The following Fedora 26 Security updates need testing: Age URL 116 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ccb5c8d1e7 docker-distribution-2.6.2-1.git48294d9.fc26 45 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6e6f4f95e6 ruby-2.4.2-84.fc26 32 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6bff3cf26c suricata-3.2.4-1.fc26 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ea72793352 fedpkg-1.30-4.fc26 rpkg-1.51-2.fc26 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3915878e18 ldns-1.7.0-4.fc26 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1f1fdab532 postgresql-9.6.6-1.fc26 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f87ce166c5 chromium-62.0.3202.89-1.fc26 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-60c61b6e79 python-copr-1.84-1.fc26 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-13f0fd3028 jbig2dec-0.14-1.fc26 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-dbec196dd8 openssl-1.1.0g-1.fc26 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4d5618a962 webkitgtk4-2.18.3-1.fc26 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-df3032c978 quagga-1.2.2-1.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b52f851dea calamares-3.1.8-1.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1f52998c8b konversation-1.7.4-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0929e71b41 lucene4-4.10.4-11.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5525b6cb5a varnish-5.1.3-4.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-742be0e59c git-2.13.6-2.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-59251d350d mediawiki-1.28.3-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-69cc374b0d mrbs-1.7.0-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2522df3526 nodejs-balanced-match-0.4.2-4.fc26 nodejs-brace-expansion-1.1.7-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2500a024ef xen-4.8.2-7.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9762a831b2 cacti-1.1.28-1.fc26 The following Fedora 26 Critical Path updates have yet to be approved: Age URL 49 https://bodhi.fedoraproject.org/updates/FEDORA-2017-621a9b4828 iproute-4.13.0-1.fc26 38 https://bodhi.fedoraproject.org/updates/FEDORA-2017-19f599ecd6 chrony-3.2-1.fc26 25 https://bodhi.fedoraproject.org/updates/FEDORA-2017-34b7ce4fee libappstream-glib-0.7.3-1.fc26 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ad679ebc50 menu-cache-1.1.0-1.fc26 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-24caef8611 gnome-online-accounts-3.24.4-3.fc26 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cb2da0cd93 publicsuffix-list-20171028-1.fc26 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-928612cbf8 qt5-qtbase-5.9.2-5.fc26 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4d5618a962 webkitgtk4-2.18.3-1.fc26 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-dbec196dd8 openssl-1.1.0g-1.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-552febe596 nss-3.34.0-1.0.fc26 nss-softokn-3.34.0-1.0.fc26 nss-util-3.34.0-1.0.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-dcf8a3ccd9 libguestfs-1.36.11-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-39e6a2f7e7 selinux-policy-3.13.1-260.16.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-742be0e59c git-2.13.6-2.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e1912dd566 man-db-2.7.6.1-5.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2500a024ef xen-4.8.2-7.fc26 The following builds have been pushed to Fedora 26 updates-testing R-stringi-1.1.6-1.fc26 cacti-1.1.28-1.fc26 cinnamon-control-center-3.6.3-3.fc26 container-selinux-2.33-1.fc26 corebird-1.7.3-1.fc26 dcap-2.47.12-1.fc26 distribution-gpg-keys-1.16-1.fc26 libxc-3.0.1-1.fc26 nodejs-balanced-match-0.4.2-4.fc26 nodejs-brace-expansion-1.1.7-1.fc26 openigtlink-2.0-4.fc26 openms-2.2.0-6.fc26 otter-browser-0.9.92-0.2.rc2gita026c61.fc26 perl-CGI-Fast-2.13-1.fc26 php-cs-fixer-2.2.11-1.fc26 python-ofxparse-0.17-1.fc26 python-regex-2017.11.09-1.fc26 rpmdeplint-1.4-1.fc26 slingshot-launcher-2.2.0-2.fc26 snapd-2.29.4-2.fc26 snapd-glib-1.29-1.fc26 trinity-1.8-1.fc26 vips-8.5.9-1.fc26 xen-4.8.2-7.fc26 yad-0.40.0-2.fc26 Details about builds: ================================================================================ R-stringi-1.1.6-1.fc26 (FEDORA-2017-81c52537cc) Character String Processing Facilities -------------------------------------------------------------------------------- Update Information: Update to latest release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1512149 - R-stringi-1.1.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1512149 -------------------------------------------------------------------------------- ================================================================================ cacti-1.1.28-1.fc26 (FEDORA-2017-9762a831b2) An rrd based graphing tool -------------------------------------------------------------------------------- Update Information: - Update to 1.1.28 - CVE-2017-16641, CVE-2017-16660, CVE-2017-16661, CVE-2017-16785 Release notes: https://www.cacti.net/release_notes.php?version=1.1.28 -------------------------------------------------------------------------------- ================================================================================ cinnamon-control-center-3.6.3-3.fc26 (FEDORA-2017-1dcca6a703) Utilities to configure the Cinnamon desktop -------------------------------------------------------------------------------- Update Information: - Add patch with some bugfixes to network panel - Add patch to fix loading the OpenVPN plugin -------------------------------------------------------------------------------- ================================================================================ container-selinux-2.33-1.fc26 (FEDORA-2017-7650d519a4) SELinux policies for container runtimes -------------------------------------------------------------------------------- Update Information: Allow containers to read /etc/resolv.conf if volume mounted in from the host. ---- Fixes for container runtime communicating with dnsmasq. Silent some noice in containers attempting to write to /proc -------------------------------------------------------------------------------- ================================================================================ corebird-1.7.3-1.fc26 (FEDORA-2017-ae763a6081) Native GTK Twitter client -------------------------------------------------------------------------------- Update Information: corebird 1.7.3 release. - Increase maximum tweet length to 280 characters - Increase maximum name length to 50 characters and improve certain parts of the UI to cope better with longer names - Fix the emoji button not showing up in the compose window - Update translations -------------------------------------------------------------------------------- ================================================================================ dcap-2.47.12-1.fc26 (FEDORA-2017-5a39d8717d) Client Tools for dCache -------------------------------------------------------------------------------- Update Information: New upstream release. -------------------------------------------------------------------------------- ================================================================================ distribution-gpg-keys-1.16-1.fc26 (FEDORA-2017-e3b29661ec) GPG keys of various Linux distributions -------------------------------------------------------------------------------- Update Information: Update Copr keys. -------------------------------------------------------------------------------- ================================================================================ libxc-3.0.1-1.fc26 (FEDORA-2017-27b61ac376) Library of exchange and correlation functionals to be used in DFT codes -------------------------------------------------------------------------------- Update Information: Changes in libxc 3.0.1 from 3.0.0: Fixed: * Added missing MGGA_C_SCAN implementation (fix crash in 3.0.0). * Uninitialized cam_omega, cam_alpha, and cam_beta parameters for LDA functionals. * Flags defined in the Fortran 90 interface. * Several references. * Bugs in MGGA_X_MK00 and GGA_X_B86_R. * Behavior for small tau in MGGA_XC_B97M_V and HYB_MGGA_XC_wB97M_V. * Incorrect exchange mixing for HYB_GGA_X_CAP0. * Description of several functionals. Added: * Missing C to Fortran interface for xc_f90_nlc_coef. * Missing interfaces for the set_params functions in the Fortran 90 interface. -------------------------------------------------------------------------------- ================================================================================ nodejs-balanced-match-0.4.2-4.fc26 (FEDORA-2017-2522df3526) Match balanced character pairs, like "{" and "}" -------------------------------------------------------------------------------- Update Information: Update to upstream 1.1.7 release to remediate DoS issue npm:brace- expansion:20170302 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1448380 - nodejs-brace-expansion: Regular expression denial-of-service https://bugzilla.redhat.com/show_bug.cgi?id=1448380 -------------------------------------------------------------------------------- ================================================================================ nodejs-brace-expansion-1.1.7-1.fc26 (FEDORA-2017-2522df3526) Brace expansion as known from sh/bash -------------------------------------------------------------------------------- Update Information: Update to upstream 1.1.7 release to remediate DoS issue npm:brace- expansion:20170302 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1448380 - nodejs-brace-expansion: Regular expression denial-of-service https://bugzilla.redhat.com/show_bug.cgi?id=1448380 -------------------------------------------------------------------------------- ================================================================================ openigtlink-2.0-4.fc26 (FEDORA-2017-27edab4ec2) Implementation of the OpenIGTLink network communication protocol -------------------------------------------------------------------------------- Update Information: The cmake configuration file `OpenIGTLinkConfig.cmake` had hardcoded paths pointing to the build directory instead paths where libraries and header files are installed. This issue is fixed. Also missing header file `igtl_status.h` is added to the package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1509407 - Missing igtl_status.h https://bugzilla.redhat.com/show_bug.cgi?id=1509407 [ 2 ] Bug #1509365 - OpenIGTLink config broken? https://bugzilla.redhat.com/show_bug.cgi?id=1509365 -------------------------------------------------------------------------------- ================================================================================ openms-2.2.0-6.fc26 (FEDORA-2017-d08528cb2c) LC/MS data management and analyses -------------------------------------------------------------------------------- Update Information: - Rebuild of OpenMS-2.2.0 -------------------------------------------------------------------------------- ================================================================================ otter-browser-0.9.92-0.2.rc2gita026c61.fc26 (FEDORA-2017-8fc1c27da2) Web browser controlled by the user, not vice-versa -------------------------------------------------------------------------------- Update Information: Update to 0.9.92-0.2.rc2gita026c61 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1514778 - [abrt] otter-browser: QWebFrame::url(): otter-browser killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1514778 -------------------------------------------------------------------------------- ================================================================================ perl-CGI-Fast-2.13-1.fc26 (FEDORA-2017-06004a1b1f) CGI Interface for Fast CGI -------------------------------------------------------------------------------- Update Information: This release simplifies tests. We deliver it only to provide up-to-date version string. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1514432 - perl-CGI-Fast-2.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1514432 -------------------------------------------------------------------------------- ================================================================================ php-cs-fixer-2.2.11-1.fc26 (FEDORA-2017-d07e6da0e2) A tool to automatically fix PHP code style -------------------------------------------------------------------------------- Update Information: **Changelog for v2.2.11** * bug #3225 PhpdocTrimFixer - Fix handling of lines without leading asterisk (julienfalque) * bug #3262 ToolInfo - support installation by branch as well (keradus) * bug #3266 PhpUnitConstructFixer - multiple asserts bug (kubawerlos) * minor #3239 Improve contributing guide and issue template (julienfalque) * minor #3246 Make ToolInfo methods non-static (julienfalque) * minor #3250 Travis: fail early, spare resources, save the Earth (Slamdunk, keradus) * minor #3251 Create Title for config file docs section (IanEdington) * minor #3254 AutoReview/FixerFactoryTest::testFixersPriority: verbose assertion message (Slamdunk) -------------------------------------------------------------------------------- ================================================================================ python-ofxparse-0.17-1.fc26 (FEDORA-2017-d63e4e58df) Python library for working with the OFX (Open Financial Exchange) file format -------------------------------------------------------------------------------- Update Information: Bug fix release 0.17 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1513450 - python-ofxparse-0.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1513450 -------------------------------------------------------------------------------- ================================================================================ python-regex-2017.11.09-1.fc26 (FEDORA-2017-76cfd223d1) Alternative regular expression module, to replace re -------------------------------------------------------------------------------- Update Information: Update to the latest released version. Support Python3 on EPEL7. -------------------------------------------------------------------------------- ================================================================================ rpmdeplint-1.4-1.fc26 (FEDORA-2017-fced679ae3) Tool to find errors in RPM packages in the context of their dependency graph -------------------------------------------------------------------------------- Update Information: Upstream bug fix release 1.4: https://docs.pagure.org/rpmdeplint/CHANGES.html -------------------------------------------------------------------------------- References: [ 1 ] Bug #1423678 - [abrt] [faf] rpmdeplint: perform(): /usr/lib64/python3.5/site-packages/librepo/__init__.py killed by librepo.LibrepoException https://bugzilla.redhat.com/show_bug.cgi?id=1423678 -------------------------------------------------------------------------------- ================================================================================ slingshot-launcher-2.2.0-2.fc26 (FEDORA-2017-974926c56e) Lightweight and stylish app launcher -------------------------------------------------------------------------------- Update Information: Add missing Supplements: wingpanel so the application menu is pulled in when winpanel is installed (it's pretty useless without it). -------------------------------------------------------------------------------- ================================================================================ snapd-2.29.4-2.fc26 (FEDORA-2017-104db65d69) A transactional software package manager -------------------------------------------------------------------------------- Update Information: New releases of snapd (2.29.4) and snapd-glib (1.29). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1508434 - snapd-glib-1.29 is available https://bugzilla.redhat.com/show_bug.cgi?id=1508434 [ 2 ] Bug #1508433 - snapd-2.29.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1508433 -------------------------------------------------------------------------------- ================================================================================ snapd-glib-1.29-1.fc26 (FEDORA-2017-104db65d69) Library providing a GLib interface to snapd -------------------------------------------------------------------------------- Update Information: New releases of snapd (2.29.4) and snapd-glib (1.29). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1508434 - snapd-glib-1.29 is available https://bugzilla.redhat.com/show_bug.cgi?id=1508434 [ 2 ] Bug #1508433 - snapd-2.29.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1508433 -------------------------------------------------------------------------------- ================================================================================ trinity-1.8-1.fc26 (FEDORA-2017-66a43ed1aa) System call fuzz tester -------------------------------------------------------------------------------- Update Information: Numerous bug fixes and enhancements, plus adaptations to newer versions of the Linux kernel. See https://github.com/kernelslacker/trinity/commits/master for a detailed list of changes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1514786 - [abrt] trinity: do_random_sso(): trinity killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1514786 -------------------------------------------------------------------------------- ================================================================================ vips-8.5.9-1.fc26 (FEDORA-2017-639db97dbf) C/C++ library for processing large images -------------------------------------------------------------------------------- Update Information: - Fix a crash with heavy use of draw operations from language bindings - Make `--fail` stop JPEG read on any libjpeg warning -------------------------------------------------------------------------------- ================================================================================ xen-4.8.2-7.fc26 (FEDORA-2017-2500a024ef) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: fix an issue in patch for [XSA-240, CVE-2017-15595] that might be a security issue fix for [XSA-243, CVE-2017-15592] could cause hypervisor crash (DOS) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1499823 - CVE-2017-15592 xsa243 xen: x86: Incorrect handling of self-linear shadow mappings with translated guests (XSA-243) https://bugzilla.redhat.com/show_bug.cgi?id=1499823 [ 2 ] Bug #1499820 - CVE-2017-15595 xsa240 xen: Unlimited recursion in linear pagetable de-typing (XSA-240) https://bugzilla.redhat.com/show_bug.cgi?id=1499820 -------------------------------------------------------------------------------- ================================================================================ yad-0.40.0-2.fc26 (FEDORA-2017-dd970e90c1) Display graphical dialogs from shell scripts or command line -------------------------------------------------------------------------------- Update Information: Update to YAD 0.40.0-2 to add BuildRequires: webkitgtk3-devel for Fedora <=26 and EPEL ( webkitgtk3-devel is obsolete in Fedora >= 27 ) ---- Update to YAD 0.40.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1514776 - yad-0.40.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1514776 [ 2 ] Bug #1455282 - yad compiled with --enable-html but without webkitgtk3-devel https://bugzilla.redhat.com/show_bug.cgi?id=1455282 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
