The following Fedora 25 Security updates need testing:
Age URL
146
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25
45
https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e
python-XStatic-jquery-ui-1.12.0.1-4.fc25
25
https://bodhi.fedoraproject.org/updates/FEDORA-2017-f85c37ae3d
squirrelmail-1.4.22-19.fc25
18
https://bodhi.fedoraproject.org/updates/FEDORA-2017-8d625a8d2b lynis-2.5.0-1.fc25
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-410749716d
FlightGear-2016.3.1-4.fc25
6
https://bodhi.fedoraproject.org/updates/FEDORA-2017-40a6d19c7b
FlightCrew-0.9.1-7.fc25
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d968f5a95f
wordpress-4.7.5-1.fc25
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-0e08170fd3
libvncserver-0.9.11-2.fc25.1
4
https://bodhi.fedoraproject.org/updates/FEDORA-2017-4cc8d795e0
moodle-3.1.6-1.fc25
3
https://bodhi.fedoraproject.org/updates/FEDORA-2017-5135c91b36 mupdf-1.10a-7.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-a3c7d077c7
perltidy-20170521-1.fc25
The following Fedora 25 Critical Path updates have yet to be approved:
Age URL
14
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6d5aa85fd7
livecd-tools-24.4-1.fc25
10
https://bodhi.fedoraproject.org/updates/FEDORA-2017-116fdd792f
pungi-4.1.15-1.fc25
7
https://bodhi.fedoraproject.org/updates/FEDORA-2017-6a5530c175
gtk3-3.22.15-1.fc25
5
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b8d8e95f8a
tigervnc-1.8.0-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-1a705b1ff4
libtiff-4.0.8-1.fc25
0
https://bodhi.fedoraproject.org/updates/FEDORA-2017-4d461d73e5
libinput-1.6.3-5.fc25
The following builds have been pushed to Fedora 25 updates-testing
R-Rcpp-0.12.11-1.fc25
cacti-1.1.7-1.fc25
composer-1.4.2-2.fc25
gnome-gmail-2.4-1.fc25
libinput-1.6.3-5.fc25
librdkafka-0.9.5-1.fc25
libtiff-4.0.8-1.fc25
lilypond-2.19.61-1.fc25
lilypond-doc-2.19.61-1.fc25
mingw-mediawriter-4.1.0-1.fc25
nasm-2.13.01-1.fc25
perltidy-20170521-1.fc25
php-latte-2.4.4-1.fc25
php-pear-Mail-Mime-1.10.1-1.fc25
php-phpunit-diff-1.4.3-1.fc25
php-zendframework-zend-filter-2.7.2-1.fc25
php-zendframework-zend-form-2.10.2-1.fc25
php-zendframework-zend-i18n-2.7.4-1.fc25
php-zendframework-zend-inputfilter-2.7.4-1.fc25
php-zendframework-zend-log-2.9.2-1.fc25
php-zendframework-zend-validator-2.9.1-1.fc25
python-pytoml-0.1.13-1.git270397b.fc25
Details about builds:
================================================================================
R-Rcpp-0.12.11-1.fc25 (FEDORA-2017-ae8c50af22)
Seamless R and C++ Integration
--------------------------------------------------------------------------------
Update Information:
https://cran.r-project.org/web/packages/Rcpp/news.html
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1453062 - Version 0.12.11 was released
https://bugzilla.redhat.com/show_bug.cgi?id=1453062
--------------------------------------------------------------------------------
================================================================================
cacti-1.1.7-1.fc25 (FEDORA-2017-fb86a4307b)
An rrd based graphing tool
--------------------------------------------------------------------------------
Update Information:
- Update to 1.1.7 Release notes:
http://www.cacti.net/release_notes.php?version=1.1.7
--------------------------------------------------------------------------------
================================================================================
composer-1.4.2-2.fc25 (FEDORA-2017-2e98abe35c)
Dependency Manager for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 1.4.2** - 2017-05-17 * Fixed Bitbucket API handler parsing old
deleted branches in hg repos * Fixed regression in gitlab downloads * Fixed
output inconsistencies * Fixed unicode handling in `init` command for author
names * Fixed useless warning when doing partial updates/removes on packages
that are not currently installed * Fixed xdebug disabling issue when combined
with disable_functions and allow_url_fopen CLI overrides
--------------------------------------------------------------------------------
================================================================================
gnome-gmail-2.4-1.fc25 (FEDORA-2017-a7aed4baa7)
Integrate GMail into the GNOME desktop
--------------------------------------------------------------------------------
Update Information:
Update to 2.4, hack to work with Wayland
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1452973 - gnome-gmail-2.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1452973
--------------------------------------------------------------------------------
================================================================================
libinput-1.6.3-5.fc25 (FEDORA-2017-4d461d73e5)
Input device library
--------------------------------------------------------------------------------
Update Information:
Install a hwdb file to tag lid switches as such, this is missing from systemd as
shipped in F25
--------------------------------------------------------------------------------
================================================================================
librdkafka-0.9.5-1.fc25 (FEDORA-2017-be1303cc16)
The Apache Kafka C library
--------------------------------------------------------------------------------
Update Information:
Update to 0.9.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1440747 - librdkafka-v0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1440747
--------------------------------------------------------------------------------
================================================================================
libtiff-4.0.8-1.fc25 (FEDORA-2017-1a705b1ff4)
Library of functions for manipulating TIFF format image files
--------------------------------------------------------------------------------
Update Information:
New upstream release **4.0.8** with a lot of bugfixes, mostly security fixes.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1453030 - libtiff-4.0.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1453030
--------------------------------------------------------------------------------
================================================================================
lilypond-2.19.61-1.fc25 (FEDORA-2017-cf056e534d)
A typesetting system for music notation
--------------------------------------------------------------------------------
Update Information:
2.19.61
--------------------------------------------------------------------------------
================================================================================
lilypond-doc-2.19.61-1.fc25 (FEDORA-2017-cf056e534d)
HTML documentation for LilyPond
--------------------------------------------------------------------------------
Update Information:
2.19.61
--------------------------------------------------------------------------------
================================================================================
mingw-mediawriter-4.1.0-1.fc25 (FEDORA-2017-542a9b8cdf)
Fedora Media Writer
--------------------------------------------------------------------------------
Update Information:
Update to 4.1.0
--------------------------------------------------------------------------------
================================================================================
nasm-2.13.01-1.fc25 (FEDORA-2017-52eb99a430)
A portable x86 assembler which uses Intel-like syntax
--------------------------------------------------------------------------------
Update Information:
Rebase to upstream version 2.13.01
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1453012 - F25 needs nasm-2.13 too
https://bugzilla.redhat.com/show_bug.cgi?id=1453012
--------------------------------------------------------------------------------
================================================================================
perltidy-20170521-1.fc25 (FEDORA-2017-a3c7d077c7)
Tool for indenting and re-formatting Perl scripts
--------------------------------------------------------------------------------
Update Information:
Cumulative bug-fix, enhancement and security update, including fix for
CVE-2016-10374: perltidy relies on the current working directory for certain
output files and did not have a symlink-attack protection mechanism, which
allowed local users to overwrite arbitrary files by creating a symlink, as
demonstrated by creating a perltidy.ERR symlink that the victim could not
delete.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1452050 - CVE-2016-10374 perltidy: Uses current working directory without
symlink-attack protection
https://bugzilla.redhat.com/show_bug.cgi?id=1452050
--------------------------------------------------------------------------------
================================================================================
php-latte-2.4.4-1.fc25 (FEDORA-2017-885138632d)
Latte: the amazing template engine for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 2.4.4** * n:class supports BEM (#156) * Filters: trim() is
content type aware * macro n:attr expands array (#158) * Filters:
independent on utf8_decode() * strict type fixes * fixed phpDoc
--------------------------------------------------------------------------------
================================================================================
php-pear-Mail-Mime-1.10.1-1.fc25 (FEDORA-2017-f3b61e30b4)
Classes to create MIME messages
--------------------------------------------------------------------------------
Update Information:
**Version 1.10.1** * Fix Bug pear#21206: explodeQuotedString() does not handle
quoted strings correctly [dfukagaw28] * Fix Bug pear#21205: Invalid encoding of
headers with quoted multibyte strings in non-unicode charset [dfukagaw28] * Fix
Bug pear#21098: Discrepancy in handling of empty (but set) plain text part
[alec]
--------------------------------------------------------------------------------
================================================================================
php-phpunit-diff-1.4.3-1.fc25 (FEDORA-2017-3611132331)
Diff implementation
--------------------------------------------------------------------------------
Update Information:
Latest upstream **version 1.4.2**. No changelog available, upstream doesn't
care, feel free to open [an
issue](https://github.com/sebastianbergmann/diff/issues).
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zend-filter-2.7.2-1.fc25 (FEDORA-2017-b9c7aaa3fa)
Zend Framework Filter component
--------------------------------------------------------------------------------
Update Information:
**Version 2.7.2** - 2017-05-17 * Changes -
[#40](https://github.com/zendframework/zend-filter/pull/40) updates the
`Callback` filter's `setCallback()` method to allow passing a string name of a
class that is instantiable without constructor arguments, and which defines
`__invoke()`. - [#43](https://github.com/zendframework/zend-filter/pull/43)
updates the exception thrown by the `File\Rename` filter when the target
already exists to indicate the target filename path. * Fixed -
[#56](https://github.com/zendframework/zend-filter/pull/56) fixes how the
`FilterPluginManagerFactory` factory initializes the plugin manager instance,
ensuring it is injecting the relevant configuration from the `config` service
and thus seeding it with configured translator loader services. This means
that the `filters` configuration will now be honored in non-zend-mvc contexts.
- [#36](https://github.com/zendframework/zend-filter/pull/36) fixes an issue in
the constructor whereby a discovered option was not removed from the options
list after being used to set the compression algorithm. -
[#49](https://github.com/zendframework/zend-filter/pull/49) and
[#51](https://github.com/zendframework/zend-filter/pull/51) fix logic within
the `Boolean` and `ToNull` filters to use boolean rather than arithmetic
operations, ensuring that if the same type is specified multiple times via the
options, it will be aggregated correctly internally, and thus ensure correct
operation of the filter. - [#55](https://github.com/zendframework/zend-
filter/pull/55) adds a missing import statement to the
`Word\SeparatorToSeparatorFactory`.
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zend-form-2.10.2-1.fc25 (FEDORA-2017-288938765c)
Zend Framework Form component
--------------------------------------------------------------------------------
Update Information:
**Version 2.10.2** - 2017-05-18 * Fixed -
[#161](https://github.com/zendframework/zend-form/pull/161) adds an import
statement to the `ElementFactory`, fixing an error whereby checks for
`Traversable` creation options would lead to a service creation exception;
these now correctly identify traversable options and convert them to an array.
- [#164](https://github.com/zendframework/zend-form/pull/164) fixes how the
`FormElementManagerFactory` factory initializes the plugin manager instance,
ensuring it is injecting the relevant configuration from the `config` service
and thus seeding it with configured form/form element services. This means
that the `form_elements` configuration will now be honored in non-zend-mvc
contexts. - [#159](https://github.com/zendframework/zend-form/pull/159)
fixes the behavior of the `min` and `max` attributes of the various `DateTime`
elements, ensuring that the elements raise an exception during instantiation
if the values provided are in a format that `DateTime` does not recognize for
the element type in question.
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zend-i18n-2.7.4-1.fc25 (FEDORA-2017-8647708c31)
Zend Framework I18n component
--------------------------------------------------------------------------------
Update Information:
**Version 2.7.4** - 2017-05-17 * Changes -
[#65](https://github.com/zendframework/zend-i18n/pull/65) updates the
`PostCode` validation for Ireland to support Eircode (
https://www.eircode.ie
/what-is-eircode) * Fixed - [#74](https://github.com/zendframework/zend-
i18n/pull/74) fixes how the `LoaderPluginManagerFactory` factory initializes
the plugin manager instance, ensuring it is injecting the relevant
configuration from the `config` service and thus seeding it with configured
translator loader services. This means that the `translator_plugins`
configuration will now be honored in non-zend-mvc contexts. -
[#56](https://github.com/zendframework/zend-i18n/pull/56) adds more aliases to
the `LoaderPluginManager` to ensure different cAsIng strategies will still
resolve translation loaders under zend-servicemanager v3. -
[#62](https://github.com/zendframework/zend-i18n/pull/62) fixes an issue with
how the gettext adapter resolves `PoEdit` source keywords when a text_domain is
defined. - [#73](https://github.com/zendframework/zend-i18n/pull/73)
provides a workaround within the `CurrencyFormat` view helper for an ICU bug
(
http://bugs.icu-project.org/trac/ticket/10997).
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zend-inputfilter-2.7.4-1.fc25 (FEDORA-2017-b4df6bb404)
Zend Framework InputFilter component
--------------------------------------------------------------------------------
Update Information:
**Version 2.7.4** - 2017-05-18 * Changes -
[#122](https://github.com/zendframework/zend-inputfilter/pull/122) maps the
`Zend\InputFilter\InputFilterPluginManager` service to
`Zend\InputFilter\InputFilterPluginManagerFactory`, and adds an alias from
`InputFitlerPluginManager` to the fully qualified class name. This change
allows you to request the service using either the original short name, or the
fully qualified class name. * Fixed -
[#137](https://github.com/zendframework/zend-inputfilter/pull/137) fixes how the
`InputFilterPluginManagerFactory` factory initializes the plugin manager
instance, ensuring it is injecting the relevant configuration from the
`config` service and thus seeding it with configured input filter services.
This means that the `input_filters` configuration will now be honored in non-
zend-mvc contexts.
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zend-log-2.9.2-1.fc25 (FEDORA-2017-40766869ad)
Zend Framework Log component
--------------------------------------------------------------------------------
Update Information:
**Version 2.9.2** - 2017-05-17 * Fixed -
[#74](https://github.com/zendframework/zend-log/pull/74) fixes how the various
plugin manager factories initialize the plugin manager instances, ensuring
they are injecting the relevant configuration from the `config` service and
thus seeding them with configured plugin services. This means that the
`log_processors`, `log_writers`, `log_filters`, and `log_formatters`
configuration will now be honored in non-zend-mvc contexts. -
[#62](https://github.com/zendframework/zend-log/pull/62) fixes registration of
the alias and factory for the `PsrPlaceholder` processor plugin. -
[#66](https://github.com/zendframework/zend-log/pull/66) fixes the namespace
of the `LogFormatterProviderInterface` when registering the
`LogFormatterManager` with the zend-modulemanager `ServiceListener`. -
[#67](https://github.com/zendframework/zend-log/pull/67) ensures that content
being injected into a DOM node by `Zend\Log\Formatter\Xml` is escaped so that
XML entities will be properly emitted. -
[#73](https://github.com/zendframework/zend-log/pull/73) adds a missing import
statement to the `Psr` log writer.
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zend-validator-2.9.1-1.fc25 (FEDORA-2017-5e01927510)
Zend Framework Validator component
--------------------------------------------------------------------------------
Update Information:
**Version 2.9.1** - 2017-05-17 * Changes -
[#154](https://github.com/zendframework/zend-validator/pull/154) updates the
`CreditCard` validator to allow 19 digit Discover card values, and 13 and 19
digit Visa card values, which are now allowed (see
https://en.wikipedia.org/wiki/Payment_card_number). -
[#162](https://github.com/zendframework/zend-validator/pull/162) updates the
`Hostname` validator to support `.hr` (Croatia) IDN domains. -
[#163](https://github.com/zendframework/zend-validator/pull/163) updates the
`Iban` validator to support Belarus. * Fixed -
[#168](https://github.com/zendframework/zend-validator/pull/168) fixes how the
`ValidatorPluginManagerFactory` factory initializes the plugin manager instance,
ensuring it is injecting the relevant configuration from the `config` service
and thus seeding it with configured validator services. This means that the
`validators` configuration will now be honored in non-zend-mvc contexts.
--------------------------------------------------------------------------------
================================================================================
python-pytoml-0.1.13-1.git270397b.fc25 (FEDORA-2017-51dd41222a)
Parser for TOML
--------------------------------------------------------------------------------
Update Information:
Update ot 0.1.13
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1452951 - python-pytoml-v0.1.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1452951
--------------------------------------------------------------------------------