The following Fedora 26 Security updates need testing: Age URL 21 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ab43d1d240 tnef-1.4.14-1.fc26 20 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1bf5a0ce01 python-XStatic-jquery-ui-1.12.0.1-2.fc26 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2e94c7b518 yara-3.5.0-7.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-188135cba8 pcre-8.40-7.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a19b28f8ce icu-57.1-6.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5cef2adff4 wireshark-2.2.6-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-11edc0d6c3 log4j-2.7-4.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-961cd53028 libdwarf-20170416-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a7161eb173 squirrelmail-1.4.22-19.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-54c2e9124e coreutils-8.27-4.fc26 The following Fedora 26 Critical Path updates have yet to be approved: Age URL 35 https://bodhi.fedoraproject.org/updates/FEDORA-2017-90bcb067bf fedora-release-26-0.6 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a95a89e4ba livecd-tools-24.3-2.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e3034559ef garcon-0.6.0-1.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f36794dd98 selinux-policy-3.13.1-251.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a19b28f8ce icu-57.1-6.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8643e49cca perl-threads-shared-1.55-2.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-188135cba8 pcre-8.40-7.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-07b4ff26fd fwupd-0.8.2-1.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-36c92c9286 pungi-4.1.14-3.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4c9e8822dd xorg-x11-drv-nouveau-1.0.14-2.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ab52e8ea83 samba-4.6.3-0.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-63544fcd26 emacs-25.2-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-16b6cd0a98 flatpak-0.9.3-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2fbb5d0e82 blivet-gui-2.1.3-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0bbfdee0a3 nss-3.30.2-1.0.fc26 nss-softokn-3.30.2-1.0.fc26 nss-util-3.30.2-1.0.fc26 nspr-4.14.0-2.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9c12fc0e23 qca-2.1.3-5.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0ba7851ac6 vim-8.0.586-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-019b705d8b powerpc-utils-1.3.3-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0bb284e5e3 menu-cache-1.0.2-3.D20170419gitdffb1314ec.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-94a2c8b4e7 osinfo-db-20170423-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9466c42e64 libblockdev-2.7-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8fc651f20e curl-7.53.1-7.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-847f5e68b1 kernel-4.11.0-0.rc8.git0.1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b3f649f4b3 python-setuptools-35.0.1-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-802bde6137 cryptsetup-1.7.5-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0b2f24d270 json-c-0.12.1-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-54c2e9124e coreutils-8.27-4.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7edb9c7f16 kexec-tools-2.0.14-4.fc26.2 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c4e882477c libssh-0.7.5-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2d800f0ad6 ca-certificates-2017.2.14-1.0.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c84e5a7961 nfs-utils-2.1.1-5.rc2.fc26 The following builds have been pushed to Fedora 26 updates-testing abrt-2.10.2-2.fc26 ca-certificates-2017.2.14-1.0.fc26 coreutils-8.27-4.fc26 cryptsetup-1.7.5-1.fc26 gap-pkg-smallsemi-0.6.11-1.fc26 getmail-4.54.0-1.fc26 hplip-3.17.4-2.fc26 json-c-0.12.1-1.fc26 kexec-tools-2.0.14-4.fc26.2 kf5-kpackage-5.33.0-2.fc26 libmodplug-0.8.9.0-1.fc26 libssh-0.7.5-1.fc26 lightdm-settings-1.0.2-4.fc26 mame-0.185-1.fc26 mediawriter-4.0.95-2.fc26 nfs-utils-2.1.1-5.rc2.fc26 nrpe-3.1.0-2.fc26 perl-Business-PayPal-API-0.76-1.fc26 perl-Geo-ShapeFile-2.64-1.fc26 perl-MetaCPAN-Client-2.012000-1.fc26 perl-PDL-2.17.0-8.fc26 php-alcaeus-mongo-php-adapter-1.0.11-1.fc26 php-pear-1.10.4-1.fc26 php-zendframework-zend-form-2.10.1-1.fc26 python-nose_fixes-1.3-1.fc26 python-setuptools-35.0.1-1.fc26 python-testfixtures-4.13.5-1.fc26 rhythmbox-alternative-toolbar-0.17.3-6.fc26 simple-scan-3.24.1-1.fc26 squirrelmail-1.4.22-19.fc26 sugar-paint-65-5.fc26 tcpreplay-4.2.4-1.fc26 Details about builds: ================================================================================ abrt-2.10.2-2.fc26 (FEDORA-2017-ceb1304bbe) Automatic bug detection and reporting tool -------------------------------------------------------------------------------- Update Information: - create /var/lib/abrt directory by abrt-addon-ccpp package because abrt- migration file is placed here -------------------------------------------------------------------------------- ================================================================================ ca-certificates-2017.2.14-1.0.fc26 (FEDORA-2017-2d800f0ad6) The Mozilla CA root certificate bundle -------------------------------------------------------------------------------- Update Information: This is an update to the Mozilla CA certificates list version 2.14, which has been published as part of Mozilla NSS 3.30.2. For additional details, please refer to the NSS 3.30.2 release notes: https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/NSS_3.30.2_release_notes -------------------------------------------------------------------------------- ================================================================================ coreutils-8.27-4.fc26 (FEDORA-2017-54c2e9124e) A set of basic GNU tools commonly used in shell scripts -------------------------------------------------------------------------------- Update Information: - date, touch: fix out-of-bounds write via large TZ variable (CVE-2017-7476) ---- - do not obsolete coreutils-single, so it can be installed by DNF2 (#1444802) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1444802 - coreutils shouldn't obsolete coreutils-single https://bugzilla.redhat.com/show_bug.cgi?id=1444802 [ 2 ] Bug #1444774 - heap overflow security issue in date(1) and touch(1) https://bugzilla.redhat.com/show_bug.cgi?id=1444774 -------------------------------------------------------------------------------- ================================================================================ cryptsetup-1.7.5-1.fc26 (FEDORA-2017-802bde6137) A utility for setting up encrypted disks -------------------------------------------------------------------------------- Update Information: Update to version 1.7.5. Fixes for FIPS mode. -------------------------------------------------------------------------------- ================================================================================ gap-pkg-smallsemi-0.6.11-1.fc26 (FEDORA-2017-7e841f9bce) GAP library of small semigroups -------------------------------------------------------------------------------- Update Information: Changes in version 0.6.11: - a minor release for compatibility with Semigroups 3.0.0, and to fix an incorrect method for `IsomorphismTransformationSemigroup`. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1445743 - gap-pkg-smallsemi-0.6.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1445743 -------------------------------------------------------------------------------- ================================================================================ getmail-4.54.0-1.fc26 (FEDORA-2017-0a40644c14) POP3, IMAP4 and SDPS mail retriever with Maildir delivery -------------------------------------------------------------------------------- Update Information: update to 4.54.0 -------------------------------------------------------------------------------- ================================================================================ hplip-3.17.4-2.fc26 (FEDORA-2017-b3c2b6d28d) HP Linux Imaging and Printing Project -------------------------------------------------------------------------------- Update Information: hp 8610 Filter failed when trying to print on fedora 26 - redo hplip- noernie.patch ---- Rebase to 3.17.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440502 - None https://bugzilla.redhat.com/show_bug.cgi?id=1440502 -------------------------------------------------------------------------------- ================================================================================ json-c-0.12.1-1.fc26 (FEDORA-2017-0b2f24d270) JSON implementation in C -------------------------------------------------------------------------------- Update Information: * Update to new upstream release * Unify %doc * General spec-file cleanup -------------------------------------------------------------------------------- References: [ 1 ] Bug #1361569 - json-c-0.12.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1361569 -------------------------------------------------------------------------------- ================================================================================ kexec-tools-2.0.14-4.fc26.2 (FEDORA-2017-7edb9c7f16) The kexec/kdump userspace component -------------------------------------------------------------------------------- Update Information: This build fixes kdump kernel boot failure caused by kernel kaslr by adding nokaslr to kdump kernel boot cmdline params for x86_64. -------------------------------------------------------------------------------- ================================================================================ kf5-kpackage-5.33.0-2.fc26 (FEDORA-2017-407308d6ff) KDE Frameworks 5 Tier 2 library to load and install packages as plugins -------------------------------------------------------------------------------- Update Information: Backport upstream fix related to appstream generation (and installs). -------------------------------------------------------------------------------- ================================================================================ libmodplug-0.8.9.0-1.fc26 (FEDORA-2017-fcfb587a40) Modplug mod music file format library -------------------------------------------------------------------------------- Update Information: Update to 0.8.9.0. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1445104 - libmodplug-0.8.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1445104 -------------------------------------------------------------------------------- ================================================================================ libssh-0.7.5-1.fc26 (FEDORA-2017-c4e882477c) A library implementing the SSH protocol -------------------------------------------------------------------------------- Update Information: Fixed a memory allocation issue with buffers Fixed PKI on Windows Fixed some SSHv1 functions Fixed config hostname expansion -------------------------------------------------------------------------------- References: [ 1 ] Bug #1442294 - libssh-0.7.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1442294 -------------------------------------------------------------------------------- ================================================================================ lightdm-settings-1.0.2-4.fc26 (FEDORA-2017-10156f3c64) Configuration tool for the LightDM display manager -------------------------------------------------------------------------------- Update Information: * Add missing dependency on python3-setproctitle -------------------------------------------------------------------------------- References: [ 1 ] Bug #1444436 - lightdm-settings not starting due to missing dependency https://bugzilla.redhat.com/show_bug.cgi?id=1444436 -------------------------------------------------------------------------------- ================================================================================ mame-0.185-1.fc26 (FEDORA-2017-cb1a8e50b9) Multiple Arcade Machine Emulator -------------------------------------------------------------------------------- Update Information: An update to the latest mame release: * http://mamedev.org/?p=442 -------------------------------------------------------------------------------- ================================================================================ mediawriter-4.0.95-2.fc26 (FEDORA-2017-55b955c173) Fedora Media Writer -------------------------------------------------------------------------------- Update Information: Fix _isa in the Requires -------------------------------------------------------------------------------- ================================================================================ nfs-utils-2.1.1-5.rc2.fc26 (FEDORA-2017-c84e5a7961) NFS utilities and supporting clients and daemons for the kernel NFS server -------------------------------------------------------------------------------- Update Information: Conditionally restart gssproxy now that config file is installed systemd: Afters are also needed for the Wants=network-online.target nfsdcltrack: silence some expected errors -------------------------------------------------------------------------------- References: [ 1 ] Bug #1445863 - nfsdcltrack: Unable to prepare select statement: no such table: parameters https://bugzilla.redhat.com/show_bug.cgi?id=1445863 [ 2 ] Bug #1440885 - nfs-utils does not inform gssproxy of config file updates https://bugzilla.redhat.com/show_bug.cgi?id=1440885 -------------------------------------------------------------------------------- ================================================================================ nrpe-3.1.0-2.fc26 (FEDORA-2017-e3c3201c88) Host/service/network monitoring agent for Nagios -------------------------------------------------------------------------------- Update Information: Move to using original nirik nrpe service file for systemd. It worked and the others dont ---- update to 3.1.0 ---- Update fixes from upstream. -------------------------------------------------------------------------------- ================================================================================ perl-Business-PayPal-API-0.76-1.fc26 (FEDORA-2017-ff33c48003) PayPal API -------------------------------------------------------------------------------- Update Information: Updated to the latest version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1445101 - perl-Business-PayPal-API-0.76 is available https://bugzilla.redhat.com/show_bug.cgi?id=1445101 -------------------------------------------------------------------------------- ================================================================================ perl-Geo-ShapeFile-2.64-1.fc26 (FEDORA-2017-59617d5159) Perl extension for handling ESRI GIS Shapefiles -------------------------------------------------------------------------------- Update Information: Updated to the latest version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1444629 - perl-Geo-ShapeFile-2.64 is available https://bugzilla.redhat.com/show_bug.cgi?id=1444629 -------------------------------------------------------------------------------- ================================================================================ perl-MetaCPAN-Client-2.012000-1.fc26 (FEDORA-2017-67a81dc6a5) A comprehensive, DWIM-featured client to the MetaCPAN API -------------------------------------------------------------------------------- Update Information: Current upstream maintenance release. -------------------------------------------------------------------------------- ================================================================================ perl-PDL-2.17.0-8.fc26 (FEDORA-2017-52454fc109) The Perl Data Language -------------------------------------------------------------------------------- Update Information: This release restored compatiblity with perl-List-MoreUtils-0.418. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1446104 - perl-PDL-2.17.0-7.fc27 FTBFS: t/gd_oo_tests.t test fails https://bugzilla.redhat.com/show_bug.cgi?id=1446104 -------------------------------------------------------------------------------- ================================================================================ php-alcaeus-mongo-php-adapter-1.0.11-1.fc26 (FEDORA-2017-ade3f1e927) Mongo PHP Adapter -------------------------------------------------------------------------------- Update Information: **Version 1.0.11** (2017-04-27) All issues and pull requests under this release may be found under the [1.0.11](https://github.com/alcaeus/mongo-php- adapter/issues?q=milestone%3A1.0.11) milestone. * [#170](https://github.com/alcaeus/mongo-php-adapter/pull/170) fixes a `MongoCursor` object passing a `batchSize` of 0 by default, causing errors in sharded setups. -------------------------------------------------------------------------------- ================================================================================ php-pear-1.10.4-1.fc26 (FEDORA-2017-997d00ba3b) PHP Extension and Application Repository framework -------------------------------------------------------------------------------- Update Information: **Version 1.10.4** * Bug pear#18102: pear install does not fail on error * PR #67: fix warning during pecl list-all -------------------------------------------------------------------------------- ================================================================================ php-zendframework-zend-form-2.10.1-1.fc26 (FEDORA-2017-661236d185) Zend Framework Form component -------------------------------------------------------------------------------- Update Information: **Version 2.10.1** - 2017-04-26 - [#134](https://github.com/zendframework/zend- form/pull/134) fixes how the `FormElementManager` handles invokable classes when the `autoAddInvokableClass` flag is enabled. Previously, it used the built-in utilities from zend-servicemanager, but now correctly uses its own `setInvokableClass()` method, which forces usage of the `ElementFactory` for such classes, and thus ensures the name and options are passed to the element constructor. - [#136](https://github.com/zendframework/zend-form/pull/136) fixes how error messages are provided when an element uses a required `ArrayInput`, but no values are submitted. Previously, no messages were returned; now they are. - [#156](https://github.com/zendframework/zend-form/pull/156) fixes how elements that act as `InputProvider`s are merged into parent `CollectionInputFilter`s; previously, forms did not check if the element was in the target input filter composed in a `CollectionInputFilter`, leading to duplicate elements with varying behavior; now the inputs are correctly merged. -------------------------------------------------------------------------------- ================================================================================ python-nose_fixes-1.3-1.fc26 (FEDORA-2017-9673db0113) Plugin to make nose behave better -------------------------------------------------------------------------------- Update Information: * Initial import -------------------------------------------------------------------------------- References: [ 1 ] Bug #1445822 - Review Request: python-nose_fixes - Plugin to make nose behave better https://bugzilla.redhat.com/show_bug.cgi?id=1445822 -------------------------------------------------------------------------------- ================================================================================ python-setuptools-35.0.1-1.fc26 (FEDORA-2017-b3f649f4b3) Easily build and distribute Python packages -------------------------------------------------------------------------------- Update Information: Update to 35.0.1. Fixes bug #1440388 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440388 - python-setuptools-35.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1440388 -------------------------------------------------------------------------------- ================================================================================ python-testfixtures-4.13.5-1.fc26 (FEDORA-2017-3e52596821) Collection of helpers and mock objects for unit tests and doc tests -------------------------------------------------------------------------------- Update Information: * Initial import -------------------------------------------------------------------------------- References: [ 1 ] Bug #1445824 - Review Request: python-testfixtures - Collection of helpers and mock objects for unit tests and doc tests https://bugzilla.redhat.com/show_bug.cgi?id=1445824 -------------------------------------------------------------------------------- ================================================================================ rhythmbox-alternative-toolbar-0.17.3-6.fc26 (FEDORA-2017-42482abace) Client-side decorated compact toolbar for Rhythmbox -------------------------------------------------------------------------------- Update Information: Improved the package summary ---- Removed the noarch label to resolv bug 1434240 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1434240 - plugin doesn't appear under list of available plugins https://bugzilla.redhat.com/show_bug.cgi?id=1434240 -------------------------------------------------------------------------------- ================================================================================ simple-scan-3.24.1-1.fc26 (FEDORA-2017-8862692d88) Simple scanning utility -------------------------------------------------------------------------------- Update Information: Update to 3.24.1 -------------------------------------------------------------------------------- ================================================================================ squirrelmail-1.4.22-19.fc26 (FEDORA-2017-a7161eb173) webmail client written in php -------------------------------------------------------------------------------- Update Information: fix insufficient escaping of user-supplied data (CVE-2017-7692) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1445165 - CVE-2017-7692 squirrelmail: Insufficient escaping of user-supplied data https://bugzilla.redhat.com/show_bug.cgi?id=1445165 -------------------------------------------------------------------------------- ================================================================================ sugar-paint-65-5.fc26 (FEDORA-2017-442c148a5f) Paint activity for Sugar -------------------------------------------------------------------------------- Update Information: Fix crash on startup -------------------------------------------------------------------------------- References: [ 1 ] Bug #1409787 - Can't start sugar-paint https://bugzilla.redhat.com/show_bug.cgi?id=1409787 -------------------------------------------------------------------------------- ================================================================================ tcpreplay-4.2.4-1.fc26 (FEDORA-2017-aa730ad226) Replay captured network traffic -------------------------------------------------------------------------------- Update Information: Bug fixes. 4.2.4: - Fix spelling mistakes discovered by Lintian (#362) 4.2.3: - Archive (remove) QuickTX until maintainer found (#357) - Ubuntu precise 32bit_build (#356) 4.2.2: - Missing symbol pcap_version on macOS 10.12.4 (#353) -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
