The following Fedora 24 Security updates need testing:
Age URL
163
https://bodhi.fedoraproject.org/updates/FEDORA-2016-32eaf0c41e redis-3.2.3-1.fc24
60
https://bodhi.fedoraproject.org/updates/FEDORA-2016-93679a91df
jenkins-1.651.3-2.fc24 jenkins-remoting-2.62.3-1.fc24
29
https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08
squid-3.5.23-1.fc24
23
https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24
18
https://bodhi.fedoraproject.org/updates/FEDORA-2016-76d9809fd4
w3m-0.5.3-27.git20161120.fc24
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-c2c2d1be16
docker-latest-1.12.6-1.git51ef5a8.fc24
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-19b0fe001d
runc-1.0.0-3.rc2.gitc91b5be.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-8873ebdb43
ikiwiki-3.20170111-1.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-01c3288bef
wordpress-4.7.1-1.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a73bc7ac5d
fedmsg-0.18.2-1.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d0871e3fd
boomaga-0.8.0-6.git97f52c1.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-1ce2a05ff1
groovy-2.4.5-8.fc24
2
https://bodhi.fedoraproject.org/updates/FEDORA-2017-8308bc2a6e
pdns-recursor-4.0.4-1.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-418398ce60
ansible-2.2.1.0-1.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-12394e2cc7 qemu-2.6.2-6.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bb0b9ddf27 pdns-4.0.3-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-0bf77c4b1b opus-1.1.3-2.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d317f6fb61
webkitgtk4-2.14.3-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-1423c7b4b0
libnl3-3.2.28-4.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-08207fe48b
python-crypto-2.6.1-13.fc24
The following Fedora 24 Critical Path updates have yet to be approved:
Age URL
15
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8b3063d71c
redhat-rpm-config-42-2.fc24
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-2153a45ba5
nautilus-3.20.4-1.fc24
9
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7585703fbe
selinux-policy-3.13.1-191.24.fc24
8
https://bodhi.fedoraproject.org/updates/FEDORA-2017-78a478cd32
NetworkManager-1.2.6-1.fc24
8
https://bodhi.fedoraproject.org/updates/FEDORA-2017-984be5f703
policycoreutils-2.5-16.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-07cfb2b5de
python-2.7.13-1.fc24 python-docs-2.7.13-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ca6b7e74c6
kernel-4.9.4-100.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-3ccaa742bb
linux-firmware-20161205-69.git91ddce49.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-bbb320ba18
firefox-50.1.0-3.fc24 nss-3.28.1-1.2.fc24 nss-softokn-3.28.1-1.0.fc24
nss-util-3.28.1-1.0.fc24
The following builds have been pushed to Fedora 24 updates-testing
GeoIP-GeoLite-data-2017.01-1.fc24
aime-8.20170111-1.fc24
brightnessctl-0.2-1.fc24
clang-3.8.1-1.fc24
compiler-rt-3.8.1-1.fc24
converseen-0.9.6-1.fc24
dnf-1.1.10-3.fc24
firefox-50.1.0-3.fc24
flatpak-0.8.1-1.fc24
gfal2-python-1.8.5-1.fc24
ghc-rpm-macros-1.4.18-1.fc24
gnome-shell-extension-pomodoro-0.13.0-1.fc24
golang-github-BurntSushi-toml-0-0.10.git2ceedfe.fc24
golang-github-davecgh-go-spew-0-0.11.git6d21280.fc24
golang-github-emicklei-go-restful-1.1.3-0.11.gitbf50d2b.fc24
golang-github-golang-sys-0-0.9.git8f0908a.fc24
golang-github-kr-text-0-0.10.git6807e77.fc24
golang-github-magiconair-properties-1.7.0-1.fc24
golang-github-rackspace-gophercloud-1.0.0-13.fc24
golang-github-ugorji-go-0-0.8.git5cd0f2b.fc24
golang-github-urfave-cli-1.18.0-0.1.git61f519f.fc24
golang-googlecode-uuid-0-0.11.gitb984ec7.fc24
gramps-4.2.5-3.fc24
hawkey-0.6.3-6.1.fc24
holland-1.0.14-2.fc24
kernel-4.9.4-100.fc24
libnl3-3.2.28-4.fc24
lighttpd-1.4.45-1.fc24
linux-firmware-20161205-69.git91ddce49.fc24
lldb-3.8.1-1.fc24
mod_auth_mellon-0.12.0-3.fc24
mpop-1.2.6-2.fc24
nagios-plugins-2.1.4-3.fc24
nss-3.28.1-1.2.fc24
nss-softokn-3.28.1-1.0.fc24
nss-util-3.28.1-1.0.fc24
ocid-0-0.8.git2e6070f.fc24
opus-1.1.3-2.fc24
os-autoinst-4.4-13.20170104git84d91e6.fc24
pdns-4.0.3-1.fc24
php-aws-sdk3-3.21.0-1.fc24
plee-the-bear-0.7.0-13.fc24
pypolicyd-spf-2.0.1-1.fc24
python-crypto-2.6.1-13.fc24
python-pyvo-0.5.0.1-1.fc24
qlipper-5.0.0-2.fc24
rednotebook-1.14-2.fc24
tunir-0.16.1-1.fc24
tzdata-2016j-2.fc24
vdr-epg-daemon-1.1.79-1.fc24
webfts-2.2.11-1.fc24
webkitgtk4-2.14.3-1.fc24
whohas-0.29.1-5.fc24
xdg-desktop-portal-0.5-1.fc24
Details about builds:
================================================================================
GeoIP-GeoLite-data-2017.01-1.fc24 (FEDORA-2017-00c5e9c1ba)
Free GeoLite IP geolocation country database
--------------------------------------------------------------------------------
Update Information:
Periodic database update.
--------------------------------------------------------------------------------
================================================================================
aime-8.20170111-1.fc24 (FEDORA-2017-59472f3cec)
An application embeddable programming language interpreter
--------------------------------------------------------------------------------
Update Information:
Updated to new 8.20170111 upstream version, fixes rhbz #1413563
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413563 - aime-8.20170111 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1413563
--------------------------------------------------------------------------------
================================================================================
brightnessctl-0.2-1.fc24 (FEDORA-2017-8e2a94b2ee)
Read and control device brightness
--------------------------------------------------------------------------------
Update Information:
update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413787 - brightnessctl-0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1413787
--------------------------------------------------------------------------------
================================================================================
clang-3.8.1-1.fc24 (FEDORA-2017-f646a61098)
A C language family front-end for LLVM
--------------------------------------------------------------------------------
Update Information:
clang and friends 3.8.1 maintenance release
--------------------------------------------------------------------------------
================================================================================
compiler-rt-3.8.1-1.fc24 (FEDORA-2017-f646a61098)
LLVM "compiler-rt" runtime libraries
--------------------------------------------------------------------------------
Update Information:
clang and friends 3.8.1 maintenance release
--------------------------------------------------------------------------------
================================================================================
converseen-0.9.6-1.fc24 (FEDORA-2017-a6fe539b37)
A batch image conversion tool written in C++ with Qt5 and Magick++
--------------------------------------------------------------------------------
Update Information:
- Rebuilt for new upstream version 0.9.6, fixes RHBZ#1414398
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1414398 - converseen-0.9.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1414398
--------------------------------------------------------------------------------
================================================================================
dnf-1.1.10-3.fc24 (FEDORA-2017-bfe06faa3f)
Package manager forked from Yum, using libsolv as a dependency resolver
--------------------------------------------------------------------------------
Update Information:
Prefer obsoletes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1096506 - promoting 'install a' to 'install b' when b
obsoletes a
https://bugzilla.redhat.com/show_bug.cgi?id=1096506
--------------------------------------------------------------------------------
================================================================================
firefox-50.1.0-3.fc24 (FEDORA-2017-bbb320ba18)
Mozilla Firefox Web browser
--------------------------------------------------------------------------------
Update Information:
NSS: * Updates the nss family of packages to upstream NSS 3.28.1. * For details
about new functionality and a list of bugs fixed in this release please see the
upstream releases notes:
https://developer.mozilla.org/en-
US/docs/Mozilla/Projects/NSS/NSS_3.28.1_release_notes * In addition to the
upstream changes, this build re-enables TLS 1.3. Firefox: * Added patch for
nss 3.28.1 (mozbz#1290037) ---- Backport upstream patch for RSA-PSS detection
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1381400 - nss-3.28.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1381400
[ 2 ] Bug #1413182 - Respin the Firefox 50 build to allow early testing of NSS 3.28.1
https://bugzilla.redhat.com/show_bug.cgi?id=1413182
[ 3 ] Bug #1383809 - NSS upgrade breaks openldap
https://bugzilla.redhat.com/show_bug.cgi?id=1383809
--------------------------------------------------------------------------------
================================================================================
flatpak-0.8.1-1.fc24 (FEDORA-2017-775f00491c)
Application deployment framework for desktop apps
--------------------------------------------------------------------------------
Update Information:
Update to 0.8.1
--------------------------------------------------------------------------------
================================================================================
gfal2-python-1.8.5-1.fc24 (FEDORA-2017-8af6f770a5)
Python bindings for gfal 2
--------------------------------------------------------------------------------
Update Information:
Update for new upstream release
--------------------------------------------------------------------------------
================================================================================
ghc-rpm-macros-1.4.18-1.fc24 (FEDORA-2017-1b500012b3)
RPM macros for building Haskell packages for GHC
--------------------------------------------------------------------------------
Update Information:
This update fixes issue with the generated Requires for non-library packages.
--------------------------------------------------------------------------------
================================================================================
gnome-shell-extension-pomodoro-0.13.0-1.fc24 (FEDORA-2017-e8aadffe6f)
A time management utility for GNOME
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release.
--------------------------------------------------------------------------------
================================================================================
golang-github-BurntSushi-toml-0-0.10.git2ceedfe.fc24 (FEDORA-2017-eda84323cd)
TOML parser and encoder for Go with reflection
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1247656 - Tracker for golang-github-BurntSushi-toml
https://bugzilla.redhat.com/show_bug.cgi?id=1247656
--------------------------------------------------------------------------------
================================================================================
golang-github-davecgh-go-spew-0-0.11.git6d21280.fc24 (FEDORA-2017-1eaa4ac406)
Deep pretty printer for Go data structures to aid in debug
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 6d212800a42e8ab5c146b8ace3490ee17e5225f9 ---- Polish the spec
file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1248791 - Tracker for golang-github-davecgh-go-spew
https://bugzilla.redhat.com/show_bug.cgi?id=1248791
--------------------------------------------------------------------------------
================================================================================
golang-github-emicklei-go-restful-1.1.3-0.11.gitbf50d2b.fc24 (FEDORA-2017-816e17b0c4)
Package for building REST-style Web Services using Google Go
--------------------------------------------------------------------------------
Update Information:
Bump to upstream bf50d2be18145391aa3d4339b07195807b25a427
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1215626 - Tracker for golang-github-emicklei-go-restful
https://bugzilla.redhat.com/show_bug.cgi?id=1215626
--------------------------------------------------------------------------------
================================================================================
golang-github-golang-sys-0-0.9.git8f0908a.fc24 (FEDORA-2017-0951a05edb)
Go packages for low-level interaction with the operating system
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 8f0908ab3b2457e2e15403d3697c9ef5cb4b57a9 ---- Polish the spec
file ---- Bump to upstream 62bee037599929a6e9146f29d10dd5208c43507d ----
Bump to upstream 33267e036fd93fcd26ea95b7bdaf2d8306cb743c
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1360748 - update for s390x support
https://bugzilla.redhat.com/show_bug.cgi?id=1360748
--------------------------------------------------------------------------------
================================================================================
golang-github-kr-text-0-0.10.git6807e77.fc24 (FEDORA-2017-74bd5b2727)
Go package for manipulating paragraphs of text
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1248175 - Tracker for golang-github-kr-text
https://bugzilla.redhat.com/show_bug.cgi?id=1248175
--------------------------------------------------------------------------------
================================================================================
golang-github-magiconair-properties-1.7.0-1.fc24 (FEDORA-2017-7dfd9bc821)
Java properties scanner for Go
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 0723e352fa358f9322c938cc2dadda874e9151a9 ---- Polish the spec
file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413067 - Tracker for golang-github-magiconair-properties
https://bugzilla.redhat.com/show_bug.cgi?id=1413067
--------------------------------------------------------------------------------
================================================================================
golang-github-rackspace-gophercloud-1.0.0-13.fc24 (FEDORA-2017-10732c764e)
The Go SDK for Openstack
http://gophercloud.io
--------------------------------------------------------------------------------
Update Information:
Bump to upstream c90cb954266e1bdd6d1914678fd6909fc5fabbfa
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1214774 - Tracker for golang-github-rackspace-gophercloud
https://bugzilla.redhat.com/show_bug.cgi?id=1214774
--------------------------------------------------------------------------------
================================================================================
golang-github-ugorji-go-0-0.8.git5cd0f2b.fc24 (FEDORA-2017-0d7a61d7fd)
Idiomatic codec and rpc lib for msgpack, cbor, json, etc
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 5cd0f2b3b6cca8e3a0a4101821e41a73cb59bed6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1250516 - Tracker for golang-github-ugorji-go
https://bugzilla.redhat.com/show_bug.cgi?id=1250516
--------------------------------------------------------------------------------
================================================================================
golang-github-urfave-cli-1.18.0-0.1.git61f519f.fc24 (FEDORA-2017-8315b46437)
A simple, fast, and fun package for building command line apps in Go
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 61f519fe5e57c2518c03627b194899a105838eba
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1354378 - Review Request: golang-github-urfave-cli - A simple, fast, and fun
package for building command line apps in Go
https://bugzilla.redhat.com/show_bug.cgi?id=1354378
--------------------------------------------------------------------------------
================================================================================
golang-googlecode-uuid-0-0.11.gitb984ec7.fc24 (FEDORA-2017-4a16e607af)
Generates and inspects UUIDs based on RFC 4122 and DCE 1.1
--------------------------------------------------------------------------------
Update Information:
Bump to upstream b984ec7fa9ff9e428bd0cf0abf429384dfbe3e37
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1250523 - Tracker for golang-googlecode-uuid
https://bugzilla.redhat.com/show_bug.cgi?id=1250523
--------------------------------------------------------------------------------
================================================================================
gramps-4.2.5-3.fc24 (FEDORA-2017-aa7fe951fa)
Genealogical Research and Analysis Management Programming System
--------------------------------------------------------------------------------
Update Information:
Fixed file/directory ownership.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413404 - [Packaging] Contents of gramps-common overlap gramps and
gramps-webapp
https://bugzilla.redhat.com/show_bug.cgi?id=1413404
--------------------------------------------------------------------------------
================================================================================
hawkey-0.6.3-6.1.fc24 (FEDORA-2017-bfe06faa3f)
Library providing simplified C and Python API to libsolv
--------------------------------------------------------------------------------
Update Information:
Prefer obsoletes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1096506 - promoting 'install a' to 'install b' when b
obsoletes a
https://bugzilla.redhat.com/show_bug.cgi?id=1096506
--------------------------------------------------------------------------------
================================================================================
holland-1.0.14-2.fc24 (FEDORA-2017-5faa127139)
Pluggable Backup Framework
--------------------------------------------------------------------------------
Update Information:
* Remove example, maatkit, and random subpackages * Move holland.lib.mysql and
holland.lib.lvm modules into their own subpackages
--------------------------------------------------------------------------------
================================================================================
kernel-4.9.4-100.fc24 (FEDORA-2017-ca6b7e74c6)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
This is a rebase to the 4.9 series of kernels. The 4.9.4 update contains a
number of important fixes across the tree.
--------------------------------------------------------------------------------
================================================================================
libnl3-3.2.28-4.fc24 (FEDORA-2017-1423c7b4b0)
Convenience library for kernel netlink sockets
--------------------------------------------------------------------------------
Update Information:
check valid input arguments for nla_reserve() (rh #1414305, CVE-2017-0386)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1414304 - CVE-2017-0386 libnl: Privilege escalation due to insufficient data
checks in nla_reserve and nla_put
https://bugzilla.redhat.com/show_bug.cgi?id=1414304
--------------------------------------------------------------------------------
================================================================================
lighttpd-1.4.45-1.fc24 (FEDORA-2017-3d437470ac)
Lightning fast webserver with light system requirements
--------------------------------------------------------------------------------
Update Information:
1.4.45
https://www.lighttpd.net/2017/1/14/1.4.45/
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413278 - lighttpd-1.4.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1413278
--------------------------------------------------------------------------------
================================================================================
linux-firmware-20161205-69.git91ddce49.fc24 (FEDORA-2017-3ccaa742bb)
Firmware files used by the Linux kernel
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream git snapshot.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413488 - Missing firmware amdgpu/tonga_k_smc.bin
https://bugzilla.redhat.com/show_bug.cgi?id=1413488
--------------------------------------------------------------------------------
================================================================================
lldb-3.8.1-1.fc24 (FEDORA-2017-f646a61098)
Next generation high-performance debugger
--------------------------------------------------------------------------------
Update Information:
clang and friends 3.8.1 maintenance release
--------------------------------------------------------------------------------
================================================================================
mod_auth_mellon-0.12.0-3.fc24 (FEDORA-2017-3798bcc1f5)
A SAML 2.0 authentication module for the Apache Httpd Server
--------------------------------------------------------------------------------
Update Information:
Fixes incorrect Content-Type header in ECP PAOS response, should be
application/vnd.paos+xml
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1414020 - Incorrect Content-Type header in ECP PAOS response, should be
application/vnd.paos+xml
https://bugzilla.redhat.com/show_bug.cgi?id=1414020
--------------------------------------------------------------------------------
================================================================================
mpop-1.2.6-2.fc24 (FEDORA-2017-787446803b)
A client for receiving mail from POP3 mailboxes
--------------------------------------------------------------------------------
Update Information:
Update summary (rhbz#1399621)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1399621 - Typo in Summary
https://bugzilla.redhat.com/show_bug.cgi?id=1399621
--------------------------------------------------------------------------------
================================================================================
nagios-plugins-2.1.4-3.fc24 (FEDORA-2017-60884752c4)
Host/service/network monitoring program plugins for Nagios
--------------------------------------------------------------------------------
Update Information:
Put in patch to fix check_file_age
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1410039 - check_file_age is broken in recent update
https://bugzilla.redhat.com/show_bug.cgi?id=1410039
--------------------------------------------------------------------------------
================================================================================
nss-3.28.1-1.2.fc24 (FEDORA-2017-bbb320ba18)
Network Security Services
--------------------------------------------------------------------------------
Update Information:
NSS: * Updates the nss family of packages to upstream NSS 3.28.1. * For details
about new functionality and a list of bugs fixed in this release please see the
upstream releases notes:
https://developer.mozilla.org/en-
US/docs/Mozilla/Projects/NSS/NSS_3.28.1_release_notes * In addition to the
upstream changes, this build re-enables TLS 1.3. Firefox: * Added patch for
nss 3.28.1 (mozbz#1290037) ---- Backport upstream patch for RSA-PSS detection
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1381400 - nss-3.28.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1381400
[ 2 ] Bug #1413182 - Respin the Firefox 50 build to allow early testing of NSS 3.28.1
https://bugzilla.redhat.com/show_bug.cgi?id=1413182
[ 3 ] Bug #1383809 - NSS upgrade breaks openldap
https://bugzilla.redhat.com/show_bug.cgi?id=1383809
--------------------------------------------------------------------------------
================================================================================
nss-softokn-3.28.1-1.0.fc24 (FEDORA-2017-bbb320ba18)
Network Security Services Softoken Module
--------------------------------------------------------------------------------
Update Information:
NSS: * Updates the nss family of packages to upstream NSS 3.28.1. * For details
about new functionality and a list of bugs fixed in this release please see the
upstream releases notes:
https://developer.mozilla.org/en-
US/docs/Mozilla/Projects/NSS/NSS_3.28.1_release_notes * In addition to the
upstream changes, this build re-enables TLS 1.3. Firefox: * Added patch for
nss 3.28.1 (mozbz#1290037) ---- Backport upstream patch for RSA-PSS detection
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1381400 - nss-3.28.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1381400
[ 2 ] Bug #1413182 - Respin the Firefox 50 build to allow early testing of NSS 3.28.1
https://bugzilla.redhat.com/show_bug.cgi?id=1413182
[ 3 ] Bug #1383809 - NSS upgrade breaks openldap
https://bugzilla.redhat.com/show_bug.cgi?id=1383809
--------------------------------------------------------------------------------
================================================================================
nss-util-3.28.1-1.0.fc24 (FEDORA-2017-bbb320ba18)
Network Security Services Utilities Library
--------------------------------------------------------------------------------
Update Information:
NSS: * Updates the nss family of packages to upstream NSS 3.28.1. * For details
about new functionality and a list of bugs fixed in this release please see the
upstream releases notes:
https://developer.mozilla.org/en-
US/docs/Mozilla/Projects/NSS/NSS_3.28.1_release_notes * In addition to the
upstream changes, this build re-enables TLS 1.3. Firefox: * Added patch for
nss 3.28.1 (mozbz#1290037) ---- Backport upstream patch for RSA-PSS detection
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1381400 - nss-3.28.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1381400
[ 2 ] Bug #1413182 - Respin the Firefox 50 build to allow early testing of NSS 3.28.1
https://bugzilla.redhat.com/show_bug.cgi?id=1413182
[ 3 ] Bug #1383809 - NSS upgrade breaks openldap
https://bugzilla.redhat.com/show_bug.cgi?id=1383809
--------------------------------------------------------------------------------
================================================================================
ocid-0-0.8.git2e6070f.fc24 (FEDORA-2017-e3922e19df)
OCI-based implementation of Kubernetes Container Runtime Interface
--------------------------------------------------------------------------------
Update Information:
packaging changes from Nalin Dahyabhai <nalin(a)redhat.com> ---- Switch locate
to /var/lib/containers for images ---- Resolves: #1392977 - first upload to
Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1392977 - Review Request: ocid - OCI-based implementation of Kubernetes
Container Runtime Interface
https://bugzilla.redhat.com/show_bug.cgi?id=1392977
--------------------------------------------------------------------------------
================================================================================
opus-1.1.3-2.fc24 (FEDORA-2017-0bf77c4b1b)
An audio codec for use in low-delay speech and audio communication
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2017-0381
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413604 - CVE-2017-0381 opus: Memory corruption during media file and data
processing
https://bugzilla.redhat.com/show_bug.cgi?id=1413604
--------------------------------------------------------------------------------
================================================================================
os-autoinst-4.4-13.20170104git84d91e6.fc24 (FEDORA-2017-02c28281d2)
OS-level test automation
--------------------------------------------------------------------------------
Update Information:
This update fixes a bug in the previous os-autoinst package which prevented ARM
tests from running correctly (because a qemu command line parameter was
specified twice, which qemu didn't like).
--------------------------------------------------------------------------------
================================================================================
pdns-4.0.3-1.fc24 (FEDORA-2017-bb0b9ddf27)
A modern, advanced and high performance authoritative-only nameserver
--------------------------------------------------------------------------------
Update Information:
- Update to 4.0.3 - Security fix for CVE-2016-2120, CVE-2016-7068,
CVE-2016-7072, CVE-2016-7073, CVE-2016-7074 Release notes 4.0.2:
https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-402 Release
notes 4.0.3:
https://doc.powerdns.com/md/changelog/#powerdns-authoritative-
server-403
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413517 - CVE-2016-2120 CVE-2016-7068 CVE-2016-7072 CVE-2016-7073
CVE-2016-7074 pdns: Multiple security vulnerabilities fixed in latest versions
https://bugzilla.redhat.com/show_bug.cgi?id=1413517
--------------------------------------------------------------------------------
================================================================================
php-aws-sdk3-3.21.0-1.fc24 (FEDORA-2017-ccef16cd7c)
Amazon Web Services framework for PHP
--------------------------------------------------------------------------------
Update Information:
## 3.21.0 - 2017-01-17 * `Aws\Credentials` - Added support for
AssumeRoleCredentialProvider and support for source ini credentials from
./aws/config file in defaultProvider * `Aws\DynamoDb` - Added tagging Support
for Amazon DynamoDB Tables and Indexes * `Aws\Route53` - Added support for ca-
central-1 and eu-west-2 enum values in CloudWatchRegion enum ## 3.20.16 -
2017-01-16 * Fix manifest ## 3.20.15 - 2017-01-16 * `Aws\Cur` - Added Support
for new service `AWS CostAndUsageReport` ## 3.20.14 - 2017-01-16 *
`Aws\Config` - Updated the models to include InvalidNextTokenException in API
response ## 3.20.13 - 2017-01-04 * `Aws\Config` - Added support for customers
to use/write rules based on OversizedConfigurationItemChangeNotification mesage
type. * `Aws\MarketplaceAnalytics` - Added support for data set
disbursed_amount_by_instance_hours, with historical data available starting
2012-09-04 ## 3.20.12 - 2016-12-29 * `Aws\CodeDeploy` - Added support for IAM
Session Arns in addition to IAM User Arns for on premise host authentication. *
`Aws\Ecs` - Added the ability to customize the placement of tasks on container
instances.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1409217 - php-aws-sdk3-3.21.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1409217
--------------------------------------------------------------------------------
================================================================================
plee-the-bear-0.7.0-13.fc24 (FEDORA-2017-75dae99a36)
2D platform game
--------------------------------------------------------------------------------
Update Information:
* Mon Jan 16 2017 Martin Gansser <martinkg(a)fedoraproject.org> - 0.7.0-13 - set
-DBEAR_ENGINE_LIBRARY_DIRECTORY=%%{_libdir} to global %%libdir - set
-DBEAR_ENGINE_INSTALL_LIBRARY_DIR=%%{_lib} to global %%lib - set
-DPTB_LIBRARY_PATH=%%{_libdir} to global %%libdir - set
-DPTB_INSTALL_CUSTOM_LIBRARY_DIR=%%{_lib} global %%lib - set
-DPTB_LIBRARY_OUTPUT_PATH=%%{_libdir} to global %%libdir - add BR docbook-utils
* Fri Dec 23 2016 Martin Gansser <martinkg(a)fedoraproject.org> - 0.7.0-12 - add
ptb-CMakeLists.patch - add ptb-sequencer-gcc6.patch - add ptb-docbook2man.patch
* Thu Dec 22 2016 Martin Gansser <martinkg(a)fedoraproject.org> - 0.7.0-11 -
unbundle bear - add BR bear-devel - set
-DBEAR_ENGINE_LIBRARY_DIRECTORY=%%{_libdir}/bear - set
-DBEAR_ENGINE_INSTALL_LIBRARY_DIR=%%{_lib}/bear - set
-DBEAR_ROOT_DIRECTORY=%%{_includedir}/bear - delete add_subdirectory( bear ) in
CMakeLists.txt - correct CMAKE_MODULE_PATH in CMakeLists.txt - correct
BEAR_ROOT_DIRECTORY in CMakeLists.txt - correct PTB_LIBRARY_PATH in plee-the-
bear/launcher/src/CMakeLists.txt - porting issue
https://gcc.gnu.org/gcc-6/porting_to.html in plee-the-bear/lib/src/ptb/item
/mini-game/code/sequencer.cpp - convert docbook2man filename taken from .sgml
file to lowercase - spec file cleanup
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1406787 - unbundle bear from plee-the-bear
https://bugzilla.redhat.com/show_bug.cgi?id=1406787
--------------------------------------------------------------------------------
================================================================================
pypolicyd-spf-2.0.1-1.fc24 (FEDORA-2017-6e287bbdc7)
SPF Policy Server for Postfix (Python implementation)
--------------------------------------------------------------------------------
Update Information:
Pypolicyd-spf 2.0.0 is released. The major version was bumped to 2 due to some
incompatibilities with previous releases. Please review the CHANGES file and the
updated documentation for details. ---- Run under python3.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1288718 - policyd-spf issuing traceback on emails from
bilbo2.documentfoundation.org
https://bugzilla.redhat.com/show_bug.cgi?id=1288718
[ 2 ] Bug #1374925 - why is pypolicyd-spf on F24 still using python2
https://bugzilla.redhat.com/show_bug.cgi?id=1374925
--------------------------------------------------------------------------------
================================================================================
python-crypto-2.6.1-13.fc24 (FEDORA-2017-08207fe48b)
Cryptography library for Python
--------------------------------------------------------------------------------
Update Information:
A heap-buffer overflow vulnerability was discovered in pycrypto leading to
arbitrary code execution. All users of pycrypto's AES module that allow the mode
of operation to be specified by an attacker, check for ECB explicitly and create
the objects without specifying an IV are vulnerable to this issue. This is
CVE-2013-7459.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1409754 - CVE-2013-7459 pycrypto: Heap-buffer overflow in ALGobject
structure
https://bugzilla.redhat.com/show_bug.cgi?id=1409754
--------------------------------------------------------------------------------
================================================================================
python-pyvo-0.5.0.1-1.fc24 (FEDORA-2017-71485016ac)
Access to remote data and services of the Virtual observatory (VO) using Python
--------------------------------------------------------------------------------
Update Information:
new version
--------------------------------------------------------------------------------
================================================================================
qlipper-5.0.0-2.fc24 (FEDORA-2017-b09a0096cf)
Lightweight clipboard history
--------------------------------------------------------------------------------
Update Information:
Fixed segfault issue #1402994
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1402994 - [abrt] qlipper: QBasicAtomicInt::ref(): qlipper killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1402994
--------------------------------------------------------------------------------
================================================================================
rednotebook-1.14-2.fc24 (FEDORA-2017-2702ecf3ef)
Daily journal with calendar, templates and keyword searching
--------------------------------------------------------------------------------
Update Information:
Update docs
--------------------------------------------------------------------------------
================================================================================
tunir-0.16.1-1.fc24 (FEDORA-2017-2e5ed654ed)
An ultra light testing system
--------------------------------------------------------------------------------
Update Information:
Updates to bugfix release 0.16.1
--------------------------------------------------------------------------------
================================================================================
tzdata-2016j-2.fc24 (FEDORA-2017-29fb973c87)
Timezone data
--------------------------------------------------------------------------------
Update Information:
Add the zone1970.tab file to the list of files to install.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1414518 - tzselect: time zone files are not set up correctly
https://bugzilla.redhat.com/show_bug.cgi?id=1414518
--------------------------------------------------------------------------------
================================================================================
vdr-epg-daemon-1.1.79-1.fc24 (FEDORA-2017-e3914369ac)
A daemon to download EPG data from internet and manage it in a mysql database
--------------------------------------------------------------------------------
Update Information:
Update to 1.1.79 ---- Update to 1.1.78 ---- Update to 1.1.75
--------------------------------------------------------------------------------
================================================================================
webfts-2.2.11-1.fc24 (FEDORA-2017-bc7e3299a1)
Web Interface for FTS
--------------------------------------------------------------------------------
Update Information:
* new upstream release
--------------------------------------------------------------------------------
================================================================================
webkitgtk4-2.14.3-1.fc24 (FEDORA-2017-d317f6fb61)
GTK+ Web content engine library
--------------------------------------------------------------------------------
Update Information:
This update addresses the following vulnerabilities: *
[
CVE-2016-7656](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7656),
[
CVE-2016-7635](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7635),
[
CVE-2016-7654](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7654),
[
CVE-2016-7639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7639),
[
CVE-2016-7645](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7645),
[
CVE-2016-7652](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7652),
[
CVE-2016-7641](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7641),
[
CVE-2016-7632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7632),
[
CVE-2016-7599](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7599),
[
CVE-2016-7592](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7592),
[
CVE-2016-7589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7589),
[
CVE-2016-7623](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7623),
[
CVE-2016-7586](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7586)
Additional fixes: * Create GLX OpenGL contexts using version 3.2 (core profile)
when available to reduce the memory consumption on Mesa based drivers. * Improve
memory pressure handler to reduce the CPU usage on memory pressure situations. *
Fix a regression in WebKitWebView title notify signal emission that caused the
signal to be emitted multiple times. * Fix high CPU usage in the web process
loading hyphenation dictionaries. More user agent string improvements to improve
compatibility with several websites. * Fix web process crash when closing the
web view in X11. * Fix the build with OpenGL ES2 enabled. * Fix several crashes
and rendering issues. Translation updates: * German.
--------------------------------------------------------------------------------
================================================================================
whohas-0.29.1-5.fc24 (FEDORA-2017-20f1ed2ae6)
Command line tool for query package lists
--------------------------------------------------------------------------------
Update Information:
Fix requirements (rhbz#1412449)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1412449 - Missing perl deps
https://bugzilla.redhat.com/show_bug.cgi?id=1412449
--------------------------------------------------------------------------------
================================================================================
xdg-desktop-portal-0.5-1.fc24 (FEDORA-2017-1358dcf910)
Portal frontend service to flatpak
--------------------------------------------------------------------------------
Update Information:
Update to 0.5
--------------------------------------------------------------------------------