The following Fedora 25 Security updates need testing:
Age URL
33
https://bodhi.fedoraproject.org/updates/FEDORA-2016-9b3ed5f170
chicken-4.11.0-3.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-39de4eb5e7
irssi-0.8.20-2.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-9b8717537a
libdwarf-20160923-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-666d95d1d5
php-ZendFramework-1.12.20-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-704e85cac2
python-django-1.9.10-1.fc25
The following Fedora 25 Critical Path updates have yet to be approved:
Age URL
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-df62d60ac2 pungi-4.1.8-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-35b79799c1
kernel-4.8.0-0.rc8.git0.1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-b806dfedca lorax-25.16-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-06e0cad5a1
poppler-0.45.0-2.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-429a9a85ba
linux-firmware-20160923-68.git42ad5367.fc25
The following builds have been pushed to Fedora 25 updates-testing
NetworkManager-strongswan-1.4.0-2.fc25
batctl-2016.3-1.fc25
crypto-policies-20160921-2.git75b9b04.fc25
drumkv1-0.7.6-1.fc25
edg-mkgridmap-4.0.4-1.fc25
execdb-0.0.7-4.fc25
gasnet-1.26.4-3.fc25
gfal2-2.12.2-1.fc25
gfal2-util-1.4.0-1.fc25
ghc-rpm-macros-1.6.9-1.fc25
ghc-snap-core-0.9.8.0-1.fc25
ghc-yaml-0.8.18.1-1.fc25
grass-7.0.4-2.fc25
gssproxy-0.5.1-3.fc25
haskell-platform-2016.7.10.3-2.fc25
kernel-4.8.0-0.rc8.git0.1.fc25
kf5-kirigami-1.1.0-1.fc25
libdvbpsi-1.3.0-3.fc25
libstoragemgmt-1.3.5-1.fc25
link-grammar-5.3.11-1.fc25
notmuch-0.22.2-1.fc25
ocaml-camlidl-1.05-35.fc25
pcp-3.11.5-1.fc25
perl-DateTime-Locale-1.08-1.fc25
perl-DateTime-TimeZone-2.04-1.fc25
php-ZendFramework-1.12.20-1.fc25
php-mongodb-1.0.3-1.fc25
php-nette-application-2.4.2-1.fc25
php-nette-di-2.4.3-1.fc25
php-nette-forms-2.4.2-1.fc25
php-nette-http-2.4.1-1.fc25
php-phpspec-3.1.1-1.fc25
python-django-1.9.10-1.fc25
python-pyroute2-0.4.8-1.fc25
python33-3.3.6-1.fc25
pywbem-0.9.0-2.fc25
qtractor-0.7.9-1.fc25
resultsdb_frontend-1.1.9-4.fc25
samplv1-0.7.6-1.fc25
sayonara-0.9.2-2.git20160920.fc25
scite-3.6.7-1.fc25
synthv1-0.7.6-1.fc25
yamllint-1.4.1-1.fc25
Details about builds:
================================================================================
NetworkManager-strongswan-1.4.0-2.fc25 (FEDORA-2016-a28f4702e9)
NetworkManager strongSwan IPSec VPN plug-in
--------------------------------------------------------------------------------
Update Information:
Bring back the missing D-Bus policy file.
--------------------------------------------------------------------------------
================================================================================
batctl-2016.3-1.fc25 (FEDORA-2016-f26aab5b55)
B.A.T.M.A.N. advanced control and management tool
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release
--------------------------------------------------------------------------------
================================================================================
crypto-policies-20160921-2.git75b9b04.fc25 (FEDORA-2016-10240c033d)
Crypto policies package for Fedora
--------------------------------------------------------------------------------
Update Information:
Improved messages on error.
--------------------------------------------------------------------------------
================================================================================
drumkv1-0.7.6-1.fc25 (FEDORA-2016-a4004dd296)
An old-school drum-kit sampler
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.6 of th V1 suite. See
http://www.rncbc.org/drupal/node/1699 for
details
--------------------------------------------------------------------------------
================================================================================
edg-mkgridmap-4.0.4-1.fc25 (FEDORA-2016-4275df8e65)
A tool to build the grid map-file from VO servers
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
================================================================================
execdb-0.0.7-4.fc25 (FEDORA-2016-707a2f48ed)
Execution status database for Taskotron
--------------------------------------------------------------------------------
Update Information:
new package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1346243 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1346243
--------------------------------------------------------------------------------
================================================================================
gasnet-1.26.4-3.fc25 (FEDORA-2016-2927fa727d)
A Portable High-Performance Communication Layer for GAS Languages
--------------------------------------------------------------------------------
Update Information:
Initial commit
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1375744 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1375744
--------------------------------------------------------------------------------
================================================================================
gfal2-2.12.2-1.fc25 (FEDORA-2016-a01b9f4904)
Grid file access library 2.0
--------------------------------------------------------------------------------
Update Information:
New upstream release 2.12.2
--------------------------------------------------------------------------------
================================================================================
gfal2-util-1.4.0-1.fc25 (FEDORA-2016-cc5c488da0)
GFAL2 utility tools
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
================================================================================
ghc-rpm-macros-1.6.9-1.fc25 (FEDORA-2016-23c83c1fa7)
RPM macros for building packages for GHC
--------------------------------------------------------------------------------
Update Information:
builds for ghc-7.10.3
--------------------------------------------------------------------------------
================================================================================
ghc-snap-core-0.9.8.0-1.fc25 (FEDORA-2016-23c83c1fa7)
Snap web framework core library
--------------------------------------------------------------------------------
Update Information:
builds for ghc-7.10.3
--------------------------------------------------------------------------------
================================================================================
ghc-yaml-0.8.18.1-1.fc25 (FEDORA-2016-23c83c1fa7)
Support for parsing and rendering YAML documents
--------------------------------------------------------------------------------
Update Information:
builds for ghc-7.10.3
--------------------------------------------------------------------------------
================================================================================
grass-7.0.4-2.fc25 (FEDORA-2016-a1655e4f02)
GRASS GIS - Geographic Resources Analysis Support System
--------------------------------------------------------------------------------
Update Information:
Generate rpm macro file for version tracking
--------------------------------------------------------------------------------
================================================================================
gssproxy-0.5.1-3.fc25 (FEDORA-2016-e9229ee82c)
GSSAPI Proxy
--------------------------------------------------------------------------------
Update Information:
Enable gssproxy to use other libverto backends to ease debugging.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1379812 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1379812
--------------------------------------------------------------------------------
================================================================================
haskell-platform-2016.7.10.3-2.fc25 (FEDORA-2016-23c83c1fa7)
Standard Haskell distribution
--------------------------------------------------------------------------------
Update Information:
builds for ghc-7.10.3
--------------------------------------------------------------------------------
================================================================================
kernel-4.8.0-0.rc8.git0.1.fc25 (FEDORA-2016-35b79799c1)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
The 4.8.0-rc8 update contains a number of important fixes across the tree.
--------------------------------------------------------------------------------
================================================================================
kf5-kirigami-1.1.0-1.fc25 (FEDORA-2016-aa4b40fb1e)
QtQuick plugins to build user interfaces based on the KDE UX guidelines
--------------------------------------------------------------------------------
Update Information:
KDE's lightweight user interface framework for mobile and convergent
applications.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1378445 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1378445
--------------------------------------------------------------------------------
================================================================================
libdvbpsi-1.3.0-3.fc25 (FEDORA-2016-96f2e83017)
Library for MPEG TS and DVB PSI tables decoding and generation
--------------------------------------------------------------------------------
Update Information:
Package moved to fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1376450 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1376450
--------------------------------------------------------------------------------
================================================================================
libstoragemgmt-1.3.5-1.fc25 (FEDORA-2016-32ad63b730)
Storage array management library
--------------------------------------------------------------------------------
Update Information:
Upgrade to version 1.3.5: * Bug fixes: * Fix anon_uid/anon_gid handling.
* Fix HPSA plugin on capabilities, system status, system mode. * Fix running
lsmcli on python 2.6. * Fix missing vpd83 optional property in C library. *
Enhancement: * Rewrite C simulator plugin to support state saving.
--------------------------------------------------------------------------------
================================================================================
link-grammar-5.3.11-1.fc25 (FEDORA-2016-d745cd0b72)
A full-service natural language dependency parser
--------------------------------------------------------------------------------
Update Information:
Fix minisat2 conflict.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1378250 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1378250
--------------------------------------------------------------------------------
================================================================================
notmuch-0.22.2-1.fc25 (FEDORA-2016-f7b24f192f)
System for indexing, searching, and tagging email
--------------------------------------------------------------------------------
Update Information:
Latest upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1330998 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1330998
--------------------------------------------------------------------------------
================================================================================
ocaml-camlidl-1.05-35.fc25 (FEDORA-2016-6138c231db)
Stub code generator and COM binding for Objective Caml
--------------------------------------------------------------------------------
Update Information:
fix build on interpreter-only platforms (s390x)
--------------------------------------------------------------------------------
================================================================================
pcp-3.11.5-1.fc25 (FEDORA-2016-8d14b648a5)
System-level performance monitoring and performance management
--------------------------------------------------------------------------------
Update Information:
Update to latest PCP sources, enhancements and bugfixes. See CHANGELOG for
details.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1365658 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1365658
[ 2 ] Bug #1249123 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1249123
[ 3 ] Bug #1375415 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1375415
--------------------------------------------------------------------------------
================================================================================
perl-DateTime-Locale-1.08-1.fc25 (FEDORA-2016-eda8324e9c)
Localization support for DateTime.pm
--------------------------------------------------------------------------------
Update Information:
Updated to the latest version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1376997 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1376997
--------------------------------------------------------------------------------
================================================================================
perl-DateTime-TimeZone-2.04-1.fc25 (FEDORA-2016-691b144ec3)
Time zone object base class and factory
--------------------------------------------------------------------------------
Update Information:
Updated to the latest version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1376998 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1376998
--------------------------------------------------------------------------------
================================================================================
php-ZendFramework-1.12.20-1.fc25 (FEDORA-2016-666d95d1d5)
Leading open-source PHP framework
--------------------------------------------------------------------------------
Update Information:
Probably the last update for Zend Framework 1 as it is being EOLd on September
28, 2016. Fixes two security issues, CVE-2016-4861 and CVE-2016-6233
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1376341 - CVE-2016-4861 php-ZendFramework: ZendFramework: SQL injection
vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1376341
[ 2 ] Bug #1357553 - CVE-2016-6233 php-ZendFramework: ZendFramework: Potential SQL
injection in ORDER and GROUP statements of Zend_Db_Select [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1357553
--------------------------------------------------------------------------------
================================================================================
php-mongodb-1.0.3-1.fc25 (FEDORA-2016-116bf7dd77)
MongoDB driver library
--------------------------------------------------------------------------------
Update Information:
**Version 1.0.3** *
[
PHPLIB-193](https://jira.mongodb.org/browse/PHPLIB-193) - Unset typeMap key
before passing driverOptions to Manager constructor *
[
PHPLIB-219](https://jira.mongodb.org/browse/PHPLIB-219) - FindAndModify
writeConcern option is sent as empty document
--------------------------------------------------------------------------------
================================================================================
php-nette-application-2.4.2-1.fc25 (FEDORA-2016-8ef17382ab)
Nette Application MVC Component
--------------------------------------------------------------------------------
Update Information:
**Version 2.4.2** * UI: added support for PHP 7.1 nullable types * Revert
"Presenter: invalid component name in signal throws BadSignalException" *
MicroPresenter: fixed passing of services to closure in 2.4 *
ComponentReflection::combineArgs() throws InvalidArgumentException instead
BadRequestException when incompatible type is object * Route: fixed PHP
warning "strpos(): Offset not contained in string" (#154) *
ComponentReflection::parseAnnotation: fix false positive annotation parsing
(#151)
--------------------------------------------------------------------------------
================================================================================
php-nette-di-2.4.3-1.fc25 (FEDORA-2016-7d4bc47f5a)
Nette Dependency Injection Component
--------------------------------------------------------------------------------
Update Information:
**Version 2.4.3** * Helpers::autowireArguments() can handle PHP 7.1
nullable types * PhpReflection::getReturnType() can handle PHP 7.1 nullable
types * PhpReflection::getParameterType() can handle PHP 7.1 nullable types
(#126) * PhpReflection::getParameterType() supports type 'self' *
DependencyChecker: takes into account if class is abstract *
InjectExtension::getInjectMethods() correct order of methods in traits *
PhpReflection: support PHP 7 group use statements (#125) * DependencyChecker:
do not call getParameterType() in PHP < 7 #124 * Compiler: improved
overwriting of single arguments
--------------------------------------------------------------------------------
================================================================================
php-nette-forms-2.4.2-1.fc25 (FEDORA-2016-0b8b8a6550)
Nette Forms: greatly facilitates web forms
--------------------------------------------------------------------------------
Update Information:
**Version 2.4.2** * netteForms.js: cannot use range() to validate min/max
(#136) * netteForms.js: added argument 'onlyCheck' to validateForm() #133 *
netteForms.js: validity of input=number is checked in 'onlyCheck' mode *
Rules::validate() processes all conditions * fixed compatibility with PHP 7.1
* netteForms.js: fixed compatiblity with IE 8 (#127)
--------------------------------------------------------------------------------
================================================================================
php-nette-http-2.4.1-1.fc25 (FEDORA-2016-db93824d4d)
Nette HTTP Component
--------------------------------------------------------------------------------
Update Information:
**Version 2.4.1** * FileUpload: added hasFile() (#97) * Url::getHostUrl()
doesn't return empty // #96 * Session: max session id length is 256 #105 *
Session: used static access to $started (#104) * FileUpload: missing variable
#98 * RequestFactory: improved checking of $_FILES structure
--------------------------------------------------------------------------------
================================================================================
php-phpspec-3.1.1-1.fc25 (FEDORA-2016-d148ae167c)
Specification-oriented BDD framework for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 3.1.1** / 2016-09-26 * [fixed] Accidental linebreaks in spec name are
not allowed (@randompixel) * [fixed] Throwable can be passed as instance to
shouldThrow (@jameshalsall)
--------------------------------------------------------------------------------
================================================================================
python-django-1.9.10-1.fc25 (FEDORA-2016-704e85cac2)
A high-level Python Web framework
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-7401
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1377376 - CVE-2016-7401 python-django: CSRF protection bypass on a site with
Google Analytics
https://bugzilla.redhat.com/show_bug.cgi?id=1377376
--------------------------------------------------------------------------------
================================================================================
python-pyroute2-0.4.8-1.fc25 (FEDORA-2016-094dd0e103)
Pure Python netlink library
--------------------------------------------------------------------------------
Update Information:
uplift to 0.4.x
--------------------------------------------------------------------------------
================================================================================
python33-3.3.6-1.fc25 (FEDORA-2016-8b386b8f94)
Version 3.3 of the Python programming language
--------------------------------------------------------------------------------
Update Information:
Version 3.3 of the Python programming language
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1373487 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1373487
--------------------------------------------------------------------------------
================================================================================
pywbem-0.9.0-2.fc25 (FEDORA-2016-e80d4f9eac)
Python2 WBEM Client and Provider Interface
--------------------------------------------------------------------------------
Update Information:
Changes: * Upgrade to latest upstream version 0.9.0. * New python3 support
in sub-package python3-pywbem.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1375892 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1375892
--------------------------------------------------------------------------------
================================================================================
qtractor-0.7.9-1.fc25 (FEDORA-2016-2fea9f9e1c)
Audio/MIDI multi-track sequencer
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.9 see
http://qtractor.sourceforge.net/#Downloads for details
--------------------------------------------------------------------------------
================================================================================
resultsdb_frontend-1.1.9-4.fc25 (FEDORA-2016-16621fdec8)
Frontend for the ResultsDB
--------------------------------------------------------------------------------
Update Information:
new package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1346245 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1346245
--------------------------------------------------------------------------------
================================================================================
samplv1-0.7.6-1.fc25 (FEDORA-2016-a4004dd296)
A polyphonic sampler synthesizer with stereo fx
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.6 of th V1 suite. See
http://www.rncbc.org/drupal/node/1699 for
details
--------------------------------------------------------------------------------
================================================================================
sayonara-0.9.2-2.git20160920.fc25 (FEDORA-2016-370afd1d23)
A lightweight Qt Audio player
--------------------------------------------------------------------------------
Update Information:
- Add Requires gstreamer1-plugins-bad-free - Rebuild for sayonara (git tag
0.9.2-git4-20160920) - Spec file cleanup - Changed git revision tag
--------------------------------------------------------------------------------
================================================================================
scite-3.6.7-1.fc25 (FEDORA-2016-0dc69a059f)
SCIntilla based GTK2 text editor
--------------------------------------------------------------------------------
Update Information:
Update to 3.6.7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1317256 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1317256
--------------------------------------------------------------------------------
================================================================================
synthv1-0.7.6-1.fc25 (FEDORA-2016-a4004dd296)
A 4-oscillator subtractive polyphonic synthesizer
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.6 of th V1 suite. See
http://www.rncbc.org/drupal/node/1699 for
details
--------------------------------------------------------------------------------
================================================================================
yamllint-1.4.1-1.fc25 (FEDORA-2016-fd942dd145)
A linter for YAML files
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream version
--------------------------------------------------------------------------------