Fedora 26 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 26 Security updates need testing:
 Age  URL
 138  https://bodhi.fedoraproject.org/updates/FEDORA-2017-1bf5a0ce01   python-XStatic-jquery-ui-1.12.0.1-2.fc26
  77  https://bodhi.fedoraproject.org/updates/FEDORA-2017-2522df3526   nodejs-brace-expansion-1.1.7-1.fc26
  40  https://bodhi.fedoraproject.org/updates/FEDORA-2017-690a2548ba   openvswitch-2.7.1-2.fc26
  32  https://bodhi.fedoraproject.org/updates/FEDORA-2017-1c053de325   memcached-1.4.39-1.fc26
  28  https://bodhi.fedoraproject.org/updates/FEDORA-2017-ccb5c8d1e7   docker-distribution-2.6.2-1.git48294d9.fc26
  22  https://bodhi.fedoraproject.org/updates/FEDORA-2017-721314e3b3   java-1.8.0-openjdk-aarch32-1.8.0.141-2.170721.fc26
  10  https://bodhi.fedoraproject.org/updates/FEDORA-2017-d4248ba346   botan-1.10.16-1.fc26
   9  https://bodhi.fedoraproject.org/updates/FEDORA-2017-f03b04acbb   mercurial-4.2.3-1.fc26
   9  https://bodhi.fedoraproject.org/updates/FEDORA-2017-e5a78c5ca9   cvs-1.11.23-42.fc26
   1  https://bodhi.fedoraproject.org/updates/FEDORA-2017-f5177f3a16   exim-4.89-5.fc26
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-ab0def38cd   tomcat-8.0.46-1.fc26
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-487fae29b4   dnsdist-1.2.0-1.fc26
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-8d74f1c135   taglib-1.11.1-5.fc26
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-0fbd57c134   drupal8-8.3.7-1.fc26
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-9899aba20e   groovy18-1.8.9-30.fc26
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-0dfa70ae35   thunderbird-52.3.0-1.fc26
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-5617ab3b38   mingw-libzip-1.2.0-3.fc26
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-b8fa8e1a13   xen-4.8.1-7.fc26
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-0a1f3de4eb   ImageMagick-7.0.6-9.2.fc26


The following Fedora 26 Critical Path updates have yet to be approved:
 Age URL
  11  https://bodhi.fedoraproject.org/updates/FEDORA-2017-c510774d90   libpsl-0.18.0-1.fc26 publicsuffix-list-20170809-1.fc26
   9  https://bodhi.fedoraproject.org/updates/FEDORA-2017-e5a78c5ca9   cvs-1.11.23-42.fc26
   8  https://bodhi.fedoraproject.org/updates/FEDORA-2017-d2b5c43e67   p11-kit-0.23.8-1.fc26
   4  https://bodhi.fedoraproject.org/updates/FEDORA-2017-d119cd8c3f   sddm-0.14.0-13.fc26
   1  https://bodhi.fedoraproject.org/updates/FEDORA-2017-595b08352c   pango-1.40.11-1.fc26
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-31aabe2be0   sqlite-3.20.0-2.fc26 tracker-1.12.3-1.fc26
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-b8fa8e1a13   xen-4.8.1-7.fc26
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-cbd104b9f4   rpm-4.13.0.1-7.fc26
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-0b1e7b5a7e   librepo-1.8.0-1.fc26
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-73d143918a   network-manager-applet-1.8.2-3.fc26
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-0dfa70ae35   thunderbird-52.3.0-1.fc26
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-50e1f02ccb   libglvnd-0.2.999-24.20170818git8d4d03f.fc26
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-24dcbfa22d   pungi-4.1.17-4.fc26
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-f1cf3a2313   gtk3-3.22.19-1.fc26
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-8d74f1c135   taglib-1.11.1-5.fc26
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-ecffc8e60c   libappstream-glib-0.7.2-1.fc26
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-4d086635b3   gdk-pixbuf2-2.36.9-1.fc26
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-68611800c4   gnutls-3.5.15-1.fc26
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-75b1d4b623   bind99-9.9.10-2.P3.fc26
   0  https://bodhi.fedoraproject.org/updates/FEDORA-2017-a6ab88955c   expat-2.2.4-1.fc26


The following builds have been pushed to Fedora 26 updates-testing

    ImageMagick-7.0.6-9.2.fc26
    eclipse-testng-6.12.0-0.1.gitf991e16.fc26
    fpaste-0.3.9.0-1.fc26
    freecad-0.16-10.fc26
    greenwave-0.1.1-1.02795e8.fc26
    metamath-0.149-1.fc26
    mingw-libzip-1.2.0-3.fc26
    sqlite-3.20.0-2.fc26
    testng-6.9.12-5.fc26
    tracker-1.12.3-1.fc26
    xen-4.8.1-7.fc26

Details about builds:


================================================================================
 ImageMagick-7.0.6-9.2.fc26 (FEDORA-2017-0a1f3de4eb)
 Use ImageMagick to convert, edit, or compose bitmap images in a variety of formats.  In addition resize, rotate, shear, distort and transform images.
--------------------------------------------------------------------------------
Update Information:

Tagging this update now as it is an urgent fix. This update includes a soname
bump so affected packages will need to be rebuilt by the package maintainer or
someone with proven packager privs.   This update fixes ImageTragick in Fedora
as well as numerous other security issues such as:  - Fix CVE-2017-11644
ImageMagick: Memory-Leak in ReadMATImage() coders/mat.c - bug #1475485  - Fix
CVE-2017-11639 ImageMagick: heap-based buffer over-read in the WriteCIPImage()
function in coders/cip.c - bug #1475470  - Fix CVE-2017-11640 ImageMagick: NULL
pointer dereference in WritePTIFImage() in coders/tiff.c - bug #1475463  - Fix
CVE-2017-11523 ImageMagick: Endless loop in ReadTXTImage function in
coders/txt.c - bug #1474845  - Fix CVE-2017-11446 CVE-2017-11478 ImageMagick:
various flaws - bug #1474363,1474391  - Fix CVE-2017-11360 ImageMagick: Resource
exhaustion in ReadRLEImage function - bug #1473847  - Fix CVE-2017-11188
ImageMagick: Resource exhaustion in ReadDPXImage function in coders\dpx.c - bug
#1473824  - Fix CVE-2017-11448 ImageMagick: Info leak from from uninitialized
memory in ReadJPEGImage function - bug #1473801  - Fix CVE-2017-11447
ImageMagick: Memory leak in ReadSCREENSHOTImage function in coders/screenshot.c
- bug #1473798  - Fix CVE-2017-11449 ImageMagick: coders/mpc.c don't validade
blob sizes of stdin image input - bug #1473796  - Fix CVE-2017-11450
ImageMagick: Too short JPEG data causes denial of service in coders/jpeg.c - bug
#1473774  - Fix CVE-2017-11141 ImageMagick: Memory exhaustion in ReadMATImage
function in coders\mat.c - bug #1473757  - Fix CVE-2017-10928 ImageMagick: heap-
based buffer over-read in the GetNextToken function - bug #1473717  - Fix
CVE-2017-11352 ImageMagick: Improper EOF handling in coders/rle.c can trigger
crash (Incomplete fix for CVE-2017-9144) - bug #1471835 - Fix CVE-2017-10995
ImageMagick: Out-of-bounds heap read in mng_get_long function - bug #1471121  -
Fix CVE-2017-11170 ImageMagick: Memory leak in ReadTGAImage function when
processing TGA or VST file - bug #1470669  - Fix CVE-2017-7941 CVE-2017-7942
CVE-2017-7943 CVE-2017-8352 ImageMagick: various flaws - bug
#1445676,1445677,1445679,1449253  - Fix CVE-2017-9141 CVE-2017-9142
CVE-2017-9143 CVE-2017-9144 ImageMagick: various flaws - bug
#1455578,1455581,1455583,1455584  - Fix CVE-2016-9559 ImageMagick: Null pointer
dereference in tiff.c - bug #1398189,1398198,1413898  - Fix CVE-2017-5507
ImageMagick: Memory leak in mpc file handling - bug #1414444  - Fix
CVE-2016-10146 ImageMagick: Memory leak in caption and label handling - bug
#1414446  - Fix CVE-2017-5508 ImageMagick: Heap-buffer-overflow in
PushQuantumPixel - bug #1414445  - Fix CVE-2016-10070 ImageMagick: Out-of-bounds
read in mat.c - bug #1410510  - Fix CVE-2017-5506 ImageMagick: Double-free
memory corruption in profile.c - bug #1414442  - Fix CVE-2016-10064 ImageMagick:
Buffer overflow in tiff.c - bug #1410478  - Fix CVE-2016-10071 ImageMagick: Out-
of-bounds read in mat.c - bug #1410513  - Fix CVE-2016-10059 ImageMagick: TIFF
file buffer overflow - bug #1410469  - Fix CVE-2016-10057 ImageMagick: Buffer
overflow in CALS coder - bug #1410466  - Fix CVE-2016-10052 ImageMagick: Out-of-
bounds write in exif (jpeg) reader - bug #1410459  - Fix CVE-2016-10050
ImageMagick: Heap overflow when reading corrupt RLE files - bug #1410454  - Fix
CVE-2016-10049 ImageMagick: Buffer overflow when reading corrupt RLE files - bug
#1410452  - Fix CVE-2016-10046 ImageMagick: Buffer overflow in draw.c - bug
#1410448  - Fix CVE-2016-8677 ImageMagick: Memory allocation failure in
AcquireQuantumPixel - bug #1385698  - Fix CVE-2016-7906 ImageMagick: Mogrify
heap-use-after-free in attribute.c - bug #1381141  - Fix CVE-2016-7799
ImageMagick: Mogrify buffer over-read in profile.c - bug #1381138 - ImageMagick:
Hang when supplying file ending with colon to identify - bug #1380428  - Fix
CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-6823
CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516
CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 ...
ImageMagick: various flaws - bug #1378734,1378735,1378736,1378738,1378733,137873
9,1378741,1378743,1378744,1378745,1378746,1378747,1378748,1378751,1378754,137875
6,1378757,1378758,1378759,1378760,1378761,1378762,1378763,1378764,1378765,137876
7,1378768,1378772,1378773,1378775,1378776,1378777,1378790  - Fix CVE-2016-5010
ImageMagick: Out-of-bounds read when processing crafted tiff file - bug
#1354500,1361578
--------------------------------------------------------------------------------


================================================================================
 eclipse-testng-6.12.0-0.1.gitf991e16.fc26 (FEDORA-2017-a646e146b7)
 TestNG plug-in for Eclipse
--------------------------------------------------------------------------------
Update Information:

Updates to latest snapshot of the Eclipse TestNG plugin. See upstream [release
notes](https://github.com/cbeust/testng-
eclipse/blob/f991e16da06363a42676938f5c140b93d35593d2/CHANGES.md).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1465818 - Update eclipse-testng to at least 6.11.0
        https://bugzilla.redhat.com/show_bug.cgi?id=1465818
--------------------------------------------------------------------------------


================================================================================
 fpaste-0.3.9.0-1.fc26 (FEDORA-2017-8216a1d052)
 A simple tool for pasting info onto sticky notes instances
--------------------------------------------------------------------------------
Update Information:

New release for modernpaste
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1408266 - fpaste --sysinfo hangs forever
        https://bugzilla.redhat.com/show_bug.cgi?id=1408266
  [ 2 ] Bug #1426322 - Can't paste anymore with newer fpaste server
        https://bugzilla.redhat.com/show_bug.cgi?id=1426322
  [ 3 ] Bug #1475225 - fpaste --rawurl is broken
        https://bugzilla.redhat.com/show_bug.cgi?id=1475225
  [ 4 ] Bug #1390390 - fpaste Error With -d -P options && fpaste --sysinfo is stuck Without Root Permissions.
        https://bugzilla.redhat.com/show_bug.cgi?id=1390390
--------------------------------------------------------------------------------


================================================================================
 freecad-0.16-10.fc26 (FEDORA-2017-44d5f8498c)
 A general purpose 3D CAD modeler
--------------------------------------------------------------------------------
Update Information:

Add qt-assistant as install requirement, fixes RHBZ#1484186.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1484186 - Packaging: Freecad required package qt-assistant to display Help file
        https://bugzilla.redhat.com/show_bug.cgi?id=1484186
--------------------------------------------------------------------------------


================================================================================
 greenwave-0.1.1-1.02795e8.fc26 (FEDORA-2017-2aed05b3c7)
 Service for gating on automated tests
--------------------------------------------------------------------------------
Update Information:

Upstream pre-release.  ----  initial version
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1481477 - Review Request: greenwave - Service for gating on automated tests by querying ResultsDB and WaiverDB
        https://bugzilla.redhat.com/show_bug.cgi?id=1481477
--------------------------------------------------------------------------------


================================================================================
 metamath-0.149-1.fc26 (FEDORA-2017-5daed69f7d)
 Construct mathematics from basic axioms
--------------------------------------------------------------------------------
Update Information:

Changes in version 0.148:  - Many changes to set.mm - Add "Dummy variable x is
distinct from all other variables." to proof web page - Hyperlink "Dummy
variable(s)"  Changes in version 0.149:  - add a subsubsection "tiny" header
with separator "-.-." to table of contents and theorem list; see HELP WRITE
THEOREM_LIST - remove bug check 255 - change mmset.html links to
../mpeuni/mmset.html so they will work in NF Explorer etc.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1482724 - metamath-0.148 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1482724
  [ 2 ] Bug #1484389 - metamath-0.149 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1484389
--------------------------------------------------------------------------------


================================================================================
 mingw-libzip-1.2.0-3.fc26 (FEDORA-2017-5617ab3b38)
 C library for reading, creating, and modifying zip archives
--------------------------------------------------------------------------------
Update Information:

This update fixes CVE-2017-12858.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1484514 - CVE-2017-12858 libzip: Double free in _zip_dirent_read function in zip_dirent.c
        https://bugzilla.redhat.com/show_bug.cgi?id=1484514
--------------------------------------------------------------------------------


================================================================================
 sqlite-3.20.0-2.fc26 (FEDORA-2017-31aabe2be0)
 Library that implements an embeddable SQL database engine
--------------------------------------------------------------------------------
Update Information:

tracker 1.12.3 release, combined together with an sqlite update enabling the
FTS5 extension that tracker needs. This fixes search in the gtk3 file chooser,
which regressed in sqlite 3.20.0 / tracker 1.12.2.  For details, see
https://mail.gnome.org/archives/ftp-release-list/2017-August/msg00146.html
--------------------------------------------------------------------------------


================================================================================
 testng-6.9.12-5.fc26 (FEDORA-2017-a646e146b7)
 Java-based testing framework
--------------------------------------------------------------------------------
Update Information:

Updates to latest snapshot of the Eclipse TestNG plugin. See upstream [release
notes](https://github.com/cbeust/testng-
eclipse/blob/f991e16da06363a42676938f5c140b93d35593d2/CHANGES.md).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1465818 - Update eclipse-testng to at least 6.11.0
        https://bugzilla.redhat.com/show_bug.cgi?id=1465818
--------------------------------------------------------------------------------


================================================================================
 tracker-1.12.3-1.fc26 (FEDORA-2017-31aabe2be0)
 Desktop-neutral search tool and indexer
--------------------------------------------------------------------------------
Update Information:

tracker 1.12.3 release, combined together with an sqlite update enabling the
FTS5 extension that tracker needs. This fixes search in the gtk3 file chooser,
which regressed in sqlite 3.20.0 / tracker 1.12.2.  For details, see
https://mail.gnome.org/archives/ftp-release-list/2017-August/msg00146.html
--------------------------------------------------------------------------------


================================================================================
 xen-4.8.1-7.fc26 (FEDORA-2017-b8fa8e1a13)
 Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:

full fix for XSA-226, replacing workaround drop conflict of xendomain and
libvirtd as can cause problems (#1398590) add-to-physmap error paths fail to
release lock on ARM [XSA-235] (#1484476) Qemu: audio: host memory leakage via
capture buffer [CVE-2017-8309] (#1446521) Qemu: input: host memory leakage via
keyboard events [CVE-2017-8379] (#1446561)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1484476 - xsa235 xen: add-to-physmap error paths fail to release lock on ARM
        https://bugzilla.redhat.com/show_bug.cgi?id=1484476
  [ 2 ] Bug #1446517 - CVE-2017-8309 Qemu: audio: host memory leakage via capture buffer
        https://bugzilla.redhat.com/show_bug.cgi?id=1446517
  [ 3 ] Bug #1446547 - CVE-2017-8379 Qemu: input: host memory lekage via keyboard events
        https://bugzilla.redhat.com/show_bug.cgi?id=1446547
--------------------------------------------------------------------------------
_______________________________________________
test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux