The following Fedora 26 Security updates need testing: Age URL 27 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8e4c14eeec php-onelogin-php-saml-2.10.5-1.fc26 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-49f828d4b1 chromium-57.0.2987.133-1.fc26 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ab43d1d240 tnef-1.4.14-1.fc26 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f997e46fa7 python-django-1.10.7-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1bf5a0ce01 python-XStatic-jquery-ui-1.12.0.1-2.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fc634e7ee7 xorgxrdp-0.2.1-1.fc26 xrdp-0.9.2-5.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-198ca8ba07 ming-0.4.8-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5a01498b4b proftpd-1.3.5e-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2f3096ba16 php-pear-CAS-1.3.5-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a2a4f8d8a1 libsndfile-1.0.28-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c5b2c9a435 qt5-qtwebengine-5.8.0-8.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8d74747fc4 xstream-1.4.9-5.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4b71343fb8 jenkins-xstream-1.4.7-11.jenkins1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d95dacdfbf libtiff-4.0.7-5.fc26 The following Fedora 26 Critical Path updates have yet to be approved: Age URL 20 https://bodhi.fedoraproject.org/updates/FEDORA-2017-90bcb067bf fedora-release-26-0.6 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c74484d3bd libfm-1.2.5-3.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-29b9e0d180 nghttp2-1.21.1-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d8a94dc3b4 flatpak-0.9.2-2.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-efd7fda0b0 libdrm-2.4.79-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2a6fa3f027 libgusb-0.2.10-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e17acfdfbe audit-2.7.5-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c64068f6f5 cyrus-sasl-2.1.26-30.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d95dacdfbf libtiff-4.0.7-5.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d9edbb80a7 libblockdev-2.6-3.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a4dc3a601b libappstream-glib-0.6.12-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7c15393ae9 uboot-tools-2017.05-0.3.rc1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4efed37ebe vim-8.0.562-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0d66de5fd9 kernel-4.11.0-0.rc6.git0.1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a2a4f8d8a1 libsndfile-1.0.28-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-10db06fadf anaconda-26.21.3-1.fc26 blivet-gui-2.1.2-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3345a480d7 webkitgtk4-2.16.1-2.fc26 The following builds have been pushed to Fedora 26 updates-testing abrt-server-info-page-1.3-1.fc26 anaconda-26.21.3-1.fc26 asciinema-1.4.0-1.fc26 awstats-7.6-1.fc26 blivet-gui-2.1.2-1.fc26 cacti-1.1.2-2.fc26 cyrus-sasl-2.1.26-30.fc26 dnfdragora-1.0.0-19.git20170411.3662635.fc26 dovecot-2.2.29-1.fc26 fvwm-2.6.7-4.fc26 gnucash-2.6.16-1.fc26 gnucash-docs-2.6.16-1.fc26 jenkins-xstream-1.4.7-11.jenkins1.fc26 js-jquery-2.2.4-3.fc26 kernel-4.11.0-0.rc6.git0.1.fc26 kf5-networkmanager-qt-5.33.0-2.fc26 kup-0.3.6-1.fc26 libappstream-glib-0.6.12-1.fc26 libblockdev-2.6-3.fc26 libmicrohttpd-0.9.53-1.fc26 libosmium-2.12.1-1.fc26 libsndfile-1.0.28-1.fc26 libtiff-4.0.7-5.fc26 libyui-3.2.9-1.fc26 libyui-gtk-2.44.8-2.fc26 libyui-mga-1.0.8-0.6.gita6a160e.20160313.fc26 libyui-mga-gtk-1.0.2-0.8.git22f2cf6.20131215.fc26 libyui-mga-ncurses-1.0.2-0.7.git026f2e6.20131215.fc26 libyui-mga-qt-1.0.3-0.7.gitb508e88.20140119.fc26 libyui-ncurses-2.48.1-1.fc26 libyui-qt-2.47.1-1.fc26 netsniff-ng-0.6.3-1.fc26 osmium-tool-1.6.1-1.fc26 pantheon-files-0.3.3-1.fc26 paraview-5.3.0-2.fc26 perl-Gearman-2.004.002-1.fc26 perl-Mock-Config-0.03-1.fc26 perl-Net-DNS-1.09-1.fc26 perl-Params-ValidationCompiler-0.24-1.fc26 perl-Sub-Identify-0.14-1.fc26 perl-Test-Assert-0.0504-19.fc26 perl-Test-NoTabs-2.00-1.fc26 perl-Unicode-UTF8-0.62-1.fc26 php-7.1.4-1.fc26 php-pear-Mail-1.4.1-1.fc26 php-phpunit-php-code-coverage5-5.1.1-1.fc26 pyosmium-2.12.0-2.fc26 python-paho-mqtt-1.2.2-1.fc26 python-pyvo-0.6.0-1.git20170411.3fa56a6.fc26 python-txamqp-0.7.0-2.fc26 qt5-qtwebengine-5.8.0-8.fc26 skychart-4.0-2.fc26 snapd-2.24-1.fc26 tcllib-1.18-1.fc26 thermald-1.6-3.fc26 transmission-2.92-4.fc26 uboot-tools-2017.05-0.3.rc1.fc26 vim-8.0.562-1.fc26 webkitgtk4-2.16.1-2.fc26 wine-2.5-1.fc26 xen-4.8.1-1.fc26 xstream-1.4.9-5.fc26 zbar-0.20-1.fc26 Details about builds: ================================================================================ abrt-server-info-page-1.3-1.fc26 (FEDORA-2017-23d1ad1036) Web page with summary of ABRT services -------------------------------------------------------------------------------- Update Information: bugfixes -------------------------------------------------------------------------------- ================================================================================ anaconda-26.21.3-1.fc26 (FEDORA-2017-10db06fadf) Graphical system installer -------------------------------------------------------------------------------- Update Information: Various Anaconda & Blivet GUI fixes and enhancements, including fixes for issues found during the Blivet GUI test day. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440804 - AttributeError: 'MDRaidArrayDevice' object has no attribute 'is_logical' https://bugzilla.redhat.com/show_bug.cgi?id=1440804 [ 2 ] Bug #1439525 - usability: blivet-gui forgets mountpoint setting https://bugzilla.redhat.com/show_bug.cgi?id=1439525 [ 3 ] Bug #1439538 - No way to create ppc prepboot partition https://bugzilla.redhat.com/show_bug.cgi?id=1439538 [ 4 ] Bug #1439529 - usability: blivet-gui greyed items in adding partition dialog https://bugzilla.redhat.com/show_bug.cgi?id=1439529 [ 5 ] Bug #1439592 - Existing raid devices can't be reformatted in blivet-gui https://bugzilla.redhat.com/show_bug.cgi?id=1439592 [ 6 ] Bug #1439563 - No hint / help for buttons in blivet gui https://bugzilla.redhat.com/show_bug.cgi?id=1439563 [ 7 ] Bug #1439108 - AttributeError: 'LUKS' object has no attribute 'mountpoint' https://bugzilla.redhat.com/show_bug.cgi?id=1439108 [ 8 ] Bug #1439051 - Anaconda hang with GDBus.Error ...UnknownMethod for PowerPC F26 ks install https://bugzilla.redhat.com/show_bug.cgi?id=1439051 [ 9 ] Bug #1439729 - Swap partition is not created/used when using blivet-gui https://bugzilla.redhat.com/show_bug.cgi?id=1439729 [ 10 ] Bug #1439581 - default filesystem in blivet-gui is ext4, anaconda default is xfs https://bugzilla.redhat.com/show_bug.cgi?id=1439581 [ 11 ] Bug #1439519 - installation destination spoke - encryption checkbox with blivet-gui https://bugzilla.redhat.com/show_bug.cgi?id=1439519 -------------------------------------------------------------------------------- ================================================================================ asciinema-1.4.0-1.fc26 (FEDORA-2017-49db2aff1a) Command line client (terminal recorder) for asciinema.org service -------------------------------------------------------------------------------- Update Information: Update to version 1.4.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441573 - asciinema-1.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1441573 -------------------------------------------------------------------------------- ================================================================================ awstats-7.6-1.fc26 (FEDORA-2017-b4f37c78f5) Advanced Web Statistics -------------------------------------------------------------------------------- Update Information: This is an update to last stable version 7.6, see https://awstats.sourceforge.io/docs/awstats_changelog.txt to see what's new. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1264881 - awstats-7.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1264881 -------------------------------------------------------------------------------- ================================================================================ blivet-gui-2.1.2-1.fc26 (FEDORA-2017-10db06fadf) Tool for data storage configuration -------------------------------------------------------------------------------- Update Information: Various Anaconda & Blivet GUI fixes and enhancements, including fixes for issues found during the Blivet GUI test day. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440804 - AttributeError: 'MDRaidArrayDevice' object has no attribute 'is_logical' https://bugzilla.redhat.com/show_bug.cgi?id=1440804 [ 2 ] Bug #1439525 - usability: blivet-gui forgets mountpoint setting https://bugzilla.redhat.com/show_bug.cgi?id=1439525 [ 3 ] Bug #1439538 - No way to create ppc prepboot partition https://bugzilla.redhat.com/show_bug.cgi?id=1439538 [ 4 ] Bug #1439529 - usability: blivet-gui greyed items in adding partition dialog https://bugzilla.redhat.com/show_bug.cgi?id=1439529 [ 5 ] Bug #1439592 - Existing raid devices can't be reformatted in blivet-gui https://bugzilla.redhat.com/show_bug.cgi?id=1439592 [ 6 ] Bug #1439563 - No hint / help for buttons in blivet gui https://bugzilla.redhat.com/show_bug.cgi?id=1439563 [ 7 ] Bug #1439108 - AttributeError: 'LUKS' object has no attribute 'mountpoint' https://bugzilla.redhat.com/show_bug.cgi?id=1439108 [ 8 ] Bug #1439051 - Anaconda hang with GDBus.Error ...UnknownMethod for PowerPC F26 ks install https://bugzilla.redhat.com/show_bug.cgi?id=1439051 [ 9 ] Bug #1439729 - Swap partition is not created/used when using blivet-gui https://bugzilla.redhat.com/show_bug.cgi?id=1439729 [ 10 ] Bug #1439581 - default filesystem in blivet-gui is ext4, anaconda default is xfs https://bugzilla.redhat.com/show_bug.cgi?id=1439581 [ 11 ] Bug #1439519 - installation destination spoke - encryption checkbox with blivet-gui https://bugzilla.redhat.com/show_bug.cgi?id=1439519 -------------------------------------------------------------------------------- ================================================================================ cacti-1.1.2-2.fc26 (FEDORA-2017-5a2a524fce) An rrd based graphing tool -------------------------------------------------------------------------------- Update Information: - Work with several MySQL variants (#1440755) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440755 - Work with several MySQL variants https://bugzilla.redhat.com/show_bug.cgi?id=1440755 -------------------------------------------------------------------------------- ================================================================================ cyrus-sasl-2.1.26-30.fc26 (FEDORA-2017-c64068f6f5) The Cyrus SASL library -------------------------------------------------------------------------------- Update Information: This update no longer requires the obsolete `/sbin/service` for installation. -------------------------------------------------------------------------------- ================================================================================ dnfdragora-1.0.0-19.git20170411.3662635.fc26 (FEDORA-2017-25e38f541d) DNF package-manager based on libYui abstraction -------------------------------------------------------------------------------- Update Information: ### DNFDragora * Add fix from anaselli: `RecursionError: maximum recursion depth exceeded` * Use rich-dependencies instead of requiring a virtual package ### libYUI * New upstream release * Use rich-dependencies instead of virtual provides * Fix GTK-warnings -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440174 - [abrt] dnfdragora: unpack(): GLib.py:320:unpack:RecursionError: maximum recursion depth exceeded in comparison https://bugzilla.redhat.com/show_bug.cgi?id=1440174 [ 2 ] Bug #1440565 - [abrt] dnfdragora: __init__.py:187:__call__:RecursionError: maximum recursion depth exceeded https://bugzilla.redhat.com/show_bug.cgi?id=1440565 [ 3 ] Bug #1440570 - [abrt] dnfdragora: Py_FatalError(): python3.5 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1440570 [ 4 ] Bug #1436451 - maximum recursion depth exceeded while updating https://bugzilla.redhat.com/show_bug.cgi?id=1436451 [ 5 ] Bug #1436508 - dnfdragora crashes while running large updates https://bugzilla.redhat.com/show_bug.cgi?id=1436508 [ 6 ] Bug #1439247 - [abrt] dnfdragora: Py_FatalError(): python3.6 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1439247 -------------------------------------------------------------------------------- ================================================================================ dovecot-2.2.29-1.fc26 (FEDORA-2017-e8b639c286) Secure imap and pop3 server -------------------------------------------------------------------------------- Update Information: + quota: Add plugin { quota_max_mail_size } setting to limit the maximum individual mail size that can be saved. + imapc: Add imapc_features=delay- login. If set, connecting to the remote IMAP server isn't done until it's necessary. + imapc: Add imapc_connection_retry_count and imapc_connection_retry_interval settings. + imap, pop3, indexer-worker: Add (deinit) to process title before autoexpunging runs. + Added %{encrypt} and %{decrypt} variables + imap/pop3 proxy: Log proxy state in errors as human- readable string. + imap/pop3-login: All forward_* extra fields returned by passdb are sent to the next hop when proxying using ID/XCLIENT commands. On the receiving side these fields are imported and sent to auth process where they're accessible via %{passdb:forward_*}. This is done only if the sending IP address matches login_trusted_networks. + imap-login: If imap_id_retain=yes, send the IMAP ID string to auth process. %{client_id} expands to it in auth process. The ID string is also sent to the next hop when proxying. + passdb imap: Use ssl_client_ca_* settings for CA validation. - fts-tika: Fixed crash when parsing attachment without Content-Disposition header. Broken by 2.2.28. - trash plugin was broken in 2.2.28 - auth: When passdb/userdb lookups were done via auth-workers, too much data was added to auth cache. This could have resulted in wrong replies when using multiple passdbs/userdbs. - auth: passdb { skip & mechanisms } were ignored for the first passdb - oauth2: Various fixes, including fixes to crashes - dsync: Large Sieve scripts (or other large metadata) weren't always synced. - Index rebuild (e.g. doveadm force-resync) set all mails as \Recent - imap-hibernate: %{userdb:*} wasn't expanded in mail_log_prefix - doveadm: Exit codes weren't preserved when proxying commands via doveadm-server. Almost all errors used exit code 75 (tempfail). - ACLs weren't applied to not-yet-existing autocreated mailboxes. - Fixed a potential crash when parsing a broken message header. - cassandra: Fallback consistency settings weren't working correctly. - doveadm director status <user>: "Initial config" was always empty - imapc: Various reconnection fixes. -------------------------------------------------------------------------------- ================================================================================ fvwm-2.6.7-4.fc26 (FEDORA-2017-219305a3f3) Highly configurable multiple virtual desktop window manager -------------------------------------------------------------------------------- Update Information: * Fix failure with python3 -------------------------------------------------------------------------------- ================================================================================ gnucash-2.6.16-1.fc26 (FEDORA-2017-25a9acff45) Finance management application -------------------------------------------------------------------------------- Update Information: This updates GnuCash to the latest upstream bugfix release, 2.6.16. For more information, see the upstream release notes at http://gnucash.org/. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1436183 - gnucash-2.6.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1436183 [ 2 ] Bug #1409887 - Reports flicker after opening https://bugzilla.redhat.com/show_bug.cgi?id=1409887 -------------------------------------------------------------------------------- ================================================================================ gnucash-docs-2.6.16-1.fc26 (FEDORA-2017-25a9acff45) Help files and documentation for the GnuCash personal finance manager -------------------------------------------------------------------------------- Update Information: This updates GnuCash to the latest upstream bugfix release, 2.6.16. For more information, see the upstream release notes at http://gnucash.org/. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1436183 - gnucash-2.6.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1436183 [ 2 ] Bug #1409887 - Reports flicker after opening https://bugzilla.redhat.com/show_bug.cgi?id=1409887 -------------------------------------------------------------------------------- ================================================================================ jenkins-xstream-1.4.7-11.jenkins1.fc26 (FEDORA-2017-4b71343fb8) Jenkins XStream library -------------------------------------------------------------------------------- Update Information: Security fix for rhbz#1441541 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441541 - jenkins-xstream: XStream: DoS when unmarshalling void type [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1441541 -------------------------------------------------------------------------------- ================================================================================ js-jquery-2.2.4-3.fc26 (FEDORA-2017-1662a44a49) JavaScript DOM manipulation, event handling, and AJAX library -------------------------------------------------------------------------------- Update Information: Update adds Provides: js-jquery2, in order to better support future package rename and addition of jQuery 3. -------------------------------------------------------------------------------- ================================================================================ kernel-4.11.0-0.rc6.git0.1.fc26 (FEDORA-2017-0d66de5fd9) The Linux kernel -------------------------------------------------------------------------------- Update Information: Linux 4.11-rc6 -------------------------------------------------------------------------------- ================================================================================ kf5-networkmanager-qt-5.33.0-2.fc26 (FEDORA-2017-f659318757) A Tier 1 KDE Frameworks 5 module that wraps NetworkManager DBus API -------------------------------------------------------------------------------- Update Information: Set default value for auto-negotiation in wired setting based on running NetworkManager version (bz#1440583). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440583 - Unable to modify network settings https://bugzilla.redhat.com/show_bug.cgi?id=1440583 -------------------------------------------------------------------------------- ================================================================================ kup-0.3.6-1.fc26 (FEDORA-2017-b091c242eb) Kernel.org Uploader -------------------------------------------------------------------------------- Update Information: Update to upstream 0.3.6 with support for subcmd and gitolite -------------------------------------------------------------------------------- ================================================================================ libappstream-glib-0.6.12-1.fc26 (FEDORA-2017-a4dc3a601b) Library for AppStream metadata -------------------------------------------------------------------------------- Update Information: New upstream release - Validate kudos in AppData and AppStream files - Copy hash table keys to avoid a common crash on Ubuntu - Fix the predicate comparison when using globs in metainfo files -------------------------------------------------------------------------------- ================================================================================ libblockdev-2.6-3.fc26 (FEDORA-2017-d9edbb80a7) A library for low-level manipulation with block devices -------------------------------------------------------------------------------- Update Information: Do not try to parse 'raid_spec' for 'bd_md_activate' (vtrefny) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1439111 - gi.overrides.BlockDev.MDRaidError: Device /dev/md/fedora_unused-4-209 doesn't exist. https://bugzilla.redhat.com/show_bug.cgi?id=1439111 -------------------------------------------------------------------------------- ================================================================================ libmicrohttpd-0.9.53-1.fc26 (FEDORA-2017-464daf5b22) Lightweight library for embedding a webserver in applications -------------------------------------------------------------------------------- Update Information: Update to 0.9.53-1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1288676 - libmicrohttpd-0.9.53 is available https://bugzilla.redhat.com/show_bug.cgi?id=1288676 -------------------------------------------------------------------------------- ================================================================================ libosmium-2.12.1-1.fc26 (FEDORA-2017-9e15da9433) Fast and flexible C++ library for working with OpenStreetMap data -------------------------------------------------------------------------------- Update Information: Update libosmium and osmium-tool to latest upstream release. -------------------------------------------------------------------------------- ================================================================================ libsndfile-1.0.28-1.fc26 (FEDORA-2017-a2a4f8d8a1) Library for reading and writing sound files -------------------------------------------------------------------------------- Update Information: * updated to 1.0.28 * fixes possible buffer overflow when parsing crafted ID3 tags (#1440758, CVE-2017-7586) * fixes possible buffer overflow when parsing crafted flac file (#1440756, CVE-2017-7585) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440756 - CVE-2017-7585 libsndfile: Stack-based buffer overflow in flac_buffer_copy() https://bugzilla.redhat.com/show_bug.cgi?id=1440756 [ 2 ] Bug #1440758 - CVE-2017-7586 libsndfile: Error in header_read() causing stack-based buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1440758 -------------------------------------------------------------------------------- ================================================================================ libtiff-4.0.7-5.fc26 (FEDORA-2017-d95dacdfbf) Library of functions for manipulating TIFF format image files -------------------------------------------------------------------------------- Update Information: Security fix for: * **CVE-2017-7592** * **CVE-2017-7593** * **CVE-2017-7594** * **CVE-2017-7595** * **CVE-2017-7596** * **CVE-2017-7597** * **CVE-2017-7598** * **CVE-2017-7599** * **CVE-2017-7600** * **CVE-2017-7601** * **CVE-2017-7602** -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441263 - CVE-2017-7602 libtiff: Signed integer overflow in tif_read.c https://bugzilla.redhat.com/show_bug.cgi?id=1441263 [ 2 ] Bug #1441261 - CVE-2017-7601 libtiff: Signed integer overflow in tif_jpeg.c https://bugzilla.redhat.com/show_bug.cgi?id=1441261 [ 3 ] Bug #1441260 - CVE-2017-7600 libtiff: Unsigned char out of range in tif_dirwrite.c https://bugzilla.redhat.com/show_bug.cgi?id=1441260 [ 4 ] Bug #1441259 - CVE-2017-7599 libtiff: Unsigned short out of range in tif_dirwrite.c https://bugzilla.redhat.com/show_bug.cgi?id=1441259 [ 5 ] Bug #1441254 - CVE-2017-7598 libtiff: Divide-by-zero in tif_dirread.c https://bugzilla.redhat.com/show_bug.cgi?id=1441254 [ 6 ] Bug #1441252 - CVE-2017-7597 libtiff: Float out of range issue in tif_dirread.c https://bugzilla.redhat.com/show_bug.cgi?id=1441252 [ 7 ] Bug #1441250 - CVE-2017-7596 libtiff: Float out of range issue in tif_dir.c https://bugzilla.redhat.com/show_bug.cgi?id=1441250 [ 8 ] Bug #1441248 - CVE-2017-7595 libtiff: Divide-by-zero in JPEGSetupEncode (tiff_jpeg.c) https://bugzilla.redhat.com/show_bug.cgi?id=1441248 [ 9 ] Bug #1441247 - CVE-2017-7594 libtiff: Memory leak in OJPEGReadHeaderInfoSecTablesDcTable function https://bugzilla.redhat.com/show_bug.cgi?id=1441247 [ 10 ] Bug #1441246 - CVE-2017-7593 libtiff: tif_rawdata not properly initialized in tif_read.c https://bugzilla.redhat.com/show_bug.cgi?id=1441246 [ 11 ] Bug #1441240 - CVE-2017-7592 libtiff: Left shift of unsigned char without a cast https://bugzilla.redhat.com/show_bug.cgi?id=1441240 -------------------------------------------------------------------------------- ================================================================================ libyui-3.2.9-1.fc26 (FEDORA-2017-25e38f541d) GUI-abstraction library -------------------------------------------------------------------------------- Update Information: ### DNFDragora * Add fix from anaselli: `RecursionError: maximum recursion depth exceeded` * Use rich-dependencies instead of requiring a virtual package ### libYUI * New upstream release * Use rich-dependencies instead of virtual provides * Fix GTK-warnings -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440174 - [abrt] dnfdragora: unpack(): GLib.py:320:unpack:RecursionError: maximum recursion depth exceeded in comparison https://bugzilla.redhat.com/show_bug.cgi?id=1440174 [ 2 ] Bug #1440565 - [abrt] dnfdragora: __init__.py:187:__call__:RecursionError: maximum recursion depth exceeded https://bugzilla.redhat.com/show_bug.cgi?id=1440565 [ 3 ] Bug #1440570 - [abrt] dnfdragora: Py_FatalError(): python3.5 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1440570 [ 4 ] Bug #1436451 - maximum recursion depth exceeded while updating https://bugzilla.redhat.com/show_bug.cgi?id=1436451 [ 5 ] Bug #1436508 - dnfdragora crashes while running large updates https://bugzilla.redhat.com/show_bug.cgi?id=1436508 [ 6 ] Bug #1439247 - [abrt] dnfdragora: Py_FatalError(): python3.6 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1439247 -------------------------------------------------------------------------------- ================================================================================ libyui-gtk-2.44.8-2.fc26 (FEDORA-2017-25e38f541d) Gtk3 User Interface for libyui -------------------------------------------------------------------------------- Update Information: ### DNFDragora * Add fix from anaselli: `RecursionError: maximum recursion depth exceeded` * Use rich-dependencies instead of requiring a virtual package ### libYUI * New upstream release * Use rich-dependencies instead of virtual provides * Fix GTK-warnings -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440174 - [abrt] dnfdragora: unpack(): GLib.py:320:unpack:RecursionError: maximum recursion depth exceeded in comparison https://bugzilla.redhat.com/show_bug.cgi?id=1440174 [ 2 ] Bug #1440565 - [abrt] dnfdragora: __init__.py:187:__call__:RecursionError: maximum recursion depth exceeded https://bugzilla.redhat.com/show_bug.cgi?id=1440565 [ 3 ] Bug #1440570 - [abrt] dnfdragora: Py_FatalError(): python3.5 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1440570 [ 4 ] Bug #1436451 - maximum recursion depth exceeded while updating https://bugzilla.redhat.com/show_bug.cgi?id=1436451 [ 5 ] Bug #1436508 - dnfdragora crashes while running large updates https://bugzilla.redhat.com/show_bug.cgi?id=1436508 [ 6 ] Bug #1439247 - [abrt] dnfdragora: Py_FatalError(): python3.6 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1439247 -------------------------------------------------------------------------------- ================================================================================ libyui-mga-1.0.8-0.6.gita6a160e.20160313.fc26 (FEDORA-2017-25e38f541d) Libyui extensions for Mageia tools -------------------------------------------------------------------------------- Update Information: ### DNFDragora * Add fix from anaselli: `RecursionError: maximum recursion depth exceeded` * Use rich-dependencies instead of requiring a virtual package ### libYUI * New upstream release * Use rich-dependencies instead of virtual provides * Fix GTK-warnings -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440174 - [abrt] dnfdragora: unpack(): GLib.py:320:unpack:RecursionError: maximum recursion depth exceeded in comparison https://bugzilla.redhat.com/show_bug.cgi?id=1440174 [ 2 ] Bug #1440565 - [abrt] dnfdragora: __init__.py:187:__call__:RecursionError: maximum recursion depth exceeded https://bugzilla.redhat.com/show_bug.cgi?id=1440565 [ 3 ] Bug #1440570 - [abrt] dnfdragora: Py_FatalError(): python3.5 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1440570 [ 4 ] Bug #1436451 - maximum recursion depth exceeded while updating https://bugzilla.redhat.com/show_bug.cgi?id=1436451 [ 5 ] Bug #1436508 - dnfdragora crashes while running large updates https://bugzilla.redhat.com/show_bug.cgi?id=1436508 [ 6 ] Bug #1439247 - [abrt] dnfdragora: Py_FatalError(): python3.6 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1439247 -------------------------------------------------------------------------------- ================================================================================ libyui-mga-gtk-1.0.2-0.8.git22f2cf6.20131215.fc26 (FEDORA-2017-25e38f541d) Libyui-Gtk extensions for Mageia tools -------------------------------------------------------------------------------- Update Information: ### DNFDragora * Add fix from anaselli: `RecursionError: maximum recursion depth exceeded` * Use rich-dependencies instead of requiring a virtual package ### libYUI * New upstream release * Use rich-dependencies instead of virtual provides * Fix GTK-warnings -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440174 - [abrt] dnfdragora: unpack(): GLib.py:320:unpack:RecursionError: maximum recursion depth exceeded in comparison https://bugzilla.redhat.com/show_bug.cgi?id=1440174 [ 2 ] Bug #1440565 - [abrt] dnfdragora: __init__.py:187:__call__:RecursionError: maximum recursion depth exceeded https://bugzilla.redhat.com/show_bug.cgi?id=1440565 [ 3 ] Bug #1440570 - [abrt] dnfdragora: Py_FatalError(): python3.5 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1440570 [ 4 ] Bug #1436451 - maximum recursion depth exceeded while updating https://bugzilla.redhat.com/show_bug.cgi?id=1436451 [ 5 ] Bug #1436508 - dnfdragora crashes while running large updates https://bugzilla.redhat.com/show_bug.cgi?id=1436508 [ 6 ] Bug #1439247 - [abrt] dnfdragora: Py_FatalError(): python3.6 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1439247 -------------------------------------------------------------------------------- ================================================================================ libyui-mga-ncurses-1.0.2-0.7.git026f2e6.20131215.fc26 (FEDORA-2017-25e38f541d) Libyui-Ncurses extensions for Mageia tools -------------------------------------------------------------------------------- Update Information: ### DNFDragora * Add fix from anaselli: `RecursionError: maximum recursion depth exceeded` * Use rich-dependencies instead of requiring a virtual package ### libYUI * New upstream release * Use rich-dependencies instead of virtual provides * Fix GTK-warnings -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440174 - [abrt] dnfdragora: unpack(): GLib.py:320:unpack:RecursionError: maximum recursion depth exceeded in comparison https://bugzilla.redhat.com/show_bug.cgi?id=1440174 [ 2 ] Bug #1440565 - [abrt] dnfdragora: __init__.py:187:__call__:RecursionError: maximum recursion depth exceeded https://bugzilla.redhat.com/show_bug.cgi?id=1440565 [ 3 ] Bug #1440570 - [abrt] dnfdragora: Py_FatalError(): python3.5 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1440570 [ 4 ] Bug #1436451 - maximum recursion depth exceeded while updating https://bugzilla.redhat.com/show_bug.cgi?id=1436451 [ 5 ] Bug #1436508 - dnfdragora crashes while running large updates https://bugzilla.redhat.com/show_bug.cgi?id=1436508 [ 6 ] Bug #1439247 - [abrt] dnfdragora: Py_FatalError(): python3.6 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1439247 -------------------------------------------------------------------------------- ================================================================================ libyui-mga-qt-1.0.3-0.7.gitb508e88.20140119.fc26 (FEDORA-2017-25e38f541d) Libyui-Qt extensions for Mageia tools -------------------------------------------------------------------------------- Update Information: ### DNFDragora * Add fix from anaselli: `RecursionError: maximum recursion depth exceeded` * Use rich-dependencies instead of requiring a virtual package ### libYUI * New upstream release * Use rich-dependencies instead of virtual provides * Fix GTK-warnings -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440174 - [abrt] dnfdragora: unpack(): GLib.py:320:unpack:RecursionError: maximum recursion depth exceeded in comparison https://bugzilla.redhat.com/show_bug.cgi?id=1440174 [ 2 ] Bug #1440565 - [abrt] dnfdragora: __init__.py:187:__call__:RecursionError: maximum recursion depth exceeded https://bugzilla.redhat.com/show_bug.cgi?id=1440565 [ 3 ] Bug #1440570 - [abrt] dnfdragora: Py_FatalError(): python3.5 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1440570 [ 4 ] Bug #1436451 - maximum recursion depth exceeded while updating https://bugzilla.redhat.com/show_bug.cgi?id=1436451 [ 5 ] Bug #1436508 - dnfdragora crashes while running large updates https://bugzilla.redhat.com/show_bug.cgi?id=1436508 [ 6 ] Bug #1439247 - [abrt] dnfdragora: Py_FatalError(): python3.6 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1439247 -------------------------------------------------------------------------------- ================================================================================ libyui-ncurses-2.48.1-1.fc26 (FEDORA-2017-25e38f541d) Character Based User Interface for libyui -------------------------------------------------------------------------------- Update Information: ### DNFDragora * Add fix from anaselli: `RecursionError: maximum recursion depth exceeded` * Use rich-dependencies instead of requiring a virtual package ### libYUI * New upstream release * Use rich-dependencies instead of virtual provides * Fix GTK-warnings -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440174 - [abrt] dnfdragora: unpack(): GLib.py:320:unpack:RecursionError: maximum recursion depth exceeded in comparison https://bugzilla.redhat.com/show_bug.cgi?id=1440174 [ 2 ] Bug #1440565 - [abrt] dnfdragora: __init__.py:187:__call__:RecursionError: maximum recursion depth exceeded https://bugzilla.redhat.com/show_bug.cgi?id=1440565 [ 3 ] Bug #1440570 - [abrt] dnfdragora: Py_FatalError(): python3.5 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1440570 [ 4 ] Bug #1436451 - maximum recursion depth exceeded while updating https://bugzilla.redhat.com/show_bug.cgi?id=1436451 [ 5 ] Bug #1436508 - dnfdragora crashes while running large updates https://bugzilla.redhat.com/show_bug.cgi?id=1436508 [ 6 ] Bug #1439247 - [abrt] dnfdragora: Py_FatalError(): python3.6 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1439247 -------------------------------------------------------------------------------- ================================================================================ libyui-qt-2.47.1-1.fc26 (FEDORA-2017-25e38f541d) Qt User Interface for libyui -------------------------------------------------------------------------------- Update Information: ### DNFDragora * Add fix from anaselli: `RecursionError: maximum recursion depth exceeded` * Use rich-dependencies instead of requiring a virtual package ### libYUI * New upstream release * Use rich-dependencies instead of virtual provides * Fix GTK-warnings -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440174 - [abrt] dnfdragora: unpack(): GLib.py:320:unpack:RecursionError: maximum recursion depth exceeded in comparison https://bugzilla.redhat.com/show_bug.cgi?id=1440174 [ 2 ] Bug #1440565 - [abrt] dnfdragora: __init__.py:187:__call__:RecursionError: maximum recursion depth exceeded https://bugzilla.redhat.com/show_bug.cgi?id=1440565 [ 3 ] Bug #1440570 - [abrt] dnfdragora: Py_FatalError(): python3.5 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1440570 [ 4 ] Bug #1436451 - maximum recursion depth exceeded while updating https://bugzilla.redhat.com/show_bug.cgi?id=1436451 [ 5 ] Bug #1436508 - dnfdragora crashes while running large updates https://bugzilla.redhat.com/show_bug.cgi?id=1436508 [ 6 ] Bug #1439247 - [abrt] dnfdragora: Py_FatalError(): python3.6 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1439247 -------------------------------------------------------------------------------- ================================================================================ netsniff-ng-0.6.3-1.fc26 (FEDORA-2017-0825a6db36) Packet sniffing beast -------------------------------------------------------------------------------- Update Information: This is new netsniff-ng package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441439 - netsniff-ng-0.6.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1441439 -------------------------------------------------------------------------------- ================================================================================ osmium-tool-1.6.1-1.fc26 (FEDORA-2017-9e15da9433) Command line tool for working with OpenStreetMap data -------------------------------------------------------------------------------- Update Information: Update libosmium and osmium-tool to latest upstream release. -------------------------------------------------------------------------------- ================================================================================ pantheon-files-0.3.3-1.fc26 (FEDORA-2017-2038a08b08) Pantheon file manager -------------------------------------------------------------------------------- Update Information: Update to version 0.3.3. More information at: https://launchpad.net/pantheon- files/0.3.x/0.3.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441184 - pantheon-files-0.3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1441184 -------------------------------------------------------------------------------- ================================================================================ paraview-5.3.0-2.fc26 (FEDORA-2017-8ef9930f5b) Parallel visualization application -------------------------------------------------------------------------------- Update Information: Build with Qt5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1437858 - paraview with Qt5 https://bugzilla.redhat.com/show_bug.cgi?id=1437858 -------------------------------------------------------------------------------- ================================================================================ perl-Gearman-2.004.002-1.fc26 (FEDORA-2017-ddc2007f0a) Perl interface for Gearman distributed job system -------------------------------------------------------------------------------- Update Information: This release fixes bad overriding of cert_file SSL option. ---- This release fixes respeciting prefix separator to ensure persistent queue recovery. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441656 - perl-Gearman-2.004.002 is available https://bugzilla.redhat.com/show_bug.cgi?id=1441656 [ 2 ] Bug #1441437 - perl-Gearman-2.004.001 is available https://bugzilla.redhat.com/show_bug.cgi?id=1441437 -------------------------------------------------------------------------------- ================================================================================ perl-Mock-Config-0.03-1.fc26 (FEDORA-2017-587710879e) Temporarily set Config or XSConfig values -------------------------------------------------------------------------------- Update Information: The first build of perl-Mock-Config. It is optional BR for perl-Devel-CheckLib -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441071 - Review Request: perl-Mock-Config - Temporarily set Config or XSConfig values https://bugzilla.redhat.com/show_bug.cgi?id=1441071 -------------------------------------------------------------------------------- ================================================================================ perl-Net-DNS-1.09-1.fc26 (FEDORA-2017-e11f90dfa8) DNS resolver modules for Perl -------------------------------------------------------------------------------- Update Information: Updated to the latest version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1435625 - perl-Net-DNS-1.09 is available https://bugzilla.redhat.com/show_bug.cgi?id=1435625 -------------------------------------------------------------------------------- ================================================================================ perl-Params-ValidationCompiler-0.24-1.fc26 (FEDORA-2017-5541efb96a) Build an optimized subroutine parameter validator once, use it forever -------------------------------------------------------------------------------- Update Information: Current upstream maintenance release. -------------------------------------------------------------------------------- ================================================================================ perl-Sub-Identify-0.14-1.fc26 (FEDORA-2017-da13d8030a) Retrieve names of code references -------------------------------------------------------------------------------- Update Information: Current upstream maintenance release. -------------------------------------------------------------------------------- ================================================================================ perl-Test-Assert-0.0504-19.fc26 (FEDORA-2017-b1cc9ffe46) Assertion methods for those who like JUnit -------------------------------------------------------------------------------- Update Information: This updates fixes the build in the presence of a GPG agent. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441315 - perl-Test-Assert-0.0504-18.fc27 FTBFS: rm: cannot remove '/tmp/tmp.TSfaP5NJDu/S.gpg-agent.ssh': No such file or directory https://bugzilla.redhat.com/show_bug.cgi?id=1441315 -------------------------------------------------------------------------------- ================================================================================ perl-Test-NoTabs-2.00-1.fc26 (FEDORA-2017-a44813b121) Check the presence of tabs in your project -------------------------------------------------------------------------------- Update Information: Current upstream maintenance release. -------------------------------------------------------------------------------- ================================================================================ perl-Unicode-UTF8-0.62-1.fc26 (FEDORA-2017-13b37b6ba0) Encoding and decoding of UTF-8 encoding form -------------------------------------------------------------------------------- Update Information: Current upstream maintenance release. -------------------------------------------------------------------------------- ================================================================================ php-7.1.4-1.fc26 (FEDORA-2017-054e67a81c) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: **PHP version 7.1.4** (13 Apr 2017) **Core:** * Fixed bug php#74149 (static embed SAPI linkage error). (krakjoe) * Fixed bug php#73370 (falsely exits with "Out of Memory" when using USE_ZEND_ALLOC=0). (Nikita) * Fixed bug php#73960 (Leak with instance method calling static method with referenced return). (Nikita) * Fixed bug php#69676 (Resolution of self::FOO in class constants not correct). (Nikita) * Fixed bug php#74265 (Build problems after 7.0.17 release: undefined reference to `isfinite'). (Nikita) * Fixed bug php#74302 (yield fromLABEL is over-greedy). (Sara) **Apache:** * Reverted patch for bug php#61471, fixes bug php#74318. (Anatol) **Date:** * Fixed bug php#72096 (Swatch time value incorrect for dates before 1970). (mcq8) **DOM:** * Fixed bug php#74004 (LIBXML_NOWARNING flag ingnored on loadHTML*). (somedaysummer) **iconv:** * Fixed bug php#74230 (iconv fails to fail on surrogates). (Anatol) **Opcache:** * Fixed bug php#74250 (OPcache compilation performance regression in PHP 5.6/7 with huge classes). (Nikita) **OpenSSL:** * Fixed bug php#72333 (fwrite() on non-blocking SSL sockets doesn't work). (Jakub Zelenka) **PDO MySQL:** * Fixed bug php#71003 (Expose MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT to PDO interface). (Thomas Orozco) **SPL:** * Fixed bug php#74058 (ArrayObject can not notice changes). (Andrew Nester) **Sqlite:** * Implemented FR php#74217 (Allow creation of deterministic sqlite functions). (Andrew Nester) **Streams:** * Fixed bug php#74216 (Correctly fail on invalid IP address ports). (Sara) **Zlib:** * Fixed bug php#74240 (deflate_add can allocate too much memory). (Matt Bonneau) -------------------------------------------------------------------------------- ================================================================================ php-pear-Mail-1.4.1-1.fc26 (FEDORA-2017-55b407a45c) Class that provides multiple interfaces for sending emails -------------------------------------------------------------------------------- Update Information: **Version 1.4.1** * Loosen recognition of "queued as" server response (PR #10) * Bug pear#20463: domain-literal parsing error * Bug pear#20513: Mail_smtp::send() doesn't close socket for smtp connection ---- **Version 1.4.0** * Clarified licensing to "New BSD" (3-Clause BSD) -------------------------------------------------------------------------------- ================================================================================ php-phpunit-php-code-coverage5-5.1.1-1.fc26 (FEDORA-2017-d1982e1a7e) PHP code coverage information -------------------------------------------------------------------------------- Update Information: **Version 5.1.1** - 2017-04-12 * Fixed [#420](https://github.com/sebastianbergmann/php-code-coverage/issues/420): Check for unexecuted covered or used code is too strict -------------------------------------------------------------------------------- ================================================================================ pyosmium-2.12.0-2.fc26 (FEDORA-2017-9e15da9433) Python bindings for libosmium -------------------------------------------------------------------------------- Update Information: Update libosmium and osmium-tool to latest upstream release. -------------------------------------------------------------------------------- ================================================================================ python-paho-mqtt-1.2.2-1.fc26 (FEDORA-2017-074c1910f3) A Python MQTT version 3.1/3.1.1 client class -------------------------------------------------------------------------------- Update Information: Update to new upstream version 1.2.2 -------------------------------------------------------------------------------- ================================================================================ python-pyvo-0.6.0-1.git20170411.3fa56a6.fc26 (FEDORA-2017-f65af37c3e) Access to remote data and services of the Virtual observatory (VO) using Python -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441189 - python-pyvo-0.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1441189 -------------------------------------------------------------------------------- ================================================================================ python-txamqp-0.7.0-2.fc26 (FEDORA-2017-ed7df9cd25) A Python library for communicating with AMQP peers and brokers using Twisted -------------------------------------------------------------------------------- Update Information: Upstream bug fix release 0.7.0. Fixed dependencies on python2-twisted and python2-thrift. -------------------------------------------------------------------------------- ================================================================================ qt5-qtwebengine-5.8.0-8.fc26 (FEDORA-2017-c5b2c9a435) Qt5 - QtWebEngine components -------------------------------------------------------------------------------- Update Information: This update updates QtWebEngine to the 5.8.0 release. QtWebEngine 5.8.0 is part of the Qt 5.8.0 release, but only the QtWebEngine component is included in this update. The update fixes the following security issues in QtWebEngine 5.7.1: CVE-2016-5182, CVE-2016-5183, CVE-2016-5189, CVE-2016-5199, CVE-2016-5201, CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5208, CVE-2016-5207, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214, CVE-2016-5215. CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-9650 and CVE-2016-9651. Other immediately usable changes in QtWebEngine 5.8 include: * Based on Chromium 53.0.2785.148 with security fixes from Chromium up to version 55.0.2883.75. (5.7.1 was based on Chromium 49.0.2623.111 with security fixes from Chromium up to version 54.0.2840.87.) * The `view-source:` scheme is now supported. * User scripts now support metadata (`@include`, `@exclude`, `@match`) as in Greasemonkey. * Some `chrome:` schemes now supported, for instance `chrome://gpu`. * Several bugs were fixed, see https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.8.0 for details. The following changes in QtWebEngine 5.8 require compile-time application support and will only be available after applications are rebuilt (and patched to remove the checks for Qt 5.8, because Qt is still version 5.7.1, only QtWebEngine is being updated): * Spellchecking with a forked version of Hunspell. This Fedora package automatically converts system Hunspell dictionaries (installed by system RPMs into the systemwide location) to the Chromium `bdic` format used by QtWebEngine (using an RPM file trigger). If you wish to use dictionaries installed manually, use the included `qwebengine_convert_dict` tool. Alternatively, you can also download dictionaries directly in the Chromium `bdic` format. * Support for printing directly to a printer. (Note that QupZilla already supports printing to a printer, because it can use the printToPdf API that has existed since QtWebEngine 5.7 to print to a printer with the help of the `lpr` command-line tool. But other applications such as KMail require the new direct printing API.) * Added a setting to enable printing of CSS backgrounds. The following new QML APIs are available to developers: * Tooltips (HTML5 global title attribute) are now also supported in the QML API. * Qt WebEngine (QML) allows defining custom dialogs / context menus. * Qt WebEngine (QML) on `eglfs` uses builtin dialogs based on Qt Quick Controls 2. -------------------------------------------------------------------------------- ================================================================================ skychart-4.0-2.fc26 (FEDORA-2017-3734ba253f) Planetarium software for the advanced amateur astronomer -------------------------------------------------------------------------------- Update Information: Fix for OpenSSL 1.1 -------------------------------------------------------------------------------- ================================================================================ snapd-2.24-1.fc26 (FEDORA-2017-05c52d4aba) A transactional software package manager -------------------------------------------------------------------------------- Update Information: Update to snapd v2.24. Some of the highlights (from the Snappy team): * Fix potential transition issue from `ubuntu-core` to `core` * Work towards improved aliases * (many) cross-distribution improvements * Fixes to work better with GNOME Software * Improve internal interfaces code * Detect devmode by inspecting the AppArmor support in the kernel * Test improvements * Allow chroot in base template * Fix `pi-config.*` core settings and add some more * interface updates: `browser-support`,`unity7`,`framebuffer`,`location-observe`,`location- control`,`browser-support`,`mir`,`opengl`,`unity8` * new interfaces: `joystick`,`maliit`,`autopilot` -------------------------------------------------------------------------------- ================================================================================ tcllib-1.18-1.fc26 (FEDORA-2017-93cb538b1a) The standard Tcl library -------------------------------------------------------------------------------- Update Information: Update to new 1.18 -------------------------------------------------------------------------------- ================================================================================ thermald-1.6-3.fc26 (FEDORA-2017-ab248cfca4) Thermal Management daemon -------------------------------------------------------------------------------- Update Information: * Initial rpm-release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440406 - Review Request: thermald - Thermal Management daemon https://bugzilla.redhat.com/show_bug.cgi?id=1440406 -------------------------------------------------------------------------------- ================================================================================ transmission-2.92-4.fc26 (FEDORA-2017-60dbc0113a) A lightweight GTK+ BitTorrent client -------------------------------------------------------------------------------- Update Information: Requires and FTBFS fixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1405763 - Transmission fails to start after installing from the Software app - missing dependency? https://bugzilla.redhat.com/show_bug.cgi?id=1405763 [ 2 ] Bug #1421675 - No installation candidate for transmission on Fedora 25 https://bugzilla.redhat.com/show_bug.cgi?id=1421675 -------------------------------------------------------------------------------- ================================================================================ uboot-tools-2017.05-0.3.rc1.fc26 (FEDORA-2017-7c15393ae9) U-Boot utilities -------------------------------------------------------------------------------- Update Information: Add support for STi STiH410 -------------------------------------------------------------------------------- ================================================================================ vim-8.0.562-1.fc26 (FEDORA-2017-4efed37ebe) The VIM editor -------------------------------------------------------------------------------- Update Information: The newest upstream commit. -------------------------------------------------------------------------------- ================================================================================ webkitgtk4-2.16.1-2.fc26 (FEDORA-2017-3345a480d7) GTK+ Web content engine library -------------------------------------------------------------------------------- Update Information: This update brings the following changes: * Fix no-third-party cookies policy in case of redirections. * Keep URL fragments after server redirections. * Honor GTK+ font settings. * Ensure depth and stencil renderbuffers are created on GLESv2. * Prevent new navigations from onbeforeunload handler and document unload. * Disallow beforeunload alerts from web pages users have never interacted with. * Fix several crashes and rendering issues. -------------------------------------------------------------------------------- ================================================================================ wine-2.5-1.fc26 (FEDORA-2017-ac28a7e09e) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information: - Support for message-mode named pipes. - Translation of version resources through po files. - Transform feedback support in Direct3D. - Scheduler classes in C++ runtime. - Better scrolling in popup menus. - More improvements to the XML reader. - Various bug fixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438115 - wine-2.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1438115 -------------------------------------------------------------------------------- ================================================================================ xen-4.8.1-1.fc26 (FEDORA-2017-65626c4487) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: update to xen-4.8.1 -------------------------------------------------------------------------------- ================================================================================ xstream-1.4.9-5.fc26 (FEDORA-2017-8d74747fc4) Java XML serialization library -------------------------------------------------------------------------------- Update Information: Security fix for rhbz#1441542 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441542 - XStream: DoS when unmarshalling void type [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1441542 -------------------------------------------------------------------------------- ================================================================================ zbar-0.20-1.fc26 (FEDORA-2017-230416bf5e) Bar code reader -------------------------------------------------------------------------------- Update Information: Getting a good image is important for ZBar to be able to recognize a bar code. That usually require adjusting camera controls to adjust brightness, contrast, focus, etc. On version 0.20, those controls are now exported via ZBar library, and are visible via GUI, at zbarcam-qt. -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx