The following Fedora 24 Security updates need testing:
Age URL
89
https://bodhi.fedoraproject.org/updates/FEDORA-2016-32eaf0c41e redis-3.2.3-1.fc24
72
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0ef628998f
chicken-4.11.0-3.fc24
23
https://bodhi.fedoraproject.org/updates/FEDORA-2016-990e2012ea
compat-guile18-1.8.8-14.fc24
12
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e0f0d48142
jasper-1.900.13-1.fc24
10
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1b01b9278
tomcat-8.0.38-1.fc24
10
https://bodhi.fedoraproject.org/updates/FEDORA-2016-73054cfeeb
java-1.8.0-openjdk-aarch32-1.8.0.102-7.160812.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c671aae490
chromium-native_client-54.0.2840.59-1.20161013git090f907.fc24
chromium-54.0.2840.71-1.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-00d2f5c19f
mingw-libwebp-0.5.1-2.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-0d1a8ee35b xen-4.6.3-7.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-66c70cadb4
memcached-1.4.25-2.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a2b9adcd5c icu-56.1-5.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3eb5a55123
python-django-1.9.11-1.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2b27b075ee
libgit2-0.24.3-1.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-96d276367e
kernel-4.8.6-201.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-cd09eab674
tre-0.8.0-18.20140228gitc2f5d13.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3113e71193
ansible-2.2.0.0-3.fc24
The following Fedora 24 Critical Path updates have yet to be approved:
Age URL
27
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f00a05d7b9
pungi-4.1.10-1.fc24
14
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3eaf049e56
libfm-1.2.4-8.D20161017git82b3a1a201.fc24
12
https://bodhi.fedoraproject.org/updates/FEDORA-2016-e0f0d48142
jasper-1.900.13-1.fc24
12
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3d5c976bf8
menu-cache-1.0.1-3.D20161021git441f0ca9a1.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5f4c0c9930
libraw1394-2.1.2-1.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7ce27629b3
selinux-policy-3.13.1-191.20.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-96d276367e
kernel-4.8.6-201.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f5e78ec298 rpm-4.13.0-1.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ad931b26a7
ntfs-3g-2016.2.22-3.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d0de70c5c1
nss-3.27.0-1.2.fc24
1
https://bodhi.fedoraproject.org/updates/FEDORA-2016-a2b9adcd5c icu-56.1-5.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c7347a6c87 samba-4.4.7-2.fc24
The following builds have been pushed to Fedora 24 updates-testing
accumulo-1.6.6-8.fc24
ansible-2.2.0.0-3.fc24
aqbanking-5.6.12-1.fc24
armadillo-7.500.0-1.fc24
docker-latest-1.12.3-4.git91ae1d1.fc24
exciting-12-6.fc24
gnucash-2.6.14-1.fc24
gnucash-docs-2.6.14-1.fc24
gwenhywfar-4.15.3-2.fc24
kmymoney-4.7.2-5.fc24
lighttpd-1.4.43-2.fc24
lyx-2.2.2-1.fc24
megatools-1.9.98-1.fc24
mkosi-1-1.fc24
php-sentry-0.22.0-1.fc24
pki-core-10.3.5-8.fc24
python-scour-0.35-2.fc24
rubygem-github-linguist-4.8.17-1.fc24
samba-4.4.7-2.fc24
taskotron-trigger-0.4.2-1.fc24
tzdata-2016i-1.fc24
xfce4-datetime-plugin-0.7.0-1.fc24
xfce4-mpc-plugin-0.5.0-1.fc24
xfce4-systemload-plugin-1.2.0-1.fc24
xfce4-wavelan-plugin-0.6.0-1.fc24
xfce4-whiskermenu-plugin-1.6.1-1.fc24
Details about builds:
================================================================================
accumulo-1.6.6-8.fc24 (FEDORA-2016-53aa8b4242)
A software platform for processing vast amounts of data
--------------------------------------------------------------------------------
Update Information:
Updates accumulo package with several fixes, including fixing shell error
accessing server configuration files and missing items in the classpath. ----
Fix for apache ACCUMULO-4505. Fixes shell erroneously reading from accumulo-
site.xml ---- This update fixes missing classpath elements and provides more
sane default logging configuration files. ---- Update to Apache Accumulo
1.6.6. HDFS provider for VFS 2.1 is not yet supported in f25, f26.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1389325 - Classpath missing apache-commons-io package
https://bugzilla.redhat.com/show_bug.cgi?id=1389325
--------------------------------------------------------------------------------
================================================================================
ansible-2.2.0.0-3.fc24 (FEDORA-2016-3113e71193)
SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:
Add patch to fix dnf module groupinstall handling ---- Update to new ansible
2.2 version. For full changes see:
https://github.com/ansible/ansible/blob/stable-2.2/CHANGELOG.md
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1388531 - [Errno 25] Inappropriate ioctl for device
https://bugzilla.redhat.com/show_bug.cgi?id=1388531
[ 2 ] Bug #1387621 - dnf module doesn't work with a rawhide host
https://bugzilla.redhat.com/show_bug.cgi?id=1387621
[ 3 ] Bug #1381538 - NameError: global name 'AnsibleError' is not defined
https://bugzilla.redhat.com/show_bug.cgi?id=1381538
[ 4 ] Bug #1390650 - CVE-2016-8614 ansible: Improper verification of key fingerprints in
apt_key module [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1390650
[ 5 ] Bug #1390646 - CVE-2016-8628 ansible: Command injection by compromised server via
ansible_ssh_executable or ssh_args [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1390646
[ 6 ] Bug #1390564 - ansible-2.2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1390564
--------------------------------------------------------------------------------
================================================================================
aqbanking-5.6.12-1.fc24 (FEDORA-2016-29e231710b)
A library for online banking functions and financial data import/export
--------------------------------------------------------------------------------
Update Information:
This updates aqbanking to the latest stable release, 5.6.12, and GnuCash to the
latest stable release, 2.6.14. As part of the aqbanking update, KMyMoney is
rebuilt as well.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1333905 - Please package version 5.6.10 of aqbanking to solve Comdirect
issue
https://bugzilla.redhat.com/show_bug.cgi?id=1333905
[ 2 ] Bug #1350991 - gnucash-2.6.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1350991
--------------------------------------------------------------------------------
================================================================================
armadillo-7.500.0-1.fc24 (FEDORA-2016-2e6d67dc97)
Fast C++ matrix library with syntax similar to MATLAB and Octave
--------------------------------------------------------------------------------
Update Information:
Update to the latest stable release that contains several fixes for minor
issues, as well as new functionality requested by several users: * expanded
qz() to optionally specify ordering of the Schur form * expanded .each_slice()
to support matrix multiplication * added expmat_sym(), logmat_sympd(),
sqrtmat_sympd() * added .replace()
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1390386 - armadillo-7.500.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1390386
--------------------------------------------------------------------------------
================================================================================
docker-latest-1.12.3-4.git91ae1d1.fc24 (FEDORA-2016-50a328370b)
Automates deployment of containerized applications
--------------------------------------------------------------------------------
Update Information:
built docker @projectatomic/docker-1.12 commit 91ae1d1 ---- built docker
@projectatomic/docker-1.12 commit 91ae1d1 ---- built docker
@projectatomic/docker-1.12 commit 8f1975c
--------------------------------------------------------------------------------
================================================================================
exciting-12-6.fc24 (FEDORA-2016-fcee2e4da7)
A full-potential all-electron density-functional-theory package
--------------------------------------------------------------------------------
Update Information:
new upstream release
--------------------------------------------------------------------------------
================================================================================
gnucash-2.6.14-1.fc24 (FEDORA-2016-29e231710b)
Finance management application
--------------------------------------------------------------------------------
Update Information:
This updates aqbanking to the latest stable release, 5.6.12, and GnuCash to the
latest stable release, 2.6.14. As part of the aqbanking update, KMyMoney is
rebuilt as well.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1333905 - Please package version 5.6.10 of aqbanking to solve Comdirect
issue
https://bugzilla.redhat.com/show_bug.cgi?id=1333905
[ 2 ] Bug #1350991 - gnucash-2.6.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1350991
--------------------------------------------------------------------------------
================================================================================
gnucash-docs-2.6.14-1.fc24 (FEDORA-2016-29e231710b)
Help files and documentation for the GnuCash personal finanace manager
--------------------------------------------------------------------------------
Update Information:
This updates aqbanking to the latest stable release, 5.6.12, and GnuCash to the
latest stable release, 2.6.14. As part of the aqbanking update, KMyMoney is
