The following Fedora 24 Security updates need testing:
Age URL
17
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b3f93ead5b moin-1.9.8-1.fc24
6
https://bodhi.fedoraproject.org/updates/FEDORA-2016-07e9059072
lighttpd-1.4.41-1.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-432f067a80
cryptobone-1.0.5-1.fc24
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5b05ca41dd
drupal7-features-2.10-1.fc24
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-40d5f1d3c2
pagure-2.3.4-1.fc24
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8fd0599b02
drupal7-entity_translation-1.0-0.9.beta5.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4373f7d32a pulp-2.8.6-1.fc24
pulp-docker-2.0.2-1.fc24 pulp-ostree-1.1.2-1.fc24 pulp-puppet-2.8.6-2.fc24
pulp-python-1.1.2-1.fc24 pulp-rpm-2.8.6-2.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-32eaf0c41e redis-3.2.3-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-472cdecb18
mingw-xz-5.2.2-3.fc24 mingw-libarchive-3.2.1-2.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-fef6925d48
drupal7-theme-zen-5.6-1.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4a3debc3a6
openssh-7.2p2-12.fc24
The following Fedora 24 Critical Path updates have yet to be approved:
Age URL
12
https://bodhi.fedoraproject.org/updates/FEDORA-2016-494a721a73
ModemManager-1.6.0-1.fc24 libmbim-1.14.0-1.fc24 libqmi-1.16.0-1.fc24
usb_modeswitch-2.4.0-4.fc24 usb_modeswitch-data-20160612-3.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4a3debc3a6
openssh-7.2p2-12.fc24
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5dd9a9ae41
avahi-0.6.32-4.fc24
The following builds have been pushed to Fedora 24 updates-testing
clufter-0.59.5-1.fc24
compose-utils-0.1.7-1.fc24
dogtag-pki-10.3.5-1.fc24
drush-8.1.3-1.fc24
golang-1.6.3-2.fc24
golang-github-gosexy-gettext-0-0.2.git305f360.fc24
ibus-libpinyin-1.7.92-2.fc24
kdevelop-5.0.0-0.3.20160808git.fc24
kdevplatform-5.0.0-0.2.20160808git.fc24
libpinyin-1.5.92-2.fc24
opensaml-java-2.5.3-11.fc24
openssh-7.2p2-12.fc24
pdc-client-1.1.0-1.fc24
perl-ExtUtils-MakeMaker-7.10-5.fc24
php-behat-mink-1.7.1-1.fc24
php-behat-mink-browserkit-driver-1.3.2-1.fc24
php-consolidation-annotated-command-1.2.1-1.fc24
php-zendframework-zend-http-2.5.5-1.fc24
pki-console-10.3.5-1.fc24
pki-core-10.3.5-1.fc24
radamsa-0.5-1.fc24
sen-0.4.0-1.fc24
vavoom-1.33-19.fc24
Details about builds:
================================================================================
clufter-0.59.5-1.fc24 (FEDORA-2016-3e8aec249d)
Tool/library for transforming/analyzing cluster configuration formats
--------------------------------------------------------------------------------
Update Information:
- bump upstream package, see
https://pagure.io/clufter/releases
--------------------------------------------------------------------------------
================================================================================
compose-utils-0.1.7-1.fc24 (FEDORA-2016-228f59169a)
Utilities for working with composes
--------------------------------------------------------------------------------
Update Information:
* Add a command to copy (possibly part of) a compose to another location via
`rsync`. * Add a command to check if packages moved between variants.
--------------------------------------------------------------------------------
================================================================================
dogtag-pki-10.3.5-1.fc24 (FEDORA-2016-059eb8aaee)
Dogtag Public Key Infrastructure (PKI) Suite
--------------------------------------------------------------------------------
Update Information:
PKI TRAC Ticket #2392 - Release Dogtag 10.3.5
--------------------------------------------------------------------------------
================================================================================
drush-8.1.3-1.fc24 (FEDORA-2016-1bb8681637)
Command line shell and scripting interface for Drupal
--------------------------------------------------------------------------------
Update Information:
**MAJOR UPDATE** `6.7.0` => `8.1.3` See
https://github.com/drush-
ops/drush/releases for change information
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1357097 - drush-8.1.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1357097
--------------------------------------------------------------------------------
================================================================================
golang-1.6.3-2.fc24 (FEDORA-2016-2b545e01f4)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
Obsolete golang-vet and golang-cover from golang-googlecode-tools package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1268206 - golang-bin-1.5.1-0 file conflict with golang-vet-0.2.0
https://bugzilla.redhat.com/show_bug.cgi?id=1268206
--------------------------------------------------------------------------------
================================================================================
golang-github-gosexy-gettext-0-0.2.git305f360.fc24 (FEDORA-2016-5b459e3543)
Gettext support for the Go language
--------------------------------------------------------------------------------
Update Information:
Build and install go-xgettext to a separate binary package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1359802 - Review Request: golang-github-gosexy-gettext - Gettext support for
the Go language
https://bugzilla.redhat.com/show_bug.cgi?id=1359802
--------------------------------------------------------------------------------
================================================================================
ibus-libpinyin-1.7.92-2.fc24 (FEDORA-2016-2cd5442e7a)
Intelligent Pinyin engine based on libpinyin for IBus
--------------------------------------------------------------------------------
Update Information:
Fixes crashes for Full Pinyin and Bopomofo.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1365183 - [abrt] ibus-libpinyin: PY::PinyinEditor::updatePreeditText():
ibus-engine-libpinyin killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1365183
[ 2 ] Bug #1364642 - [abrt] ibus-libpinyin: pinyin_get_character_offset():
ibus-engine-libpinyin killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1364642
--------------------------------------------------------------------------------
================================================================================
kdevelop-5.0.0-0.3.20160808git.fc24 (FEDORA-2016-41a3e28496)
Integrated Development Environment for C++/C
--------------------------------------------------------------------------------
Update Information:
Update to latest git snapshot.
