The following Fedora 27 Security updates need testing: Age URL 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b444c3b9c5 libwmf-0.2.8.4-53.fc27 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-15819d2c37 jasper-2.0.14-1.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7af44272e2 ImageMagick-6.9.9.13-1.fc27 rubygem-rmagick-2.16.0-6.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-23dba9fb5d kernel-4.13.3-300.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d270e932a3 nagios-4.3.4-3.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fdd3a98e8f httpd-2.4.27-8.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0348398d64 LibRaw-0.18.5-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d3cd18fb03 mingw-LibRaw-0.18.5-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-109f8db088 chromium-61.0.3163.100-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2d6a38c4ff MySQL-zrm-3.0-17.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d79b43fcc poppler-0.57.0-2.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-67ba559502 perl-5.26.1-400.fc27 The following builds have been pushed to Fedora 27 updates-testing LuxRender-1.6-23.fc27 MySQL-zrm-3.0-17.fc27 WoeUSB-2.1.3-1.fc27 astrometry-0.72-2.fc27 astrometry-tycho2-1.1.1-1.fc27 chromium-61.0.3163.100-1.fc27 dnf-2.6.3-12.fc27 embree-2.17.0-1.fc27 evemu-2.7.0-1.fc27 golang-github-AudriusButkevicius-kcp-go-0-0.1.20170902.gitd17218b.fc27 gpick-0.2.6-0.rc1.fc27 gscan2pdf-1.8.7-1.fc27 gtkwave-3.3.85-1.fc27 hunspell-en-0.20140811.1-9.fc27 i3-4.14.1-1.fc27 lucene3-3.6.2-11.fc27 magic-8.2.28-1.fc27 nss-3.32.1-1.0.fc27 perl-5.26.1-400.fc27 perl-CPAN-Perl-Releases-3.38-1.fc27 perl-DBD-Pg-3.7.0-1.fc27 perl-File-Fetch-0.54-1.fc27 perl-Module-CoreList-5.20170923-1.fc27 perl-Safe-Isa-1.000007-1.fc27 perl-System-Info-0.056-1.fc27 perl-XML-LibXML-2.0129-8.fc27 php-alcaeus-mongo-php-adapter-1.1.3-1.fc27 php-behat-mink-1.7.1-5.fc27 php-goutte-3.2.0-4.fc27 php-guzzle-Guzzle-3.9.3-13.fc27 php-jms-serializer-1.8.1-1.fc27 php-phpunit-PHPUnit-5.7.22-1.fc27 phpunit6-6.3.1-1.fc27 poppler-0.57.0-2.fc27 solr3-3.6.2-15.fc27 stellarium-0.16.1-1.fc27 syncthing-0.14.38-1.fc27 Details about builds: ================================================================================ LuxRender-1.6-23.fc27 (FEDORA-2017-7bdd2e7ffb) Lux Renderer, an unbiased rendering system -------------------------------------------------------------------------------- Update Information: Rebuild from embree 2.17.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1494058 - embree-2.17.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1494058 -------------------------------------------------------------------------------- ================================================================================ MySQL-zrm-3.0-17.fc27 (FEDORA-2017-2d6a38c4ff) MySQL backup manager -------------------------------------------------------------------------------- Update Information: Fix command logging -------------------------------------------------------------------------------- ================================================================================ WoeUSB-2.1.3-1.fc27 (FEDORA-2017-69b1f9cb32) Windows USB installation media creator -------------------------------------------------------------------------------- Update Information: Initial release for F25 and F27. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1494089 - Review Request: WoeUSB - Windows USB installation media creator https://bugzilla.redhat.com/show_bug.cgi?id=1494089 -------------------------------------------------------------------------------- ================================================================================ astrometry-0.72-2.fc27 (FEDORA-2017-37cbeee31d) Blind astrometric calibration of arbitrary astronomical images -------------------------------------------------------------------------------- Update Information: New packages for astrometry and the astrometry index files for Tycho-2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1470470 - Review Request: astrometry-tycho2 - Tycho-2 catalogue for astrometry.net https://bugzilla.redhat.com/show_bug.cgi?id=1470470 [ 2 ] Bug #1470436 - Review Request: astrometry - Blind astrometric calibration of arbitrary astronomical images https://bugzilla.redhat.com/show_bug.cgi?id=1470436 -------------------------------------------------------------------------------- ================================================================================ astrometry-tycho2-1.1.1-1.fc27 (FEDORA-2017-37cbeee31d) Tycho-2 catalogue for astrometry.net -------------------------------------------------------------------------------- Update Information: New packages for astrometry and the astrometry index files for Tycho-2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1470470 - Review Request: astrometry-tycho2 - Tycho-2 catalogue for astrometry.net https://bugzilla.redhat.com/show_bug.cgi?id=1470470 [ 2 ] Bug #1470436 - Review Request: astrometry - Blind astrometric calibration of arbitrary astronomical images https://bugzilla.redhat.com/show_bug.cgi?id=1470436 -------------------------------------------------------------------------------- ================================================================================ chromium-61.0.3163.100-1.fc27 (FEDORA-2017-109f8db088) A WebKit (Blink) powered web browser -------------------------------------------------------------------------------- Update Information: Update to 61.0.3163.100. Security fix for CVE-2017-5111, CVE-2017-5112, CVE-2017-5113, CVE-2017-5114, CVE-2017-5115, CVE-2017-5116, CVE-2017-5117, CVE-2017-5118, CVE-2017-5119, CVE-2017-5120, CVE-2017-5121, CVE-2017-5122 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1488782 - CVE-2017-5120 chromium-browser: potential https downgrade during redirect navigation https://bugzilla.redhat.com/show_bug.cgi?id=1488782 [ 2 ] Bug #1488781 - CVE-2017-5119 chromium-browser: use of uninitialized value in skia https://bugzilla.redhat.com/show_bug.cgi?id=1488781 [ 3 ] Bug #1488779 - CVE-2017-5118 chromium-browser: bypass of content security policy in blink https://bugzilla.redhat.com/show_bug.cgi?id=1488779 [ 4 ] Bug #1488778 - CVE-2017-5117 chromium-browser: use of uninitialized value in skia https://bugzilla.redhat.com/show_bug.cgi?id=1488778 [ 5 ] Bug #1488777 - CVE-2017-5116 chromium-browser: type confusion in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1488777 [ 6 ] Bug #1488776 - CVE-2017-5115 chromium-browser: type confusion in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1488776 [ 7 ] Bug #1488775 - CVE-2017-5114 chromium-browser: memory lifecycle issue in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1488775 [ 8 ] Bug #1488774 - CVE-2017-5113 chromium-browser: heap buffer overflow in skia https://bugzilla.redhat.com/show_bug.cgi?id=1488774 [ 9 ] Bug #1488773 - CVE-2017-5112 chromium-browser: heap buffer overflow in webgl https://bugzilla.redhat.com/show_bug.cgi?id=1488773 [ 10 ] Bug #1488772 - CVE-2017-5111 chromium-browser: use after free in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1488772 [ 11 ] Bug #1494392 - CVE-2017-5122 chromium-browser: out-of-bounds access in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1494392 [ 12 ] Bug #1494391 - CVE-2017-5121 chromium-browser: out-of-bounds access in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1494391 -------------------------------------------------------------------------------- ================================================================================ dnf-2.6.3-12.fc27 (FEDORA-2017-4cdd5194e2) Package manager forked from Yum, using libsolv as a dependency resolver -------------------------------------------------------------------------------- Update Information: ** DNF ** - Add pre_configure() for commands -------------------------------------------------------------------------------- ================================================================================ embree-2.17.0-1.fc27 (FEDORA-2017-7bdd2e7ffb) Collection of high-performance ray tracing kernels developed at Intel -------------------------------------------------------------------------------- Update Information: Rebuild from embree 2.17.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1494058 - embree-2.17.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1494058 -------------------------------------------------------------------------------- ================================================================================ evemu-2.7.0-1.fc27 (FEDORA-2017-8a4705ecfc) Event Device Query and Emulation Program -------------------------------------------------------------------------------- Update Information: Evemu 2.7.0 -------------------------------------------------------------------------------- ================================================================================ golang-github-AudriusButkevicius-kcp-go-0-0.1.20170902.gitd17218b.fc27 (FEDORA-2017-a969ce651a) Full-featured reliable UDP communication library -------------------------------------------------------------------------------- Update Information: Initial package for fedora (new dependency of syncthing 0.14.38). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1494869 - Review Request: golang-github-AudriusButkevicius-kcp-go - Full-featured reliable UDP communication library https://bugzilla.redhat.com/show_bug.cgi?id=1494869 -------------------------------------------------------------------------------- ================================================================================ gpick-0.2.6-0.rc1.fc27 (FEDORA-2017-a62a87dcb8) Advanced color picker -------------------------------------------------------------------------------- Update Information: Update to 0.2.6rc1 with GTK3 support enabled -------------------------------------------------------------------------------- ================================================================================ gscan2pdf-1.8.7-1.fc27 (FEDORA-2017-9a17934dcb) GUI for producing a multipage PDF from a scan -------------------------------------------------------------------------------- Update Information: This releae fixes frontend selection, Poppler PostScript backend, setting a recursion limit in Preferences, a crach in scanimage frontend, ghosting buttons in save dialogue, and selecting range of pages. It also updates Hungarian translation and it adds units to scan adn edit paper dialogues. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1494759 - gscan2pdf-1.8.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1494759 -------------------------------------------------------------------------------- ================================================================================ gtkwave-3.3.85-1.fc27 (FEDORA-2017-9d94bfa292) Waveform Viewer -------------------------------------------------------------------------------- Update Information: Current upstream maintenance release. -------------------------------------------------------------------------------- ================================================================================ hunspell-en-0.20140811.1-9.fc27 (FEDORA-2017-d4a388a428) English hunspell dictionaries -------------------------------------------------------------------------------- Update Information: - perl regex rules changed so rebuilds of hunspell-en were truncated ---- * Treat etc/etc. the same in en_GB/AU/... as en_US -------------------------------------------------------------------------------- References: [ 1 ] Bug #1494698 - Hunspell spell checking is broken and highlights most words as if they are misspelled. https://bugzilla.redhat.com/show_bug.cgi?id=1494698 [ 2 ] Bug #1492306 - English (Australia) marks "etc etc." as misspelled https://bugzilla.redhat.com/show_bug.cgi?id=1492306 -------------------------------------------------------------------------------- ================================================================================ i3-4.14.1-1.fc27 (FEDORA-2017-9b8c122baf) Improved tiling window manager -------------------------------------------------------------------------------- Update Information: Bugfix update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1495029 - i3-4.14.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1495029 -------------------------------------------------------------------------------- ================================================================================ lucene3-3.6.2-11.fc27 (FEDORA-2017-f76e7f3f89) High-performance, full-featured text search engine -------------------------------------------------------------------------------- Update Information: Fixes a packaging problem causing failure to build from source. -------------------------------------------------------------------------------- ================================================================================ magic-8.2.28-1.fc27 (FEDORA-2017-5e830ff674) A very capable VLSI layout tool -------------------------------------------------------------------------------- Update Information: New version 8.2.28 is released. -------------------------------------------------------------------------------- ================================================================================ nss-3.32.1-1.0.fc27 (FEDORA-2017-96ce22f1fd) Network Security Services -------------------------------------------------------------------------------- Update Information: Updates the nss family of packages to upstream NSS 3.32.1. Note that, only the nss package has changed since the previous upstream release 3.32.1. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1490652 - nss-3.32.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1490652 -------------------------------------------------------------------------------- ================================================================================ perl-5.26.1-400.fc27 (FEDORA-2017-67ba559502) Practical Extraction and Report Language -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-12837 CVE-2017-12883 (see <http://search.cpan.org/dist/perl-5.26.1/pod/perldelta.pod>) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1492091 - CVE-2017-12837 perl: Heap buffer overflow in regular expression compiler https://bugzilla.redhat.com/show_bug.cgi?id=1492091 [ 2 ] Bug #1492093 - CVE-2017-12883 perl: Buffer over-read in regular expression parser https://bugzilla.redhat.com/show_bug.cgi?id=1492093 -------------------------------------------------------------------------------- ================================================================================ perl-CPAN-Perl-Releases-3.38-1.fc27 (FEDORA-2017-897060f8ec) Mapping Perl releases on CPAN to the location of the tarballs -------------------------------------------------------------------------------- Update Information: Updated to the latest version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1494820 - perl-CPAN-Perl-Releases-3.38 is available https://bugzilla.redhat.com/show_bug.cgi?id=1494820 -------------------------------------------------------------------------------- ================================================================================ perl-DBD-Pg-3.7.0-1.fc27 (FEDORA-2017-d75d92d779) A PostgreSQL interface for perl -------------------------------------------------------------------------------- Update Information: Updated to the latest version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1495028 - perl-DBD-Pg-3.7.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1495028 -------------------------------------------------------------------------------- ================================================================================ perl-File-Fetch-0.54-1.fc27 (FEDORA-2017-81015ac4d0) Generic file fetching mechanism -------------------------------------------------------------------------------- Update Information: This release updates tests. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1495026 - perl-File-Fetch-0.54 is available https://bugzilla.redhat.com/show_bug.cgi?id=1495026 -------------------------------------------------------------------------------- ================================================================================ perl-Module-CoreList-5.20170923-1.fc27 (FEDORA-2017-e1d01bc380) What modules are shipped with versions of perl -------------------------------------------------------------------------------- Update Information: This release brings data about Perl 5.26.1 and 5.24.3. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1494826 - perl-Module-CoreList-5.20170923 is available https://bugzilla.redhat.com/show_bug.cgi?id=1494826 -------------------------------------------------------------------------------- ================================================================================ perl-Safe-Isa-1.000007-1.fc27 (FEDORA-2017-d921cb4c57) Call isa, can, does and DOES safely on things that may not be objects -------------------------------------------------------------------------------- Update Information: Current upstream maintenance release. -------------------------------------------------------------------------------- ================================================================================ perl-System-Info-0.056-1.fc27 (FEDORA-2017-03727382be) Factory for system specific information objects -------------------------------------------------------------------------------- Update Information: Updated to the latest version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1494774 - perl-System-Info-0.056 is available https://bugzilla.redhat.com/show_bug.cgi?id=1494774 -------------------------------------------------------------------------------- ================================================================================ perl-XML-LibXML-2.0129-8.fc27 (FEDORA-2017-eb3fae70d6) Perl interface to the libxml2 library -------------------------------------------------------------------------------- Update Information: This release adjusts tests to libxml2-2.9.5. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1489529 - perl-XML-LibXML-2.0129-7.fc28 FTBFS: tests fail with libxml2-2.9.5 https://bugzilla.redhat.com/show_bug.cgi?id=1489529 -------------------------------------------------------------------------------- ================================================================================ php-alcaeus-mongo-php-adapter-1.1.3-1.fc27 (FEDORA-2017-037809899f) Mongo PHP Adapter -------------------------------------------------------------------------------- Update Information: **Version 1.1.3** (2017-09-24) All issues and pull requests under this release may be found under the [1.1.3](https://github.com/alcaeus/mongo-php- adapter/issues?q=milestone%3A1.1.3) milestone. * [#203](https://github.com/alcaeus/mongo-php-adapter/pull/203) fixes the detection of empty keys in update queries which were sometimes not properly handled. * [#187](https://github.com/alcaeus/mongo-php-adapter/pull/187) forces a primary read preference to certain commands that need to write data. * [#195](https://github.com/alcaeus/mongo-php-adapter/pull/195) fixes a wrong calculation leading to a wrong `updatedExisting` field in the result of an `update` query. * [#193](https://github.com/alcaeus/mongo-php-adapter/pull/193) fixes leaking new driver exceptions when calling `MongoClient::getHosts`. * [#191](https://github.com/alcaeus/mongo-php-adapter/pull/191) fixes cursor iteration when calling `hasNext` before resetting the cursor. * [#189](https://github.com/alcaeus/mongo-php-adapter/pull/189) fixes type conversion for a `query` passed to the `explain` command. * [#186](https://github.com/alcaeus/mongo-php-adapter/pull/186) fixes errors when using the 1.3 version of `ext-mongodb`. It also fixes an issue where new fields in `MongoDB::listCollections` were not properly reported. -------------------------------------------------------------------------------- ================================================================================ php-behat-mink-1.7.1-5.fc27 (FEDORA-2017-4e43ace41a) Browser controller/emulator abstraction for PHP -------------------------------------------------------------------------------- Update Information: RPM only releases - Add max versions to BuildRequires - Allow Symfony 3 - Modify tests -------------------------------------------------------------------------------- ================================================================================ php-goutte-3.2.0-4.fc27 (FEDORA-2017-4e43ace41a) A simple PHP web scraper -------------------------------------------------------------------------------- Update Information: RPM only releases - Add max versions to BuildRequires - Allow Symfony 3 - Modify tests -------------------------------------------------------------------------------- ================================================================================ php-guzzle-Guzzle-3.9.3-13.fc27 (FEDORA-2017-4e43ace41a) PHP HTTP client library and framework for building RESTful web service clients -------------------------------------------------------------------------------- Update Information: RPM only releases - Add max versions to BuildRequires - Allow Symfony 3 - Modify tests -------------------------------------------------------------------------------- ================================================================================ php-jms-serializer-1.8.1-1.fc27 (FEDORA-2017-6aea60dd2a) Library for (de-)serializing data of any complexity -------------------------------------------------------------------------------- Update Information: This library allows you to (de-)serialize data of any complexity. Currently, it supports XML, JSON, and YAML. It also provides you with a rich tool-set to adapt the output to your specific needs. Built-in features include: * (De-)serialize data of any complexity; circular references are handled gracefully. * Supports many built-in PHP types (such as dates) * Integrates with Doctrine ORM, et. al. * Supports versioning, e.g. for APIs * Configurable via PHP, XML, YAML, or Doctrine Annotations Autoloader: `/usr/share/php/JMS/Serializer/autoload.php` -------------------------------------------------------------------------------- References: [ 1 ] Bug #1470358 - Review Request: php-jms-serializer - Library for (de-)serializing data of any complexity https://bugzilla.redhat.com/show_bug.cgi?id=1470358 -------------------------------------------------------------------------------- ================================================================================ php-phpunit-PHPUnit-5.7.22-1.fc27 (FEDORA-2017-a8782452d7) The PHP Unit Testing framework -------------------------------------------------------------------------------- Update Information: **Version 5.7.22** - 2017-09-24 * Fixed [#2769](https://github.com/sebastianbergmann/phpunit/issues/2769): Usage of `setUseErrorHandler()` produces `Undefined variable` error -------------------------------------------------------------------------------- ================================================================================ phpunit6-6.3.1-1.fc27 (FEDORA-2017-fdbb6189cb) The PHP Unit Testing framework -------------------------------------------------------------------------------- Update Information: **Version 6.3.1** - 2017-09-24 * Fixed [#2769](https://github.com/sebastianbergmann/phpunit/issues/2769): Usage of `setUseErrorHandler()` produces `Undefined variable` error -------------------------------------------------------------------------------- ================================================================================ poppler-0.57.0-2.fc27 (FEDORA-2017-5d79b43fcc) PDF rendering library -------------------------------------------------------------------------------- Update Information: - CVE-2017-14520 Floating point exception in Splash::scaleImageYuXd -------------------------------------------------------------------------------- References: [ 1 ] Bug #1494583 - CVE-2017-14520 poppler: Floating point exception in Splash::scaleImageYuXd() function in Splash.cc [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1494583 -------------------------------------------------------------------------------- ================================================================================ solr3-3.6.2-15.fc27 (FEDORA-2017-f76e7f3f89) Apache Solr -------------------------------------------------------------------------------- Update Information: Fixes a packaging problem causing failure to build from source. -------------------------------------------------------------------------------- ================================================================================ stellarium-0.16.1-1.fc27 (FEDORA-2017-63577628a7) Photo-realistic nightsky renderer -------------------------------------------------------------------------------- Update Information: 0.16.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1494772 - stellarium-0.16.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1494772 -------------------------------------------------------------------------------- ================================================================================ syncthing-0.14.38-1.fc27 (FEDORA-2017-a390fc7eb3) Continuous File Synchronization -------------------------------------------------------------------------------- Update Information: Update to version 0.14.38. -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