rebuilt as well.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1333905 - Please package version 5.6.10 of aqbanking to solve Comdirect
issue
https://bugzilla.redhat.com/show_bug.cgi?id=1333905
[ 2 ] Bug #1350991 - gnucash-2.6.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1350991
--------------------------------------------------------------------------------
================================================================================
gwenhywfar-4.15.3-2.fc24 (FEDORA-2016-29e231710b)
A multi-platform helper library for other libraries
--------------------------------------------------------------------------------
Update Information:
This updates aqbanking to the latest stable release, 5.6.12, and GnuCash to the
latest stable release, 2.6.14. As part of the aqbanking update, KMyMoney is
rebuilt as well.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1333905 - Please package version 5.6.10 of aqbanking to solve Comdirect
issue
https://bugzilla.redhat.com/show_bug.cgi?id=1333905
[ 2 ] Bug #1350991 - gnucash-2.6.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1350991
--------------------------------------------------------------------------------
================================================================================
kmymoney-4.7.2-5.fc24 (FEDORA-2016-29e231710b)
Personal finance
--------------------------------------------------------------------------------
Update Information:
This updates aqbanking to the latest stable release, 5.6.12, and GnuCash to the
latest stable release, 2.6.14. As part of the aqbanking update, KMyMoney is
rebuilt as well.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1333905 - Please package version 5.6.10 of aqbanking to solve Comdirect
issue
https://bugzilla.redhat.com/show_bug.cgi?id=1333905
[ 2 ] Bug #1350991 - gnucash-2.6.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1350991
--------------------------------------------------------------------------------
================================================================================
lighttpd-1.4.43-2.fc24 (FEDORA-2016-287c323550)
Lightning fast webserver with light system requirements
--------------------------------------------------------------------------------
Update Information:
Fix MySQL dependencies. ---- 1.4.43 ---- Split out mysql and gssapi authn
modules. ---- 1.4.42, now with upstream mod_geoip.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1385640 - lighttpd-1.4.42 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1385640
--------------------------------------------------------------------------------
================================================================================
lyx-2.2.2-1.fc24 (FEDORA-2016-b081e0420f)
WYSIWYM (What You See Is What You Mean) document processor
--------------------------------------------------------------------------------
Update Information:
LyX 2.2.2 is the result of on-going efforts to make our stable version more
reliable and more stable. We have fixed a number of bugs and made a number of
improvements. Most of these are relatively minor, but we nonetheless encourage
all users of 2.2.1 to upgrade to this version. Perhaps the most important bug
we fixed affected use of covington.sty with 2.2.1. This will only have affected
users of the Linguistics module. One new feature is the use of the "scaling"
option when exporting images for XHTML. This does not work the same way as with
LaTeX export. What it does is add something like "width: 50%" to the style
attribute. This will ordinarily be interpreted by the browser as a percentage
relative to the current element. (All the bug numbers below refer to LyX error
tracking.) ** Updates: *********** DOCUMENT INPUT/OUTPUT - .xlsx is now a
suggested extension in the spreadsheet external template. - Improve
systemlyxdir handling. USER INTERFACE - When changing zoom level, show current
value in status bar (bug 10212). - Names containing @ are now recognised by
the syntax highlighter in the preamble. - Replace Insert>Caption submenu by a
normal entry when there is only one caption type. DOCUMENTATION AND
LOCALIZATION - Updated Brazilian, French, German, Italian and Slovak user
interface localization. - Updated French Customizaion, Math, Tutorial and
UserGuide manuals. - Update beamer manual with regard to the new Separator
usage. BUILD/INSTALLATION - If available, use qtchooser to select correct Qt
tools when configuring. ** Bug fixes: ************* DOCUMENT INPUT/OUTPUT -
We no longer attempt to convert images for which we cannot find an input
format. - Fixed fen2ascii script. - Fixed preview of external material with
plaintext and DocBook. - Fixed substitution for $$Contents in external
templates. - Fixed usage of new module "Title and Preamble Hacks" (bug 10320).
- Fix error with older versions of the covington package in the Linguistics
module (bug 10340). - Fix LaTeX error with recent LuaTeX versions when using
landscape. - Fix data loss with [ in first cell of aligned environment (bug
10361). LYX2LYX - Fix hang with some IEEEtran documents (bug 10307). - Fix
export of compressed files to previous versions that were not recognised on
windows (bug 10273). USER INTERFACE - Avoid crashing in release mode if we
stumble across an unrealized font. - Correctly return exit code from spawned
processes on Windows (bug 10327). - Fix display of citations with two authors.
- Fix display of multi-author citations when the GUI language is not English. -
Fix bug where change tracking marks are lost under math insets (bug 10265). -
Fix display glitch when switching to Description layout with an inset at the
beginning of the paragraph (bug 10163) - Fix display of label font for argument
insets. - Keep leading whitespace when converting local layout. - Correct
default font of beamer article layouts (bug 9977). - Remove extra whitespace
around Preview and IPA insets (bug 10304). - Let M-x give focus to minibuffer
when it is already open. - When doing a selection with Shift-click, make sure
that the selection anchor is correct. - Avoid to overwrite end-of-proof
character with text on screen (bug 10344). - Use proper dialog titles in
InsetParams-derived dialogs (bug 10329). - Fix "scroll here" feature of
scrollbar (bug 10311). - Fix the minimum size of the citation dialog on first
time (bug 10019). - When Enter does nothing (empty paragraph), do not record
undo (bug 10089). - Remove duplicate context menu item for Argument insets (bug
10368). - Fix display of vertical lines inside math matrices (bug 10363).
LYXHTML - Enable export of external material (bug 8693). - Fix problem with
output of branches (bug 8022). - Fix output of table borders (bug 10154). -
Fix display of several math symbols (bug 8844). - Use scaling factor for export
of images (bug 8742). - Fix display of listings (bug 8362). - Fix output of
floats, etc, inside environments (bug 9094). - Simplify XHTML output for
floats, etc (bug 8605). - Add "dir='auto'" to body tag, which should
help a lot
with export of RTL languages (bug 8279, partly). - Fix display of cases and
matrices (bugs 8753, 8755). - Fixed output of logos to the TOC.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1385646 - lyx-2.2.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1385646
--------------------------------------------------------------------------------
================================================================================
megatools-1.9.98-1.fc24 (FEDORA-2016-af9062a912)
Command line client for MEGA
--------------------------------------------------------------------------------
Update Information:
Upstream release rhbz#1391793
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1391793 - megatools-1.9.98 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1391793
--------------------------------------------------------------------------------
================================================================================
mkosi-1-1.fc24 (FEDORA-2016-63f5f6aa44)
Create legacy-free OS images
--------------------------------------------------------------------------------
Update Information:
New package.
--------------------------------------------------------------------------------
================================================================================
php-sentry-0.22.0-1.fc24 (FEDORA-2016-759427ad21)
PHP client for Sentry
--------------------------------------------------------------------------------
Update Information:
PHP client for Sentry (
http://getsentry.com). Note: This package obsoletes
`php-Raven`.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1387447 - Review Request: php-sentry - PHP client for Sentry
https://bugzilla.redhat.com/show_bug.cgi?id=1387447
--------------------------------------------------------------------------------
================================================================================
pki-core-10.3.5-8.fc24 (FEDORA-2016-393715962d)
Certificate System - PKI Core Components
--------------------------------------------------------------------------------
Update Information:
PKI TRAC Tickets #850,1247,1536,2460,2486,2498,2500,2510,2513,2523
--------------------------------------------------------------------------------
================================================================================
python-scour-0.35-2.fc24 (FEDORA-2016-dfac269ab2)
An SVG scrubber
--------------------------------------------------------------------------------
Update Information:
Inital build of python-scour.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1389784 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1389784
[ 2 ] Bug #1389772 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1389772
--------------------------------------------------------------------------------
================================================================================
rubygem-github-linguist-4.8.17-1.fc24 (FEDORA-2016-fce7b6e0f0)
GitHub Language detection
--------------------------------------------------------------------------------
Update Information:
New upstream release. ---- Upstream bug-fix release.
--------------------------------------------------------------------------------
================================================================================
samba-4.4.7-2.fc24 (FEDORA-2016-c7347a6c87)
Server and Client software to interoperate with Windows machines
--------------------------------------------------------------------------------
Update Information:
This update fixes a regression discovered when GlusterFS volumes are shared via
Samba using VFS module for GlusterFS which has been reported as following bug in
Samba bugzilla: **[BZ
12404](https://bugzilla.samba.org/show_bug.cgi?id=12404)**
--------------------------------------------------------------------------------
================================================================================
taskotron-trigger-0.4.2-1.fc24 (FEDORA-2016-9c6f20ddf8)
Triggering Taskotron jobs via fedmsg
--------------------------------------------------------------------------------
Update Information:
This fixes an issue with assumptions made about how koji uses tags which are no
longer valid. See [the upstream
issue](https://phab.qadevel.cloud.fedoraproject.org/T862) for details ---- Add
docker support. Remove mongoquery bundle. ---- Initial build of taskotron-
trigger in Fedora repos
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1341099 - Review Request: taskotron-trigger - Triggering Taskotron jobs on
fedmsgs
https://bugzilla.redhat.com/show_bug.cgi?id=1341099
--------------------------------------------------------------------------------
================================================================================
tzdata-2016i-1.fc24 (FEDORA-2016-818f35d778)
Timezone data
--------------------------------------------------------------------------------
Update Information:
- Rebase to 2016i - Pacific/Tongatapu now begins DST on 2016-11-06 at 02:00
and ends on 2017-01-15 at 03:00. - Northern Cyprus is changed to +03 year
round. This results in a split in Cyprus time zones starting 2016-10-30 at
04:00 and creates a new zone - Asia/Famagusta. - Antarctica/Casey changed
from +08 to +11 on 2016-10-22.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1391315 - tzdata-2016i is available
https://bugzilla.redhat.com/show_bug.cgi?id=1391315
--------------------------------------------------------------------------------
================================================================================
xfce4-datetime-plugin-0.7.0-1.fc24 (FEDORA-2016-2719fce037)
Date/time plugin for the Xfce panel
--------------------------------------------------------------------------------
Update Information:
- Update to 0.7.0 - [gtk3] Bump dependencies to check for
libxfce4ui-2/libxfce4panel-2.0 - Spec clean-up
--------------------------------------------------------------------------------
================================================================================
xfce4-mpc-plugin-0.5.0-1.fc24 (FEDORA-2016-c32f78cc54)
MPD client for the Xfce panel
--------------------------------------------------------------------------------
Update Information:
- Update to 0.5.0 - [gtk3] Bump dependencies to check for
libxfce4ui-2/libxfce4panel-2.0 - Spec clean-up
--------------------------------------------------------------------------------
================================================================================
xfce4-systemload-plugin-1.2.0-1.fc24 (FEDORA-2016-5f3178eacb)
Systemload monitor for the Xfce panel
--------------------------------------------------------------------------------
Update Information:
- Update to 1.2.0 - [gtk3] Bump dependencies to check for
libxfce4ui-2/libxfce4panel-2.0 - Spec clean-up
--------------------------------------------------------------------------------
================================================================================
xfce4-wavelan-plugin-0.6.0-1.fc24 (FEDORA-2016-8111452e72)
WaveLAN plugin for the Xfce panel
--------------------------------------------------------------------------------
Update Information:
- Update to 0.6.0 - [gtk3] Bump dependencies to check for
libxfce4ui-2/libxfce4panel-2.0 - Spec clean-up
--------------------------------------------------------------------------------
================================================================================
xfce4-whiskermenu-plugin-1.6.1-1.fc24 (FEDORA-2016-1cd1a0c3b4)
An alternate application launcher for Xfce
--------------------------------------------------------------------------------
Update Information:
- Rebuilt for new upstream release 1.6.1
--------------------------------------------------------------------------------