--------------------------------------------------------------------------------
================================================================================
kdevplatform-5.0.0-0.2.20160808git.fc24 (FEDORA-2016-41a3e28496)
Libraries for use by KDE development tools
--------------------------------------------------------------------------------
Update Information:
Update to latest git snapshot.
--------------------------------------------------------------------------------
================================================================================
libpinyin-1.5.92-2.fc24 (FEDORA-2016-2cd5442e7a)
Library to deal with pinyin
--------------------------------------------------------------------------------
Update Information:
Fixes crashes for Full Pinyin and Bopomofo.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1365183 - [abrt] ibus-libpinyin: PY::PinyinEditor::updatePreeditText():
ibus-engine-libpinyin killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1365183
[ 2 ] Bug #1364642 - [abrt] ibus-libpinyin: pinyin_get_character_offset():
ibus-engine-libpinyin killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1364642
--------------------------------------------------------------------------------
================================================================================
opensaml-java-2.5.3-11.fc24 (FEDORA-2016-56a929b4aa)
Java OpenSAML library
--------------------------------------------------------------------------------
Update Information:
adapt to current guideline
--------------------------------------------------------------------------------
================================================================================
openssh-7.2p2-12.fc24 (FEDORA-2016-4a3debc3a6)
An open source implementation of SSH protocol versions 1 and 2
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-6515
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1364936 - CVE-2016-6515 openssh: Denial of service via very long passwords
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1364936
--------------------------------------------------------------------------------
================================================================================
pdc-client-1.1.0-1.fc24 (FEDORA-2016-49e76a5dda)
Console client for interacting with Product Definition Center
--------------------------------------------------------------------------------
Update Information:
- When page_size <= 0; the pagination will be disabled. (bliu(a)redhat.com) -
Handle page_size in mocked API calls. (nils(a)redhat.com) - Move necessary
arguments to required argument list. (ycheng(a)redhat.com) - Make format strings
compatible with python 2.6 (chuzhang(a)redhat.com) - Fix failure with requests-
kerberos 0.9+ and Python 3 (drop monkey_patch.py) (mzibrick(a)redhat.com) - Add
FILES section and fix issue link in manpage (sochotnicky(a)redhat.com)
--------------------------------------------------------------------------------
================================================================================
perl-ExtUtils-MakeMaker-7.10-5.fc24 (FEDORA-2016-f8d2b9945c)
Create a module Makefile
--------------------------------------------------------------------------------
Update Information:
Avoid loading optional modules from default . (CVE-2016-1238)
--------------------------------------------------------------------------------
================================================================================
php-behat-mink-1.7.1-1.fc24 (FEDORA-2016-ec5c81bd79)
Browser controller/emulator abstraction for PHP
--------------------------------------------------------------------------------
Update Information:
# php-behat-mink ## 1.7.1 / 2016-03-05 Bug fixes: * Refactored the
CssSelector to use the new API of the Symfony CssSelector component to be
compatible with Symfony 3 Testsuite: * Disallowed failures on PHP 7 on Travis
(tests were passing since a long time) Driver testsuite: * Fixed the driver
testsuite to account for driver inheritance when checking recommended practices
* Added a test for cookie values with semicolon, to ensure all drivers support
it * Improved the window resize test to consider headless browsers * Fixed the
compatibility of the testsuite with PHPUnit 5 * Added a test ensuring that
`wait()` always return a boolean even when the JS expression does not cast the
value * Added HTML escaping of submitted values in the driver testsuite web-
fixtures Misc: * Removed the Mink testsuite from archives generated by Github
to make them smaller # php-behat-mink-browserkit-driver ## 1.3.2 / 2016-03-05
Testsuite: * Disallowed failures on PHP 7 on Travis (tests were passing since a
long time) * Added HTML escaping of submitted values in the driver testsuite
web-fixtures ## 1.3.1 / 2016-01-19 * Added Symfony 3.0 compatibility
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1314987 - php-behat-mink-1.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1314987
[ 2 ] Bug #1300118 - php-behat-mink-browserkit-driver-1.3.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1300118
--------------------------------------------------------------------------------
================================================================================
php-behat-mink-browserkit-driver-1.3.2-1.fc24 (FEDORA-2016-ec5c81bd79)
Symfony BrowserKit driver for Mink framework
--------------------------------------------------------------------------------
Update Information:
# php-behat-mink ## 1.7.1 / 2016-03-05 Bug fixes: * Refactored the
CssSelector to use the new API of the Symfony CssSelector component to be
compatible with Symfony 3 Testsuite: * Disallowed failures on PHP 7 on Travis
(tests were passing since a long time) Driver testsuite: * Fixed the driver
testsuite to account for driver inheritance when checking recommended practices
* Added a test for cookie values with semicolon, to ensure all drivers support
it * Improved the window resize test to consider headless browsers * Fixed the
compatibility of the testsuite with PHPUnit 5 * Added a test ensuring that
`wait()` always return a boolean even when the JS expression does not cast the
value * Added HTML escaping of submitted values in the driver testsuite web-
fixtures Misc: * Removed the Mink testsuite from archives generated by Github
to make them smaller # php-behat-mink-browserkit-driver ## 1.3.2 / 2016-03-05
Testsuite: * Disallowed failures on PHP 7 on Travis (tests were passing since a
long time) * Added HTML escaping of submitted values in the driver testsuite
web-fixtures ## 1.3.1 / 2016-01-19 * Added Symfony 3.0 compatibility
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1314987 - php-behat-mink-1.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1314987
[ 2 ] Bug #1300118 - php-behat-mink-browserkit-driver-1.3.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1300118
--------------------------------------------------------------------------------
================================================================================
php-consolidation-annotated-command-1.2.1-1.fc24 (FEDORA-2016-cf49e414f4)
Initialize Symfony Console commands from annotated command class methods
--------------------------------------------------------------------------------
Update Information:
### 1.2.1 Fix unit tests for php 5.4. ### 1.2.0 Support both the 2.x and 3.x
versions of phpdocumentor/reflection-docblock. ### 1.1.1 Do not allow a
`@param` docblock comment for the options to change the meaning of the options.
### 1.1.0 Factor createSelectedCommandsFromClassInfo out of
createCommandsFromClassInfo in AnnotatedCommandFactory, to give clients more
control over command method selection.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1359450 - php-consolidation-annotated-command-1.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1359450
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zend-http-2.5.5-1.fc24 (FEDORA-2016-db0c0a26b2)
Zend Framework Http component
--------------------------------------------------------------------------------
Update Information:
**Version 2.5.5** - 2016-08-08 - [#44](https://github.com/zendframework/zend-
http/pull/44), [#45](https://github.com/zendframework/zend-http/pull/45),
[#46](https://github.com/zendframework/zend-http/pull/46),
[#47](https://github.com/zendframework/zend-http/pull/47),
[#48](https://github.com/zendframework/zend-http/pull/48), and
[#49](https://github.com/zendframework/zend-http/pull/49) prepare the
documentation for publication at
https://zendframework.github.io/zend-http/ -
[#87](https://github.com/zendframework/zend-http/pull/87) fixes the
`ContentLength` constructor to test for a non null value (vs a falsy value)
before validating the value; this ensures 0 values may be specified for the
length. - [#85](https://github.com/zendframework/zend-http/pull/85) fixes
infinite recursion on AbstractAccept. If you create a new Accept and try to
call getFieldValue(), an infinite recursion and a fatal error happens. -
[#58](https://github.com/zendframework/zend-http/pull/58) avoid triggering a
notice with special crafted accept headers. In the case the value of an accept
header does not contain an equal sign, an "Undefined offset" notice is
triggered.
--------------------------------------------------------------------------------
================================================================================
pki-console-10.3.5-1.fc24 (FEDORA-2016-dd16599bc7)
Certificate System - PKI Console
--------------------------------------------------------------------------------
Update Information:
PKI TRAC Ticket #2392 - Release Dogtag 10.3.5
--------------------------------------------------------------------------------
================================================================================
pki-core-10.3.5-1.fc24 (FEDORA-2016-4d226a5f7e)
Certificate System - PKI Core Components
--------------------------------------------------------------------------------
Update Information:
PKI TRAC Ticket #2392 - Release Dogtag 10.3.5
--------------------------------------------------------------------------------
================================================================================
radamsa-0.5-1.fc24 (FEDORA-2016-33cc24e388)
Test case generator for robustness testing
--------------------------------------------------------------------------------
Update Information:
Updating radamsa to 0.5
--------------------------------------------------------------------------------
================================================================================
sen-0.4.0-1.fc24 (FEDORA-2016-6b8656a879)
Terminal User Interface for docker engine
--------------------------------------------------------------------------------
Update Information:
new upstream release: 0.4.0
--------------------------------------------------------------------------------
================================================================================
vavoom-1.33-19.fc24 (FEDORA-2016-0e673d6885)
Enhanced Doom, Heretic, Hexen and Strife source port - meta package
--------------------------------------------------------------------------------
Update Information:
- Fix crash on exit:
https://retrace.fedoraproject.org/faf/reports/1192370/
--------------------------------------------------------------------------------