The following Fedora 27 Security updates need testing: Age URL 35 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2d4c9a6e37 monit-5.25.1-1.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d553b29a30 community-mysql-5.7.21-1.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4fabf63492 squid-4.0.23-2.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-be361f407a knot-resolver-1.5.3-1.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e4b025841e jackson-databind-2.7.6-8.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-0ad6e73ac0 w3m-0.5.3-36.git20180125.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5b2e981f14 mujs-0-11.20180129git25821e6.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bd651734da flatpak-0.10.3-1.fc27 The following Fedora 27 Critical Path updates have yet to be approved: Age URL 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-22e63cffa4 perl-threads-shared-1.58-1.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b77c61238c perl-threads-2.21-1.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-fbcc83aa97 grub2-2.02-22.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cda38a39cf libguestfs-1.37.36-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3c21305b93 analitza-17.12.1-2.fc27 calibre-3.12.0-2.fc27 deepin-tool-kit-0.3.3-4.fc27 dnscrypt-proxy-gui-1.11.11-2.fc27 gammaray-2.8.1-3.fc27 gsettings-qt-0-0.7.20170715bzr83.fc27 kf5-akonadi-server-17.12.1-2.fc27 kf5-frameworkintegration-5.42.0-2.fc27 kf5-kdeclarative-5.42.0-2.fc27 kf5-kwayland-5.42.0-2.fc27 kwin-5.11.5-2.fc27 libfm-qt-0.11.2-8.fc27 libqtxdg-2.0.0-8.fc27 lxqt-qtplugin-0.11.1-8.fc27 mscore-2.1.0-8.fc27 plasma-integration-5.11.5-2.fc27 postbooks-4.10.1-16.fc27 pyotherside-1.5.3-3.fc27 python-qt5-5.9.1-2.fc27 pythonqt-3.2-5.fc27 qgnomeplatform-0.3-6.fc27 qstardict-1.2-7.fc27 qt-creator-4.5.0-3.fc27.1 qt5-5.9.4-2.fc27 qt5-qt3d-5.9.4-1.fc27 qt5-qtbase-5.9.4-1.fc27 qt5-qtcanvas3d-5.9.4-1.fc27 qt5-qtcharts-5.9.4-1.fc27 qt5-qtconnectivity-5.9.4-1.fc27 qt5-qtdatavis3d-5.9.4-1.fc27 qt5-qtdeclarative-5.9.4-1.fc27 qt5-qtdoc-5.9.4-1.fc27 qt5-qtgamepad-5.9.4-1.fc27 qt5-qtgraphicaleffects-5.9.4-1.fc27 qt5-qtimageformats-5 .9.4-1.fc27 qt5-qtlocation-5.9.4-1.fc27 qt5-qtmultimedia-5.9.4-1.fc27 qt5-qtquickcontrols-5.9.4-1.fc27 qt5-qtquickcontrols2-5.9.4-1.fc27 qt5-qtremoteobjects-5.9.4-1.fc27 qt5-qtscript-5.9.4-1.fc27 qt5-qtscxml-5.9.4-1.fc27 qt5-qtsensors-5.9.4-1.fc27 qt5-qtserialport-5.9.4-1.fc27 qt5-qtspeech-5.9.4-2.fc27 qt5-qtstyleplugins-5.0.0-22.fc27 qt5-qtsvg-5.9.4-1.fc27 qt5-qttools-5.9.4-1.fc27 qt5-qttranslations-5.9.4-1.fc27 qt5-qtvirtualkeyboard-5.9.4-1.fc27 qt5-qtwayland-5.9.4-1.fc27 qt5-qtwebchannel-5.9.4-1.fc27 qt5-qtwebengine-5.10.0-2.fc27 qt5-qtwebkit-5.212.0-0.15.alpha2.fc27 qt5-qtwebsockets-5.9.4-1.fc27 qt5-qtwebview-5.9.4-1.fc27 qt5-qtx11extras-5.9.4-1.fc27 qt5-qtxmlpatterns-5.9.4-1.fc27 qt5ct-0.34-2.fc27 skrooge-2.10.5-2.fc27 ugene-1.28.1-2.fc27 xdg-desktop-portal-kde-5.11.5-2.fc27 yarock-1.3.0-2.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6ec9039c56 augeas-1.10.1-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f5af1e9e20 pcre-8.41-5.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-10c65d1442 redhat-rpm-config-70-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9856876fc9 krb5-1.15.2-5.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-69f6a81fa8 libsolv-0.6.31-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bd651734da flatpak-0.10.3-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a144eca5a8 selinux-policy-3.13.1-283.24.fc27 The following builds have been pushed to Fedora 27 updates-testing 389-ds-base-1.3.7.9-1.fc27 autofs-5.1.4-5.fc27 clamav-0.99.3-3.fc27 clementine-1.3.1-20.fc27 composer-1.6.3-1.fc27 freeipa-4.6.3-1.fc27 gnome-builder-3.26.4-1.fc27 kernel-4.14.16-300.fc27 libabigail-1.1-1.fc27 libdazzle-3.26.3-1.fc27 libssh-0.7.5-6.fc27 mozilla-noscript-10.1.6.4-1.fc27 mozilla-ublock-origin-1.14.24-1.fc27 onionshare-1.2-1.fc27 openssh-7.6p1-4.fc27 pcre2-10.30-6.fc27 perl-Lingua-EN-Inflect-Phrase-0.19-1.fc27 perl-List-UtilsBy-0.11-1.fc27 php-composer-spdx-licenses-1.3.0-1.fc27 php-phpunit-PHPUnit-5.7.27-1.fc27 php-zendframework-zend-permissions-rbac-2.6.0-1.fc27 php-zendframework-zend-session-2.8.4-1.fc27 postfix-3.2.5-1.fc27 python-cassandra-driver-3.13.0-1.fc27 python-fedora-0.10.0-1.fc27 python3-3.6.4-7.fc27 qdigidoc-3.13.4-1.fc27 qupzilla-2.2.5-2.fc27 rpm-4.14.1-1.fc27 rpmgrill-0.32-2.fc27 sox-14.4.2.0-16.fc27 stellarium-0.17.0-2.fc27 tig-2.3.3-1.fc27 tomcat-native-1.2.16-1.fc27 vim-8.0.1451-1.fc27 weechat-2.0.1-1.fc27 Details about builds: ================================================================================ 389-ds-base-1.3.7.9-1.fc27 (FEDORA-2018-3d60a6932b) 389 Directory Server (base) -------------------------------------------------------------------------------- Update Information: Bump version to 1.3.7.9 -------------------------------------------------------------------------------- ================================================================================ autofs-5.1.4-5.fc27 (FEDORA-2017-eda74692fc) A tool for automatically mounting and unmounting filesystems -------------------------------------------------------------------------------- Update Information: - fix use after free in do_master_list_reset(). ---- - this release (5.1.4) fixes a couple of regressions in 5.1.3. - it also improves the network not available at startup problem that users have seen. - fix deadlock in dumpmaps and some amd map handling problems. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1523866 - autofs with NIS logs add_host_addrs: hostname lookup failed: Name or service not known/No address associated with hostname https://bugzilla.redhat.com/show_bug.cgi?id=1523866 [ 2 ] Bug #1514506 - -D variable expansion broken on 1:5.1.3-4.fc27 https://bugzilla.redhat.com/show_bug.cgi?id=1514506 [ 3 ] Bug #1409103 - autofs cannot mount samba/cifs shares that end with a dollar sign https://bugzilla.redhat.com/show_bug.cgi?id=1409103 [ 4 ] Bug #1500027 - Drop preventing bind mounts when port is specified https://bugzilla.redhat.com/show_bug.cgi?id=1500027 [ 5 ] Bug #698449 - [RFE] Add optional nss map read retries https://bugzilla.redhat.com/show_bug.cgi?id=698449 -------------------------------------------------------------------------------- ================================================================================ clamav-0.99.3-3.fc27 (FEDORA-2018-93724354e4) End-user tools for the Clam Antivirus scanner -------------------------------------------------------------------------------- Update Information: - add systemctl daemon-reload (temporally) - Fix and organize systemd scriptlets, clamd@.service missed systemd_preun_macro and had a wrong systemd_postun_with_restart - Remove triggerin macros that aren't need it anymore - Fix scriplet - Organize startup scriptlets - Exclude one file listed twice -------------------------------------------------------------------------------- References: [ 1 ] Bug #1540100 - clamav-milter fails to restart after update https://bugzilla.redhat.com/show_bug.cgi?id=1540100 -------------------------------------------------------------------------------- ================================================================================ clementine-1.3.1-20.fc27 (FEDORA-2018-d653a3b2f5) A music player and library organizer -------------------------------------------------------------------------------- Update Information: - bugfix: crash on exit - bugfix: crash on search in internet/spotify tab -------------------------------------------------------------------------------- References: [ 1 ] Bug #1512179 - [abrt] clementine: GioLister::FindUniqueIdByMount(): clementine killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1512179 [ 2 ] Bug #1528667 - [abrt] clementine: GioLister::FindUniqueIdByMount(): clementine killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1528667 [ 3 ] Bug #1529136 - [abrt] clementine: GioLister::FindUniqueIdByMount(): clementine killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1529136 [ 4 ] Bug #1533019 - [abrt] clementine: GioLister::FindUniqueIdByMount(): clementine killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1533019 [ 5 ] Bug #1540663 - [abrt] clementine: QStandardItem::index(): clementine killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1540663 -------------------------------------------------------------------------------- ================================================================================ composer-1.6.3-1.fc27 (FEDORA-2018-efcf7bd77d) Dependency Manager for PHP -------------------------------------------------------------------------------- Update Information: **composer/spdx-licenses 1.3.0**- 2018-01-31 * Added: `SpdxLicenses::getLicenses` to get the whole list of methods. * Changed: license identifiers are now case insensitive. ---- **composer 1.6.3** - 2018-01-31 * Fixed GitLab downloads failing in some edge cases * Fixed ctrl-C handling during create-project * Fixed GitHub VCS repositories not prompting for a token in some conditions * Fixed SPDX license identifiers being case sensitive * Fixed and clarified a few dependency resolution error reporting strings * Fixed SVN commit log fetching in verbose mode when using private repositories -------------------------------------------------------------------------------- ================================================================================ freeipa-4.6.3-1.fc27 (FEDORA-2018-787ba41890) The Identity, Policy and Audit system -------------------------------------------------------------------------------- Update Information: Update to upstream 4.6.3 For details see https://www.freeipa.org/page/Releases/4.6.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1452866 - FreeIPA upgrade script requires network to be up, but network is not up during upgrade when using dnf system-upgrade https://bugzilla.redhat.com/show_bug.cgi?id=1452866 [ 2 ] Bug #1535901 - freeipa-client should not install python2 dependencies https://bugzilla.redhat.com/show_bug.cgi?id=1535901 -------------------------------------------------------------------------------- ================================================================================ gnome-builder-3.26.4-1.fc27 (FEDORA-2018-59c1c209d3) IDE for writing GNOME-based software -------------------------------------------------------------------------------- Update Information: gnome-builder 3.26.4 release, together with required libdazzle update. Changes in gnome-builder 3.26.4: * A number of correctness and memory leaks were fixed in the semantic highlighter, project tree, clang, rustup, vala-pack, code- index, config manager and configs, and git. * The meson plugin now uses "meson" "introspect" instead of the legacy "mesonintrospect" utility. * Fixes for deprecated API usage in Gtk+. * Block selection has been fixed in the terminal plugin. * Postbuild support in configurations was fixed to no longer run prebuild commands a second time. * The flatpak plugin now passes --command to build-finish. This fixes an issue where the wrong binary would get activated when exporting a project. * Fixes for -Wincompatible-pointer-type changes from recently upstreamed type propagation in g_object_ref(). Changes in libdazzle 3.26.3: * A number of fixes to DzlSignalGroup to be more re-entrant safe and handle disposal cycles better. * DzlPreferences is more aggressive about protecting against widget disposal. * A static inline dzl_clear_signal_handler() was backported for use in other backports from master. * A number of protections were added to DzlDirectoryReaper to protect against potentially following through symlinks. * Max age in DzlDirectoryReaper was changed to always ensure a positive value for use in date comparisons. * A leak of GFile instances in the directory reaper was fixed. -------------------------------------------------------------------------------- ================================================================================ kernel-4.14.16-300.fc27 (FEDORA-2018-d09a73ce72) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 4.14.16 stable kernel update contains a number of important fixes across the tree. ---- The 4.14.15-301 update reverts the retpoline VERMAGIC ABI change for modules. ---- The 4.14.15 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1492664 - kernel: Soft lockup in warn_alloc https://bugzilla.redhat.com/show_bug.cgi?id=1492664 [ 2 ] Bug #1539706 - CVE-2018-5750 kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass https://bugzilla.redhat.com/show_bug.cgi?id=1539706 [ 3 ] Bug #1535315 - CVE-2018-1000004 kernel: Race condition in sound system can lead to denial of service https://bugzilla.redhat.com/show_bug.cgi?id=1535315 -------------------------------------------------------------------------------- ================================================================================ libabigail-1.1-1.fc27 (FEDORA-2018-dec5fdbd43) Set of ABI analysis tools -------------------------------------------------------------------------------- Update Information: Update to upstream 1.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1532670 - in compare_dies at: abg-dwarf-reader.cc:11423 https://bugzilla.redhat.com/show_bug.cgi?id=1532670 -------------------------------------------------------------------------------- ================================================================================ libdazzle-3.26.3-1.fc27 (FEDORA-2018-59c1c209d3) Experimental new features for GTK+ and GLib -------------------------------------------------------------------------------- Update Information: gnome-builder 3.26.4 release, together with required libdazzle update. Changes in gnome-builder 3.26.4: * A number of correctness and memory leaks were fixed in the semantic highlighter, project tree, clang, rustup, vala-pack, code- index, config manager and configs, and git. * The meson plugin now uses "meson" "introspect" instead of the legacy "mesonintrospect" utility. * Fixes for deprecated API usage in Gtk+. * Block selection has been fixed in the terminal plugin. * Postbuild support in configurations was fixed to no longer run prebuild commands a second time. * The flatpak plugin now passes --command to build-finish. This fixes an issue where the wrong binary would get activated when exporting a project. * Fixes for -Wincompatible-pointer-type changes from recently upstreamed type propagation in g_object_ref(). Changes in libdazzle 3.26.3: * A number of fixes to DzlSignalGroup to be more re-entrant safe and handle disposal cycles better. * DzlPreferences is more aggressive about protecting against widget disposal. * A static inline dzl_clear_signal_handler() was backported for use in other backports from master. * A number of protections were added to DzlDirectoryReaper to protect against potentially following through symlinks. * Max age in DzlDirectoryReaper was changed to always ensure a positive value for use in date comparisons. * A leak of GFile instances in the directory reaper was fixed. -------------------------------------------------------------------------------- ================================================================================ libssh-0.7.5-6.fc27 (FEDORA-2018-513481e672) A library implementing the SSH protocol -------------------------------------------------------------------------------- Update Information: Build against OpenSSL 1.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1540021 - libssh still links against obsolete openssl 1.0 causing problem if used from apps that link with modern openssl 1.1 https://bugzilla.redhat.com/show_bug.cgi?id=1540021 -------------------------------------------------------------------------------- ================================================================================ mozilla-noscript-10.1.6.4-1.fc27 (FEDORA-2018-38e30f78d4) JavaScript white list extension for Mozilla Firefox -------------------------------------------------------------------------------- Update Information: **NOTE:** All packaged Firefox add-ons are affected by Firefox bug fedora#1508827 . A workaround is provided in the bug report. Please do not give negative karma just because of that bug. **Fedora changes:** The package is now split into three. Firefox WebExtension (`firefox-noscript`) and SeaMonkey legacy XPI Extension (`seamonkey-noscript`) while the main package (`mozilla- noscript`) became a metapackage and requires both. You can uninstall the one you're not using along with the metapackage. **Upstream changes:** * Fixed race condition on XSS filter first load * Fixed duplicate entries in UI on page reloads (thanks 8-bit for reporting) * Spinner for long sites lists in Options page * Removed obsolete work-around for accidental TRUSTED preset wiping * [UI] Fixed clicking on capability's label doesn't toggle the related checkbox (thanks dhouwn and olf for reporting) * [XSS] Fixed false positives on badly encoded URLs (thanks sage11 for reporting) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1539464 - mozilla-noscript-10.1.6.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1539464 -------------------------------------------------------------------------------- ================================================================================ mozilla-ublock-origin-1.14.24-1.fc27 (FEDORA-2018-48949b312e) An efficient blocker for Firefox -------------------------------------------------------------------------------- Update Information: **NOTE:** All packaged Firefox add-ons are affected by Firefox bug fedora#1508827 . A workaround is provided in the bug report. Please do not give negative karma just because of that bug. Emergency fix for "[Cannot full support Domain restrictive Inverse type options](https://github.com/nikrolls /uBlock-Edge/issues/101)". -------------------------------------------------------------------------------- ================================================================================ onionshare-1.2-1.fc27 (FEDORA-2018-d77cdc7aae) Securely and anonymously share files of any size -------------------------------------------------------------------------------- Update Information: Update to 1.2 -------------------------------------------------------------------------------- ================================================================================ openssh-7.6p1-4.fc27 (FEDORA-2018-061197def5) An open source implementation of SSH protocol version 2 -------------------------------------------------------------------------------- Update Information: This update brings some of the fixes from rawhide, mostly related to audit messages. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1524392 - sshd dies with "fatal: privsep_preauth: preauth child terminated by signal 31" https://bugzilla.redhat.com/show_bug.cgi?id=1524392 [ 2 ] Bug #1534577 - None https://bugzilla.redhat.com/show_bug.cgi?id=1534577 -------------------------------------------------------------------------------- ================================================================================ pcre2-10.30-6.fc27 (FEDORA-2018-d81fb8369e) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This releases fixes auto-possessification at the end of a capturing group that is called recursively. -------------------------------------------------------------------------------- ================================================================================ perl-Lingua-EN-Inflect-Phrase-0.19-1.fc27 (FEDORA-2018-0a52a9979c) Inflect short English Phrases -------------------------------------------------------------------------------- Update Information: Updated to the latest version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1540772 - perl-Lingua-EN-Inflect-Phrase-0.19 is available https://bugzilla.redhat.com/show_bug.cgi?id=1540772 -------------------------------------------------------------------------------- ================================================================================ perl-List-UtilsBy-0.11-1.fc27 (FEDORA-2018-d7e0e168f6) Higher-order list utility functions -------------------------------------------------------------------------------- Update Information: Upstream update. -------------------------------------------------------------------------------- ================================================================================ php-composer-spdx-licenses-1.3.0-1.fc27 (FEDORA-2018-efcf7bd77d) SPDX licenses list and validation library -------------------------------------------------------------------------------- Update Information: **composer/spdx-licenses 1.3.0**- 2018-01-31 * Added: `SpdxLicenses::getLicenses` to get the whole list of methods. * Changed: license identifiers are now case insensitive. ---- **composer 1.6.3** - 2018-01-31 * Fixed GitLab downloads failing in some edge cases * Fixed ctrl-C handling during create-project * Fixed GitHub VCS repositories not prompting for a token in some conditions * Fixed SPDX license identifiers being case sensitive * Fixed and clarified a few dependency resolution error reporting strings * Fixed SVN commit log fetching in verbose mode when using private repositories -------------------------------------------------------------------------------- ================================================================================ php-phpunit-PHPUnit-5.7.27-1.fc27 (FEDORA-2018-7fb71e2cc0) The PHP Unit Testing framework -------------------------------------------------------------------------------- Update Information: **Version 5.7.27** - 2018-02-01 * **Fixed** * Fixed [#2236](https://github.com/sebastianbergmann/phpunit/issues/2236): Exceptions in `tearDown()` do not affect `getStatus()` * Fixed [#2950](https://github.com/sebastianbergmann/phpunit/issues/2950): Class extending `PHPUnit\Framework\TestSuite` does not extend `PHPUnit\FrameworkTestCase` * Fixed [#2972](https://github.com/sebastianbergmann/phpunit/issues/2972): PHPUnit crashes when test suite contains both `.phpt` files and unconventionally named tests -------------------------------------------------------------------------------- ================================================================================ php-zendframework-zend-permissions-rbac-2.6.0-1.fc27 (FEDORA-2018-e9b619f0de) Zend Framework Permissions/Rbac component -------------------------------------------------------------------------------- Update Information: **Version 2.6.0** - 2018-02-01 * **Added** - [#12](https://github.com/zendframework/zend-permissions-rbac/pull/12) adds and publishes the documentation to https://zendframework.github.io/zend-permissions- rbac/ - [#23](https://github.com/zendframework/zend-permissions- rbac/pull/23) adds support for multiple parent roles, fixing an issue with reverse traversal of the inheritance tree. To accomplish this, the method `addParent($parent)` was added, and the method `getParent()` now can also return an array of roles. - [#31](https://github.com/zendframework/zend- permissions-rbac/pull/31) adds support for PHP 7.2. * **Deprecated** - [#23](https://github.com/zendframework/zend-permissions-rbac/pull/23) deprecates the method `setParent()`. Use `addParent()` instead. * **Removed** - [#29](https://github.com/zendframework/zend-permissions-rbac/pull/29) removes support for PHP 5.5. - [#29](https://github.com/zendframework/zend- permissions-rbac/pull/29) removes support for HHVM. * **Fixed** - [#21](https://github.com/zendframework/zend-permissions-rbac/pull/21) fixes dynamic assertion checking, adding the AND with permission. -------------------------------------------------------------------------------- ================================================================================ php-zendframework-zend-session-2.8.4-1.fc27 (FEDORA-2018-18ace4aad8) Zend Framework Session component -------------------------------------------------------------------------------- Update Information: **Version 2.8.4** - 2018-01-31 * **Fixed** - [#107](https://github.com/zendframework/zend-session/pull/107) fixes an error raised by `ini_set()` within `SessionConfig::setStorageOption()` that occurs for certain INI values that cannot be set if the session is active. When this situation occurs, the class performs a `session_write_close()`, sets the new INI value, and then restarts the session. As such, we recommend that you either set production INI values in your production `php.ini`, and/or always pass your fully configured session manager to container instances you create. - [#105](https://github.com/zendframework/zend-session/pull/105) fixes an edge case whereby if the special `__ZF` session value is a non-array value, initializing the session would result in errors. - [#102](https://github.com/zendframework/zend-session/pull/102) fixes an issue introduced with 2.8.0 with `AbstractContainer::offsetGet`. Starting in 2.8.0, if the provided `$key` did not exist, the method would raise an error regarding an invalid variable reference; this release provides a fix that resolves that issue. -------------------------------------------------------------------------------- ================================================================================ postfix-3.2.5-1.fc27 (FEDORA-2018-f55a7b22bf) Postfix Mail Transport Agent -------------------------------------------------------------------------------- Update Information: This is new version of postfix for details see upstream announcement: http://www.postfix.org/announcements/postfix-3.2.5.html -------------------------------------------------------------------------------- References: [ 1 ] Bug #1539465 - postfix-3.2.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1539465 -------------------------------------------------------------------------------- ================================================================================ python-cassandra-driver-3.13.0-1.fc27 (FEDORA-2018-6186649499) Python driver for Apache Cassandra -------------------------------------------------------------------------------- Update Information: New upstream version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1540572 - python-cassandra-driver-3.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1540572 -------------------------------------------------------------------------------- ================================================================================ python-fedora-0.10.0-1.fc27 (FEDORA-2018-e9ecb9db3d) Python modules for talking to Fedora Infrastructure Services -------------------------------------------------------------------------------- Update Information: Rebase to upstream 0.10.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1481210 - spec file points to URL: https://fedorahosted.org/python-fedora/ https://bugzilla.redhat.com/show_bug.cgi?id=1481210 [ 2 ] Bug #1540970 - python-fedora-0.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1540970 -------------------------------------------------------------------------------- ================================================================================ python3-3.6.4-7.fc27 (FEDORA-2018-0910fcb732) Interpreter of the Python programming language -------------------------------------------------------------------------------- Update Information: Define TLS cipher suite on build time. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1489816 - python: Utilize system-wide crypto-policies https://bugzilla.redhat.com/show_bug.cgi?id=1489816 -------------------------------------------------------------------------------- ================================================================================ qdigidoc-3.13.4-1.fc27 (FEDORA-2018-569f4b05f7) Estonian digital signature application -------------------------------------------------------------------------------- Update Information: 3.13 release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1519749 - Review request: qdigidoc - Estonian digital signature application https://bugzilla.redhat.com/show_bug.cgi?id=1519749 -------------------------------------------------------------------------------- ================================================================================ qupzilla-2.2.5-2.fc27 (FEDORA-2018-a1543d921b) Modern web browser -------------------------------------------------------------------------------- Update Information: This update fixes the tab loading animation not stopping on some websites when using QtWebEngine 5.10.0 (see https://github.com/QupZilla/qupzilla/issues/2479 and https://bugreports.qt.io/browse/QTBUG-65223). The upstream QupZilla 2.2.4 and 2.2.5 releases already contain a workaround for this issue, but that workaround was not actually enabled on Fedora in the qupzilla-2.2.5-1.fc27 package, because upstream enabled it only if the Qt version is 5.10.0, but we ship only QtWebEngine 5.10.0, Qt is still 5.9.x LTS. This update enables the workaround unconditionally. -------------------------------------------------------------------------------- ================================================================================ rpm-4.14.1-1.fc27 (FEDORA-2018-cf91c45f15) The RPM package management system -------------------------------------------------------------------------------- Update Information: This updates rpm to the latest stable upstream version, with bugfixes across the board but in particular, several file trigger bugs have been addressed in this version. For further details, see the upstream release notes: http://rpm.org/wiki/Releases/4.14.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1514608 - Package installation fails with "cpio: open" error https://bugzilla.redhat.com/show_bug.cgi?id=1514608 [ 2 ] Bug #1502134 - rpm: misleading error message when fs is ro https://bugzilla.redhat.com/show_bug.cgi?id=1502134 [ 3 ] Bug #1514190 - Installation of intelpython3 2018.1 fails with an rpm error https://bugzilla.redhat.com/show_bug.cgi?id=1514190 [ 4 ] Bug #1518120 - find-debuginfo.sh gets _smp_mflags but doesn't support "--jobs N" (only "-jN" and "-j N") https://bugzilla.redhat.com/show_bug.cgi?id=1518120 [ 5 ] Bug #1533092 - Non-existent %ghost files cause verification failure https://bugzilla.redhat.com/show_bug.cgi?id=1533092 [ 6 ] Bug #1514085 - %transfiletriggerpostun scriptlet is not called for some packages https://bugzilla.redhat.com/show_bug.cgi?id=1514085 -------------------------------------------------------------------------------- ================================================================================ rpmgrill-0.32-2.fc27 (FEDORA-2018-7ca2c0cdc5) A utility for catching problems in koji builds -------------------------------------------------------------------------------- Update Information: bz1520003 - Do not hard require clamav-data -------------------------------------------------------------------------------- References: [ 1 ] Bug #1520003 - minimal .spec file change to assist lessening load https://bugzilla.redhat.com/show_bug.cgi?id=1520003 -------------------------------------------------------------------------------- ================================================================================ sox-14.4.2.0-16.fc27 (FEDORA-2018-ec93095a73) A general purpose sound file conversion tool -------------------------------------------------------------------------------- Update Information: Security fix for **CVE-2017-15372**, **CVE-2017-15642**. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1510923 - CVE-2017-15642 sox: Use-after-free in lsx_aiffstartread https://bugzilla.redhat.com/show_bug.cgi?id=1510923 [ 2 ] Bug #1510919 - CVE-2017-15372 sox: Stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function https://bugzilla.redhat.com/show_bug.cgi?id=1510919 -------------------------------------------------------------------------------- ================================================================================ stellarium-0.17.0-2.fc27 (FEDORA-2018-e5e0565578) Photo-realistic nightsky renderer -------------------------------------------------------------------------------- Update Information: Fix for lunar eclipse crash. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1540708 - Crash when viewing the moon during a lunar eclipse https://bugzilla.redhat.com/show_bug.cgi?id=1540708 -------------------------------------------------------------------------------- ================================================================================ tig-2.3.3-1.fc27 (FEDORA-2018-5ebb40033c) Text-mode interface for the git revision control system -------------------------------------------------------------------------------- Update Information: Update to version 2.3.3, which includes several bug fixes. See the release notes at https://jonas.github.io/tig/NEWS.html. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1527726 - tig-2.3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1527726 -------------------------------------------------------------------------------- ================================================================================ tomcat-native-1.2.16-1.fc27 (FEDORA-2018-7b1517bc6e) Tomcat native library -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-15698 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1540824 - CVE-2017-15698 tomcat-native: Mishandling of client certificates can allow for OCSP check bypass https://bugzilla.redhat.com/show_bug.cgi?id=1540824 -------------------------------------------------------------------------------- ================================================================================ vim-8.0.1451-1.fc27 (FEDORA-2018-47ddc23a7d) The VIM editor -------------------------------------------------------------------------------- Update Information: The newest upstream commit -------------------------------------------------------------------------------- ================================================================================ weechat-2.0.1-1.fc27 (FEDORA-2018-34478437ac) Portable, fast, light and extensible IRC client -------------------------------------------------------------------------------- Update Information: Update to 2.0.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1528100 - weechat-2.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1528100 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
