The following Fedora 25 Security updates need testing:
Age URL
85
https://bodhi.fedoraproject.org/updates/FEDORA-2016-9b3ed5f170
chicken-4.11.0-3.fc25
36
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6dd3bc37c3
compat-guile18-1.8.8-14.fc25
16
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0c4e822340
memcached-1.4.33-1.fc25
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-cde4525fab moin-1.9.9-1.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-88de1a90e7
perl-DBD-MySQL-4.039-1.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4cf3e3f488
zathura-pdf-mupdf-0.3.0-3.fc25 mujs-0-6.20161031gita0ceaf5.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-95b1be8a3d
drupal7-7.52-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-24478a88fe
python-tornado-4.4.2-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5a625412c2
vagrant-1.8.5-2.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-df20b90635
teeworlds-0.6.4-2.fc25
The following Fedora 25 Critical Path updates have yet to be approved:
Age URL
40
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6cb65ea55b
pungi-4.1.10-1.fc25
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-9f4e63509f rpm-4.13.0-4.fc25
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d90406113
firewalld-0.4.4.1-1.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-56cfdb6815
nss-3.27.0-1.3.fc25
2
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d644b5167a
libindicator-12.10.1-8.fc25
The following builds have been pushed to Fedora 25 updates-testing
clustal-omega-1.2.3-1.fc25
compizconfig-python-0.8.12.1-3.fc25
composer-1.2.2-2.fc25
cpuid-20161114-2.fc25
docker-1.12.3-9.git47e22f2.fc25
etcd-3.0.15-1.fc25
golang-1.7.3-2.fc25
gtk-gnutella-1.1.11-1.fc25
guayadeque-0.4.3-0.1.beta1gitaf526c9.fc25
hitch-1.4.3-1.fc25
hub-2.2.9-1.fc25
javapackages-tools-4.7.0-6.1.fc25
kubernetes-1.4.5-3.fc25
libva-1.7.3-1.fc25
libwebsockets-2.1.0-2.fc25
link-grammar-5.3.12-1.fc25
memkind-1.3.0-1.fc25
mosquitto-1.4.10-1.fc25
mpop-1.2.6-1.fc25
nfs-utils-1.3.4-1.rc3.fc25
percolator-3.01-1.fc25
perl-Convert-Base64-0.001-1.fc25
perl-Mail-JMAPTalk-0.02-1.fc25
perl-NNTPClient-0.37-1.fc25
php-phpunit-PHP-TokenStream-1.4.9-1.fc25
php-phpunit-PHPUnit-5.6.3-1.fc25
php-phpunit-comparator-1.2.1-1.fc25
php-sebastian-object-enumerator-1.0.1-1.fc25
php-sebastian-recursion-context-1.0.4-1.fc25
python-tornado-4.4.2-1.fc25
rubygem-domain_name-0.5.20161021-1.fc25
teeworlds-0.6.4-2.fc25
vagrant-1.8.5-2.fc25
xorg-x11-drv-synaptics-1.9.0-1.fc25
Details about builds:
================================================================================
clustal-omega-1.2.3-1.fc25 (FEDORA-2016-5f2e3f3a3d)
Clustal Omega is a command-line multiple sequence alignment tool
--------------------------------------------------------------------------------
Update Information:
Update to 1.2.3
--------------------------------------------------------------------------------
================================================================================
compizconfig-python-0.8.12.1-3.fc25 (FEDORA-2016-b010ccdf8f)
Python bindings for the Compiz Configuration System
--------------------------------------------------------------------------------
Update Information:
- include ppc64 arch
--------------------------------------------------------------------------------
================================================================================
composer-1.2.2-2.fc25 (FEDORA-2016-bbcaed7df6)
Dependency Manager for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 1.2.2** - 2016-11-03 * Fixed selection of packages based on
stability to be independent from package repository order * Fixed
POST_DEPENDENCIES_SOLVING not containing some operations in edge cases * Fixed
issue handling GitLab URLs containing dots and other special characters *
Fixed issue on Windows when running composer at the root of a drive * Minor
fixes Packaging change: * global installed commands are now available in the
user default PATH
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1394577 - Global Composer binaries not available
https://bugzilla.redhat.com/show_bug.cgi?id=1394577
--------------------------------------------------------------------------------
================================================================================
cpuid-20161114-2.fc25 (FEDORA-2016-738f383c41)
Dumps information about the CPU(s)
--------------------------------------------------------------------------------
Update Information:
Update license is now GPLv2+ and no longer MIT ---- Update to new upstream
version 20161114 (rhbz#1394984)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1394984 - cpuid-20161114.src is available
https://bugzilla.redhat.com/show_bug.cgi?id=1394984
--------------------------------------------------------------------------------
================================================================================
docker-1.12.3-9.git47e22f2.fc25 (FEDORA-2016-0817241892)
Automates deployment of containerized applications
--------------------------------------------------------------------------------
Update Information:
built docker @projectatomic/docker-1.12 commit 47e22f2 ---- built docker
@projectatomic/docker-1.12 commit 47e22f2
--------------------------------------------------------------------------------
================================================================================
etcd-3.0.15-1.fc25 (FEDORA-2016-bb8221ff35)
A highly-available key value store for shared configuration
--------------------------------------------------------------------------------
Update Information:
Update to v3.0.15
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1382965 - etcd-v3.0.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1382965
--------------------------------------------------------------------------------
================================================================================
golang-1.7.3-2.fc25 (FEDORA-2016-0aae3021b3)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
Re-enable p224 curve.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1038683 - golang appears to contain an ECC implementation
https://bugzilla.redhat.com/show_bug.cgi?id=1038683
[ 2 ] Bug #1379484 - P224 support for golang
https://bugzilla.redhat.com/show_bug.cgi?id=1379484
--------------------------------------------------------------------------------
================================================================================
gtk-gnutella-1.1.11-1.fc25 (FEDORA-2016-76f4afb30d)
GUI based Gnutella Client
--------------------------------------------------------------------------------
Update Information:
Update to 1.1.11
--------------------------------------------------------------------------------
================================================================================
guayadeque-0.4.3-0.1.beta1gitaf526c9.fc25 (FEDORA-2016-671361bd03)
Music player
--------------------------------------------------------------------------------
Update Information:
Update to 0.4.3-0.1.beta1gitaf526c9
--------------------------------------------------------------------------------
================================================================================
hitch-1.4.3-1.fc25 (FEDORA-2016-4c2815c605)
Network proxy that terminates TLS/SSL connections
--------------------------------------------------------------------------------
Update Information:
New upstream release 1.4.3. A maintenance release. See the upstream changelog at
https://github.com/varnish/hitch/blob/master/CHANGES.rst for details. The Fedora
package has included a patch for OpenSSL-1.1.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1392880 - hitch-1.4.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1392880
--------------------------------------------------------------------------------
================================================================================
hub-2.2.9-1.fc25 (FEDORA-2016-d301522a44)
A command-line wrapper for git with github shortcuts
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream hub release
--------------------------------------------------------------------------------
================================================================================
javapackages-tools-4.7.0-6.1.fc25 (FEDORA-2016-ba2b96fc5b)
Macros and scripts for Java packaging support
--------------------------------------------------------------------------------
Update Information:
Add Requires on which
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1396395 - Maven should depend on "which"
https://bugzilla.redhat.com/show_bug.cgi?id=1396395
--------------------------------------------------------------------------------
================================================================================
kubernetes-1.4.5-3.fc25 (FEDORA-2016-fffea4b1c3)
Container cluster management
--------------------------------------------------------------------------------
Update Information:
Patch unit-test subpackage to run tests over k8s distro binaries
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1390074 - Update to upstream 1.4.5
https://bugzilla.redhat.com/show_bug.cgi?id=1390074
--------------------------------------------------------------------------------
================================================================================
libva-1.7.3-1.fc25 (FEDORA-2016-1027abc286)
Video Acceleration (VA) API for Linux
--------------------------------------------------------------------------------
Update Information:
* Bump VA API version to 0.39.4 * wayland: Check whether prime fd can be used in
buffer sharing mechanism * New wayland-drm.xml * A simple encoder for H.264/AVC
SVC temporal scalability * Add the comment for framerate in
VAEncMiscParameterFrameRate * Merge and modify encoding bit-rate control per
temporal layer.
--------------------------------------------------------------------------------
================================================================================
libwebsockets-2.1.0-2.fc25 (FEDORA-2016-a6e754878b)
A lightweight C library for Websockets
--------------------------------------------------------------------------------
Update Information:
Move tests (rhbz#1390538)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1390538 - move libwebsockets test binaries into devel or a separate tests
subpackage
https://bugzilla.redhat.com/show_bug.cgi?id=1390538
--------------------------------------------------------------------------------
================================================================================
link-grammar-5.3.12-1.fc25 (FEDORA-2016-797200bf7d)
A full-service natural language dependency parser
--------------------------------------------------------------------------------
Update Information:
5.3.12, now with Python2 bindings.
--------------------------------------------------------------------------------
================================================================================
memkind-1.3.0-1.fc25 (FEDORA-2016-569f6be142)
User Extensible Heap Manager
--------------------------------------------------------------------------------
Update Information:
Update memkind source file to 1.3.0 upstream
--------------------------------------------------------------------------------
================================================================================
mosquitto-1.4.10-1.fc25 (FEDORA-2016-515bba4c5f)
An Open Source MQTT v3.1/v3.1.1 Broker
--------------------------------------------------------------------------------
Update Information:
Update to new upstream version 1.4.10
--------------------------------------------------------------------------------
================================================================================
mpop-1.2.6-1.fc25 (FEDORA-2016-bd43418e4d)
A POP3 client for recieving mail from POP3 mailboxes
--------------------------------------------------------------------------------
Update Information:
Updated to new upstream version 1.2.6
--------------------------------------------------------------------------------
================================================================================
nfs-utils-1.3.4-1.rc3.fc25 (FEDORA-2016-1fae3bcf4c)
NFS utilities and supporting clients and daemons for the kernel NFS server
--------------------------------------------------------------------------------
Update Information:
Updated to the latest RC release: nfs-utils-1-3-5-rc3
--------------------------------------------------------------------------------
================================================================================
percolator-3.01-1.fc25 (FEDORA-2016-7f06d7e460)
Software for postprocessing of shotgun proteomics data
--------------------------------------------------------------------------------
Update Information:
- Update to 3.01
--------------------------------------------------------------------------------
================================================================================
perl-Convert-Base64-0.001-1.fc25 (FEDORA-2016-ce08d48f91)
Encoding and decoding of Base64 strings
--------------------------------------------------------------------------------
Update Information:
This new perl-Convert-Base64 package provides functions to convert strings to
and from the Base64 encoding as described in RFC 4648. A new perl-Mail-JMAPTalk
package provides a Perl client for JMAP protocol.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1394146 - Review Request: perl-Convert-Base64 - Encoding and decoding of
Base64 strings
https://bugzilla.redhat.com/show_bug.cgi?id=1394146
[ 2 ] Bug #1394151 - Review Request: perl-Mail-JMAPTalk - Perl client for JMAP protocol
https://bugzilla.redhat.com/show_bug.cgi?id=1394151
--------------------------------------------------------------------------------
================================================================================
perl-Mail-JMAPTalk-0.02-1.fc25 (FEDORA-2016-ce08d48f91)
Perl client for JMAP protocol
--------------------------------------------------------------------------------
Update Information:
This new perl-Convert-Base64 package provides functions to convert strings to
and from the Base64 encoding as described in RFC 4648. A new perl-Mail-JMAPTalk
package provides a Perl client for JMAP protocol.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1394146 - Review Request: perl-Convert-Base64 - Encoding and decoding of
Base64 strings
https://bugzilla.redhat.com/show_bug.cgi?id=1394146
[ 2 ] Bug #1394151 - Review Request: perl-Mail-JMAPTalk - Perl client for JMAP protocol
https://bugzilla.redhat.com/show_bug.cgi?id=1394151
--------------------------------------------------------------------------------
================================================================================
perl-NNTPClient-0.37-1.fc25 (FEDORA-2016-4f6c0fa947)
Perl 5 module to talk to NNTP (RFC977) server
--------------------------------------------------------------------------------
Update Information:
This new package provides a NNTP client Perl library.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1394267 - Review Request: perl-NNTPClient - Perl 5 module to talk to NNTP
(RFC977) server
https://bugzilla.redhat.com/show_bug.cgi?id=1394267
--------------------------------------------------------------------------------
================================================================================
php-phpunit-PHP-TokenStream-1.4.9-1.fc25 (FEDORA-2016-968d9d201e)
Wrapper around PHP tokenizer extension
--------------------------------------------------------------------------------
Update Information:
**Version 5.6.3** - 2016-11-14 * Improved the fix for
[#1955](https://github.com/sebastianbergmann/phpunit/issues/1955): Process
isolation fails when running tests with `phpdbg -qrr` Packaging change: * use
fedora/autoloader
--------------------------------------------------------------------------------
================================================================================
php-phpunit-PHPUnit-5.6.3-1.fc25 (FEDORA-2016-968d9d201e)
The PHP Unit Testing framework
--------------------------------------------------------------------------------
Update Information:
**Version 5.6.3** - 2016-11-14 * Improved the fix for
[#1955](https://github.com/sebastianbergmann/phpunit/issues/1955): Process
isolation fails when running tests with `phpdbg -qrr` Packaging change: * use
fedora/autoloader
--------------------------------------------------------------------------------
================================================================================
php-phpunit-comparator-1.2.1-1.fc25 (FEDORA-2016-968d9d201e)
Compare PHP values for equality
--------------------------------------------------------------------------------
Update Information:
**Version 5.6.3** - 2016-11-14 * Improved the fix for
[#1955](https://github.com/sebastianbergmann/phpunit/issues/1955): Process
isolation fails when running tests with `phpdbg -qrr` Packaging change: * use
fedora/autoloader
--------------------------------------------------------------------------------
================================================================================
php-sebastian-object-enumerator-1.0.1-1.fc25 (FEDORA-2016-968d9d201e)
Traverses array and object to enumerate all referenced objects
--------------------------------------------------------------------------------
Update Information:
**Version 5.6.3** - 2016-11-14 * Improved the fix for
[#1955](https://github.com/sebastianbergmann/phpunit/issues/1955): Process
isolation fails when running tests with `phpdbg -qrr` Packaging change: * use
fedora/autoloader
--------------------------------------------------------------------------------
================================================================================
php-sebastian-recursion-context-1.0.4-1.fc25 (FEDORA-2016-968d9d201e)
Recursively process PHP variables
--------------------------------------------------------------------------------
Update Information:
**Version 5.6.3** - 2016-11-14 * Improved the fix for
[#1955](https://github.com/sebastianbergmann/phpunit/issues/1955): Process
isolation fails when running tests with `phpdbg -qrr` Packaging change: * use
fedora/autoloader
--------------------------------------------------------------------------------
================================================================================
python-tornado-4.4.2-1.fc25 (FEDORA-2016-24478a88fe)
Scalable, non-blocking web server and tools
--------------------------------------------------------------------------------
Update Information:
Update to 4.4.2: Security fixes * A difference in cookie parsing between
Tornado and web browsers (especially when combined with Google Analytics) could
allow an attacker to set arbitrary cookies and bypass XSRF protection. The
cookie parser has been rewritten to fix this attack. Backwards-compatibility
notes * Cookies containing certain special characters (in particular semicolon
and square brackets) are now parsed differently. * If the cookie header
contains a combination of valid and invalid cookies, the valid ones will be
returned (older versions of Tornado would reject the entire header for a single
invalid cookie).
--------------------------------------------------------------------------------
================================================================================
rubygem-domain_name-0.5.20161021-1.fc25 (FEDORA-2016-955337ab56)
Domain Name manipulation library for Ruby
--------------------------------------------------------------------------------
Update Information:
New version 0.5.20161021 is released.
--------------------------------------------------------------------------------
================================================================================
teeworlds-0.6.4-2.fc25 (FEDORA-2016-df20b90635)
Online multi-player platform 2D shooter
--------------------------------------------------------------------------------
Update Information:
Update to 0.6.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1396380 - CVE-2016-9400 teeworlds: Possible remote code execution on
teeworlds client [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1396380
--------------------------------------------------------------------------------
================================================================================
vagrant-1.8.5-2.fc25 (FEDORA-2016-5a625412c2)
Build and distribute virtualized development environments
--------------------------------------------------------------------------------
Update Information:
Fix nfs_cleanup security race and permissions (rhbz#1395040).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1395040 - vagrant nfs exports race
https://bugzilla.redhat.com/show_bug.cgi?id=1395040
--------------------------------------------------------------------------------
================================================================================
xorg-x11-drv-synaptics-1.9.0-1.fc25 (FEDORA-2016-2fa8a00a83)
Xorg X11 Synaptics touchpad input driver
--------------------------------------------------------------------------------
Update Information:
synaptics 1.9.0, no changes over the previous rc
--------------------------------------------------------------------------------