The following Fedora 26 Security updates need testing: Age URL 130 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1bf5a0ce01 python-XStatic-jquery-ui-1.12.0.1-2.fc26 69 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2522df3526 nodejs-brace-expansion-1.1.7-1.fc26 34 https://bodhi.fedoraproject.org/updates/FEDORA-2017-661dddc462 groovy18-1.8.9-28.fc26 32 https://bodhi.fedoraproject.org/updates/FEDORA-2017-690a2548ba openvswitch-2.7.1-2.fc26 23 https://bodhi.fedoraproject.org/updates/FEDORA-2017-76ce091a43 chicken-4.12.0-3.fc26 23 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1c053de325 memcached-1.4.39-1.fc26 23 https://bodhi.fedoraproject.org/updates/FEDORA-2017-dd0d5d376f python-tablib-0.11.5-1.fc26 20 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ccb5c8d1e7 docker-distribution-2.6.2-1.git48294d9.fc26 20 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6186f95179 nasm-2.13.01-3.fc26 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-721314e3b3 java-1.8.0-openjdk-aarch32-1.8.0.141-2.170721.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c535f23493 torbrowser-launcher-0.2.8-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f9e66916ec mingw-postgresql-9.6.4-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1f4c82d73e mingw-libsoup-2.58.2-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-aab5f759f5 cryptlib-3.4.3.1-7.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f8f4cd5b67 cyrus-imapd-3.0.3-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d4248ba346 botan-1.10.16-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f03b04acbb mercurial-4.2.3-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e5a78c5ca9 cvs-1.11.23-42.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f79ae2b96f chromium-60.0.3112.90-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-aecd25b8a9 nginx-1.12.1-1.fc26 The following Fedora 26 Critical Path updates have yet to be approved: Age URL 29 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a695811465 pungi-4.1.17-1.fc26 27 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4cacf8fe60 ca-certificates-2017.2.16-1.0.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-923c28037f qemu-2.9.0-4.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3c92db10b8 libvirt-3.2.1-5.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c510774d90 libpsl-0.18.0-1.fc26 publicsuffix-list-20170809-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3f11b3237a nspr-4.16.0-1.fc26 nss-3.32.0-1.0.fc26 nss-softokn-3.32.0-1.1.fc26 nss-util-3.32.0-1.0.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d2b5c43e67 p11-kit-0.23.8-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6a821cea48 tracker-1.12.2-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1abea60db7 gtk3-3.22.18-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-be5c1b152f python-setuptools-36.2.0-2.fc26 python3-3.6.2-5.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-53e5b66f7c vim-8.0.946-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9850f792de file-5.30-9.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e5a78c5ca9 cvs-1.11.23-42.fc26 The following builds have been pushed to Fedora 26 updates-testing 389-ds-base-1.3.6.7-1.fc26 PyDrive-1.3.1-2.fc26 alpine-2.21-3.fc26 chromium-60.0.3112.90-1.fc26 duplicity-0.7.13.1-2.fc26 file-5.30-9.fc26 filezilla-3.27.1-1.fc26 gnome-shell-extension-freon-27-1.fc26 gtk3-3.22.18-1.fc26 guacamole-server-0.9.13-6.fc26 libfastjson-0.99.6-1.fc26 libmediainfo-0.7.98-1.fc26 libzen-0.4.36-1.fc26 mediaconch-17.07-1.fc26 mediainfo-0.7.98-1.fc26 mingw-gdk-pixbuf-2.36.8-1.fc26 nginx-1.12.1-1.fc26 p11-kit-0.23.8-1.fc26 pesign-0.112-18.fc26 php-pecl-timecop-1.2.8-1.fc26 pure-ftpd-1.0.46-1.fc26 python-setuptools-36.2.0-2.fc26 python3-3.6.2-5.fc26 syncthing-0.14.36-2.fc26 tracker-1.12.2-1.fc26 vim-8.0.946-1.fc26 xfce4-statusnotifier-plugin-0.1.0-1.fc26 Details about builds: ================================================================================ 389-ds-base-1.3.6.7-1.fc26 (FEDORA-2017-431f07f52a) 389 Directory Server (base) -------------------------------------------------------------------------------- Update Information: Bump version to 1.3.6.7-1 -------------------------------------------------------------------------------- ================================================================================ PyDrive-1.3.1-2.fc26 (FEDORA-2017-8ebb30441c) A wrapper library of google-api-python-client for Google Drive API tasks -------------------------------------------------------------------------------- Update Information: Initial build of PyDrive, add PyDrive dep to duplicity -------------------------------------------------------------------------------- References: [ 1 ] Bug #1478461 - Review Request: PyDrive - A wrapper library of google-api-python-client that simplifies many common Google Drive API tasks https://bugzilla.redhat.com/show_bug.cgi?id=1478461 -------------------------------------------------------------------------------- ================================================================================ alpine-2.21-3.fc26 (FEDORA-2017-0861fe3c01) powerful, easy to use console email client -------------------------------------------------------------------------------- Update Information: alpine 2.21, update URL, .spec cosmetics -------------------------------------------------------------------------------- ================================================================================ chromium-60.0.3112.90-1.fc26 (FEDORA-2017-f79ae2b96f) A WebKit (Blink) powered web browser -------------------------------------------------------------------------------- Update Information: Chromium 60. Security fix for CVE-2017-5091, CVE-2017-5092, CVE-2017-5093, CVE-2017-5094, CVE-2017-5095, CVE-2017-5096, CVE-2017-5097, CVE-2017-5098, CVE-2017-5099, CVE-2017-5100, CVE-2017-5101, CVE-2017-5102, CVE-2017-5103, CVE-2017-5104, CVE-2017-7000, CVE-2017-5105, CVE-2017-5106, CVE-2017-5107, CVE-2017-5108, CVE-2017-5109, CVE-2017-5110. New subpackage -headless. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1475213 - CVE-2017-5110 chromium-browser: ui spoofing in payments dialog https://bugzilla.redhat.com/show_bug.cgi?id=1475213 [ 2 ] Bug #1475212 - CVE-2017-5109 chromium-browser: ui spoofing in browser https://bugzilla.redhat.com/show_bug.cgi?id=1475212 [ 3 ] Bug #1475211 - CVE-2017-5108 chromium-browser: type confusion in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1475211 [ 4 ] Bug #1475210 - CVE-2017-5107 chromium-browser: user information leak via svg https://bugzilla.redhat.com/show_bug.cgi?id=1475210 [ 5 ] Bug #1475209 - CVE-2017-5106 chromium-browser: url spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1475209 [ 6 ] Bug #1475208 - CVE-2017-5105 chromium-browser: url spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1475208 [ 7 ] Bug #1475207 - CVE-2017-7000 chromium-browser: pointer disclosure in sqlite https://bugzilla.redhat.com/show_bug.cgi?id=1475207 [ 8 ] Bug #1475206 - CVE-2017-5104 chromium-browser: ui spoofing in browser https://bugzilla.redhat.com/show_bug.cgi?id=1475206 [ 9 ] Bug #1475205 - CVE-2017-5103 chromium-browser: uninitialized use in skia https://bugzilla.redhat.com/show_bug.cgi?id=1475205 [ 10 ] Bug #1475204 - CVE-2017-5102 chromium-browser: uninitialized use in skia https://bugzilla.redhat.com/show_bug.cgi?id=1475204 [ 11 ] Bug #1475203 - CVE-2017-5101 chromium-browser: url spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1475203 [ 12 ] Bug #1475202 - CVE-2017-5100 chromium-browser: use after free in chrome apps https://bugzilla.redhat.com/show_bug.cgi?id=1475202 [ 13 ] Bug #1475201 - CVE-2017-5099 chromium-browser: out-of-bounds write in ppapi https://bugzilla.redhat.com/show_bug.cgi?id=1475201 [ 14 ] Bug #1475200 - CVE-2017-5098 chromium-browser: use after free in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1475200 [ 15 ] Bug #1475199 - CVE-2017-5097 chromium-browser: out-of-bounds read in skia https://bugzilla.redhat.com/show_bug.cgi?id=1475199 [ 16 ] Bug #1475198 - CVE-2017-5096 chromium-browser: user information leak via android intents https://bugzilla.redhat.com/show_bug.cgi?id=1475198 [ 17 ] Bug #1475197 - CVE-2017-5095 chromium-browser: out-of-bounds write in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1475197 [ 18 ] Bug #1475196 - CVE-2017-5094 chromium-browser: type confusion in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1475196 [ 19 ] Bug #1475195 - CVE-2017-5093 chromium-browser: ui spoofing in blink https://bugzilla.redhat.com/show_bug.cgi?id=1475195 [ 20 ] Bug #1475194 - CVE-2017-5092 chromium-browser: use after free in ppapi https://bugzilla.redhat.com/show_bug.cgi?id=1475194 [ 21 ] Bug #1475193 - CVE-2017-5091 chromium-browser: use after free in indexeddb https://bugzilla.redhat.com/show_bug.cgi?id=1475193 -------------------------------------------------------------------------------- ================================================================================ duplicity-0.7.13.1-2.fc26 (FEDORA-2017-8ebb30441c) Encrypted bandwidth-efficient backup using rsync algorithm -------------------------------------------------------------------------------- Update Information: Initial build of PyDrive, add PyDrive dep to duplicity -------------------------------------------------------------------------------- References: [ 1 ] Bug #1478461 - Review Request: PyDrive - A wrapper library of google-api-python-client that simplifies many common Google Drive API tasks https://bugzilla.redhat.com/show_bug.cgi?id=1478461 -------------------------------------------------------------------------------- ================================================================================ file-5.30-9.fc26 (FEDORA-2017-9850f792de) A utility for determining file types -------------------------------------------------------------------------------- Update Information: - New magic file entry - gconv - Recognition of iconv/gconv module cache -------------------------------------------------------------------------------- References: [ 1 ] Bug #1342428 - file(1) does not recognize iconv/gconv modules cache https://bugzilla.redhat.com/show_bug.cgi?id=1342428 -------------------------------------------------------------------------------- ================================================================================ filezilla-3.27.1-1.fc26 (FEDORA-2017-bc1b67ad5f) FTP, FTPS and SFTP client -------------------------------------------------------------------------------- Update Information: 3.27.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1481469 - filezilla-3.27.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1481469 -------------------------------------------------------------------------------- ================================================================================ gnome-shell-extension-freon-27-1.fc26 (FEDORA-2017-b28f7fd6df) GNOME Shell extension to display system temperature, voltage, and fan speed -------------------------------------------------------------------------------- Update Information: Bump to upstream version 27, which fixes Nvidia GPU label detection. -------------------------------------------------------------------------------- ================================================================================ gtk3-3.22.18-1.fc26 (FEDORA-2017-1abea60db7) GTK+ graphical user interface library -------------------------------------------------------------------------------- Update Information: gtk+ 3.22.18 release. For details, see https://mail.gnome.org/archives/ftp- release-list/2017-August/msg00047.html -------------------------------------------------------------------------------- ================================================================================ guacamole-server-0.9.13-6.fc26 (FEDORA-2017-ecd3d8a846) Server-side native components that form the Guacamole proxy -------------------------------------------------------------------------------- Update Information: Update to official 0.9.13. -------------------------------------------------------------------------------- ================================================================================ libfastjson-0.99.6-1.fc26 (FEDORA-2017-fd752fd491) A JSON implementation in C -------------------------------------------------------------------------------- Update Information: rebase to v0.99.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1462723 - libfastjson-v0.99.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1462723 -------------------------------------------------------------------------------- ================================================================================ libmediainfo-0.7.98-1.fc26 (FEDORA-2017-5ed8c54410) Library for supplies technical and tag information about a video or audio file -------------------------------------------------------------------------------- Update Information: Update mediainfo to 0.7.98. -------------------------------------------------------------------------------- ================================================================================ libzen-0.4.36-1.fc26 (FEDORA-2017-5ed8c54410) Shared library for libmediainfo and medianfo* -------------------------------------------------------------------------------- Update Information: Update mediainfo to 0.7.98. -------------------------------------------------------------------------------- ================================================================================ mediaconch-17.07-1.fc26 (FEDORA-2017-9c702e252c) Most relevant technical and tag data for video and audio files (CLI) -------------------------------------------------------------------------------- Update Information: Update to 17.07 -------------------------------------------------------------------------------- ================================================================================ mediainfo-0.7.98-1.fc26 (FEDORA-2017-5ed8c54410) Supplies technical and tag information about a video or audio file (CLI) -------------------------------------------------------------------------------- Update Information: Update mediainfo to 0.7.98. -------------------------------------------------------------------------------- ================================================================================ mingw-gdk-pixbuf-2.36.8-1.fc26 (FEDORA-2017-69f35f32f5) MinGW Windows GDK Pixbuf library -------------------------------------------------------------------------------- Update Information: MinGW cross compiled gdk-pixbuf 2.36.8 release. -------------------------------------------------------------------------------- ================================================================================ nginx-1.12.1-1.fc26 (FEDORA-2017-aecd25b8a9) A high performance web server and reverse proxy server -------------------------------------------------------------------------------- Update Information: This update includes nginx 1.12.1, fixing CVE-2017-7529, and adds the http_auth_request module. See http://mailman.nginx.org/pipermail/nginx- announce/2017/000200.html for more information on CVE-2017-7529. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1471106 - [patch] enable nginx http_auth_request_module https://bugzilla.redhat.com/show_bug.cgi?id=1471106 [ 2 ] Bug #1469924 - CVE-2017-7529 nginx: Integer overflow in nginx range filter module leading to memory disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1469924 -------------------------------------------------------------------------------- ================================================================================ p11-kit-0.23.8-1.fc26 (FEDORA-2017-d2b5c43e67) Library for loading and sharing PKCS#11 modules -------------------------------------------------------------------------------- Update Information: This updates p11-kit to the latest upstream release: https://github.com/p11-glue/p11-kit/releases/tag/0.23.8 -------------------------------------------------------------------------------- ================================================================================ pesign-0.112-18.fc26 (FEDORA-2017-1f31e0c5a4) Signing utility for UEFI binaries -------------------------------------------------------------------------------- Update Information: Update to make the kernel builders work again with newer opensc (I think) libraries. -------------------------------------------------------------------------------- ================================================================================ php-pecl-timecop-1.2.8-1.fc26 (FEDORA-2017-e7544403ce) Time travel and freezing extension -------------------------------------------------------------------------------- Update Information: A PHP extension providing "time travel" and "time freezing" capabilities, inspired by ruby timecop gem. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1468454 - Review Request: php-pecl-timecop - Time travel and freezing extension https://bugzilla.redhat.com/show_bug.cgi?id=1468454 -------------------------------------------------------------------------------- ================================================================================ pure-ftpd-1.0.46-1.fc26 (FEDORA-2017-cb3caad70b) Lightweight, fast and secure FTP server -------------------------------------------------------------------------------- Update Information: Update to the latest upstream version -------------------------------------------------------------------------------- ================================================================================ python-setuptools-36.2.0-2.fc26 (FEDORA-2017-be5c1b152f) Easily build and distribute Python packages -------------------------------------------------------------------------------- Update Information: Revert patches enhancing setuptools install command. ---- Fix the "urllib FTP protocol stream injection" vulnerability -------------------------------------------------------------------------------- References: [ 1 ] Bug #1478976 - Option -e (--excutable) conflicts with --editable when using Paver https://bugzilla.redhat.com/show_bug.cgi?id=1478976 [ 2 ] Bug #1478916 - [security] Backport ftplib.FTP.putline() fix to reject newlines https://bugzilla.redhat.com/show_bug.cgi?id=1478916 -------------------------------------------------------------------------------- ================================================================================ python3-3.6.2-5.fc26 (FEDORA-2017-be5c1b152f) Version 3 of the Python programming language aka Python 3000 -------------------------------------------------------------------------------- Update Information: Revert patches enhancing setuptools install command. ---- Fix the "urllib FTP protocol stream injection" vulnerability -------------------------------------------------------------------------------- References: [ 1 ] Bug #1478976 - Option -e (--excutable) conflicts with --editable when using Paver https://bugzilla.redhat.com/show_bug.cgi?id=1478976 [ 2 ] Bug #1478916 - [security] Backport ftplib.FTP.putline() fix to reject newlines https://bugzilla.redhat.com/show_bug.cgi?id=1478916 -------------------------------------------------------------------------------- ================================================================================ syncthing-0.14.36-2.fc26 (FEDORA-2017-af8b6b4204) Continuous File Synchronization -------------------------------------------------------------------------------- Update Information: Initial package for fedora. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1427634 - Review Request: syncthing - Continuous File Synchronization https://bugzilla.redhat.com/show_bug.cgi?id=1427634 -------------------------------------------------------------------------------- ================================================================================ tracker-1.12.2-1.fc26 (FEDORA-2017-6a821cea48) Desktop-neutral search tool and indexer -------------------------------------------------------------------------------- Update Information: tracker 1.12.2 release. For details, see https://mail.gnome.org/archives/ftp- release-list/2017-August/msg00022.html -------------------------------------------------------------------------------- ================================================================================ vim-8.0.946-1.fc26 (FEDORA-2017-53e5b66f7c) The VIM editor -------------------------------------------------------------------------------- Update Information: The newest upstream commit. -------------------------------------------------------------------------------- ================================================================================ xfce4-statusnotifier-plugin-0.1.0-1.fc26 (FEDORA-2017-6ec2d397fa) Panel area status notifier plugin for Xfce4 -------------------------------------------------------------------------------- Update Information: Initial xfce4-statusnotifier-plugin -------------------------------------------------------------------------------- References: [ 1 ] Bug #1476489 - Review Request: xfce4-statusnotifier-plugin - Panel area status notifier plugin for Xfce4 https://bugzilla.redhat.com/show_bug.cgi?id=1476489 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx