The following Fedora 26 Security updates need testing: Age URL 150 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1bf5a0ce01 python-XStatic-jquery-ui-1.12.0.1-2.fc26 89 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2522df3526 nodejs-brace-expansion-1.1.7-1.fc26 52 https://bodhi.fedoraproject.org/updates/FEDORA-2017-690a2548ba openvswitch-2.7.1-2.fc26 43 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1c053de325 memcached-1.4.39-1.fc26 39 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ccb5c8d1e7 docker-distribution-2.6.2-1.git48294d9.fc26 21 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d4248ba346 botan-1.10.16-1.fc26 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ab0def38cd tomcat-8.0.46-1.fc26 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0fbd57c134 drupal8-8.3.7-1.fc26 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3ae21f2324 copr-dist-git-0.36-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8f27031c8f ImageMagick-6.9.9.9-1.fc26 WindowMaker-0.95.8-3.fc26 autotrace-0.31.1-49.fc26 converseen-0.9.6.2-3.fc26 dmtx-utils-0.7.4-4.fc26 drawtiming-0.7.1-22.fc26 emacs-25.2-5.fc26 gtatool-2.2.0-6.fc26 imageinfo-0.05-27.fc26 inkscape-0.92.1-4.20170510bzr15686.fc26.1 k3d-0.8.0.6-8.fc26 kxstitch-1.2.0-9.fc26 perl-Image-SubImageFind-0.03-13.fc26 pfstools-2.0.6-3.fc26 php-pecl-imagick-3.4.3-2.fc26 psiconv-0.9.8-22.fc26 q-7.11-29.fc26 ripright-0.11-5.fc26 rss-glx-0.9.1.p-29.fc26.1 rubygem-rmagick-2.16.0-4.fc26.2 synfig-1.2.0-9.fc26.1 synfigstudio-1.2.0-5.fc26 techne-0.2.3-20.fc26 vdr-scraper2vdr-1.0.5-4.20170611git254122b.fc26 vips-8.5.7-2.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fe4f93fde4 mingw-libidn2-2.0.4-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-43390e73b1 mingw-openjpeg2-2.2.0-3.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-77e8bc720a mimedefang-2.81-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-840db88351 libzip-1.3.0-1.fc26 The following Fedora 26 Critical Path updates have yet to be approved: Age URL 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-68611800c4 gnutls-3.5.15-1.fc26 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-24dcbfa22d pungi-4.1.17-4.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8f27031c8f ImageMagick-6.9.9.9-1.fc26 WindowMaker-0.95.8-3.fc26 autotrace-0.31.1-49.fc26 converseen-0.9.6.2-3.fc26 dmtx-utils-0.7.4-4.fc26 drawtiming-0.7.1-22.fc26 emacs-25.2-5.fc26 gtatool-2.2.0-6.fc26 imageinfo-0.05-27.fc26 inkscape-0.92.1-4.20170510bzr15686.fc26.1 k3d-0.8.0.6-8.fc26 kxstitch-1.2.0-9.fc26 perl-Image-SubImageFind-0.03-13.fc26 pfstools-2.0.6-3.fc26 php-pecl-imagick-3.4.3-2.fc26 psiconv-0.9.8-22.fc26 q-7.11-29.fc26 ripright-0.11-5.fc26 rss-glx-0.9.1.p-29.fc26.1 rubygem-rmagick-2.16.0-4.fc26.2 synfig-1.2.0-9.fc26.1 synfigstudio-1.2.0-5.fc26 techne-0.2.3-20.fc26 vdr-scraper2vdr-1.0.5-4.20170611git254122b.fc26 vips-8.5.7-2.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7b16c0f8fa sssd-1.15.3-3.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-461b3336ee hwdata-0.304-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3f68f150f6 abrt-2.10.3-2.fc26 libreport-2.9.1-3.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-69dda8a5eb publicsuffix-list-20170828-1.fc26 The following builds have been pushed to Fedora 26 updates-testing abrt-2.10.3-2.fc26 abrt-java-connector-1.1.0-11.fc26 clustershell-1.7.81-4.fc26 golang-github-calmh-luhn-1.1.0-1.fc26 hwdata-0.304-1.fc26 icoutils-0.32.0-1.fc26 libreport-2.9.1-3.fc26 libzip-1.3.0-1.fc26 libzypp-16.15.6-1.fc26 mimedefang-2.81-1.fc26 mutt-1.9.0-1.fc26 nemo-extensions-3.4.0-9.fc26 perl-Date-Manip-6.60-1.fc26 perl-Net-GitHub-0.90-1.fc26 perl-Net-HTTP-6.17-1.fc26 php-nikic-php-parser3-3.1.1-1.fc26 php-pear-crypt-gpg-1.6.2-1.fc26 php-phpspec-prophecy-1.7.1-1.fc26 postgresql-9.6.5-1.fc26 publicsuffix-list-20170828-1.fc26 python-mysql-1.3.12-1.fc26 setools-4.1.0-4.fc26 spatialite-tools-4.3.0-25.fc26 streameye-0.8-3.fc26 votca-csg-1.4.1-1.fc26 votca-tools-1.4.1-1.fc26 votca-xtp-1.4.1-1.fc26 zeal-0.4.0-1.fc26 zypper-1.13.32-1.fc26 Details about builds: ================================================================================ abrt-2.10.3-2.fc26 (FEDORA-2017-3f68f150f6) Automatic bug detection and reporting tool -------------------------------------------------------------------------------- Update Information: #abrt fixes - logging: rename log() to log_warning() - Translation- updates - cli,dbus: Allow polkit to be optional at build time - a-d -journal-core: fix bad condition in creating reason msg - a-d-journal-core: use pid of crashed process in dumpdir name Resolves: #1481205 #libreport fixes - logging: rename log() to log_warning() - reporter-mantisbt: Fix typo in help - bugzilla: add check if option -d was entered - dd: extend create_dump_dir to allow set pid in dumpdir name - lib: fix to ensure order of login credentials when reporting using abrt-cli - configure.ac: update glib min. version dependency - lib: fix newline issue with ask_password Resolves: #1445669, #1481205 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1445669 - None https://bugzilla.redhat.com/show_bug.cgi?id=1445669 [ 2 ] Bug #1481205 - libreport: Do not redefine log https://bugzilla.redhat.com/show_bug.cgi?id=1481205 -------------------------------------------------------------------------------- ================================================================================ abrt-java-connector-1.1.0-11.fc26 (FEDORA-2017-ac505336aa) JNI Agent library converting Java exceptions to ABRT problems -------------------------------------------------------------------------------- Update Information: - Rename log() to log_warning() - update test outputs -------------------------------------------------------------------------------- ================================================================================ clustershell-1.7.81-4.fc26 (FEDORA-2017-1d5e87ccb9) Python framework for efficient cluster administration -------------------------------------------------------------------------------- Update Information: ClusterShell 1.8 beta1 targeted for updates-testing only. Release #4 removes the vim-clustershell subpackage as it was confusing for the users. VIM extensions are just provided by the main clustershell subpackage, which now requires vim- filesystem instead of vim-common if available (only not on el6). ---- ClusterShell 1.8 beta1 targeted for updates-testing only. -------------------------------------------------------------------------------- ================================================================================ golang-github-calmh-luhn-1.1.0-1.fc26 (FEDORA-2017-66ca3939b4) Luhn-mod-N implementation in Go -------------------------------------------------------------------------------- Update Information: Update to version 1.1.0. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487927 - golang-github-calmh-luhn-v1.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1487927 -------------------------------------------------------------------------------- ================================================================================ hwdata-0.304-1.fc26 (FEDORA-2017-461b3336ee) Hardware identification and configuration data -------------------------------------------------------------------------------- Update Information: Updated pci, usb and vendor ids. -------------------------------------------------------------------------------- ================================================================================ icoutils-0.32.0-1.fc26 (FEDORA-2017-f4ac339174) Utility for extracting and converting Microsoft icon and cursor files -------------------------------------------------------------------------------- Update Information: Changes in version 0.32: * Fixed invalid memory allocation in icotool with malformed input. * Fixed infinite recursion in wrestool with malformed input. * Added ability to specify minimum bit depth per image. * Added ability to specify cursor hotspot per image. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487838 - icoutils-0.32.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1487838 -------------------------------------------------------------------------------- ================================================================================ libreport-2.9.1-3.fc26 (FEDORA-2017-3f68f150f6) Generic library for reporting various problems -------------------------------------------------------------------------------- Update Information: #abrt fixes - logging: rename log() to log_warning() - Translation- updates - cli,dbus: Allow polkit to be optional at build time - a-d -journal-core: fix bad condition in creating reason msg - a-d-journal-core: use pid of crashed process in dumpdir name Resolves: #1481205 #libreport fixes - logging: rename log() to log_warning() - reporter-mantisbt: Fix typo in help - bugzilla: add check if option -d was entered - dd: extend create_dump_dir to allow set pid in dumpdir name - lib: fix to ensure order of login credentials when reporting using abrt-cli - configure.ac: update glib min. version dependency - lib: fix newline issue with ask_password Resolves: #1445669, #1481205 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1445669 - None https://bugzilla.redhat.com/show_bug.cgi?id=1445669 [ 2 ] Bug #1481205 - libreport: Do not redefine log https://bugzilla.redhat.com/show_bug.cgi?id=1481205 -------------------------------------------------------------------------------- ================================================================================ libzip-1.3.0-1.fc26 (FEDORA-2017-840db88351) C library for reading, creating, and modifying zip archives -------------------------------------------------------------------------------- Update Information: **Version 1.3.0** It contains fixes for two possible security problems. The problems were identified by Brian 'geeknik' Carpenter and Agostino Sarubbo using AFL. The changes are: * Support bzip2 compressed zip archives * Improve file progress callback code * Fix zip_fdopen() * CVE-2017-12858: Fix double free(). * CVE-2017-14107: Improve EOCD64 parsing. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1484515 - CVE-2017-12858 libzip: Double free in _zip_dirent_read function in zip_dirent.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1484515 -------------------------------------------------------------------------------- ================================================================================ libzypp-16.15.6-1.fc26 (FEDORA-2017-fb7f2b9c19) A package management library -------------------------------------------------------------------------------- Update Information: Update to Zypper 1.13.32. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1485336 - zypper-1.13.32 is available https://bugzilla.redhat.com/show_bug.cgi?id=1485336 [ 2 ] Bug #1485326 - libzypp-16.15.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1485326 -------------------------------------------------------------------------------- ================================================================================ mimedefang-2.81-1.fc26 (FEDORA-2017-77e8bc720a) E-Mail filtering framework using Sendmail's Milter interface -------------------------------------------------------------------------------- Update Information: MIMEDefang 2.81 =============== * Don't barf if the installed version of Sys::Syslog has a developer tag added (like 0.33_01 on Debian Stretch). * Make mimedefang and mimedefang-multiplexor write their PID files as root to avoid an unprivileged user tampering with the pidfiles. Thanks to Michael Orlitzky for pointing this issue out. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487543 - CVE-2017-14102 mimedefang: Privilege escalation via PID file manipulation https://bugzilla.redhat.com/show_bug.cgi?id=1487543 -------------------------------------------------------------------------------- ================================================================================ mutt-1.9.0-1.fc26 (FEDORA-2017-a0ba8fbe66) A text mode mail user agent -------------------------------------------------------------------------------- Update Information: update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487880 - mutt-1.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1487880 -------------------------------------------------------------------------------- ================================================================================ nemo-extensions-3.4.0-9.fc26 (FEDORA-2017-a97c8bb896) Extensions for Nemo -------------------------------------------------------------------------------- Update Information: * Some upstream fixes -------------------------------------------------------------------------------- ================================================================================ perl-Date-Manip-6.60-1.fc26 (FEDORA-2017-71d17ca51b) Date manipulation routines -------------------------------------------------------------------------------- Update Information: Rebase to upstream release 6.60. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487801 - perl-Date-Manip-6.60 is available https://bugzilla.redhat.com/show_bug.cgi?id=1487801 -------------------------------------------------------------------------------- ================================================================================ perl-Net-GitHub-0.90-1.fc26 (FEDORA-2017-6897902794) Perl interface for github.com -------------------------------------------------------------------------------- Update Information: Rebase to upstream release 0.90. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1484857 - perl-Net-GitHub-0.90 is available https://bugzilla.redhat.com/show_bug.cgi?id=1484857 -------------------------------------------------------------------------------- ================================================================================ perl-Net-HTTP-6.17-1.fc26 (FEDORA-2017-6f187ccc78) Low-level HTTP connection (client) -------------------------------------------------------------------------------- Update Information: This release corrects tests. We deliver it pro provide up-to-date version string. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487808 - perl-Net-HTTP-6.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1487808 -------------------------------------------------------------------------------- ================================================================================ php-nikic-php-parser3-3.1.1-1.fc26 (FEDORA-2017-cdac30fb57) A PHP parser written in PHP -------------------------------------------------------------------------------- Update Information: **Version 3.1.1** (2017-09-02) * Fixed syntax error on comment after brace- style namespace declaration. (#412) * Added support for TraitUse statements in trait builder. (#413) -------------------------------------------------------------------------------- ================================================================================ php-pear-crypt-gpg-1.6.2-1.fc26 (FEDORA-2017-243ef31549) GNU Privacy Guard (GnuPG) -------------------------------------------------------------------------------- Update Information: **Version 1.6.2** * Added options to configure digest/cipher algorithms. ---- **Version 1.6.1** * Fix Bug pear#21237: Use --skip-verify in decrypt() method * Update list of hash algorithm names * Add option to ignore signature verification errors on decrypt. -------------------------------------------------------------------------------- ================================================================================ php-phpspec-prophecy-1.7.1-1.fc26 (FEDORA-2017-8daad7634e) Highly opinionated mocking framework for PHP -------------------------------------------------------------------------------- Update Information: **Version 1.7.1** / 2017-10-03 * Allow PHP5 keywords methods generation on PHP7 (thanks bycosta) * Allow reflection-docblock v4 (thanks GrahamCampbell) * Check method predictions only once (thanks dontub) * Escape file path sent to \SplFileObjectConstructor when running on Windows (thanks danmartin-epiphany) -------------------------------------------------------------------------------- ================================================================================ postgresql-9.6.5-1.fc26 (FEDORA-2017-eb4760782e) PostgreSQL client programs -------------------------------------------------------------------------------- Update Information: update to 9.6.5 per release notes https://www.postgresql.org/docs/9.6/static/release-9-6-5.html -------------------------------------------------------------------------------- ================================================================================ publicsuffix-list-20170828-1.fc26 (FEDORA-2017-69dda8a5eb) Cross-vendor public domain suffix database -------------------------------------------------------------------------------- Update Information: Recent revision - 20170828 -------------------------------------------------------------------------------- ================================================================================ python-mysql-1.3.12-1.fc26 (FEDORA-2017-9b948d6e91) An interface to MySQL -------------------------------------------------------------------------------- Update Information: Update to 1.3.12 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1472985 - python-mysql lacks the mysql_real_escape_string_quote symbol https://bugzilla.redhat.com/show_bug.cgi?id=1472985 -------------------------------------------------------------------------------- ================================================================================ setools-4.1.0-4.fc26 (FEDORA-2017-5869cf6a4f) Policy analysis tools for SELinux -------------------------------------------------------------------------------- Update Information: This update fixes qpol python bindings on big-endian systems -------------------------------------------------------------------------------- References: [ 1 ] Bug #1484039 - sealert -l ... complains about undefined symbol bswap_32 in _qpol.cpython https://bugzilla.redhat.com/show_bug.cgi?id=1484039 -------------------------------------------------------------------------------- ================================================================================ spatialite-tools-4.3.0-25.fc26 (FEDORA-2017-30d70175d7) A set of useful CLI tools for SpatiaLite -------------------------------------------------------------------------------- Update Information: Rebuild for sqlite 3.20.1 -------------------------------------------------------------------------------- ================================================================================ streameye-0.8-3.fc26 (FEDORA-2017-2919664de4) Simple MJPEG streamer for Linux -------------------------------------------------------------------------------- Update Information: **New package:** Simple MJPEG streamer for Linux. It acts as an HTTP server and is capable of serving multiple simultaneous clients. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1445923 - Review Request: streameye - Simple MJPEG streamer for Linux https://bugzilla.redhat.com/show_bug.cgi?id=1445923 -------------------------------------------------------------------------------- ================================================================================ votca-csg-1.4.1-1.fc26 (FEDORA-2017-172ccc5dee) VOTCA coarse-graining engine -------------------------------------------------------------------------------- Update Information: Bump Votca packages to 1.4.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487881 - votca-xtp-1.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1487881 -------------------------------------------------------------------------------- ================================================================================ votca-tools-1.4.1-1.fc26 (FEDORA-2017-172ccc5dee) VOTCA tools library -------------------------------------------------------------------------------- Update Information: Bump Votca packages to 1.4.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487881 - votca-xtp-1.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1487881 -------------------------------------------------------------------------------- ================================================================================ votca-xtp-1.4.1-1.fc26 (FEDORA-2017-172ccc5dee) VOTCA excitation and charge properties module -------------------------------------------------------------------------------- Update Information: Bump Votca packages to 1.4.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487881 - votca-xtp-1.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1487881 -------------------------------------------------------------------------------- ================================================================================ zeal-0.4.0-1.fc26 (FEDORA-2017-e55c5790c9) Offline documentation browser inspired by Dash -------------------------------------------------------------------------------- Update Information: ## New upstream release ### New Features: - Added optional fuzzy search. (#100). - Added support for user-defined styles via custom CSS file. (#268) - Added support for a basic dark theme (webview only). (#466) - Added support for high resolution displays. (#111) - Switched to the CMake build system, support for qmake will be dropped shortly. - The minimally required Qt version bumped to 5.5.1. - As the result of above, libappindicator support relies on the built-in Qt implementation. - Dropped support for Qt WebEngine. - Removed dependency on Qt Sql by using SQLite directly. ### Improvements: - New tabs now have the search box automatically focused. (#725) - Added a Retry button to the error box appearing on docset list download failure. (#566) - Updated welcome page style (includes a Carbon ad banner, which can be disabled in the settings). ### Fixed Issues: - Fixed search for one-character terms. (#698) - Multiple fixes in the search algorithm. (#603, #650, #677) - Fixed navigation in some docsets. (#641) - Fixed portable version not saving docset storage path. (609) - Many rendering and stability issues fixed by switching to the new Qt WebKit. (#359, #723) ### Known Issues: - Web pages using Fira Sans (e.g., PHP docset) font are rendered in italic. This is an upstream bug with Qt WebKit (#658) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487883 - zeal-0.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1487883 -------------------------------------------------------------------------------- ================================================================================ zypper-1.13.32-1.fc26 (FEDORA-2017-fb7f2b9c19) Command line package manager using libzypp -------------------------------------------------------------------------------- Update Information: Update to Zypper 1.13.32. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1485336 - zypper-1.13.32 is available https://bugzilla.redhat.com/show_bug.cgi?id=1485336 [ 2 ] Bug #1485326 - libzypp-16.15.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1485326 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx