The following Fedora 25 Security updates need testing:
Age URL
139
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25
38
https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e
python-XStatic-jquery-ui-1.12.0.1-4.fc25
18
https://bodhi.fedoraproject.org/updates/FEDORA-2017-f85c37ae3d
squirrelmail-1.4.22-19.fc25
11
https://bodhi.fedoraproject.org/updates/FEDORA-2017-8d625a8d2b lynis-2.5.0-1.fc25
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-58170ecb09
jbig2dec-0.12-4.fc25
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-9699cf7eac mupdf-1.10a-6.fc25
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-2cc18e2b3b smb4k-1.2.2-3.fc25
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-cfc20d5d45
jasper-1.900.13-4.fc25
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a8f4562bf5
postgresql-9.5.7-1.fc25
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-cc606f1001
chicken-4.12.0-2.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7fc53a671f
deluge-1.3.15-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6950ea5d05
pcmanfm-1.2.5-2.fc25 menu-cache-1.0.2-4.D20170514git56f6668459.fc25
lxterminal-0.3.0-3.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-410749716d
FlightGear-2016.3.1-4.fc25
The following Fedora 25 Critical Path updates have yet to be approved:
Age URL
10
https://bodhi.fedoraproject.org/updates/FEDORA-2017-9ecf41f097
python-productmd-1.7-1.fc25
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6d5aa85fd7
livecd-tools-24.4-1.fc25
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-f30fb666b2
python-beautifulsoup4-4.6.0-1.fc25
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-41124b7b1d
qt5-qtbase-5.7.1-16.fc25
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-cfc20d5d45
jasper-1.900.13-4.fc25
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-01d88d3c06
ipxe-20161108-1.gitb991c67.fc25
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-e504c7cb8f
nss-3.30.2-1.1.fc25
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-116fdd792f
pungi-4.1.15-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6a5530c175
gtk3-3.22.15-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6950ea5d05
pcmanfm-1.2.5-2.fc25 menu-cache-1.0.2-4.D20170514git56f6668459.fc25
lxterminal-0.3.0-3.fc25
The following builds have been pushed to Fedora 25 updates-testing
FlightGear-2016.3.1-4.fc25
aisleriot-3.22.2-1.fc25
gtk3-3.22.15-1.fc25
gucharmap-9.0.4-1.fc25
hitori-3.22.3-1.fc25
lightdm-settings-1.0.5-1.fc25
lxterminal-0.3.0-3.fc25
magic-8.1.166-1.fc25
mapserver-7.0.5-1.git208bb3a.fc25
menu-cache-1.0.2-4.D20170514git56f6668459.fc25
mint-x-icons-1.4.2-4.fc25
pcmanfm-1.2.5-2.fc25
perl-Devel-PPPort-3.36-1.fc25
perl-IPC-Cmd-0.98-1.fc25
perl-Inline-C-0.77-1.fc25
perl-Net-HTTP-6.15-1.fc25
php-egulias-email-validator-1.2.13-3.fc25
php-gitter-0.3.0-8.fc25
php-gliph-0.1.8-7.fc25
php-guzzlehttp-guzzle-5.3.1-3.fc25
php-guzzlehttp-ringphp-1.1.0-9.fc25
php-guzzlehttp-streams-3.0.0-9.fc25
php-pecl-xdebug-2.5.4-1.fc25
puzzle-master-2.5.3-1.fc25
qmapshack-1.8.1-1.fc25
xfce4-terminal-0.8.5.1-1.fc25
Details about builds:
================================================================================
FlightGear-2016.3.1-4.fc25 (FEDORA-2017-410749716d)
The FlightGear Flight Simulator
--------------------------------------------------------------------------------
Update Information:
This updates fixes a security bug in the route manager, to prevent it from
overwriting arbitrary files (CVE-2017-8921)
--------------------------------------------------------------------------------
================================================================================
aisleriot-3.22.2-1.fc25 (FEDORA-2017-aeb21d856e)
A collection of card games
--------------------------------------------------------------------------------
Update Information:
aisleriot 3.22.2 release with translation updates.
--------------------------------------------------------------------------------
================================================================================
gtk3-3.22.15-1.fc25 (FEDORA-2017-6a5530c175)
The GIMP ToolKit (GTK+), a library for creating GUIs for X
--------------------------------------------------------------------------------
Update Information:
gtk+ 3.22.15 release. For details, see: *
https://mail.gnome.org/archives/ftp-
release-list/2017-May/msg00043.html *
https://mail.gnome.org/archives/ftp-
release-list/2017-May/msg00050.html *
https://mail.gnome.org/archives/ftp-
release-list/2017-May/msg00057.html
--------------------------------------------------------------------------------
================================================================================
gucharmap-9.0.4-1.fc25 (FEDORA-2017-5797b99c30)
Unicode character picker and font browser
--------------------------------------------------------------------------------
Update Information:
gucharmap 9.0.4 release with translation updates.
--------------------------------------------------------------------------------
================================================================================
hitori-3.22.3-1.fc25 (FEDORA-2017-828196431e)
Logic puzzle game for GNOME
--------------------------------------------------------------------------------
Update Information:
hitori 3.22.3 release. For details, see
https://mail.gnome.org/archives/ftp-
release-list/2017-April/msg00214.html
--------------------------------------------------------------------------------
================================================================================
lightdm-settings-1.0.5-1.fc25 (FEDORA-2017-c30d8a502c)
Configuration tool for the LightDM display manager
--------------------------------------------------------------------------------
Update Information:
* New upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1450706 - lightdm-settings-1.0.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1450706
--------------------------------------------------------------------------------
================================================================================
lxterminal-0.3.0-3.fc25 (FEDORA-2017-6950ea5d05)
Desktop-independent VTE-based terminal emulator
--------------------------------------------------------------------------------
Update Information:
A potential security flaw is found on LXDE products, which create socket under
/tmp with some predictable names, which may leads to DOS. The security flow on
lxterminal is now assigned as CVE-2016-10369. Some other components also had
similar issues. These new rpms should fix these issues. At least relogin is
required to make this fix effect.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1449114 - CVE-2016-10369 lxterminal: Insecure use of /tmp for a socket file
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1449114
--------------------------------------------------------------------------------
================================================================================
magic-8.1.166-1.fc25 (FEDORA-2017-5187753978)
A very capable VLSI layout tool
--------------------------------------------------------------------------------
Update Information:
New version 8.1.166 is released.
--------------------------------------------------------------------------------
================================================================================
mapserver-7.0.5-1.git208bb3a.fc25 (FEDORA-2017-d4df066361)
Environment for building spatially-enabled internet applications
--------------------------------------------------------------------------------
Update Information:
Update to 7.0.5
--------------------------------------------------------------------------------
================================================================================
menu-cache-1.0.2-4.D20170514git56f6668459.fc25 (FEDORA-2017-6950ea5d05)
Caching mechanism for
freedesktop.org compliant menus
--------------------------------------------------------------------------------
Update Information:
A potential security flaw is found on LXDE products, which create socket under
/tmp with some predictable names, which may leads to DOS. The security flow on
lxterminal is now assigned as CVE-2016-10369. Some other components also had
similar issues. These new rpms should fix these issues. At least relogin is
required to make this fix effect.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1449114 - CVE-2016-10369 lxterminal: Insecure use of /tmp for a socket file
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1449114
--------------------------------------------------------------------------------
================================================================================
mint-x-icons-1.4.2-4.fc25 (FEDORA-2017-49a9e8e245)
Icon theme for Linux Mint
--------------------------------------------------------------------------------
Update Information:
Fix wifi icons
--------------------------------------------------------------------------------
================================================================================
pcmanfm-1.2.5-2.fc25 (FEDORA-2017-6950ea5d05)
Extremly fast and lightweight file manager
--------------------------------------------------------------------------------
Update Information:
A potential security flaw is found on LXDE products, which create socket under
/tmp with some predictable names, which may leads to DOS. The security flow on
lxterminal is now assigned as CVE-2016-10369. Some other components also had
similar issues. These new rpms should fix these issues. At least relogin is
required to make this fix effect.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1449114 - CVE-2016-10369 lxterminal: Insecure use of /tmp for a socket file
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1449114
--------------------------------------------------------------------------------
================================================================================
perl-Devel-PPPort-3.36-1.fc25 (FEDORA-2017-d728c1dcb3)
Perl Pollution Portability header generator
--------------------------------------------------------------------------------
Update Information:
This release fixes building on Perl without "." in @INC path.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1450650 - perl-Devel-PPPort-3.36 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1450650
--------------------------------------------------------------------------------
================================================================================
perl-IPC-Cmd-0.98-1.fc25 (FEDORA-2017-64d82d382c)
Finding and running system commands made easy
--------------------------------------------------------------------------------
Update Information:
This release fixes can_run() test not to search working directory. It also adds
wait_loop_callback for run_forked().
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1450538 - perl-IPC-Cmd-0.98 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1450538
--------------------------------------------------------------------------------
================================================================================
perl-Inline-C-0.77-1.fc25 (FEDORA-2017-06e6373ea2)
Write Perl subroutines in C
--------------------------------------------------------------------------------
Update Information:
This release fixes tests and updates documentation.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1450537 - perl-Inline-C-0.77 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1450537
--------------------------------------------------------------------------------
================================================================================
perl-Net-HTTP-6.15-1.fc25 (FEDORA-2017-fd9aa2b5d0)
Low-level HTTP connection (client)
--------------------------------------------------------------------------------
Update Information:
This release fixes a test.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1450543 - perl-Net-HTTP-6.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1450543
--------------------------------------------------------------------------------
================================================================================
php-egulias-email-validator-1.2.13-3.fc25 (FEDORA-2017-b1ebeb526b)
A library for validating emails
--------------------------------------------------------------------------------
Update Information:
Switch autoloader to `php-fedora-autoloader`
--------------------------------------------------------------------------------
================================================================================
php-gitter-0.3.0-8.fc25 (FEDORA-2017-b1ebeb526b)
Object oriented interaction with Git repositories
--------------------------------------------------------------------------------
Update Information:
Switch autoloader to `php-fedora-autoloader`
--------------------------------------------------------------------------------
================================================================================
php-gliph-0.1.8-7.fc25 (FEDORA-2017-b1ebeb526b)
A graph library for PHP
--------------------------------------------------------------------------------
Update Information:
Switch autoloader to `php-fedora-autoloader`
--------------------------------------------------------------------------------
================================================================================
php-guzzlehttp-guzzle-5.3.1-3.fc25 (FEDORA-2017-b1ebeb526b)
PHP HTTP client and webservice framework
--------------------------------------------------------------------------------
Update Information:
Switch autoloader to `php-fedora-autoloader`
--------------------------------------------------------------------------------
================================================================================
php-guzzlehttp-ringphp-1.1.0-9.fc25 (FEDORA-2017-b1ebeb526b)
Simple handler system used to power clients and servers in PHP
--------------------------------------------------------------------------------
Update Information:
Switch autoloader to `php-fedora-autoloader`
--------------------------------------------------------------------------------
================================================================================
php-guzzlehttp-streams-3.0.0-9.fc25 (FEDORA-2017-b1ebeb526b)
Provides a simple abstraction over streams of data
--------------------------------------------------------------------------------
Update Information:
Switch autoloader to `php-fedora-autoloader`
--------------------------------------------------------------------------------
================================================================================
php-pecl-xdebug-2.5.4-1.fc25 (FEDORA-2017-da9b8c1a42)
PECL package for debugging PHP scripts
--------------------------------------------------------------------------------
Update Information:
** Xdebug 2.5.4** - 2017-05-15 * Fixed bug #799: Function traces report base
class instead of object name * Fixed bug #1421: Fix set_time_limit hanging on
PHP 5.6 when pcntl_exec does not exist (Frode E. Moe) * Fixed bug #1429: Code
coverage does not cover null coalesce * Fixed bug #1434: Code coverage
segfaults on 32-bit arch
--------------------------------------------------------------------------------
================================================================================
puzzle-master-2.5.3-1.fc25 (FEDORA-2017-db507bd924)
Fun jigsaw puzzle game
--------------------------------------------------------------------------------
Update Information:
Use new upstream release v2.5.3
--------------------------------------------------------------------------------
================================================================================
qmapshack-1.8.1-1.fc25 (FEDORA-2017-689420e0e2)
GPS mapping and management tool
--------------------------------------------------------------------------------
Update Information:
- updated to 1.8.1 -
https://bitbucket.org/maproom/qmapshack/raw/87b93cd14edc78c
57da70b66b33b013965d6dfe2/changelog.txt
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1450653 - qmapshack-1.8.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1450653
--------------------------------------------------------------------------------
================================================================================
xfce4-terminal-0.8.5.1-1.fc25 (FEDORA-2017-3d226f0c56)
Terminal Emulator for the Xfce Desktop environment
--------------------------------------------------------------------------------
Update Information:
- Update to 0.8.5.1 - lots of bug fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1431694 - [abrt] xfce4-terminal: _vte_table_free(): xfce4-terminal killed by
SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1431694
[ 2 ] Bug #1353342 - xfce4-terminal disappears on remote display when monitor goes into
energy saving mode
https://bugzilla.redhat.com/show_bug.cgi?id=1353342
[ 3 ] Bug #1349050 - [abrt] xfce4-terminal: _g_log_abort(): xfce4-terminal killed by
SIGTRAP
https://bugzilla.redhat.com/show_bug.cgi?id=1349050
[ 4 ] Bug #1427164 - [abrt] xfce4-terminal: rawmemchr(): xfce4-terminal killed by
SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1427164
--------------------------------------------------------------------------------