The following Fedora 25 Security updates need testing:
Age URL
95
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25
16
https://bodhi.fedoraproject.org/updates/FEDORA-2017-06f4b88ceb
php-onelogin-php-saml-2.10.5-1.fc25
8
https://bodhi.fedoraproject.org/updates/FEDORA-2017-71e69a691b pcs-0.9.156-2.fc25
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-99ad80f109
python-sleekxmpp-1.3.2-1.fc25
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7e5b5201e7 xen-4.7.2-4.fc25
1
https://bodhi.fedoraproject.org/updates/FEDORA-2017-674d306f51
icecat-52.0.1-5.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7bd002b77c
xorgxrdp-0.2.1-1.fc25 xrdp-0.9.2-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-c22a1dbe8b samba-4.5.8-0.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-93dec9eba5
kernel-4.10.8-200.fc25
The following Fedora 25 Critical Path updates have yet to be approved:
Age URL
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ea86a8123b
pungi-4.1.14-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-93dec9eba5
kernel-4.10.8-200.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-c22a1dbe8b samba-4.5.8-0.fc25
The following builds have been pushed to Fedora 25 updates-testing
OpenLP-2.4.6-1.fc25
backintime-1.1.18-1.fc25
kernel-4.10.8-200.fc25
libguestfs-1.36.3-2.fc25
libmwaw-0.3.11-1.fc25
mkvtoolnix-10.0.0-1.fc25
php-cs-fixer-2.2.0-1.fc25
php-horde-Horde-Core-2.28.3-1.fc25
snapd-2.23.6-2.fc25
snapd-glib-1.9-2.fc25
vulkan-1.0.42.2-1.fc25
xcircuit-3.9.65-1.fc25
Details about builds:
================================================================================
OpenLP-2.4.6-1.fc25 (FEDORA-2017-9c66e5a0b6)
Open source Church presentation and lyrics projection application
--------------------------------------------------------------------------------
Update Information:
Bug Fix Release
--------------------------------------------------------------------------------
================================================================================
backintime-1.1.18-1.fc25 (FEDORA-2017-f32fbc4dda)
Simple backup tool inspired from the Flyback project and TimeVault
--------------------------------------------------------------------------------
Update Information:
- update to 1.1.18 - bugfix release, which only includes backported bugfixes
from 1.2: Fix bug: manual snapshots from GUI didn't work backport bug
fix: start a new ssh-agent instance only if necessary Fix bug: OSError when
running backup-job from systemd backport bug fix: udev schedule not
working backport bug fix: Keyring doesn't work with KDE Plasma5
backport bug fix: nameError in tools.make_dirs backport bug fix: use
current folder if no file is selected in files view Fix critical bug:
restore filesystem-root without 'Full rsync mode' with ACL and/or xargs
activated broke whole system
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1396279 - [abrt] backintime-common: snapshots.py:1754:_free_space:IndexError:
list index out of range
https://bugzilla.redhat.com/show_bug.cgi?id=1396279
--------------------------------------------------------------------------------
================================================================================
kernel-4.10.8-200.fc25 (FEDORA-2017-93dec9eba5)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
The 4.10.8 stable update contains a number of important fixes across the tree
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1435153 - CVE-2017-7184 kernel: Out-of-bounds heap access in xfrm
https://bugzilla.redhat.com/show_bug.cgi?id=1435153
[ 2 ] Bug #1436629 - CVE-2017-7277 kernel: Mishandling SCM_TIMESTAMPING_OPT_STATS
feature causes out-of-bounds read
https://bugzilla.redhat.com/show_bug.cgi?id=1436629
[ 3 ] Bug #1435719 - CVE-2017-7261 kernel: drm/vmwgfx: check that number of mip levels
is above zero
https://bugzilla.redhat.com/show_bug.cgi?id=1435719
--------------------------------------------------------------------------------
================================================================================
libguestfs-1.36.3-2.fc25 (FEDORA-2017-0a9af45644)
Access and modify virtual machine disk images
--------------------------------------------------------------------------------
Update Information:
Include rewritten and greatly improved virt-rescue from upstream. ---- New
upstream version 1.36.3.
--------------------------------------------------------------------------------
================================================================================
libmwaw-0.3.11-1.fc25 (FEDORA-2017-a3584f6122)
A library for import of many old Mac document formats
--------------------------------------------------------------------------------
Update Information:
new upstream release
--------------------------------------------------------------------------------
================================================================================
mkvtoolnix-10.0.0-1.fc25 (FEDORA-2017-4f9aff216c)
Matroska container manipulation utilities
--------------------------------------------------------------------------------
Update Information:
## New features and enhancements * mkvmerge: AVC/h.264 parser: mkvmerge will
now drop all frames before the first key frame as they cannot be decoded
properly anyway. See #1908. * mkvmerge: HEVC/h.265 parser: mkvmerge will now
drop all frames before the first key frame as they cannot be decoded properly
anyway. See #1908. * mkvmerge: HEVC/h.265 parser: added a workaround for invalid
values for the "default display window" in the VUI parameters of sequence
parameter sets. Fixes #1907. ## Bug fixes * mkvmerge: MP4 reader: fixed
track offsets being wrong in certain situations regarding the presence or
absence of edit lists ('elst' atoms) & composition timestamps
('ctts' atoms).
Fixes #1889. * mkvmerge: MP4 reader: offsets in "ctts" are now always treated
as
signed integers, even with version 0 atoms. * mkvinfo: the timestamps of
SimpleBlocks with negative timestamps are now shown correctly. * mkvmerge:
Matroska reader: fixed handling BlockGroups and SimpleBlocks with negative
timestamps. * mkvmerge: MP3 packetizer: the MP3 packetizer will no longer drop
timestamps from source containers if they go backwards. This keeps A/V in sync
for files where the source was in sync even though their timestamps aren't
monotonic increasing. Fixes #1909. * mkvmerge: AVC/h.264 parser: mkvmerge will
now drop timestamps from the source container if no frame is emitted for that
timestamp. Fixes #1908. * mkvmerge: HEVC/h.265 parser: mkvmerge will now drop
timestamps from the source container if no frame is emitted for that
timestamp. Fixes the HEVC equivalent of the problem with AVC described in
#1908. * mkvextract: SSA/ASS: fixed extraction when the "Format" line in the
"[Events]" section contains less fields than the default for SSA/ASS would
indicate. Fixes #1913.
--------------------------------------------------------------------------------
================================================================================
php-cs-fixer-2.2.0-1.fc25 (FEDORA-2017-dae28c929f)
A tool to automatically fix PHP code style
--------------------------------------------------------------------------------
Update Information:
**Changelog for v2.2.0** * bug #2640 NoExtraConsecutiveBlankLinesFixer - Fix
single indent characters not working (ntzm) * feature #2220 Doctrine annotation
fixers (julienfalque) * feature #2431 MethodArgumentSpaceFixer: allow to retain
multiple spaces after comma (Slamdunk) * feature #2459 BracesFixer - Add option
for keeping opening brackets on the same line (jtojnar, SpacePossum) * feature
#2486 Add FunctionToConstantFixer (SpacePossum, keradus) * feature #2505
FunctionDeclarationFixer - Make space after anonymous function configurable
(jtojnar, keradus) * feature #2509 FullOpeningTagFixer - Ensure opening PHP tag
is lowercase (jtojnar) * feature #2532 FixCommand - add stop-on-violation option
(keradus) * feature #2591 Improve process output (julienfalque) * feature #2603
Add InvisibleSymbols Fixer (ivan1986, keradus) * feature #2642 Add
MagicConstantCasingFixer (ntzm) * feature #2657 PhpdocToCommentFixer - Allow
phpdoc for language constructs (ceeram, SpacePossum) * minor #2500 Configuration
resolver (julienfalque, SpacePossum, keradus) * minor #2566 Show more details on
errors and exceptions. (SpacePossum, julienfalque) * minor #2597 HHVM - bump
required version to 3.18 (keradus) * minor #2606 FixCommand - fix missing
comment close tag (keradus) * minor #2623 OrderedClassElementsFixer - remove
dead code (SpacePossum) * minor #2625 Update Symfony and Symfony:risky rulesets
(keradus) * minor #2626 TernaryToNullCoalescingFixer - adjust ruleset membership
and description (keradus) * minor #2635 ProjectCodeTest - watch that all classes
have dedicated tests (keradus) * minor #2647 DescribeCommandTest - remove
deprecated code usage (julienfalque) * minor #2648 Move non-code covering tests
to AutoReview subnamespace (keradus) * minor #2652 NoSpacesAroundOffsetFixerTest
- fix deprecation (keradus) * minor #2656 Code grooming (keradus) * minor #2659
Travis - speed up preparation for phar building (keradus) * minor #2660 Fixed
typo in suggest for ext-mbstring (pascal-hofmann) * minor #2661
NonPrintableCharacterFixer - include into Symfony:risky ruleset (keradus)
**Changelog for v2.1.3** * bug #2358 Cache - Deal with signature encoding
(keradus, GrahamCampbell) * bug #2475 Add shorthand array destructing support
(SpacePossum, keradus) * bug #2595 NoUnusedImportsFixer - Fix import usage
detection with properties (julienfalque) * bug #2605
PhpdocAddMissingParamAnnotationFixer, PhpdocOrderFixer - fix priority issue
(SpacePossum) * bug #2607 Fixers - better comments handling (SpacePossum) * bug
#2612 BracesFixer - Fix early bracket close for do-while loop inside an if
without brackets (felixgomez) * bug #2614 Ensure that '*Fixer::fix()' won't
crash when running on non-candidate collection (keradus) * bug #2630
HeaderCommentFixer - Fix trailing whitespace not removed after <?php
(julienfalque) * bug #2637 ToolInfo - use static dir check for composer
discovery (Slamdunk) * bug #2639 SemicolonAfterInstructionFixer - Handle
alternative syntax (SpacePossum) * bug #2645 HHVM: handle T_HH_ERROR (keradus) *
bug #2653 IsNullFixer - fix edge case (localheinz, kalessil) * bug #2654
PhpdocAddMissingParamAnnotationFixer - handle one-line docblocks (keradus) *
minor #2594 Travis - generate coverage report at 7.1 and clean up build matrix
(keradus) * minor #2613 HeaderCommentFixer - add missing case for exception
raising (keradus) * minor #2615 Add DescribeCommand test (julienfalque) * minor
#2616 Exclude more tests in phar version (keradus) * minor #2618 Update
README.rst (mhitza) * minor #2620 Finder - Remove `*.twig` as default
(SpacePossum) * minor #2641 Cookbook - remove information about levels (keradus)
* minor #2644 DescribeCommandTest - fix test execution on decorated console
(keradus) * minor #2655 AppVeyor - Cache Composer Installation (julienfalque)
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Core-2.28.3-1.fc25 (FEDORA-2017-7435176d07)
Horde Core Framework libraries
--------------------------------------------------------------------------------
Update Information:
**Horde_Core 2.28.3** * [mjr] Fix regression in loading vhost config files (Bug
#14605). ---- **Horde_Core 2.28.2** * [jan] Fix unpacking encrypted session
data ("User not authorized for ..." log messages). * [jan] Throw an exception
when accessing a non-existing API through the registry.
--------------------------------------------------------------------------------
================================================================================
snapd-2.23.6-2.fc25 (FEDORA-2017-37a7331620)
A transactional software package manager
--------------------------------------------------------------------------------
Update Information:
`snapd` 2.23.6 and `snapd-glib` 1.9 introduce support for using Snaps in Fedora.
`snapd` provides the Snappy system functionality, while `snapd-glib` enables
various applications to interact and integrate with `snapd`. See
https://snapcraft.io/ for more information on Snappy.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1390616 - Review Request: snapd-glib - Library providing a GLib interface to
snapd
https://bugzilla.redhat.com/show_bug.cgi?id=1390616
[ 2 ] Bug #1367825 - Review Request: snapd - The snapd and snap tools enable systems to
work with .snap files
https://bugzilla.redhat.com/show_bug.cgi?id=1367825
[ 3 ] Bug #1421274 - Is this ever going to be built?
https://bugzilla.redhat.com/show_bug.cgi?id=1421274
--------------------------------------------------------------------------------
================================================================================
snapd-glib-1.9-2.fc25 (FEDORA-2017-37a7331620)
Library providing a GLib interface to snapd
--------------------------------------------------------------------------------
Update Information:
`snapd` 2.23.6 and `snapd-glib` 1.9 introduce support for using Snaps in Fedora.
`snapd` provides the Snappy system functionality, while `snapd-glib` enables
various applications to interact and integrate with `snapd`. See
https://snapcraft.io/ for more information on Snappy.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1390616 - Review Request: snapd-glib - Library providing a GLib interface to
snapd
https://bugzilla.redhat.com/show_bug.cgi?id=1390616
[ 2 ] Bug #1367825 - Review Request: snapd - The snapd and snap tools enable systems to
work with .snap files
https://bugzilla.redhat.com/show_bug.cgi?id=1367825
[ 3 ] Bug #1421274 - Is this ever going to be built?
https://bugzilla.redhat.com/show_bug.cgi?id=1421274
--------------------------------------------------------------------------------
================================================================================
vulkan-1.0.42.2-1.fc25 (FEDORA-2017-b6c6d01f16)
Vulkan loader and validation layers
--------------------------------------------------------------------------------
Update Information:
Update to vulkan-1.0.42.2
--------------------------------------------------------------------------------
================================================================================
xcircuit-3.9.65-1.fc25 (FEDORA-2017-0ea33ae4a4)
Electronic circuit schematic drawing program
--------------------------------------------------------------------------------
Update Information:
New version 3.9.65 is released.
--------------------------------------------------------------------------------