The following Fedora 26 Security updates need testing: Age URL 118 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ccb5c8d1e7 docker-distribution-2.6.2-1.git48294d9.fc26 47 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6e6f4f95e6 ruby-2.4.2-84.fc26 33 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6bff3cf26c suricata-3.2.4-1.fc26 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3915878e18 ldns-1.7.0-4.fc26 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f87ce166c5 chromium-62.0.3202.89-1.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-df3032c978 quagga-1.2.2-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b52f851dea calamares-3.1.8-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1f52998c8b konversation-1.7.4-1.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0929e71b41 lucene4-4.10.4-11.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5525b6cb5a varnish-5.1.3-4.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-59251d350d mediawiki-1.28.3-1.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-69cc374b0d mrbs-1.7.0-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2522df3526 nodejs-balanced-match-0.4.2-4.fc26 nodejs-brace-expansion-1.1.7-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2500a024ef xen-4.8.2-7.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9762a831b2 cacti-1.1.28-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d0a336a2a3 erlang-jiffy-0.14.13-1.fc26 couchdb-1.7.1-3.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-366046c758 samba-4.6.11-0.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-475529a26a moodle-3.2.6-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b0b4cc40c1 transfig-3.2.6a-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-23c3f02995 python-werkzeug-0.12.2-1.fc26 The following Fedora 26 Critical Path updates have yet to be approved: Age URL 51 https://bodhi.fedoraproject.org/updates/FEDORA-2017-621a9b4828 iproute-4.13.0-1.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cb2da0cd93 publicsuffix-list-20171028-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-552febe596 nss-3.34.0-1.0.fc26 nss-softokn-3.34.0-1.0.fc26 nss-util-3.34.0-1.0.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-dcf8a3ccd9 libguestfs-1.36.11-1.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e1912dd566 man-db-2.7.6.1-5.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2500a024ef xen-4.8.2-7.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-aec2d4fde6 tracker-1.12.4-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-366046c758 samba-4.6.11-0.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-08edc09fa0 groff-1.22.3-10.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-892a16728c vim-8.0.1322-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ae7df3a5c7 kernel-4.13.14-200.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-39e6a2f7e7 selinux-policy-3.13.1-260.17.fc26 The following builds have been pushed to Fedora 26 updates-testing 389-ds-base-1.3.6.12-1.fc26 asunder-2.9.2-2.fc26 atril-1.18.2-1.fc26 copy-jdk-configs-3.3-2.fc26 couchdb-1.7.1-3.fc26 deja-dup-37.0-1.fc26 erlang-jiffy-0.14.13-1.fc26 freeipa-desktop-profile-0.0.6-2.fc26 ghc-fingertree-0.1.2.1-1.fc26 ghc-tasty-0.12-1.fc26 ghc-tasty-hunit-0.9.2-1.fc26 ghc-tasty-quickcheck-0.9.1-1.fc26 ghc-wai-cors-0.2.5-1.fc26 gnome-chemistry-utils-0.14.17-4.fc26 gnumeric-1.12.36-1.fc26 goffice-0.10.36-1.fc26 groff-1.22.3-10.fc26 kernel-4.13.14-200.fc26 lincity-ng-2.9-0.14.20160605git7f266b1.fc26 mir-0.28.1-1.fc26 mkvtoolnix-18.0.0-1.fc26 mlt-6.4.1-9.fc26 moodle-3.2.6-1.fc26 mozilla-noscript-10.1.1-1.fc26 mozjs52-52.5.0-1.fc26 nagios-4.3.4-5.fc26 nagios-plugins-2.2.1-9.fc26 opensips-2.2.5-2.fc26 osmo-0.4.2-1.fc26 perl-Devel-StackTrace-2.03-1.fc26 perl-Fsdb-2.64-1.fc26 perl-Graphics-TIFF-6-1.fc26 perl-Module-CoreList-5.20171120-1.fc26 perl-PDF-API2-2.033-2.fc26 php-pecl-memcached-3.0.4-1.fc26 php-zendframework-zend-serializer-2.8.1-1.fc26 python-Mastodon-1.1.2-1.fc26 python-linux-procfs-0.5.1-2.fc26 python-logzero-1.3.1-1.fc26 python-schedutils-0.6-2.fc26 python-werkzeug-0.12.2-1.fc26 python-yourls-0.2.0-11.fc26 qt5-qtgamepad-5.9.2-1.fc26 samba-4.6.11-0.fc26 selinux-policy-3.13.1-260.17.fc26 squid-4.0.21-2.fc26 supertuxkart-0.9.3-1.fc26 tig-2.3.0-1.fc26 tracker-1.12.4-1.fc26 transfig-3.2.6a-1.fc26 vim-8.0.1322-1.fc26 xmms2-0.8-49.fc26 zynaddsubfx-3.0.2-1.fc26 Details about builds: ================================================================================ 389-ds-base-1.3.6.12-1.fc26 (FEDORA-2017-b3a6321ce3) 389 Directory Server (base) -------------------------------------------------------------------------------- Update Information: Bump version to 1.3.6.12 -------------------------------------------------------------------------------- ================================================================================ asunder-2.9.2-2.fc26 (FEDORA-2017-ef78debb90) A graphical Audio CD ripper and encoder -------------------------------------------------------------------------------- Update Information: ## Fedora specific changes: - enhance supported encoder dependencies with [weak dependencies](https://fedoraproject.org/wiki/Packaging:WeakDependencies) support ## Upstream changes (from the original changelog): ### 19 Nov 2017 - 2.9.2 - Updates Swedish translation. The following fixes were contributed by Gregory Margo: - Fixed the wavpack and mpc encoders to include APEv2 metadata. - Remove 'single genre' code that's been unused since 2010. - Added features to automatically fix some common mistakes in CDDB entries. The following fix was contributed by Andreas Ronnquist: - Fixed a bug where the config file couldn't be created because its parent directory could not be created because it existed already and was a regular file. ### 30 Jun 2017 - 2.9.1 - Fixed a bug that caused a startup crash in some environments (reported in Arch Linux). The following fix was contributed by Gregory Margo: - Shorten requested filenames that are longer than the filesystem can handle. ### 8 May 2017 - 2.9 The following fixes were contributed by Gregory Margo: - Work around cdparanoia's filename length limits - Fixed bug where multiple CDDB entries would only show once - Improved the refresh/lookup system to work much better with more complicated CDs - Fixed FLAC progress scanner. Both to make the percentage more reliable and to prevent a possible crash - Added feature to select/deselect all tracks by clicking on rip checkbox header - Fixed autocomplete file loading - Fixed several potential buffer overflow bugs - Fixed some minor memory leaks - Fixed race condition during abort - Improved completion percentage feedback - Added feature to make the artist and title columns resizable The following fixes were contributed by Andreas Ronnquist: - Moved the config file to ~/.config/asunder without breaking old configs - Moved the autocomplete files to ~/.cache/asunder without breaking old caches The following fix was contributed by Pierre Lestringant (whz): - Fixed musepack and aac playlist generation The following fix was contributed by Matthew (mw): - Add the ALBUMARTIST tag to flac files when "Single artist" is not checked. The following fix was contributed by Antony Gelberg: - Fixed when the CD is ejected to avoid problems before a full rip/encode cycle is completed. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1449209 - None https://bugzilla.redhat.com/show_bug.cgi?id=1449209 -------------------------------------------------------------------------------- ================================================================================ atril-1.18.2-1.fc26 (FEDORA-2017-b0e0fb2d70) Document viewer -------------------------------------------------------------------------------- Update Information: - update to 1.18.2 -------------------------------------------------------------------------------- ================================================================================ copy-jdk-configs-3.3-2.fc26 (FEDORA-2017-a1eaa0d326) JDKs configuration files copier -------------------------------------------------------------------------------- Update Information: added another subdirs for policies files -------------------------------------------------------------------------------- ================================================================================ couchdb-1.7.1-3.fc26 (FEDORA-2017-d0a336a2a3) A document database server, accessible via a RESTful JSON API -------------------------------------------------------------------------------- Update Information: * CouchDB ver. 1.7.1 * Fixed CVE-2017-12635 * Fixed CVE-2017-12636 * Switched to eunit for testing * Erlang 20 compatible -------------------------------------------------------------------------------- ================================================================================ deja-dup-37.0-1.fc26 (FEDORA-2017-dee505a33d) Simple backup tool and frontend for duplicity -------------------------------------------------------------------------------- Update Information: https://launchpad.net/deja-dup/+announcement/14855 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1514857 - deja-dup-37.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1514857 -------------------------------------------------------------------------------- ================================================================================ erlang-jiffy-0.14.13-1.fc26 (FEDORA-2017-d0a336a2a3) Erlang JSON parser -------------------------------------------------------------------------------- Update Information: * CouchDB ver. 1.7.1 * Fixed CVE-2017-12635 * Fixed CVE-2017-12636 * Switched to eunit for testing * Erlang 20 compatible -------------------------------------------------------------------------------- ================================================================================ freeipa-desktop-profile-0.0.6-2.fc26 (FEDORA-2017-91f099aa38) FleetCommander integration with FreeIPA -------------------------------------------------------------------------------- Update Information: Updated to upstream version 0.0.6 -------------------------------------------------------------------------------- ================================================================================ ghc-fingertree-0.1.2.1-1.fc26 (FEDORA-2017-92ca3e04e6) Generic finger-tree structure, with example instances -------------------------------------------------------------------------------- Update Information: Initial package of fingertree for Haskell. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1513375 - Review Request: ghc-fingertree - Generic finger-tree structure, with example instances https://bugzilla.redhat.com/show_bug.cgi?id=1513375 -------------------------------------------------------------------------------- ================================================================================ ghc-tasty-0.12-1.fc26 (FEDORA-2017-92b5634219) Modern and extensible testing framework -------------------------------------------------------------------------------- Update Information: Initial package of tasty for Haskell. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1513770 - Review Request: ghc-tasty - Modern and extensible testing framework https://bugzilla.redhat.com/show_bug.cgi?id=1513770 -------------------------------------------------------------------------------- ================================================================================ ghc-tasty-hunit-0.9.2-1.fc26 (FEDORA-2017-20116f3e22) HUnit support for the Tasty test framework -------------------------------------------------------------------------------- Update Information: Initial package of tasty-hunit for Haskell. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1514301 - Review Request: ghc-tasty-hunit - HUnit support for the Tasty test framework https://bugzilla.redhat.com/show_bug.cgi?id=1514301 -------------------------------------------------------------------------------- ================================================================================ ghc-tasty-quickcheck-0.9.1-1.fc26 (FEDORA-2017-59469b246d) QuickCheck support for the Tasty test framework -------------------------------------------------------------------------------- Update Information: Initial package of tasty-quickcheck for Haskell. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1515504 - Review Request: ghc-tasty-quickcheck - QuickCheck support for the Tasty test framework https://bugzilla.redhat.com/show_bug.cgi?id=1515504 -------------------------------------------------------------------------------- ================================================================================ ghc-wai-cors-0.2.5-1.fc26 (FEDORA-2017-4dd4fab634) CORS for WAI -------------------------------------------------------------------------------- Update Information: New package ghc-wai-cors -------------------------------------------------------------------------------- References: [ 1 ] Bug #1513715 - Review Request: ghc-wai-cors - CORS for WAI https://bugzilla.redhat.com/show_bug.cgi?id=1513715 -------------------------------------------------------------------------------- ================================================================================ gnome-chemistry-utils-0.14.17-4.fc26 (FEDORA-2017-dcf305a5db) A set of chemical utilities -------------------------------------------------------------------------------- Update Information: An update to the latest gnumeric and goffice releases: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.36.html -------------------------------------------------------------------------------- ================================================================================ gnumeric-1.12.36-1.fc26 (FEDORA-2017-dcf305a5db) Spreadsheet program for GNOME -------------------------------------------------------------------------------- Update Information: An update to the latest gnumeric and goffice releases: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.36.html -------------------------------------------------------------------------------- ================================================================================ goffice-0.10.36-1.fc26 (FEDORA-2017-dcf305a5db) G Office support libraries -------------------------------------------------------------------------------- Update Information: An update to the latest gnumeric and goffice releases: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.36.html -------------------------------------------------------------------------------- ================================================================================ groff-1.22.3-10.fc26 (FEDORA-2017-08edc09fa0) A document formatting system -------------------------------------------------------------------------------- Update Information: Move `grog/subs.pl` to `groff-perl` subpackage where it belongs. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1515167 - grog cannot be executed: Can't locate subs.pl in @INC https://bugzilla.redhat.com/show_bug.cgi?id=1515167 -------------------------------------------------------------------------------- ================================================================================ kernel-4.13.14-200.fc26 (FEDORA-2017-ae7df3a5c7) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 4.13.14 update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ================================================================================ lincity-ng-2.9-0.14.20160605git7f266b1.fc26 (FEDORA-2017-f901dac468) City Simulation Game -------------------------------------------------------------------------------- Update Information: Apply fixes from upstream which resolve reported crashes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1428389 - [abrt] lincity-ng: setup_river(): lincity-ng killed by SIGFPE https://bugzilla.redhat.com/show_bug.cgi?id=1428389 -------------------------------------------------------------------------------- ================================================================================ mir-0.28.1-1.fc26 (FEDORA-2017-ec8ee3a847) Next generation display server -------------------------------------------------------------------------------- Update Information: Initial import into Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1513512 - Review Request: mir - Next generation display server https://bugzilla.redhat.com/show_bug.cgi?id=1513512 -------------------------------------------------------------------------------- ================================================================================ mkvtoolnix-18.0.0-1.fc26 (FEDORA-2017-0070e2c54e) Matroska container manipulation utilities -------------------------------------------------------------------------------- Update Information: # Version 18.0.0 "Apricity" 2017-11-18 ## New features and enhancements * mkvmerge: AVC & HEVC ES parsers: performance improvements by copying much less memory around. * mkvmerge: tags: reintroduced a workaround for non-compliant files with tags that do not contain the mandatory `SimpleTag` element. This workaround was removed during code refactoring in release v15.0.0. * GUI: multiplexer: the "AAC is SBR/HE-AAC/AAC+" checkbox in the "audio properties" section will be disabled if the functionality is not implemented for the selected track's codec & container. * GUI: multiplexer: the "reduce to core" checkbox in the "audio properties" section will be disabled if the functionality is not implemented for the selected track's codec. See #2134. ## Bug fixes * mkvmerge: AAC ADTS parser: fixed interpretation of the `channel_configuration` header element for ADTS files that do not contain a program configuration element: value 7 means 7.1 channels. Fixes #2151. * mkvmerge: Matroska identification: the `date_local` and `date_utc` attributes will only be output if the identified Matroska file actually contains the "date" header field. * mkvmerge: WebVTT: mkvmerge did not recognize timestamp lines if the hours components were absent. Fixes #2139. * mkvpropedit, GUI's header editor: the `date` header field won't be added automatically anymore whenever the segment info section is edited and the `date` element is either deleted or not present in the first place. Fixes #2143. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1514860 - mkvtoolnix-18.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1514860 -------------------------------------------------------------------------------- ================================================================================ mlt-6.4.1-9.fc26 (FEDORA-2017-67f7138bc8) Toolkit for broadcasters, video editors, media players, transcoders -------------------------------------------------------------------------------- Update Information: Fix one crash on exit (#1497386) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1497386 - mlt causes kdenlive to crash on exit https://bugzilla.redhat.com/show_bug.cgi?id=1497386 -------------------------------------------------------------------------------- ================================================================================ moodle-3.2.6-1.fc26 (FEDORA-2017-475529a26a) A Course Management System -------------------------------------------------------------------------------- Update Information: Fix for CVE-2017-15110. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1515705 - CVE-2017-15110 moodle: Students can find out email addresses of other students in the same course [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1515705 [ 2 ] Bug #1515706 - CVE-2017-15110 moodle: Students can find out email addresses of other students in the same course [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1515706 -------------------------------------------------------------------------------- ================================================================================ mozilla-noscript-10.1.1-1.fc26 (FEDORA-2017-7745476dbd) JavaScript white list extension for Mozilla Firefox -------------------------------------------------------------------------------- Update Information: This is the first pure WebExtension release, compatible with Firefox 57+ only. Notable changes since 5.1.4: * CSP-based first-party script script blocking * Active content blocking with DEFAULT, TRUSTED, UNTRUSTED and CUSTOM (per site) presets * Extremely responsive XSS filter leveraging the webRequest asynchronous API * On-the-fly cross-site requests whitelisting * Next to come: ClearClick and ABE (in the next few weeks). * Fixed content process cross-framescript leak (thanks dorando for patch) -------------------------------------------------------------------------------- ================================================================================ mozjs52-52.5.0-1.fc26 (FEDORA-2017-3c05009e2e) SpiderMonkey JavaScript library -------------------------------------------------------------------------------- Update Information: mozjs52 52.5.0, including various security, stability and regression fixes from Firefox 52.5.0 ESR. For details, see https://www.mozilla.org/en- US/firefox/52.5.0/releasenotes/ -------------------------------------------------------------------------------- ================================================================================ nagios-4.3.4-5.fc26 (FEDORA-2017-e007a3f0fe) Host/service/network monitoring program -------------------------------------------------------------------------------- Update Information: Fix entry for nagios not stopping correctly sometimes -------------------------------------------------------------------------------- ================================================================================ nagios-plugins-2.2.1-9.fc26 (FEDORA-2017-69f33af241) Host/service/network monitoring program plugins for Nagios -------------------------------------------------------------------------------- Update Information: Fix mysql patch problem with <f26 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1478721 - nagios-plugins-load requires the uptime binary at runtime https://bugzilla.redhat.com/show_bug.cgi?id=1478721 [ 2 ] Bug #1512892 - nagios-plugins-log requires deprecated /bin/mktemp https://bugzilla.redhat.com/show_bug.cgi?id=1512892 [ 3 ] Bug #1512380 - nagios-plugins-load (2.2.1-2git.fc27.x86_64) fails with error message: CRITICAL - You need more args https://bugzilla.redhat.com/show_bug.cgi?id=1512380 [ 4 ] Bug #1500028 - check_http gives Socket timeout https://bugzilla.redhat.com/show_bug.cgi?id=1500028 [ 5 ] Bug #1494080 - nagios-plugins-2.2.1-2git.fc28 FTBFS: Use mariadb-connector-c-devel instead of mysql-devel or mariadb-devel https://bugzilla.redhat.com/show_bug.cgi?id=1494080 -------------------------------------------------------------------------------- ================================================================================ opensips-2.2.5-2.fc26 (FEDORA-2017-f9f03fceaf) Open Source SIP Server -------------------------------------------------------------------------------- Update Information: * Ver. 2.2.5 -------------------------------------------------------------------------------- ================================================================================ osmo-0.4.2-1.fc26 (FEDORA-2017-936e0873dd) Personal organizer -------------------------------------------------------------------------------- Update Information: update to 0.4.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1515010 - osmo-0.4.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1515010 -------------------------------------------------------------------------------- ================================================================================ perl-Devel-StackTrace-2.03-1.fc26 (FEDORA-2017-2aa4590990) Perl module implementing stack trace and stack trace frame objects -------------------------------------------------------------------------------- Update Information: Upstream update. -------------------------------------------------------------------------------- ================================================================================ perl-Fsdb-2.64-1.fc26 (FEDORA-2017-af2fe347f8) A set of commands for manipulating flat-text databases from the shell -------------------------------------------------------------------------------- Update Information: uplift to 2.64 -------------------------------------------------------------------------------- ================================================================================ perl-Graphics-TIFF-6-1.fc26 (FEDORA-2017-df8f734c08) Perl extension for the LibTIFF library -------------------------------------------------------------------------------- Update Information: This fixes inserting LZW-compressed 8-bit TIFF images into PDF documents. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1378895 - 8-bpp TIFF images are broken in the resulting PDF document https://bugzilla.redhat.com/show_bug.cgi?id=1378895 [ 2 ] Bug #1476237 - Review Request: perl-Graphics-TIFF - Perl extension for the LibTIFF library https://bugzilla.redhat.com/show_bug.cgi?id=1476237 -------------------------------------------------------------------------------- ================================================================================ perl-Module-CoreList-5.20171120-1.fc26 (FEDORA-2017-436146f705) What modules are shipped with versions of perl -------------------------------------------------------------------------------- Update Information: This release provides data for Perl 5.27.6. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1515805 - perl-Module-CoreList-5.20171120 is available https://bugzilla.redhat.com/show_bug.cgi?id=1515805 -------------------------------------------------------------------------------- ================================================================================ perl-PDF-API2-2.033-2.fc26 (FEDORA-2017-df8f734c08) Perl module for creation and modification of PDF files -------------------------------------------------------------------------------- Update Information: This fixes inserting LZW-compressed 8-bit TIFF images into PDF documents. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1378895 - 8-bpp TIFF images are broken in the resulting PDF document https://bugzilla.redhat.com/show_bug.cgi?id=1378895 [ 2 ] Bug #1476237 - Review Request: perl-Graphics-TIFF - Perl extension for the LibTIFF library https://bugzilla.redhat.com/show_bug.cgi?id=1476237 -------------------------------------------------------------------------------- ================================================================================ php-pecl-memcached-3.0.4-1.fc26 (FEDORA-2017-48f0103c86) Extension to work with the Memcached caching daemon -------------------------------------------------------------------------------- Update Information: **Version 3.0.4** * Fix corrupted interned strings (#338) * Fix unit tests for compatibility with PHP 7.2 (#358, #359) * Fix \x0a in key name locks up connection and triggers a fatal timeout error (#339) * Fix missing optional parameter getStats($type) (#337) * Fix typo in skip message (#331) * Fix build warnings (329) * Document GET_EXTENDED flag, add/rename other missing/misnamed constants (#335) -------------------------------------------------------------------------------- ================================================================================ php-zendframework-zend-serializer-2.8.1-1.fc26 (FEDORA-2017-08fddfacd5) Zend Framework Serializer component -------------------------------------------------------------------------------- Update Information: **Version 2.8.1** - 2017-11-20 * **Fixed** - [#26](https://github.com/zendframework/zend-serializer/pull/26) Travis: Remove fast finish flag - [#32](https://github.com/zendframework/zend- serializer/pull/32) Travis: fix doctrine/instantiator on PHP-5.6 - [#27](https://github.com/zendframework/zend-serializer/pull/27) CS fixes for new coding standard - [#25](https://github.com/zendframework/zend- serializer/pull/25) Travis: Move coverage to latest-env to make composer.lock usefull again - [#30](https://github.com/zendframework/zend- serializer/issues/30) Fixed unserialize PythonPickle on big endian -------------------------------------------------------------------------------- ================================================================================ python-Mastodon-1.1.2-1.fc26 (FEDORA-2017-9c0f835e0b) Python wrapper for the Mastodon API -------------------------------------------------------------------------------- Update Information: 1.1.2, full Mastodon 2.0.0 support. -------------------------------------------------------------------------------- ================================================================================ python-linux-procfs-0.5.1-2.fc26 (FEDORA-2017-c175ed2195) Linux /proc abstraction classes -------------------------------------------------------------------------------- Update Information: python3-fication -------------------------------------------------------------------------------- ================================================================================ python-logzero-1.3.1-1.fc26 (FEDORA-2017-55e62b9e43) Robust and effective logging for Python 2 and 3 -------------------------------------------------------------------------------- Update Information: initial RPM package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1514100 - Review Request: python-logzero - Robust and effective logging for Python 2 and 3 https://bugzilla.redhat.com/show_bug.cgi?id=1514100 -------------------------------------------------------------------------------- ================================================================================ python-schedutils-0.6-2.fc26 (FEDORA-2017-8182a7622b) Linux scheduler python bindings -------------------------------------------------------------------------------- Update Information: python3-fication -------------------------------------------------------------------------------- ================================================================================ python-werkzeug-0.12.2-1.fc26 (FEDORA-2017-23c3f02995) The Swiss Army knife of Python web development -------------------------------------------------------------------------------- Update Information: Update to 0.12.2 which also fixes CVE-2016-10516 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1512103 - CVE-2016-10516 python-werkzeug: Cross-site scripting in render_full function in debug/tbtools.py [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1512103 [ 2 ] Bug #1291370 - python-werkzeug - Missing "python2-<module>" provide https://bugzilla.redhat.com/show_bug.cgi?id=1291370 [ 3 ] Bug #1372119 - python-werkzeug-0.12.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1372119 -------------------------------------------------------------------------------- ================================================================================ python-yourls-0.2.0-11.fc26 (FEDORA-2017-8a39d2b513) Simple Python client for the YOURLS URL shortener -------------------------------------------------------------------------------- Update Information: Provide a Python 3 subpackage -------------------------------------------------------------------------------- References: [ 1 ] Bug #1317888 - python-yourls: Provide a Python 3 subpackage https://bugzilla.redhat.com/show_bug.cgi?id=1317888 -------------------------------------------------------------------------------- ================================================================================ qt5-qtgamepad-5.9.2-1.fc26 (FEDORA-2017-cdd5bc16cd) Qt5 - Gamepad component -------------------------------------------------------------------------------- Update Information: Update to latest 5.9.2 release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1515922 - Mismatch version qt 5.9.2 vs qtgamepad 5.9.0 https://bugzilla.redhat.com/show_bug.cgi?id=1515922 -------------------------------------------------------------------------------- ================================================================================ samba-4.6.11-0.fc26 (FEDORA-2017-366046c758) Server and Client software to interoperate with Windows machines -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-14746 and CVE-2017-15275 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1511899 - CVE-2017-14746 samba: Use-after-free in processing SMB1 requests https://bugzilla.redhat.com/show_bug.cgi?id=1511899 [ 2 ] Bug #1512465 - CVE-2017-15275 samba: Server heap-memory disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1512465 -------------------------------------------------------------------------------- ================================================================================ selinux-policy-3.13.1-260.17.fc26 (FEDORA-2017-39e6a2f7e7) SELinux policy configuration -------------------------------------------------------------------------------- Update Information: More info: https://koji.fedoraproject.org/koji/buildinfo?buildID=1000028 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1508714 - Missing selinux file context for /usr/sbin/sln https://bugzilla.redhat.com/show_bug.cgi?id=1508714 [ 2 ] Bug #1444546 - SELinux is preventing php-fpm from 'execute' accesses on the file 2F616E6F6E5F6875676570616765202864656C6574656429. https://bugzilla.redhat.com/show_bug.cgi?id=1444546 [ 3 ] Bug #1512367 - SELinux is preventing logger from 'read' accesses on the lnk_file log. https://bugzilla.redhat.com/show_bug.cgi?id=1512367 [ 4 ] Bug #1487814 - SELinux is preventing chmod from 'setattr' accesses on the directory zapfding. https://bugzilla.redhat.com/show_bug.cgi?id=1487814 [ 5 ] Bug #1417584 - SELinux is preventing udev-add-printe from using the 'execmem' accesses on a process. https://bugzilla.redhat.com/show_bug.cgi?id=1417584 [ 6 ] Bug #1508712 - SELinux is preventing cat from 'getattr' accesses on the file /proc/sys/vm/dirty_bytes. https://bugzilla.redhat.com/show_bug.cgi?id=1508712 [ 7 ] Bug #1507191 - SELinux is preventing gssproxy from 'read' accesses on the file unix. https://bugzilla.redhat.com/show_bug.cgi?id=1507191 [ 8 ] Bug #1513518 - SELinux is preventing redis-server from 'write' accesses on the directory /tmp. https://bugzilla.redhat.com/show_bug.cgi?id=1513518 [ 9 ] Bug #1512500 - SELinux is preventing aide from 'write' accesses on the sock_file /var/lib/sss/pipes/nss. https://bugzilla.redhat.com/show_bug.cgi?id=1512500 [ 10 ] Bug #1479712 - None https://bugzilla.redhat.com/show_bug.cgi?id=1479712 [ 11 ] Bug #1512476 - SELinux is preventing sendmail from 'write' accesses on the sock_file system_bus_socket. https://bugzilla.redhat.com/show_bug.cgi?id=1512476 [ 12 ] Bug #1515095 - SELinux is preventing logger from 'read' accesses on the lnk_file log. https://bugzilla.redhat.com/show_bug.cgi?id=1515095 [ 13 ] Bug #1514350 - SELinux is preventing sh from 'execute' accesses on the file /usr/lib/locale/locale-archive. https://bugzilla.redhat.com/show_bug.cgi?id=1514350 [ 14 ] Bug #1414366 - avc: denied { search } for pid=3096 comm="spamassassin" name=".maildir" dev="dm-13" ino=13107213 scontext=system_u:system_r:spamc_t:s0 tcontext=unconfined_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=0 https://bugzilla.redhat.com/show_bug.cgi?id=1414366 [ 15 ] Bug #1474389 - SELinux is preventing tlp from 'write' accesses on the file lock_tlp. https://bugzilla.redhat.com/show_bug.cgi?id=1474389 -------------------------------------------------------------------------------- ================================================================================ squid-4.0.21-2.fc26 (FEDORA-2017-0f2e4b51f3) The Squid proxy caching server -------------------------------------------------------------------------------- Update Information: Fix for #1481195 ---- Squid update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1481195 - squid loses some REs when optimising ACLs. https://bugzilla.redhat.com/show_bug.cgi?id=1481195 [ 2 ] Bug #1467072 - squid-4.0.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1467072 -------------------------------------------------------------------------------- ================================================================================ supertuxkart-0.9.3-1.fc26 (FEDORA-2017-b8387919e9) Kids 3D go-kart racing game featuring Tux -------------------------------------------------------------------------------- Update Information: Update to 0.9.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1515238 - supertuxkart-0.9.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1515238 -------------------------------------------------------------------------------- ================================================================================ tig-2.3.0-1.fc26 (FEDORA-2017-43e8ccd4c9) Text-mode interface for the git revision control system -------------------------------------------------------------------------------- Update Information: Update to latest upstream version. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1514582 - tig-2.3.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1514582 -------------------------------------------------------------------------------- ================================================================================ tracker-1.12.4-1.fc26 (FEDORA-2017-aec2d4fde6) Desktop-neutral search tool and indexer -------------------------------------------------------------------------------- Update Information: tracker 1.12.4 release. * Backport fixes to prevent nie:url UNIQUE constraint issues. * Other warning and code correctness fixes. * Introspection fixes. -------------------------------------------------------------------------------- ================================================================================ transfig-3.2.6a-1.fc26 (FEDORA-2017-b0b4cc40c1) Utility for converting FIG files (made by xfig) to other formats -------------------------------------------------------------------------------- Update Information: Security fix for [CVE-2017-16899] -------------------------------------------------------------------------------- References: [ 1 ] Bug #1515695 - CVE-2017-16899 transfig: Array index error in the fig2dev program https://bugzilla.redhat.com/show_bug.cgi?id=1515695 -------------------------------------------------------------------------------- ================================================================================ vim-8.0.1322-1.fc26 (FEDORA-2017-892a16728c) The VIM editor -------------------------------------------------------------------------------- Update Information: The newest upstream commit -------------------------------------------------------------------------------- ================================================================================ xmms2-0.8-49.fc26 (FEDORA-2017-69b0ef3433) A modular audio framework and plugin architecture -------------------------------------------------------------------------------- Update Information: Replace non-free ogg file (with CC-BY licensed one). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1514878 - xmms2 included non-free contents. https://bugzilla.redhat.com/show_bug.cgi?id=1514878 -------------------------------------------------------------------------------- ================================================================================ zynaddsubfx-3.0.2-1.fc26 (FEDORA-2017-e7730b70c8) Real-time software synthesizer -------------------------------------------------------------------------------- Update Information: Long overdue update to 3.0.2. Refer to the project homepage for details http://zynaddsubfx.sourceforge.net/ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1305935 - Please update to new 2.5.3 https://bugzilla.redhat.com/show_bug.cgi?id=1305935 [ 2 ] Bug #1367420 - update 2.5.4 https://bugzilla.redhat.com/show_bug.cgi?id=1367420 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
