The following Fedora 27 Security updates need testing: Age URL 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ac3dd4ecf8 gd-2.2.5-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b469be1a72 mingw-libidn2-2.0.4-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-400f199e15 mimedefang-2.81-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7bd193c0ed libzip-1.3.0-1.fc27 The following builds have been pushed to Fedora 27 updates-testing PyXB-1.2.6-1.fc27 abrt-2.10.4-2.fc27 anaconda-27.20.1-1.fc27 clustershell-1.7.81-4.fc27 criu-3.4-1.fc27 gasnet-1.30.0-1.fc27 gnome-remote-desktop-0.1.2-3.fc27 golang-github-calmh-luhn-1.1.0-1.fc27 hwdata-0.304-1.fc27 icoutils-0.32.0-1.fc27 initial-setup-0.3.49-1.fc27 legion-17.08.0-2.fc27 libvirt-3.7.0-1.fc27 libzip-1.3.0-1.fc27 libzypp-16.15.6-1.fc27 mariadb-connector-c-3.0.2-4.fc27 mimedefang-2.81-1.fc27 mingw-libvirt-3.7.0-1.fc27 mutt-1.9.0-1.fc27 nemo-extensions-3.4.0-9.fc27 pantheon-session-settings-0.9.91-1.fc27 perl-Config-MVP-Slicer-0.303-1.fc27 perl-Date-Manip-6.60-1.fc27 perl-Locale-Codes-3.54-1.fc27 perl-Net-GitHub-0.90-1.fc27 perl-Net-HTTP-6.17-1.fc27 perl-Shell-Config-Generate-0.29-1.fc27 php-nikic-php-parser3-3.1.1-1.fc27 php-pear-crypt-gpg-1.6.2-1.fc27 php-phpspec-prophecy-1.7.1-1.fc27 postgresql-9.6.5-1.fc27 publicsuffix-list-20170828-1.fc27 python-faker-0.8.1-1.fc27 python-mysql-1.3.12-1.fc27 python-simpleline-0.5-1.fc27 sdljava-0.9.1-37.fc27 vkmark-2017.08-0.1.20170904git0fed663.fc27 votca-csg-1.4.1-1.fc27 votca-tools-1.4.1-1.fc27 votca-xtp-1.4.1-1.fc27 zeal-0.4.0-1.fc27 zypper-1.13.32-1.fc27 Details about builds: ================================================================================ PyXB-1.2.6-1.fc27 (FEDORA-2017-9d8ecdf0a9) Python XML Schema Bindings -------------------------------------------------------------------------------- Update Information: Update to 1.2.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487974 - PyXB-1.2.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1487974 -------------------------------------------------------------------------------- ================================================================================ abrt-2.10.4-2.fc27 (FEDORA-2017-7a8f9478a6) Automatic bug detection and reporting tool -------------------------------------------------------------------------------- Update Information: Fix omitted rename of logging function 'log'. -------------------------------------------------------------------------------- ================================================================================ anaconda-27.20.1-1.fc27 (FEDORA-2017-5361e86979) Graphical system installer -------------------------------------------------------------------------------- Update Information: - use simpleline as a separate library for TUI - other than that mostly various fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1482438 - duplicate key combination - shortcut - on 'Installation Destination' screen https://bugzilla.redhat.com/show_bug.cgi?id=1482438 [ 2 ] Bug #1468801 - [anaconda] spurious title bar in network install session https://bugzilla.redhat.com/show_bug.cgi?id=1468801 [ 3 ] Bug #1487326 - Live image composes (cmdline kickstart installs) fail with tui refactor (28.1 / 27.20.1) https://bugzilla.redhat.com/show_bug.cgi?id=1487326 -------------------------------------------------------------------------------- ================================================================================ clustershell-1.7.81-4.fc27 (FEDORA-2017-ca941b842f) Python framework for efficient cluster administration -------------------------------------------------------------------------------- Update Information: ClusterShell 1.8 beta1 targeted for updates-testing only. Release #4 removes the vim-clustershell subpackage as it was confusing for the users. VIM extensions are just provided by the main clustershell subpackage, which now requires vim- filesystem instead of vim-common if available (only not on el6). ---- ClusterShell 1.8 beta1 targeted for updates-testing only. Release 3 should fix some packaging issues reported by taskotron. ---- ClusterShell 1.8 beta1 targeted for updates-testing only. This is release 2 with added Python 3 support. ---- ClusterShell 1.8 beta1 targeted for updates-testing only. -------------------------------------------------------------------------------- ================================================================================ criu-3.4-1.fc27 (FEDORA-2017-ca2a948451) Tool for Checkpoint/Restore in User-space -------------------------------------------------------------------------------- Update Information: Update to 3.4 (#1483774); Support s390x (#1475719) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1483774 - criu-3.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1483774 [ 2 ] Bug #1475719 - Fedora - Add new package CRIU for Docker on z Systems https://bugzilla.redhat.com/show_bug.cgi?id=1475719 -------------------------------------------------------------------------------- ================================================================================ gasnet-1.30.0-1.fc27 (FEDORA-2017-8b8b304df6) A Portable High-Performance Communication Layer for GAS Languages -------------------------------------------------------------------------------- Update Information: Bump gasnet to 1.30.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1485085 - legion-17.08.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1485085 [ 2 ] Bug #1487618 - gasnet-1.30.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1487618 -------------------------------------------------------------------------------- ================================================================================ gnome-remote-desktop-0.1.2-3.fc27 (FEDORA-2017-d8232a4821) GNOME Remote Desktop screen share service -------------------------------------------------------------------------------- Update Information: New package. gnome-remote-desktop is a remote desktop / screen share server for GNOME. It uses a private mutter D-Bus API together with pipewire. At the time this update is created, mutter has not been released with the required API enabled, so to test one need to build mutter from source. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1483499 - Review Request: gnome-remote-desktop - Remote desktop server for GNOME https://bugzilla.redhat.com/show_bug.cgi?id=1483499 -------------------------------------------------------------------------------- ================================================================================ golang-github-calmh-luhn-1.1.0-1.fc27 (FEDORA-2017-5c7997c32d) Luhn-mod-N implementation in Go -------------------------------------------------------------------------------- Update Information: Update to version 1.1.0. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487927 - golang-github-calmh-luhn-v1.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1487927 -------------------------------------------------------------------------------- ================================================================================ hwdata-0.304-1.fc27 (FEDORA-2017-08e8a63fc3) Hardware identification and configuration data -------------------------------------------------------------------------------- Update Information: Updated pci, usb and vendor ids. -------------------------------------------------------------------------------- ================================================================================ icoutils-0.32.0-1.fc27 (FEDORA-2017-fddd7c2ccb) Utility for extracting and converting Microsoft icon and cursor files -------------------------------------------------------------------------------- Update Information: Changes in version 0.32: * Fixed invalid memory allocation in icotool with malformed input. * Fixed infinite recursion in wrestool with malformed input. * Added ability to specify minimum bit depth per image. * Added ability to specify cursor hotspot per image. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487838 - icoutils-0.32.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1487838 -------------------------------------------------------------------------------- ================================================================================ initial-setup-0.3.49-1.fc27 (FEDORA-2017-5361e86979) Initial system configuration utility -------------------------------------------------------------------------------- Update Information: - use simpleline as a separate library for TUI - other than that mostly various fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1482438 - duplicate key combination - shortcut - on 'Installation Destination' screen https://bugzilla.redhat.com/show_bug.cgi?id=1482438 [ 2 ] Bug #1468801 - [anaconda] spurious title bar in network install session https://bugzilla.redhat.com/show_bug.cgi?id=1468801 [ 3 ] Bug #1487326 - Live image composes (cmdline kickstart installs) fail with tui refactor (28.1 / 27.20.1) https://bugzilla.redhat.com/show_bug.cgi?id=1487326 -------------------------------------------------------------------------------- ================================================================================ legion-17.08.0-2.fc27 (FEDORA-2017-8b8b304df6) A data-centric parallel programming system -------------------------------------------------------------------------------- Update Information: Bump gasnet to 1.30.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1485085 - legion-17.08.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1485085 [ 2 ] Bug #1487618 - gasnet-1.30.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1487618 -------------------------------------------------------------------------------- ================================================================================ libvirt-3.7.0-1.fc27 (FEDORA-2017-91e8a68cad) Library providing a simple virtualization API -------------------------------------------------------------------------------- Update Information: Rebase to version 3.7.0 -------------------------------------------------------------------------------- ================================================================================ libzip-1.3.0-1.fc27 (FEDORA-2017-7bd193c0ed) C library for reading, creating, and modifying zip archives -------------------------------------------------------------------------------- Update Information: **Version 1.3.0** It contains fixes for two possible security problems. The problems were identified by Brian 'geeknik' Carpenter and Agostino Sarubbo using AFL. The changes are: * Support bzip2 compressed zip archives * Improve file progress callback code * Fix zip_fdopen() * CVE-2017-12858: Fix double free(). * CVE-2017-14107: Improve EOCD64 parsing. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1484515 - CVE-2017-12858 libzip: Double free in _zip_dirent_read function in zip_dirent.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1484515 -------------------------------------------------------------------------------- ================================================================================ libzypp-16.15.6-1.fc27 (FEDORA-2017-39ba602a8f) A package management library -------------------------------------------------------------------------------- Update Information: Update to Zypper 1.13.32. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1485336 - zypper-1.13.32 is available https://bugzilla.redhat.com/show_bug.cgi?id=1485336 [ 2 ] Bug #1485326 - libzypp-16.15.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1485326 -------------------------------------------------------------------------------- ================================================================================ mariadb-connector-c-3.0.2-4.fc27 (FEDORA-2017-9d000b88de) The MariaDB Native Client library (C driver) -------------------------------------------------------------------------------- Update Information: compatibility update, preparation for: #1486480 -------------------------------------------------------------------------------- ================================================================================ mimedefang-2.81-1.fc27 (FEDORA-2017-400f199e15) E-Mail filtering framework using Sendmail's Milter interface -------------------------------------------------------------------------------- Update Information: MIMEDefang 2.81 =============== * Don't barf if the installed version of Sys::Syslog has a developer tag added (like 0.33_01 on Debian Stretch). * Make mimedefang and mimedefang-multiplexor write their PID files as root to avoid an unprivileged user tampering with the pidfiles. Thanks to Michael Orlitzky for pointing this issue out. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487543 - CVE-2017-14102 mimedefang: Privilege escalation via PID file manipulation https://bugzilla.redhat.com/show_bug.cgi?id=1487543 -------------------------------------------------------------------------------- ================================================================================ mingw-libvirt-3.7.0-1.fc27 (FEDORA-2017-726a6af7bc) MinGW Windows libvirt virtualization library -------------------------------------------------------------------------------- Update Information: Update to 3.7.0 release -------------------------------------------------------------------------------- ================================================================================ mutt-1.9.0-1.fc27 (FEDORA-2017-03bd863974) A text mode mail user agent -------------------------------------------------------------------------------- Update Information: update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487880 - mutt-1.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1487880 -------------------------------------------------------------------------------- ================================================================================ nemo-extensions-3.4.0-9.fc27 (FEDORA-2017-83c0381541) Extensions for Nemo -------------------------------------------------------------------------------- Update Information: * Some upstream fixes -------------------------------------------------------------------------------- ================================================================================ pantheon-session-settings-0.9.91-1.fc27 (FEDORA-2017-c3264ba5b2) Pantheon session configuration files -------------------------------------------------------------------------------- Update Information: Update to version 0.9.91. This version fixes support for using gnome-settings- daemon 3.25+ components. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1486505 - pantheon-session-settings-0.9.91 is available https://bugzilla.redhat.com/show_bug.cgi?id=1486505 -------------------------------------------------------------------------------- ================================================================================ perl-Config-MVP-Slicer-0.303-1.fc27 (FEDORA-2017-28dcbcf414) Extract embedded configuration from a parent configuration -------------------------------------------------------------------------------- Update Information: This release updates a build script and a documentation. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1488024 - perl-Config-MVP-Slicer-0.303 is available https://bugzilla.redhat.com/show_bug.cgi?id=1488024 -------------------------------------------------------------------------------- ================================================================================ perl-Date-Manip-6.60-1.fc27 (FEDORA-2017-4c4c6e3d72) Date manipulation routines -------------------------------------------------------------------------------- Update Information: Rebase to upstream release 6.60. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487801 - perl-Date-Manip-6.60 is available https://bugzilla.redhat.com/show_bug.cgi?id=1487801 -------------------------------------------------------------------------------- ================================================================================ perl-Locale-Codes-3.54-1.fc27 (FEDORA-2017-26df81eb70) Distribution of modules to handle locale codes -------------------------------------------------------------------------------- Update Information: This release provides new locale codes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487803 - perl-Locale-Codes-3.54 is available https://bugzilla.redhat.com/show_bug.cgi?id=1487803 -------------------------------------------------------------------------------- ================================================================================ perl-Net-GitHub-0.90-1.fc27 (FEDORA-2017-c589dd16f3) Perl interface for github.com -------------------------------------------------------------------------------- Update Information: Rebase to upstream release 0.90. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1484857 - perl-Net-GitHub-0.90 is available https://bugzilla.redhat.com/show_bug.cgi?id=1484857 -------------------------------------------------------------------------------- ================================================================================ perl-Net-HTTP-6.17-1.fc27 (FEDORA-2017-cd4e693ba5) Low-level HTTP connection (client) -------------------------------------------------------------------------------- Update Information: This release corrects tests. We deliver it pro provide up-to-date version string. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487808 - perl-Net-HTTP-6.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1487808 -------------------------------------------------------------------------------- ================================================================================ perl-Shell-Config-Generate-0.29-1.fc27 (FEDORA-2017-a8823b334d) Portably generate configuration for any shell -------------------------------------------------------------------------------- Update Information: This release corrects tests. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487810 - perl-Shell-Config-Generate-0.29 is available https://bugzilla.redhat.com/show_bug.cgi?id=1487810 -------------------------------------------------------------------------------- ================================================================================ php-nikic-php-parser3-3.1.1-1.fc27 (FEDORA-2017-1a546ae146) A PHP parser written in PHP -------------------------------------------------------------------------------- Update Information: **Version 3.1.1** (2017-09-02) * Fixed syntax error on comment after brace- style namespace declaration. (#412) * Added support for TraitUse statements in trait builder. (#413) -------------------------------------------------------------------------------- ================================================================================ php-pear-crypt-gpg-1.6.2-1.fc27 (FEDORA-2017-36568e809e) GNU Privacy Guard (GnuPG) -------------------------------------------------------------------------------- Update Information: **Version 1.6.2** * Added options to configure digest/cipher algorithms. -------------------------------------------------------------------------------- ================================================================================ php-phpspec-prophecy-1.7.1-1.fc27 (FEDORA-2017-89ec571dc5) Highly opinionated mocking framework for PHP -------------------------------------------------------------------------------- Update Information: **Version 1.7.1** / 2017-10-03 * Allow PHP5 keywords methods generation on PHP7 (thanks bycosta) * Allow reflection-docblock v4 (thanks GrahamCampbell) * Check method predictions only once (thanks dontub) * Escape file path sent to \SplFileObjectConstructor when running on Windows (thanks danmartin-epiphany) -------------------------------------------------------------------------------- ================================================================================ postgresql-9.6.5-1.fc27 (FEDORA-2017-ec34162cba) PostgreSQL client programs -------------------------------------------------------------------------------- Update Information: update to 9.6.5 per release notes https://www.postgresql.org/docs/9.6/static/release-9-6-5.html -------------------------------------------------------------------------------- ================================================================================ publicsuffix-list-20170828-1.fc27 (FEDORA-2017-eda49c8a36) Cross-vendor public domain suffix database -------------------------------------------------------------------------------- Update Information: Recent revision - 20170828 -------------------------------------------------------------------------------- ================================================================================ python-faker-0.8.1-1.fc27 (FEDORA-2017-473a21cfba) Faker is a Python package that generates fake data for you -------------------------------------------------------------------------------- Update Information: Version 0.8.1 ---- New version 0.8.0 -------------------------------------------------------------------------------- ================================================================================ python-mysql-1.3.12-1.fc27 (FEDORA-2017-992d36c1a5) An interface to MySQL -------------------------------------------------------------------------------- Update Information: Update to 1.3.12 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1472985 - python-mysql lacks the mysql_real_escape_string_quote symbol https://bugzilla.redhat.com/show_bug.cgi?id=1472985 -------------------------------------------------------------------------------- ================================================================================ python-simpleline-0.5-1.fc27 (FEDORA-2017-5361e86979) A Python library for creating text UI -------------------------------------------------------------------------------- Update Information: - use simpleline as a separate library for TUI - other than that mostly various fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1482438 - duplicate key combination - shortcut - on 'Installation Destination' screen https://bugzilla.redhat.com/show_bug.cgi?id=1482438 [ 2 ] Bug #1468801 - [anaconda] spurious title bar in network install session https://bugzilla.redhat.com/show_bug.cgi?id=1468801 [ 3 ] Bug #1487326 - Live image composes (cmdline kickstart installs) fail with tui refactor (28.1 / 27.20.1) https://bugzilla.redhat.com/show_bug.cgi?id=1487326 -------------------------------------------------------------------------------- ================================================================================ sdljava-0.9.1-37.fc27 (FEDORA-2017-e440899be4) Java binding to the SDL API -------------------------------------------------------------------------------- Update Information: Fix build on s390x -------------------------------------------------------------------------------- References: [ 1 ] Bug #1461408 - sdljava-0.9.1-34.fc26: FTBFS on s390x https://bugzilla.redhat.com/show_bug.cgi?id=1461408 -------------------------------------------------------------------------------- ================================================================================ vkmark-2017.08-0.1.20170904git0fed663.fc27 (FEDORA-2017-2c46e64b57) Vulkan benchmarking suite -------------------------------------------------------------------------------- Update Information: Update to 2017.08, 0fed663 -------------------------------------------------------------------------------- ================================================================================ votca-csg-1.4.1-1.fc27 (FEDORA-2017-00b4613889) VOTCA coarse-graining engine -------------------------------------------------------------------------------- Update Information: Bump Votca packages to 1.4.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487881 - votca-xtp-1.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1487881 -------------------------------------------------------------------------------- ================================================================================ votca-tools-1.4.1-1.fc27 (FEDORA-2017-00b4613889) VOTCA tools library -------------------------------------------------------------------------------- Update Information: Bump Votca packages to 1.4.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487881 - votca-xtp-1.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1487881 -------------------------------------------------------------------------------- ================================================================================ votca-xtp-1.4.1-1.fc27 (FEDORA-2017-00b4613889) VOTCA excitation and charge properties module -------------------------------------------------------------------------------- Update Information: Bump Votca packages to 1.4.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487881 - votca-xtp-1.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1487881 -------------------------------------------------------------------------------- ================================================================================ zeal-0.4.0-1.fc27 (FEDORA-2017-6f1e1aabe7) Offline documentation browser inspired by Dash -------------------------------------------------------------------------------- Update Information: ## New upstream release ### New Features: - Added optional fuzzy search. (#100). - Added support for user-defined styles via custom CSS file. (#268) - Added support for a basic dark theme (webview only). (#466) - Added support for high resolution displays. (#111) - Switched to the CMake build system, support for qmake will be dropped shortly. - The minimally required Qt version bumped to 5.5.1. - As the result of above, libappindicator support relies on the built-in Qt implementation. - Dropped support for Qt WebEngine. - Removed dependency on Qt Sql by using SQLite directly. ### Improvements: - New tabs now have the search box automatically focused. (#725) - Added a Retry button to the error box appearing on docset list download failure. (#566) - Updated welcome page style (includes a Carbon ad banner, which can be disabled in the settings). ### Fixed Issues: - Fixed search for one-character terms. (#698) - Multiple fixes in the search algorithm. (#603, #650, #677) - Fixed navigation in some docsets. (#641) - Fixed portable version not saving docset storage path. (609) - Many rendering and stability issues fixed by switching to the new Qt WebKit. (#359, #723) ### Known Issues: - Web pages using Fira Sans (e.g., PHP docset) font are rendered in italic. This is an upstream bug with Qt WebKit (#658) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487883 - zeal-0.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1487883 -------------------------------------------------------------------------------- ================================================================================ zypper-1.13.32-1.fc27 (FEDORA-2017-39ba602a8f) Command line package manager using libzypp -------------------------------------------------------------------------------- Update Information: Update to Zypper 1.13.32. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1485336 - zypper-1.13.32 is available https://bugzilla.redhat.com/show_bug.cgi?id=1485336 [ 2 ] Bug #1485326 - libzypp-16.15.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1485326 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
