The following Fedora 27 Security updates need testing: Age URL 49 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2d4c9a6e37 monit-5.25.1-1.fc27 21 https://bodhi.fedoraproject.org/updates/FEDORA-2018-be361f407a knot-resolver-1.5.3-1.fc27 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-969328b17c jhead-3.00-7.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5562b6e2c0 golang-1.9.4-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b22d46eabb libvirt-3.7.0-4.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9d6a122887 sblim-sfcb-1.4.9-9.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c101bc4a93 exim-4.90.1-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-da6f76b446 mupdf-1.12.0-5.fc27 The following Fedora 27 Critical Path updates have yet to be approved: Age URL 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3082496e05 pungi-4.1.22-2.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c46fa8e392 perl-5.26.1-403.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-17cc6eb403 mesa-17.3.3-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-fdb6b936e4 nss-3.35.0-1.1.fc27 nss-softokn-3.35.0-1.0.fc27 nss-util-3.35.0-1.0.fc27 nspr-4.18.0-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d73421f7e6 pcre2-10.31-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c9b5e3f68c libguestfs-1.38.0-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d89e5bb152 gcab-1.1-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-380eff4288 kernel-4.15.3-300.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-03fdf95310 glusterfs-3.12.6-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b22d46eabb libvirt-3.7.0-4.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b9f662dec5 iproute-4.15.0-1.fc27 The following builds have been pushed to Fedora 27 updates-testing cacti-1.1.35-1.fc27 fedpkg-1.31-5.fc27 firefox-58.0.2-1.fc27 fwupd-1.0.5-1.fc27 greybird-3.22.6-1.fc27 htop-2.1.0-1.fc27 ima-evm-utils-1.0-3.fc27 lzip-1.20-1.fc27 man-pages-fr-3.70-11.fc27 microdns-0.0.8-1.fc27 mingw-OpenEXR-2.2.0-7.fc27 nwipe-0.24-2.fc27 php-justinrainbow-json-schema5-5.2.7-1.fc27 php-zendframework-zend-paginator-2.8.1-1.fc27 pnmixer-0.7.2-1.fc27 podman-0.2-3.git3d0100b.fc27 python-hexdump-3.4-0.2.20160818hg66325cb5fed8.fc27 python-pypandoc-1.4-1.fc27 python37-3.7.0-0.8.b1.fc27 qesteidutil-3.12.10-2.fc27 qt5-qtbase-5.9.4-4.fc27 rubygem-mustermann-1.0.1-1.fc27 rust-base100-0.4.1-4.fc27 sirikali-1.3.3-1.fc27 sssd-1.16.0-7.fc27 suricata-4.0.4-1.fc27 vdr-epg-daemon-1.1.134-1.fc27 xtide-2.15.1-5.fc27 zziplib-0.13.68-1.fc27 Details about builds: ================================================================================ cacti-1.1.35-1.fc27 (FEDORA-2018-9d4f9b0265) An rrd based graphing tool -------------------------------------------------------------------------------- Update Information: - Update to 1.1.35 Release notes: https://www.cacti.net/release_notes.php?version=1.1.35 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1544580 - cacti-1.1.35 is available https://bugzilla.redhat.com/show_bug.cgi?id=1544580 -------------------------------------------------------------------------------- ================================================================================ fedpkg-1.31-5.fc27 (FEDORA-2018-61b15c86cb) Fedora utility for working with dist-git -------------------------------------------------------------------------------- Update Information: fix broken syntax in bash completion -------------------------------------------------------------------------------- References: [ 1 ] Bug #1544133 - fedpkg update from 1.30-4 to 1.31-1 broke bash completion https://bugzilla.redhat.com/show_bug.cgi?id=1544133 -------------------------------------------------------------------------------- ================================================================================ firefox-58.0.2-1.fc27 (FEDORA-2018-8fb4a6185e) Mozilla Firefox Web browser -------------------------------------------------------------------------------- Update Information: Update to latest upstream stable version. For changes see: https://www.mozilla.org/en-US/firefox/58.0.2/releasenotes/ -------------------------------------------------------------------------------- ================================================================================ fwupd-1.0.5-1.fc27 (FEDORA-2018-11fbc105f1) Firmware update daemon -------------------------------------------------------------------------------- Update Information: New upstream release - Be more careful deleting and modifying device history - Fix crasher with MST flashing - Fix DFU detach with newer releases of libusb - Offer to reboot when processing an offline update - Show the user a URL when they report a known problem - Stop matching 8bitdo DS4 controller VID/PID - Support split cabinet archives as produced by Windows Update -------------------------------------------------------------------------------- ================================================================================ greybird-3.22.6-1.fc27 (FEDORA-2018-49cce96a66) A clean minimalistic theme for Xfce, GTK+ 2 and 3 -------------------------------------------------------------------------------- Update Information: update to 3.22.6 -------------------------------------------------------------------------------- ================================================================================ htop-2.1.0-1.fc27 (FEDORA-2018-e6e002cdbf) Interactive process viewer -------------------------------------------------------------------------------- Update Information: - Update to 2.1.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1541785 - Fedora does not install a ".desktop" file for htop. https://bugzilla.redhat.com/show_bug.cgi?id=1541785 -------------------------------------------------------------------------------- ================================================================================ ima-evm-utils-1.0-3.fc27 (FEDORA-2018-cc855fc149) IMA/EVM support utilities -------------------------------------------------------------------------------- Update Information: Add OpenSSL 1.1 API support for the package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1541274 - still uses compat-openssl10-1.0.2m-1.fc27.x86_64 https://bugzilla.redhat.com/show_bug.cgi?id=1541274 -------------------------------------------------------------------------------- ================================================================================ lzip-1.20-1.fc27 (FEDORA-2018-aaec5c5504) LZMA compressor with integrity checking -------------------------------------------------------------------------------- Update Information: 1.20 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1545471 - lzip-1.20 is available https://bugzilla.redhat.com/show_bug.cgi?id=1545471 -------------------------------------------------------------------------------- ================================================================================ man-pages-fr-3.70-11.fc27 (FEDORA-2018-e20544f2ad) French version of the Linux man-pages -------------------------------------------------------------------------------- Update Information: Fix invalid license tag in man-pages-fr -------------------------------------------------------------------------------- References: [ 1 ] Bug #1524074 - Invalid license in man-pages-fr https://bugzilla.redhat.com/show_bug.cgi?id=1524074 -------------------------------------------------------------------------------- ================================================================================ microdns-0.0.8-1.fc27 (FEDORA-2018-1a15d7bad0) Minimal mDNS resolver and announcer library -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1545347 - Review Request: microdns - Minimal mDNS resolver and announcer library https://bugzilla.redhat.com/show_bug.cgi?id=1545347 -------------------------------------------------------------------------------- ================================================================================ mingw-OpenEXR-2.2.0-7.fc27 (FEDORA-2018-b152c791cc) MinGW Windows OpenEXR library -------------------------------------------------------------------------------- Update Information: This update fixes the following vulnerabilities: CVE-2017-9110 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 CVE-2017-9116 CVE-2017-12596 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1483880 - CVE-2017-12596 OpenEXR: heap-based buffer over-read in hufDecode function https://bugzilla.redhat.com/show_bug.cgi?id=1483880 [ 2 ] Bug #1455526 - CVE-2017-9110 OpenEXR: Out-of-bounds read in the hufDecode function https://bugzilla.redhat.com/show_bug.cgi?id=1455526 -------------------------------------------------------------------------------- ================================================================================ nwipe-0.24-2.fc27 (FEDORA-2018-b1d7267faf) Securely erase disks using a variety of recognized methods -------------------------------------------------------------------------------- Update Information: bugfix update to upstream release 0.24 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1523430 - nwipe-0.24 is available https://bugzilla.redhat.com/show_bug.cgi?id=1523430 -------------------------------------------------------------------------------- ================================================================================ php-justinrainbow-json-schema5-5.2.7-1.fc27 (FEDORA-2018-57841fe042) A library to validate a json schema -------------------------------------------------------------------------------- Update Information: **Version 5.2.7** * 495 Backports from 6.0 * 462 Typo fix * 465 override new phpcs rule (#465) * 466 Use PHPUnit\Framework\TestCase instead of PHPUnit_Framework_TestCase * 489 Remove unused parameter * 488 Remove unused private method * 479 No need to specify path to bin directory * 487 Use more appropriate assertions * 486 Remove unused argument from method call * 485 Case mismatch * 483 Consistently indent with 2 spaces * 481 Add PHP 7.2 to build matrix * 480 No need to update composer itself * 477 Implicitly enable no_unused_imports fixer * 478 Remove unused argument * 490 Keep rules sorted in .php_cs.dist * 494 Apply defaults in $ref'ed property / item definitions -------------------------------------------------------------------------------- ================================================================================ php-zendframework-zend-paginator-2.8.1-1.fc27 (FEDORA-2018-2ca46a57ee) Zend Framework Paginator component -------------------------------------------------------------------------------- Update Information: **Version 2.8.1** - 2018-01-30 * **Fixed** - [#45](https://github.com/zendframework/zend-paginator/pull/45) fixes an error in the `DbSelectFactory` whereby it ignored the fourth option passed via `$options`, which can be used to specify a zend-db `Select` instance for purposes of counting the rows that will be returned. -------------------------------------------------------------------------------- ================================================================================ pnmixer-0.7.2-1.fc27 (FEDORA-2018-1112254c43) Lightweight mixer applet -------------------------------------------------------------------------------- Update Information: - update to latest upstream release 0.7.2 - switch to gtk+-3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1532950 - [abrt] pnmixer: snd_mixer_elem_set_callback(): pnmixer killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1532950 [ 2 ] Bug #1483193 - [abrt] pnmixer: snd_hctl_name(): pnmixer killed by signal 6 https://bugzilla.redhat.com/show_bug.cgi?id=1483193 [ 3 ] Bug #1483190 - [abrt] pnmixer: snd_mixer_detach(): pnmixer killed by signal 11 https://bugzilla.redhat.com/show_bug.cgi?id=1483190 [ 4 ] Bug #1295139 - uptate 0.7.2 https://bugzilla.redhat.com/show_bug.cgi?id=1295139 -------------------------------------------------------------------------------- ================================================================================ podman-0.2-3.git3d0100b.fc27 (FEDORA-2018-b3fc28f4fe) Manage Pods, Containers and Container Images -------------------------------------------------------------------------------- Update Information: Added dep for atomic-registries -------------------------------------------------------------------------------- ================================================================================ python-hexdump-3.4-0.2.20160818hg66325cb5fed8.fc27 (FEDORA-2018-6fccd3a086) Dump binary data to hex format and restore from there -------------------------------------------------------------------------------- Update Information: New package description: Python library to dump binary data to hex format and restore from there -------------------------------------------------------------------------------- References: [ 1 ] Bug #1516117 - Review Request: python-hexdump - Dump binary data to hex format and restore from there https://bugzilla.redhat.com/show_bug.cgi?id=1516117 -------------------------------------------------------------------------------- ================================================================================ python-pypandoc-1.4-1.fc27 (FEDORA-2018-6c9d5bd118) Thin wrapper for pandoc -------------------------------------------------------------------------------- Update Information: Update to latest version, minor changes only. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1444581 - python-pypandoc-1.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1444581 -------------------------------------------------------------------------------- ================================================================================ python37-3.7.0-0.8.b1.fc27 (FEDORA-2018-a61236df64) Version 3.7 of the Python interpreter -------------------------------------------------------------------------------- Update Information: Fix missing ldconfig scriptlet ---- This is a beta preview of Python 3.7. See the [release announcement](https://www.python.org/downloads/release/python- 370b1/). -------------------------------------------------------------------------------- ================================================================================ qesteidutil-3.12.10-2.fc27 (FEDORA-2018-54c7a5b01b) Estonian ID card utility -------------------------------------------------------------------------------- Update Information: 3.12 release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1544723 - Update sandbox compilation patch https://bugzilla.redhat.com/show_bug.cgi?id=1544723 [ 2 ] Bug #1519323 - Review request: qesteidutil - Estonian ID card utility https://bugzilla.redhat.com/show_bug.cgi?id=1519323 -------------------------------------------------------------------------------- ================================================================================ qt5-qtbase-5.9.4-4.fc27 (FEDORA-2018-c6489812c9) Qt5 - QtBase components -------------------------------------------------------------------------------- Update Information: Backport some recommended upstream fixes, including plasma icon dragging (QTBUG-66103) -------------------------------------------------------------------------------- ================================================================================ rubygem-mustermann-1.0.1-1.fc27 (FEDORA-2018-069e154179) Use patterns like regular expressions -------------------------------------------------------------------------------- Update Information: Update to Mustermann 1.0.1 that is latest stable version. I did not update to v1.0.2.rc2, because it is still RC version. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1485629 - rubygem-mustermann-v1.0.2.rc2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1485629 -------------------------------------------------------------------------------- ================================================================================ rust-base100-0.4.1-4.fc27 (FEDORA-2018-aca79d637d) Encode your data into emoji -------------------------------------------------------------------------------- Update Information: New package ;) -------------------------------------------------------------------------------- ================================================================================ sirikali-1.3.3-1.fc27 (FEDORA-2018-4e325158b8) GUI front end to encfs,cryfs,gocryptfs and securefs -------------------------------------------------------------------------------- Update Information: initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1428202 - Review Request: sirikali - GUI front end to encfs,cryfs,gocryptfs and securefs https://bugzilla.redhat.com/show_bug.cgi?id=1428202 -------------------------------------------------------------------------------- ================================================================================ sssd-1.16.0-7.fc27 (FEDORA-2018-a6b436d186) System Security Services Daemon -------------------------------------------------------------------------------- Update Information: Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE -------------------------------------------------------------------------------- ================================================================================ suricata-4.0.4-1.fc27 (FEDORA-2018-ee417c4b28) Intrusion Detection System -------------------------------------------------------------------------------- Update Information: fixes bz#1543250 and bz#1543251 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1543250 - CVE-2018-6794 suricata: HTTP detection bypass in detect.c and stream-tcp.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1543250 [ 2 ] Bug #1543251 - CVE-2018-6794 suricata: HTTP detection bypass in detect.c and stream-tcp.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1543251 -------------------------------------------------------------------------------- ================================================================================ vdr-epg-daemon-1.1.134-1.fc27 (FEDORA-2018-f30aa8191a) A daemon to download EPG data from internet and manage it in a mysql database -------------------------------------------------------------------------------- Update Information: Update to 1.1.134 ---- Update to 1.1.132 ---- - Update to 1.1.131 - use correct mariadb-API header file -------------------------------------------------------------------------------- ================================================================================ xtide-2.15.1-5.fc27 (FEDORA-2018-edc22ca6d2) Calculate tide all over the world -------------------------------------------------------------------------------- Update Information: Harmonics data is updated to 20180101. -------------------------------------------------------------------------------- ================================================================================ zziplib-0.13.68-1.fc27 (FEDORA-2018-8d544ee879) Lightweight library to easily extract data from zip files -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2018-6869, CVE-2018-6484 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1543941 - CVE-2018-6869 zziplib: uncontrolled memory allocation in __zzip_parse_root_directory in zzip/zip.c https://bugzilla.redhat.com/show_bug.cgi?id=1543941 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
