apr 2016, **PHP 5.6.21** ** Core: ** * Fixed bug #69537 (__debugInfo with
empty string for key gives error). (krakjoe) * Fixed bug #71841 (EG(error_zval)
is not handled well). (Laruence) **BCmath:** * Fixed bug #72093 (bcpowmod
accepts negative scale and corrupts _one_ definition). (Stas) **Curl:** *
Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string). (Michael
Sierks) **Date:** * Fixed bug #71889 (DateInterval::format Segmentation
fault). (Thomas Punt) **EXIF:** * Fixed bug #72094 (Out of bounds heap read
access in exif header processing). (Stas) **GD:** * Fixed bug #71952
(Corruption inside imageaffinematrixget). (Stas) * Fixed bug #71912 (libgd:
signedness vulnerability). (Stas) **Intl:** * Fixed bug #72061 (Out-of-bounds
reads in zif_grapheme_stripos with negative offset). (Stas) **OCI8:** * Fixed
bug #71422 (Fix ORA-01438: value larger than specified precision allowed for
this column). (Chris Jones) **ODBC:** * Fixed bug #63171 (Script hangs after
max_execution_time). (Remi) **Opcache:** * Fixed bug #71843 (null ptr deref
ZEND_RETURN_SPEC_CONST_HANDLER). (Laruence) **PDO:** * Fixed bug #52098 (Own
PDOStatement implementation ignore __call()). (Daniel Kalaspuffar, Julien) *
Fixed bug #71447 (Quotes inside comments not properly handled). (Matteo)
**Postgres:** * Fixed bug #71820 (pg_fetch_object binds parameters before call
constructor). (Anatol) **SPL:** * Fixed bug #67582 (Cloned SplObjectStorage
with overwritten getHash fails offsetExists()). (Nikita) **Standard:** * Fixed
bug #71840 (Unserialize accepts wrongly data). (Ryat, Laruence) * Fixed bug
#67512 (php_crypt() crashes if crypt_r() does not exist or _REENTRANT is not
defined). (Nikita) **XML:** * Fixed bug #72099 (xml_parse_into_struct
segmentation fault). (Stas)
--------------------------------------------------------------------------------
================================================================================
php-league-flysystem-1.0.22-1.fc24 (FEDORA-2016-405a29fec9)
Filesystem abstraction: Many filesystems, one API
--------------------------------------------------------------------------------
Update Information:
**Version 1.0.22** - 2016-04-28 * Fix root directory creation problem #632
---- **Version 1.0.21** - 2016-04-22 * Explicitly return false when a has
call receives an empty filename. * MounManager copy and move operators now
comply to the Filesystem's signature.
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zend-servicemanager-2.7.6-1.fc24 (FEDORA-2016-1377c1fe6e)
Zend Framework ServiceManager component
--------------------------------------------------------------------------------
Update Information:
** zend-servicemanager 2.7.6 ** - [#116](https://github.com/zendframework/zend-
servicemanager/pull/116) updates `ServiceLocatorInterface` to extend container-
interop's `ContainerInterface`, as the definitions are compatible. This change
will mean that implementing `ServiceLocatorInterface` will provide a
`ContainerInterface` implementation.
--------------------------------------------------------------------------------
================================================================================
primitive-1.2.2-2.fc24 (FEDORA-2016-12700be6f6)
Utility methods for Java's primitive types
--------------------------------------------------------------------------------
Update Information:
initial rpm package build required by cassandra
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1329201 - Review Request: primitive - Utility methods for Java's
primitive types
https://bugzilla.redhat.com/show_bug.cgi?id=1329201
--------------------------------------------------------------------------------
================================================================================
python-astroid-1.4.5-2.fc24 (FEDORA-2016-78da3f97b6)
Python Abstract Syntax Tree New Generation
--------------------------------------------------------------------------------
Update Information:
- Ignore PyGIWarning (#1330651) Upstream PR
https://github.com/PyCQA/astroid/pull/333
--------------------------------------------------------------------------------
================================================================================
python-eventlet-0.18.4-1.fc24 (FEDORA-2016-15997349a0)
Highly concurrent networking library
--------------------------------------------------------------------------------
Update Information:
Version 0.18 update.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1329993 - python-eventlet 0.18 RPM is needed
https://bugzilla.redhat.com/show_bug.cgi?id=1329993
--------------------------------------------------------------------------------
================================================================================
python-ldap-2.4.25-1.fc24 (FEDORA-2016-b45dff8c30)
An object-oriented API to access LDAP directory servers
--------------------------------------------------------------------------------
Update Information:
New upstream releases 2.4.25
--------------------------------------------------------------------------------
================================================================================
python-pyldap-2.4.25.1-1.fc24 (FEDORA-2016-b45dff8c30)
An object-oriented Python API to access LDAP directory servers
--------------------------------------------------------------------------------
Update Information:
New upstream releases 2.4.25
--------------------------------------------------------------------------------
================================================================================
quassel-0.12.4-1.fc24 (FEDORA-2016-bf916bcc04)
A modern distributed IRC system
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream quassel release, 0.12.4
--------------------------------------------------------------------------------
================================================================================
scanmem-0.15.7-1.fc24 (FEDORA-2016-6d99dcb21f)
Memory scanner
--------------------------------------------------------------------------------
Update Information:
Update to 0.5.17
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1330792 - scanmem-v0.15.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1330792
--------------------------------------------------------------------------------
================================================================================
selinux-policy-3.13.1-183.fc24 (FEDORA-2016-bb42aec129)
SELinux policy configuration
--------------------------------------------------------------------------------
Update Information:
More info:
http://koji.fedoraproject.org/koji/buildinfo?buildID=758087
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1306243 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1306243
[ 2 ] Bug #1313464 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1313464
[ 3 ] Bug #1323177 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1323177
[ 4 ] Bug #1327909 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1327909
[ 5 ] Bug #1330448 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1330448
[ 6 ] Bug #1330895 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1330895
[ 7 ] Bug #1330970 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1330970
[ 8 ] Bug #1324453 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1324453
--------------------------------------------------------------------------------
================================================================================
shotwell-0.23.0-1.fc24 (FEDORA-2016-cad2916217)
A photo organizer for the GNOME desktop
--------------------------------------------------------------------------------
Update Information:
Update Shotwell to the latest released version.
--------------------------------------------------------------------------------
================================================================================
spyder-2.3.9-1.fc24 (FEDORA-2016-fc6067c343)
Scientific Python Development Environment
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream version
--------------------------------------------------------------------------------
================================================================================
stapler-1.242-1.fc24 (FEDORA-2016-f3b40fcbc3)
Stapler Java web framework
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-3102. Update to 1.651.1. Fix dangling symlink
(rhbz#1330472)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1326403 - CVE-2016-3102 jenkins: Groovy sandbox protection incomplete in
Script Security Plugin (SECURITY-258)
https://bugzilla.redhat.com/show_bug.cgi?id=1326403
--------------------------------------------------------------------------------
================================================================================
tiger-types-2.2-1.fc24 (FEDORA-2016-f3b40fcbc3)
Type arithmetic library for Java5
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-3102. Update to 1.651.1. Fix dangling symlink
(rhbz#1330472)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1326403 - CVE-2016-3102 jenkins: Groovy sandbox protection incomplete in
Script Security Plugin (SECURITY-258)
https://bugzilla.redhat.com/show_bug.cgi?id=1326403
--------------------------------------------------------------------------------
================================================================================
traceroute-2.1.0-2.fc24 (FEDORA-2016-3fba0b6c95)
Traces the route taken by packets over an IPv4/IPv6 network
--------------------------------------------------------------------------------
Update Information:
Provide hardened build (#1330514)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1330514 - Harden all packages: traceroute executables should use PIE and have
RELRO enabled
https://bugzilla.redhat.com/show_bug.cgi?id=1330514
--------------------------------------------------------------------------------
================================================================================
tripwire-2.4.3.1-10.fc24 (FEDORA-2016-9fd6c93cf9)
IDS (Intrusion Detection System)
--------------------------------------------------------------------------------
Update Information:
update to 2.4.3.1
--------------------------------------------------------------------------------
================================================================================
vdsm-4.17.9-18.git1379158.fc24 (FEDORA-2016-c6a6777690)
Virtual Desktop Server Manager
--------------------------------------------------------------------------------
Update Information:
Spec cleanups to fix FTBFS
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1308224 - vdsm: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1308224
--------------------------------------------------------------------------------
================================================================================
webkitgtk4-2.12.2-1.fc24 (FEDORA-2016-4340460762)
GTK+ Web content engine library
--------------------------------------------------------------------------------
Update Information:
This update brings the following changes: - Fix rendering of scrollbars with
GTK themes using stepper buttons. - Fix compatibility issue with 2.12.1
regarding local storage access from file URLs. - Make menu list buttons use
the text color from the theme. - Do not show resize grip in non-resizable text
fields. - Fix accessibility events causing Orca to echo key presses instead of
speaking the inserted characters in password fields. - Fix an off by one
error in hyphenation. - Fix several crashes and rendering issues. - Fix the
build with libjpeg v9. - Translation updates: Bulgarian, Finnish, Greek,
Italian, Turkish.
--------------------------------------------------------------------------------
================================================================================
wireshark-2.0.3-1.fc24 (FEDORA-2016-4c4fc9552b)
Network traffic analyzer
--------------------------------------------------------------------------------
Update Information:
Ver. 2.0.3
--------------------------------------------------------------------------------