The following Fedora 27 Security updates need testing: Age URL 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-400f199e15 mimedefang-2.81-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7bd193c0ed libzip-1.3.0-1.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-159a1060f6 lightdm-1.24.0-1.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a9c79eed83 libgcrypt-1.8.1-1.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-81cf93b7c2 rubygems-2.6.13-100.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2715e3288e LibRaw-0.18.2-5.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7a22a80c7e krb5-1.15.1-28.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-45beeef896 FlightGear-2017.2.1-4.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7096a9fdca libwpd-0.10.1-8.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b06c6a6785 mingw-libzip-1.2.0-4.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ea4ed9e540 freexl-1.0.4-1.fc27 The following builds have been pushed to Fedora 27 updates-testing alex4-1.0-23.fc27 anaconda-27.20.1-3.fc27 bluez-5.46-5.fc27 eclipse-recommenders-2.4.9-2.fc27 engrid-2.0.0-0.24.20170615git0563bcc.fc27 fakeroot-1.22-1.fc27 freexl-1.0.4-1.fc27 gallery2-2.3.2-18.fc27 gmsh-3.0.5-1.fc27 initial-setup-0.3.49-1.fc27 lxterminal-0.3.0-6.D20170822git1e9f2d4d.fc27 menu-cache-1.0.2-5.D20170905git2ef9df036c.fc27 mingw-libzip-1.2.0-4.fc27 mint-y-icons-1.0.8-6.fc27 pdc-client-1.7.0-3.fc27 perl-Alien-Base-ModuleBuild-0.045-1.fc27 perl-Digest-SHA-5.97-1.fc27 pg_view-1.4.0-1.fc27 php-grasmash-yaml-expander-1.1.1-1.fc27 php-nette-caching-2.5.6-1.fc27 php-nette-di-2.4.10-1.fc27 python-azure-sdk-2.0.0-2.fc27 python-azure-storage-0.36.0-1.fc27 python-falcon-1.3.0-1.fc27 python-libpagure-0.10-1.fc27 python-ludolph-1.0.1-1.fc27 python-msrestazure-0.4.13-1.fc27 python-simpleline-0.5-1.fc27 python-zabbix-api-erigones-1.2.4-1.fc27 qemu-2.10.0-1.fc27 qt-creator-4.4.0-1.fc27 uget-2.1.6-1.fc27 wine-2.16-1.fc27 Details about builds: ================================================================================ alex4-1.0-23.fc27 (FEDORA-2017-0819ee8d7f) Alex the Allegator 4 - Platform game -------------------------------------------------------------------------------- Update Information: - Run windowed rather then fullscreen by default - Add example alex4.ini to the documentation (for e.g. setting fullscreen mode) - Add appdata -------------------------------------------------------------------------------- ================================================================================ anaconda-27.20.1-3.fc27 (FEDORA-2017-5361e86979) Graphical system installer -------------------------------------------------------------------------------- Update Information: - use simpleline as a separate library for TUI - other than that mostly various fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1482438 - duplicate key combination - shortcut - on 'Installation Destination' screen https://bugzilla.redhat.com/show_bug.cgi?id=1482438 [ 2 ] Bug #1468801 - [anaconda] spurious title bar in network install session https://bugzilla.redhat.com/show_bug.cgi?id=1468801 [ 3 ] Bug #1487326 - Live image composes (cmdline kickstart installs) fail with tui refactor (28.1 / 27.20.1) https://bugzilla.redhat.com/show_bug.cgi?id=1487326 [ 4 ] Bug #1487856 - UEFI installs fail to boot with anaconda-27.20-1 (due to EFI executable name mismatch) https://bugzilla.redhat.com/show_bug.cgi?id=1487856 [ 5 ] Bug #1489144 - UEFI installs crash during bootloader installation: "TypeError: must be str, not method" https://bugzilla.redhat.com/show_bug.cgi?id=1489144 -------------------------------------------------------------------------------- ================================================================================ bluez-5.46-5.fc27 (FEDORA-2017-a0d92f39c0) Bluetooth utilities -------------------------------------------------------------------------------- Update Information: - This update adds support for cable pairing for PlayStation 3 and 4 controllers. - Add scripts to automatically btattach serial-port / uart connected Broadcom HCIs found on some Atom based x86 hardware -------------------------------------------------------------------------------- ================================================================================ eclipse-recommenders-2.4.9-2.fc27 (FEDORA-2017-16f37f19be) Eclipse Code Recommenders -------------------------------------------------------------------------------- Update Information: Adds Eclipse Code Recommenders intelligent code completion feature to the Eclipse IDE. -------------------------------------------------------------------------------- ================================================================================ engrid-2.0.0-0.24.20170615git0563bcc.fc27 (FEDORA-2017-d142f7ba2e) Mesh generation tool -------------------------------------------------------------------------------- Update Information: Update to the latest upstream git snapshot. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1488872 - [abrt] engrid: vtkShaderProgram::FindUniform(): engrid killed by signal 11 https://bugzilla.redhat.com/show_bug.cgi?id=1488872 -------------------------------------------------------------------------------- ================================================================================ fakeroot-1.22-1.fc27 (FEDORA-2017-6f6c118000) Gives a fake root environment -------------------------------------------------------------------------------- Update Information: Latest stable release from upstream. Minor bugfixes only. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1482493 - fakeroot-1.22 is available https://bugzilla.redhat.com/show_bug.cgi?id=1482493 -------------------------------------------------------------------------------- ================================================================================ freexl-1.0.4-1.fc27 (FEDORA-2017-ea4ed9e540) Library to extract data from within an Excel spreadsheet -------------------------------------------------------------------------------- Update Information: This update fixes a Cisco Talos CVE: "A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability." -------------------------------------------------------------------------------- References: [ 1 ] Bug #1489621 - freexl-1.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1489621 -------------------------------------------------------------------------------- ================================================================================ gallery2-2.3.2-18.fc27 (FEDORA-2017-b624fd8ad0) Customizable photo gallery web site -------------------------------------------------------------------------------- Update Information: httpd conf fix. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487741 - Can't run 'install' for gallery2 https://bugzilla.redhat.com/show_bug.cgi?id=1487741 -------------------------------------------------------------------------------- ================================================================================ gmsh-3.0.5-1.fc27 (FEDORA-2017-fcd42248e6) A three-dimensional finite element mesh generator -------------------------------------------------------------------------------- Update Information: Update to version 3.0.5, see http://gmsh.info/CHANGELOG.txt for details. -------------------------------------------------------------------------------- ================================================================================ initial-setup-0.3.49-1.fc27 (FEDORA-2017-5361e86979) Initial system configuration utility -------------------------------------------------------------------------------- Update Information: - use simpleline as a separate library for TUI - other than that mostly various fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1482438 - duplicate key combination - shortcut - on 'Installation Destination' screen https://bugzilla.redhat.com/show_bug.cgi?id=1482438 [ 2 ] Bug #1468801 - [anaconda] spurious title bar in network install session https://bugzilla.redhat.com/show_bug.cgi?id=1468801 [ 3 ] Bug #1487326 - Live image composes (cmdline kickstart installs) fail with tui refactor (28.1 / 27.20.1) https://bugzilla.redhat.com/show_bug.cgi?id=1487326 [ 4 ] Bug #1487856 - UEFI installs fail to boot with anaconda-27.20-1 (due to EFI executable name mismatch) https://bugzilla.redhat.com/show_bug.cgi?id=1487856 [ 5 ] Bug #1489144 - UEFI installs crash during bootloader installation: "TypeError: must be str, not method" https://bugzilla.redhat.com/show_bug.cgi?id=1489144 -------------------------------------------------------------------------------- ================================================================================ lxterminal-0.3.0-6.D20170822git1e9f2d4d.fc27 (FEDORA-2017-7f7414fc59) Desktop-independent VTE-based terminal emulator -------------------------------------------------------------------------------- Update Information: Update to the latest git with some enhancements -------------------------------------------------------------------------------- ================================================================================ menu-cache-1.0.2-5.D20170905git2ef9df036c.fc27 (FEDORA-2017-3a66146368) Caching mechanism for freedesktop.org compliant menus -------------------------------------------------------------------------------- Update Information: Updates to the latest git. Some bug fixes are included. -------------------------------------------------------------------------------- ================================================================================ mingw-libzip-1.2.0-4.fc27 (FEDORA-2017-b06c6a6785) C library for reading, creating, and modifying zip archives -------------------------------------------------------------------------------- Update Information: This update backports security fix for CVE-2017-14107. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1489000 - CVE-2017-14107 libzip: Memory allocation failure in _zip_cdir_grow function https://bugzilla.redhat.com/show_bug.cgi?id=1489000 -------------------------------------------------------------------------------- ================================================================================ mint-y-icons-1.0.8-6.fc27 (FEDORA-2017-bdca79c584) The Mint-Y icon theme -------------------------------------------------------------------------------- Update Information: - Add eye-candy for online-accounts -------------------------------------------------------------------------------- ================================================================================ pdc-client-1.7.0-3.fc27 (FEDORA-2017-dfd27f6d5a) Console client for interacting with Product Definition Center -------------------------------------------------------------------------------- Update Information: Option `insecure` is deprecated (can be still used but a warning printed on console). The old option should be replaced with `ssl-verify` in personal configuration files (`~/.config/pdc/*.json`). The **new value is negation of the old one**, e.g. `"insecure":false` becomes `"ssl-verify":true`. The version was bumped from 1.2.0 to 1.7.0 to avoid conflicts with internal and related projects. ## Changelog - Add "product" command - Add "product-version" command - Add "release-variant" command - Add "base-product" command - Add content- delivery-repo export/import sub-commands - Allow deleting multiple group resource perms at once - Allow deleting multiple repos at once - Allow deleting release variants - Fix SSL command line options - Fix configuration name in README - Fix content-delivery-repo list ordering - Fix passing ordering parameter - Fix reading "develop" option from settings - Fix the bug about the include-shadow para in repo clone - Increase `pdc content-deliver-repo list` verbosity - Make error reporting less verbose - Omit installing plugins with Python packages - Omit printing long HTML with error - Print table with minimum width for content-deliver-repo list - Remove the arch parameter from option - Replace a custom test runner with standard setup.py test - Simplify reporting server errors - Sort commands in pdc --help - Support SSL cert when insecure is false - Unify json output serialization - Update test data for content-deliver- repo - Update value type for "Shadow" field - Allow overriding 'dest' option -------------------------------------------------------------------------------- References: [ 1 ] Bug #1484780 - Update pdc-client and pdc python libraries to newest upstream release https://bugzilla.redhat.com/show_bug.cgi?id=1484780 -------------------------------------------------------------------------------- ================================================================================ perl-Alien-Base-ModuleBuild-0.045-1.fc27 (FEDORA-2017-5ac162649f) Perl framework for building Alien:: modules and their libraries -------------------------------------------------------------------------------- Update Information: This release corrects tests. ---- This release enables SSL support. -------------------------------------------------------------------------------- ================================================================================ perl-Digest-SHA-5.97-1.fc27 (FEDORA-2017-08665945b5) Perl extension for SHA-1/224/256/384/512 -------------------------------------------------------------------------------- Update Information: This release adds "quiet" option to shasum to supress "Ok" messages. This release also improves documentation. -------------------------------------------------------------------------------- ================================================================================ pg_view-1.4.0-1.fc27 (FEDORA-2017-0ef1aed2f8) Command-line tool to display the state of the PostgreSQL processes -------------------------------------------------------------------------------- Update Information: Update to 1.4.0 -------------------------------------------------------------------------------- ================================================================================ php-grasmash-yaml-expander-1.1.1-1.fc27 (FEDORA-2017-2e8b529c0f) Expands internal property references in a yaml file -------------------------------------------------------------------------------- Update Information: Expands internal property references in a yaml file. Autoloader: `/usr/share/php/Grasmash/YamlExpander/autoload.php` -------------------------------------------------------------------------------- References: [ 1 ] Bug #1483379 - Review Request: php-grasmash-yaml-expander - Expands internal property references in a yaml file https://bugzilla.redhat.com/show_bug.cgi?id=1483379 -------------------------------------------------------------------------------- ================================================================================ php-nette-caching-2.5.6-1.fc27 (FEDORA-2017-54780c65c4) Nette Caching Component -------------------------------------------------------------------------------- Update Information: **Released version 2.5.6** * Revert "SQLiteJournal: checking for extension pdo_sqlite is lazy, service cache.journal is created always" This reverts commit 7212326, it can lead to unexpected error 500 when GC is started. ---- **Released version 2.5.5** * added Cache::NAMESPACES and support for cleaning namespace in FileStorage #52 * CacheExtension: throws exception when is unable to create directory -------------------------------------------------------------------------------- ================================================================================ php-nette-di-2.4.10-1.fc27 (FEDORA-2017-6f711beddb) Nette Dependency Injection Component -------------------------------------------------------------------------------- Update Information: **Released version 2.4.10** * added ServiceBuilder::setType() & getType() as a future replacements for setClass() and getClass() * Compiler: added configuration option 'type' as a future replacement for 'class' * Loader: fixed including of paths with scheme in config loader (#153) * ContainerLoader: better error message when is unable to create file * ContainerLoader: throws exception when is unable to create directory -------------------------------------------------------------------------------- ================================================================================ python-azure-sdk-2.0.0-2.fc27 (FEDORA-2017-0e28803615) Microsoft Azure SDK for Python -------------------------------------------------------------------------------- Update Information: AutoRest swagger generator Python client runtime. Azure-specific module. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1358741 - Review Request: python-msrestazure - AutoRest swagger generator Python client runtime (Azure-specific module) https://bugzilla.redhat.com/show_bug.cgi?id=1358741 [ 2 ] Bug #1298131 - Review Request: python-azure-storage - Microsoft Azure Storage Library for Python https://bugzilla.redhat.com/show_bug.cgi?id=1298131 [ 3 ] Bug #1297852 - Review Request: python-azure-sdk - Microsoft Azure SDK for Python https://bugzilla.redhat.com/show_bug.cgi?id=1297852 -------------------------------------------------------------------------------- ================================================================================ python-azure-storage-0.36.0-1.fc27 (FEDORA-2017-0e28803615) Microsoft Azure Storage Library for Python -------------------------------------------------------------------------------- Update Information: AutoRest swagger generator Python client runtime. Azure-specific module. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1358741 - Review Request: python-msrestazure - AutoRest swagger generator Python client runtime (Azure-specific module) https://bugzilla.redhat.com/show_bug.cgi?id=1358741 [ 2 ] Bug #1298131 - Review Request: python-azure-storage - Microsoft Azure Storage Library for Python https://bugzilla.redhat.com/show_bug.cgi?id=1298131 [ 3 ] Bug #1297852 - Review Request: python-azure-sdk - Microsoft Azure SDK for Python https://bugzilla.redhat.com/show_bug.cgi?id=1297852 -------------------------------------------------------------------------------- ================================================================================ python-falcon-1.3.0-1.fc27 (FEDORA-2017-dc95c0ae0b) An unladen web framework for building APIs and app backends -------------------------------------------------------------------------------- Update Information: #### upstream changelog - https://github.com/falconry/falcon/blob/1.3.0/CHANGES.rst#130 #### rpm changelog - Latest upstream - Enable python34 EPEL subpackage -------------------------------------------------------------------------------- References: [ 1 ] Bug #1480025 - python-falcon-1.3.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1480025 -------------------------------------------------------------------------------- ================================================================================ python-libpagure-0.10-1.fc27 (FEDORA-2017-e13729a768) A Python library for Pagure APIs -------------------------------------------------------------------------------- Update Information: Updates to 0.10 -------------------------------------------------------------------------------- ================================================================================ python-ludolph-1.0.1-1.fc27 (FEDORA-2017-724aa8d736) Monitoring Jabber Bot -------------------------------------------------------------------------------- Update Information: Initial rpm package for Ludolph version 1.0.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1484561 - Review Request: python-ludolph - Monitoring Jabber Bot with Zabbix support, completely written in Python. https://bugzilla.redhat.com/show_bug.cgi?id=1484561 -------------------------------------------------------------------------------- ================================================================================ python-msrestazure-0.4.13-1.fc27 (FEDORA-2017-0e28803615) AutoRest swagger generator Python client runtime (Azure-specific module) -------------------------------------------------------------------------------- Update Information: AutoRest swagger generator Python client runtime. Azure-specific module. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1358741 - Review Request: python-msrestazure - AutoRest swagger generator Python client runtime (Azure-specific module) https://bugzilla.redhat.com/show_bug.cgi?id=1358741 [ 2 ] Bug #1298131 - Review Request: python-azure-storage - Microsoft Azure Storage Library for Python https://bugzilla.redhat.com/show_bug.cgi?id=1298131 [ 3 ] Bug #1297852 - Review Request: python-azure-sdk - Microsoft Azure SDK for Python https://bugzilla.redhat.com/show_bug.cgi?id=1297852 -------------------------------------------------------------------------------- ================================================================================ python-simpleline-0.5-1.fc27 (FEDORA-2017-5361e86979) A Python library for creating text UI -------------------------------------------------------------------------------- Update Information: - use simpleline as a separate library for TUI - other than that mostly various fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1482438 - duplicate key combination - shortcut - on 'Installation Destination' screen https://bugzilla.redhat.com/show_bug.cgi?id=1482438 [ 2 ] Bug #1468801 - [anaconda] spurious title bar in network install session https://bugzilla.redhat.com/show_bug.cgi?id=1468801 [ 3 ] Bug #1487326 - Live image composes (cmdline kickstart installs) fail with tui refactor (28.1 / 27.20.1) https://bugzilla.redhat.com/show_bug.cgi?id=1487326 [ 4 ] Bug #1487856 - UEFI installs fail to boot with anaconda-27.20-1 (due to EFI executable name mismatch) https://bugzilla.redhat.com/show_bug.cgi?id=1487856 [ 5 ] Bug #1489144 - UEFI installs crash during bootloader installation: "TypeError: must be str, not method" https://bugzilla.redhat.com/show_bug.cgi?id=1489144 -------------------------------------------------------------------------------- ================================================================================ python-zabbix-api-erigones-1.2.4-1.fc27 (FEDORA-2017-0d2cb5a6ce) Zabbix API Python Library -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487416 - Review Request: python-zabbix-api-erigones - Zabbix API Python Library. https://bugzilla.redhat.com/show_bug.cgi?id=1487416 -------------------------------------------------------------------------------- ================================================================================ qemu-2.10.0-1.fc27 (FEDORA-2017-086084d183) QEMU is a FAST! processor emulator -------------------------------------------------------------------------------- Update Information: Rebase to 2.10.0 GA -------------------------------------------------------------------------------- ================================================================================ qt-creator-4.4.0-1.fc27 (FEDORA-2017-8f7fecabf4) Cross-platform IDE for Qt -------------------------------------------------------------------------------- Update Information: Update to version 4.4.0, see https://github.com/qt-creator/qt- creator/blob/4.4/dist/changes-4.4.0.md for details. -------------------------------------------------------------------------------- ================================================================================ uget-2.1.6-1.fc27 (FEDORA-2017-3a3ac7aeb8) Download manager using GTK+ and libcurl -------------------------------------------------------------------------------- Update Information: New version 2.1.6 is released. -------------------------------------------------------------------------------- ================================================================================ wine-2.16-1.fc27 (FEDORA-2017-0429b63a11) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information: Wine-staging * Extended deferred rendering context support in d3d11. * Added 64 bit syscall thunks in fake ntdll.dll. * Support for indexed vertex blending in d3d8/d3d9. * Smaller bug fixes and improvements. Winehq.org * Support for pasting metafiles in RichEdit. * Support for safety features in library loading. * Better handling of transforms in GdiPlus. * Rendering improvements in DirectWrite. * Various bug fixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487809 - wine-2.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1487809 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx