The following Fedora 27 Security updates need testing: Age URL 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-400f199e15 mimedefang-2.81-1.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7bd193c0ed libzip-1.3.0-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-159a1060f6 lightdm-1.24.0-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a9c79eed83 libgcrypt-1.8.1-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-81cf93b7c2 rubygems-2.6.13-100.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2715e3288e LibRaw-0.18.2-5.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7a22a80c7e krb5-1.15.1-28.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-45beeef896 FlightGear-2017.2.1-4.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7096a9fdca libwpd-0.10.1-8.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ea4ed9e540 freexl-1.0.4-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6a10869603 file-5.31-10.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d2f31670a4 mingw-LibRaw-0.18.3-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d5487d0f80 mingw-libzip-1.3.0-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8aad495d9b rawtherapee-5.2-2.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a5bb95b447 openjpeg2-2.2.0-3.fc27 The following builds have been pushed to Fedora 27 updates-testing R-sp-1.2.5-3.fc27 abrt-java-connector-1.1.0-13.fc27 axel-2.13.1-2.fc27 bind99-9.9.11-2.fc27 cinnamon-3.4.6-15.fc27 cinnamon-control-center-3.4.0-8.fc27 digikam-5.7.0-1.fc27 distribution-gpg-keys-1.14-1.fc27 fontconfig-2.12.5-1.fc27 globus-ftp-control-8.0-1.fc27 globus-gridftp-server-control-6.0-1.fc27 globus-gsi-sysconfig-7.1-1.fc27 globus-gss-assist-11.0-2.fc27 globus-gssapi-gsi-13.0-2.fc27 globus-xio-gsi-driver-4.1-1.fc27 icu-57.1-8.fc27 libwacom-0.26-1.fc27 mate-applets-1.19.1-1.fc27 mate-desktop-1.19.0-2.fc27 mate-screensaver-1.19.0-1.fc27 meld-3.18.0-1.fc27 mingw-LibRaw-0.18.3-1.fc27 mingw-libzip-1.3.0-1.fc27 nemo-3.4.7-8.fc27 openjpeg2-2.2.0-3.fc27 php-nette-tokenizer-2.3.0-1.fc27 php-phpmyadmin-sql-parser-4.2.1-1.fc27 pjproject-2.6-6.fc27 rawtherapee-5.2-2.fc27 snapd-2.27.6-1.fc27 systemd-bootchart-232-1.fc27 xkeyboard-config-2.21-3.fc27 Details about builds: ================================================================================ R-sp-1.2.5-3.fc27 (FEDORA-2017-2d62b6e845) Classes and Methods for Spatial Data -------------------------------------------------------------------------------- Update Information: Initial package of sp for R. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487542 - Review Request: R-sp - Classes and Methods for Spatial Data https://bugzilla.redhat.com/show_bug.cgi?id=1487542 -------------------------------------------------------------------------------- ================================================================================ abrt-java-connector-1.1.0-13.fc27 (FEDORA-2017-2a110b5a82) JNI Agent library converting Java exceptions to ABRT problems -------------------------------------------------------------------------------- Update Information: Rename log() to log_warning() -------------------------------------------------------------------------------- References: [ 1 ] Bug #1484585 - Cannot install abrt-java-connector due to broken dependencies https://bugzilla.redhat.com/show_bug.cgi?id=1484585 [ 2 ] Bug #1423201 - abrt-java-connector: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1423201 -------------------------------------------------------------------------------- ================================================================================ axel-2.13.1-2.fc27 (FEDORA-2017-da4b663447) Light command line download accelerator for Linux and Unix -------------------------------------------------------------------------------- Update Information: * Update to latest upstream release -------------------------------------------------------------------------------- ================================================================================ bind99-9.9.11-2.fc27 (FEDORA-2017-81ed0998db) The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) libraries -------------------------------------------------------------------------------- Update Information: Update to 9.9.11, Rebuilt for mass rebuild, fix upgrade path -------------------------------------------------------------------------------- ================================================================================ cinnamon-3.4.6-15.fc27 (FEDORA-2017-b6dbe6d177) Window management and application launching for GNOME -------------------------------------------------------------------------------- Update Information: - Add online-accounts to cinnamon-settings -------------------------------------------------------------------------------- ================================================================================ cinnamon-control-center-3.4.0-8.fc27 (FEDORA-2017-b6dbe6d177) Utilities to configure the Cinnamon desktop -------------------------------------------------------------------------------- Update Information: - Add online-accounts to cinnamon-settings -------------------------------------------------------------------------------- ================================================================================ digikam-5.7.0-1.fc27 (FEDORA-2017-45398d06b9) A digital camera accessing & photo management application -------------------------------------------------------------------------------- Update Information: Update to latest stable release -------------------------------------------------------------------------------- ================================================================================ distribution-gpg-keys-1.14-1.fc27 (FEDORA-2017-3d35cb6db9) GPG keys of various Linux distributions -------------------------------------------------------------------------------- Update Information: update Copr keys -------------------------------------------------------------------------------- ================================================================================ fontconfig-2.12.5-1.fc27 (FEDORA-2017-330fccc447) Font configuration and customization library -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ================================================================================ globus-ftp-control-8.0-1.fc27 (FEDORA-2017-67e0428c44) Globus Toolkit - GridFTP Control Library -------------------------------------------------------------------------------- Update Information: globus-ftp-control (8.0): * Add function globus_ftp_control_use_tls() for TLS control channel globus-gridftp-server-control (6.0): * Add support for control channel over TLS globus-gsi-sysconfig (7.1): * Add SNI vhost cred dir support globus-gss-assist (11.0): * Add new function gss_assist_read_vhost_cred_dir() for SNI server globus-gssapi-gsi (13.0): * Add SNI vhost cred dir support * Add optional ALPN processing globus-xio-gsi-driver (4.1): * Add SNI and ALPN support via cntls -------------------------------------------------------------------------------- ================================================================================ globus-gridftp-server-control-6.0-1.fc27 (FEDORA-2017-67e0428c44) Globus Toolkit - Globus GridFTP Server Library -------------------------------------------------------------------------------- Update Information: globus-ftp-control (8.0): * Add function globus_ftp_control_use_tls() for TLS control channel globus-gridftp-server-control (6.0): * Add support for control channel over TLS globus-gsi-sysconfig (7.1): * Add SNI vhost cred dir support globus-gss-assist (11.0): * Add new function gss_assist_read_vhost_cred_dir() for SNI server globus-gssapi-gsi (13.0): * Add SNI vhost cred dir support * Add optional ALPN processing globus-xio-gsi-driver (4.1): * Add SNI and ALPN support via cntls -------------------------------------------------------------------------------- ================================================================================ globus-gsi-sysconfig-7.1-1.fc27 (FEDORA-2017-67e0428c44) Globus Toolkit - Globus GSI System Config Library -------------------------------------------------------------------------------- Update Information: globus-ftp-control (8.0): * Add function globus_ftp_control_use_tls() for TLS control channel globus-gridftp-server-control (6.0): * Add support for control channel over TLS globus-gsi-sysconfig (7.1): * Add SNI vhost cred dir support globus-gss-assist (11.0): * Add new function gss_assist_read_vhost_cred_dir() for SNI server globus-gssapi-gsi (13.0): * Add SNI vhost cred dir support * Add optional ALPN processing globus-xio-gsi-driver (4.1): * Add SNI and ALPN support via cntls -------------------------------------------------------------------------------- ================================================================================ globus-gss-assist-11.0-2.fc27 (FEDORA-2017-67e0428c44) Globus Toolkit - GSSAPI Assist library -------------------------------------------------------------------------------- Update Information: globus-ftp-control (8.0): * Add function globus_ftp_control_use_tls() for TLS control channel globus-gridftp-server-control (6.0): * Add support for control channel over TLS globus-gsi-sysconfig (7.1): * Add SNI vhost cred dir support globus-gss-assist (11.0): * Add new function gss_assist_read_vhost_cred_dir() for SNI server globus-gssapi-gsi (13.0): * Add SNI vhost cred dir support * Add optional ALPN processing globus-xio-gsi-driver (4.1): * Add SNI and ALPN support via cntls -------------------------------------------------------------------------------- ================================================================================ globus-gssapi-gsi-13.0-2.fc27 (FEDORA-2017-67e0428c44) Globus Toolkit - GSSAPI library -------------------------------------------------------------------------------- Update Information: globus-ftp-control (8.0): * Add function globus_ftp_control_use_tls() for TLS control channel globus-gridftp-server-control (6.0): * Add support for control channel over TLS globus-gsi-sysconfig (7.1): * Add SNI vhost cred dir support globus-gss-assist (11.0): * Add new function gss_assist_read_vhost_cred_dir() for SNI server globus-gssapi-gsi (13.0): * Add SNI vhost cred dir support * Add optional ALPN processing globus-xio-gsi-driver (4.1): * Add SNI and ALPN support via cntls -------------------------------------------------------------------------------- ================================================================================ globus-xio-gsi-driver-4.1-1.fc27 (FEDORA-2017-67e0428c44) Globus Toolkit - Globus XIO GSI Driver -------------------------------------------------------------------------------- Update Information: globus-ftp-control (8.0): * Add function globus_ftp_control_use_tls() for TLS control channel globus-gridftp-server-control (6.0): * Add support for control channel over TLS globus-gsi-sysconfig (7.1): * Add SNI vhost cred dir support globus-gss-assist (11.0): * Add new function gss_assist_read_vhost_cred_dir() for SNI server globus-gssapi-gsi (13.0): * Add SNI vhost cred dir support * Add optional ALPN processing globus-xio-gsi-driver (4.1): * Add SNI and ALPN support via cntls -------------------------------------------------------------------------------- ================================================================================ icu-57.1-8.fc27 (FEDORA-2017-ef6b42d5ce) International Components for Unicode -------------------------------------------------------------------------------- Update Information: Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ libwacom-0.26-1.fc27 (FEDORA-2017-9e8c7f3d9b) Tablet Information Client Library -------------------------------------------------------------------------------- Update Information: libwacom 0.26 -------------------------------------------------------------------------------- ================================================================================ mate-applets-1.19.1-1.fc27 (FEDORA-2017-df4f64e12c) MATE Desktop panel applets -------------------------------------------------------------------------------- Update Information: - add f27 fedora gsettings override file - update mate-applets to 1.19.1 -------------------------------------------------------------------------------- ================================================================================ mate-desktop-1.19.0-2.fc27 (FEDORA-2017-df4f64e12c) Shared code for mate-panel, mate-session, mate-file-manager, etc -------------------------------------------------------------------------------- Update Information: - add f27 fedora gsettings override file - update mate-applets to 1.19.1 -------------------------------------------------------------------------------- ================================================================================ mate-screensaver-1.19.0-1.fc27 (FEDORA-2017-d7c2214086) MATE Screensaver -------------------------------------------------------------------------------- Update Information: -update to 1.19.0 -------------------------------------------------------------------------------- ================================================================================ meld-3.18.0-1.fc27 (FEDORA-2017-27a53efc90) Visual diff and merge tool -------------------------------------------------------------------------------- Update Information: This update brings the new 3.18.0 release of Meld to you. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1490081 - meld-3.18.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1490081 -------------------------------------------------------------------------------- ================================================================================ mingw-LibRaw-0.18.3-1.fc27 (FEDORA-2017-d2f31670a4) Library for reading RAW files obtained from digital photo cameras -------------------------------------------------------------------------------- Update Information: Update to version 0.18.3, see https://www.libraw.org/news/libraw-0-18-3 for details. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1488946 - CVE-2017-13735 mingw-LibRaw: libraw: Floating point exception in kodak_radc_load_raw function in internal/dcraw_common.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1488946 -------------------------------------------------------------------------------- ================================================================================ mingw-libzip-1.3.0-1.fc27 (FEDORA-2017-d5487d0f80) C library for reading, creating, and modifying zip archives -------------------------------------------------------------------------------- Update Information: Update to version 1.3.0, see https://nih.at/libzip/NEWS.html for details. ---- This update backports security fix for CVE-2017-14107. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1489000 - CVE-2017-14107 libzip: Memory allocation failure in _zip_cdir_grow function https://bugzilla.redhat.com/show_bug.cgi?id=1489000 -------------------------------------------------------------------------------- ================================================================================ nemo-3.4.7-8.fc27 (FEDORA-2017-0ecd900802) File manager for Cinnamon -------------------------------------------------------------------------------- Update Information: - Fix several operations for gDrive with GVFS -------------------------------------------------------------------------------- ================================================================================ openjpeg2-2.2.0-3.fc27 (FEDORA-2017-a5bb95b447) C-Library for JPEG 2000 -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2017-12982, CVE-2017-14040, CVE-2017-14041 and two other security vulnerabilities. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1487236 - CVE-2017-12982 openjpeg: Memory allocation failure in the opj_image_create function https://bugzilla.redhat.com/show_bug.cgi?id=1487236 [ 2 ] Bug #1487347 - CVE-2017-14041 openjpeg: Stack-based buffer over-write in pgxtoimage function in bin/jp2/convert.c https://bugzilla.redhat.com/show_bug.cgi?id=1487347 [ 3 ] Bug #1487361 - CVE-2017-14040 openjpeg: Invalid write access in bin/jp2/convert.c https://bugzilla.redhat.com/show_bug.cgi?id=1487361 [ 4 ] Bug #1487389 - CVE-2017-14152 openjpeg: Heap-based buffer overflow in opj_write_bytes_LE in cio.c https://bugzilla.redhat.com/show_bug.cgi?id=1487389 [ 5 ] Bug #1487390 - CVE-2017-14151 openjpeg: Heap-based buffer overflow in opj_mqc_flush in mqc.c https://bugzilla.redhat.com/show_bug.cgi?id=1487390 -------------------------------------------------------------------------------- ================================================================================ php-nette-tokenizer-2.3.0-1.fc27 (FEDORA-2017-bde63fe2a8) Nette Tokenizer -------------------------------------------------------------------------------- Update Information: **Released version 2.3.0** * requires PHP 5.4 * added new classes Nette\Tokenizer\Tokenizer & Nette\Tokenizer\Stream * Tokenizer::tokenize return Stream instead of array * token is represented by object Token instead of array * removed support for 'simple' mode * Nette\Utils\Tokenizer & Nette\Utils\TokenIterator are marked as deprecated (BC break) -------------------------------------------------------------------------------- ================================================================================ php-phpmyadmin-sql-parser-4.2.1-1.fc27 (FEDORA-2017-6023b67cdd) A validating SQL lexer and parser with a focus on MySQL dialect -------------------------------------------------------------------------------- Update Information: **Version 4.2.1** - 2017-09-08 * Fixed minor bug in Query::getFlags. * Localizaton updates. ---- **Version 4.2.0** - 2017-08-30 * Initial support for MariaDB SQL contexts. * Add support for MariaDB 10.3 INTERSECT and EXCEPT. -------------------------------------------------------------------------------- ================================================================================ pjproject-2.6-6.fc27 (FEDORA-2017-e434f2f9e7) Libraries for building embedded/non-embedded VoIP applications -------------------------------------------------------------------------------- Update Information: Update to version 2.6, see https://blog.pjsip.org/2017/01/26/pjsip-version-2-6 -is-released-with-uwp-wp8-x-support/ for details. -------------------------------------------------------------------------------- ================================================================================ rawtherapee-5.2-2.fc27 (FEDORA-2017-8aad495d9b) Raw image processing software -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-13735 -------------------------------------------------------------------------------- ================================================================================ snapd-2.27.6-1.fc27 (FEDORA-2017-4546b9dd38) A transactional software package manager -------------------------------------------------------------------------------- Update Information: New bugfix release: * interfaces: add udev netlink support to `hardware- observe` * interfaces/network-{control,observe}: allow receiving `kobject_uevent()` messages * interfaces: fix network-manager plug regression * hooks: do not error when hook handler is not registered * interfaces/alsa,pulseaudio: allow read on udev data for sound * interfaces /optical-drive: read access to udev data for `/dev/scd*` * interfaces/browser- support: read on `/proc/vmstat` and misc udev data * snap-seccomp: add secondary arch for unrestricted snaps as well * Remove the `Nice=-5` from the `snapd.service` file. This breaks in lxd containers In addition, the `snap userd` functionality has been backported from upstream git master to support `xdg-open` within snaps. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1483177 - snapd-2.27.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1483177 [ 2 ] Bug #1489437 - snapd-2.27.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1489437 -------------------------------------------------------------------------------- ================================================================================ systemd-bootchart-232-1.fc27 (FEDORA-2017-7228d8eac7) Boot performance graphing tool -------------------------------------------------------------------------------- Update Information: new upstream 232 release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458464 - systemd-bootchart-v232 is available https://bugzilla.redhat.com/show_bug.cgi?id=1458464 -------------------------------------------------------------------------------- ================================================================================ xkeyboard-config-2.21-3.fc27 (FEDORA-2017-e38be801d8) X Keyboard Extension configuration data -------------------------------------------------------------------------------- Update Information: Fix typo in tel-salara (#1469407) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1469407 - Fedora 26 ISO - Cannot select English (India) - pyanaconda.ui.gui.xkl_wrapper.XklWrapperError: Failed to replace layouts with: in (eng) https://bugzilla.redhat.com/show_bug.cgi?id=1469407 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
