The following Fedora 26 Security updates need testing: Age URL 205 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ccb5c8d1e7 docker-distribution-2.6.2-1.git48294d9.fc26 98 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3915878e18 ldns-1.7.0-4.fc26 43 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ccef1ced42 gimp-2.8.22-3.fc26 37 https://bodhi.fedoraproject.org/updates/FEDORA-2018-66b885ae3c keycloak-httpd-client-install-0.8-1.fc26 36 https://bodhi.fedoraproject.org/updates/FEDORA-2018-0db545e976 ruby-2.4.3-86.fc26 24 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b166805347 transmission-2.92-12.fc26 24 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4f8a78a5ef squid-4.0.23-1.fc26 23 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f73abc5680 knot-resolver-1.5.3-1.fc26 18 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c7c6160e65 thunderbird-52.6.0-1.fc26 15 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ac2e276c76 tomcat-8.0.49-1.fc26 11 https://bodhi.fedoraproject.org/updates/FEDORA-2018-fff755ee8e jhead-3.00-7.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6f08b79a09 golang-1.8.7-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c54ced412e gcab-1.1-1.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b3de6c389e torbrowser-launcher-0.2.9-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f97cb1c9b0 krb5-1.15.2-7.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4367d984c1 sblim-sfcb-1.4.9-7.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e23d2dae46 mingw-poppler-0.52.0-6.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f5d2f4ec0d mingw-OpenEXR-2.2.0-6.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5cdc56766f firefox-58.0.2-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-71fac70309 patch-2.7.6-3.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c1b8e0176c freetype-2.7.1-10.fc26 The following Fedora 26 Critical Path updates have yet to be approved: Age URL 18 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c7c6160e65 thunderbird-52.6.0-1.fc26 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f0ad9c0f9c pungi-4.1.22-2.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-27cb0cd918 ibus-1.5.17-6.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc14e16004 nss-3.35.0-1.0.fc26 nss-softokn-3.35.0-1.0.fc26 nss-util-3.35.0-1.0.fc26 nspr-4.18.0-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3e5558f0ff vim-8.0.1505-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c54ced412e gcab-1.1-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9ef65cf422 perl-5.24.3-396.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6fe397a796 lxpanel-0.9.3-4.D20180109git2ddf8dfc.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ddd1e5c30a iproute-4.14.1-5.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f97cb1c9b0 krb5-1.15.2-7.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-85dd2a6ff9 curl-7.53.1-15.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-562467e141 sssd-1.16.0-6.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5cdc56766f firefox-58.0.2-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c1b8e0176c freetype-2.7.1-10.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5a2e230b9d net-snmp-5.7.3-26.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9d8876b830 samba-4.6.13-0.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b7b864a29e breeze-icon-theme-5.43.0-1.fc26 extra-cmake-modules-5.43.0-1.fc26 kf5-5.43.0-1.fc26 kf5-attica-5.43.0-1.fc26 kf5-baloo-5.43.0-1.fc26 kf5-bluez-qt-5.43.0-1.fc26 kf5-frameworkintegration-5.43.0-2.fc26 kf5-kactivities-5.43.0-2.fc26 kf5-kactivities-stats-5.43.0-2.fc26 kf5-kapidox-5.43.0-1.fc26 kf5-karchive-5.43.0-1.fc26 kf5-kauth-5.43.0-1.fc26 kf5-kbookmarks-5.43.0-2.fc26 kf5-kcmutils-5.43.0-3.fc26 kf5-kcodecs-5.43.0-1.fc26 kf5-kcompletion-5.43.0-1.fc26 kf5-kconfig-5.43.0-1.fc26 kf5-kconfigwidgets-5.43.0-1.fc26 kf5-kcoreaddons-5.43.0-1.fc26 kf5-kcrash-5.43.0-1.fc26 kf5-kdbusaddons-5.43.0-1.fc26 kf5-kdeclarative-5.43.0-2.fc26 kf5-kded-5.43.0-3.fc26 kf5-kdelibs4support-5.43.0-3.fc26 kf5-kdesignerplugin-5.43.0-2.fc26 kf5-kdesu-5.43.0-1.fc26 kf5-kdewebkit-5.43.0-2.fc26 kf5-kdnssd-5.43.0-1.fc26 kf5-kdoctools-5.43.0-1.fc26 kf5-kemoticons-5.43.0-1.fc26 kf5-kfilemetadata-5.43.0-1.fc26 kf5-kglobalaccel-5.43.0-1.fc26 kf5-kguiad dons-5.43.0-1.fc26 kf5-khtml-5.43.0-3.fc26 kf5-ki18n-5.43.0-1.fc26 kf5-kiconthemes-5.43.0-1.fc26 kf5-kidletime-5.43.0-1.fc26 kf5-kimageformats-5.43.0-1.fc26 kf5-kinit-5.43.0-2.fc26 kf5-kio-5.43.0-3.fc26 kf5-kirigami2-5.43.0-1.fc26 kf5-kitemmodels-5.43.0-1.fc26 kf5-kitemviews-5.43.0-1.fc26 kf5-kjobwidgets-5.43.0-1.fc26 kf5-kjs-5.43.0-1.fc26 kf5-kjsembed-5.43.0-1.fc26 kf5-kmediaplayer-5.43.0-2.fc26 kf5-knewstuff-5.43.0-2.fc26 kf5-knotifications-5.43.0-1.fc26 kf5-knotifyconfig-5.43.0-2.fc26 kf5-kpackage-5.43.0-1.fc26 kf5-kparts-5.43.0-2.fc26 kf5-kpeople-5.43.0-1.fc26 kf5-kplotting-5.43.0-1.fc26 kf5-kpty-5.43.0-1.fc26 kf5-kross-5.43.0-2.fc26 kf5-krunner-5.43.0-3.fc26 kf5-kservice-5.43.0-1.fc26 kf5-ktexteditor-5.43.0-3.fc26 kf5-ktextwidgets-5.43.0-1.fc26 kf5-kunitconversion-5.43.0-1.fc26 kf5-kwallet-5.43.0-1.fc26 kf5-kwayland-5.43.0-1.fc26 kf5-kwidgetsaddons-5.43.0-1.fc26 kf5-kwindowsystem-5.43.0-1.fc26 kf5-kxmlgui-5.43.0-1.fc26 kf5-kxmlrpcclient-5.43.0-2.fc26 kf5-modemmanager-qt-5.43.0- 1.fc26 kf5-networkmanager-qt-5.43.0-1.fc26 kf5-plasma-5.43.0-3.fc26 kf5-prison-5.43.0-1.fc26 kf5-purpose-5.43.0-1.fc26 kf5-solid-5.43.0-1.fc26 kf5-sonnet-5.43.0-1.fc26 kf5-syntax-highlighting-5.43.0-1.fc26 kf5-threadweaver-5.43.0-1.fc26 oxygen-icon-theme-5.43.0-1.fc26 qqc2-desktop-style-5.43.0-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-18c1baca23 qt5-qtbase-5.9.4-4.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-71fac70309 patch-2.7.6-3.fc26 The following builds have been pushed to Fedora 26 updates-testing bro-2.5.3-1.fc26 clover2-3.6.1-1.D20180216gitb392824.fc26 exim-4.90.1-2.fc26 git-2.13.6-3.fc26 gnutls-3.5.18-2.fc26 greenwave-0.6.0-2.fc26 irssi-1.0.7-1.fc26 jd-2.8.9.180217-1.fc26 kernel-4.15.3-200.fc26 kernel-tools-4.15.0-200.fc26 koji-1.15.0-4.fc26 libmodulemd-1.0.2-1.fc26 liborigin-20080225-23.fc26 liborigin2-2.0.0-17.fc26 libwebp-0.6.1-5.fc26 milkytracker-1.01.00-1.fc26 mir-0.30.0-1.fc26 nheko-0.1.0-20.20180216gita1ea11d.fc26 python-wxpython4-4.0.1-3.fc26 rtv-1.21.0-1.fc26 rust-1.24.0-1.fc26 scidavis-1.22-4.fc26 vim-vimoutliner-0.4.0-8.fc26 waiverdb-0.7.0-2.fc26 Details about builds: ================================================================================ bro-2.5.3-1.fc26 (FEDORA-2018-db5041e661) A Network Intrusion Detection System and Analysis Framework -------------------------------------------------------------------------------- Update Information: Security fix for binpac, bump to 2.5.3 (rhbz#1493520) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1493520 - bro-2.5.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1493520 [ 2 ] Bug #1531130 - CVE-2017-1000458 bro: Out-of-bounds write in the ContentLine analyzer [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1531130 -------------------------------------------------------------------------------- ================================================================================ clover2-3.6.1-1.D20180216gitb392824.fc26 (FEDORA-2018-687ed23679) Yet another compiler language -------------------------------------------------------------------------------- Update Information: New version 3.6.1 is released. -------------------------------------------------------------------------------- ================================================================================ exim-4.90.1-2.fc26 (FEDORA-2018-25a7ba3cb6) The exim mail transfer agent -------------------------------------------------------------------------------- Update Information: This is an update fixing mysql module. ---- This is new version fixing CVE-2018-6789. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1543268 - CVE-2018-6789 exim: buffer overflow in b64decode() function, possibly leading to remote code execution https://bugzilla.redhat.com/show_bug.cgi?id=1543268 -------------------------------------------------------------------------------- ================================================================================ git-2.13.6-3.fc26 (FEDORA-2018-53c4737dfb) Fast Version Control System -------------------------------------------------------------------------------- Update Information: Avoid occasional crashes in `git svn branch`. Per [upstream](https://github.com/git/git/commit/7f6f75e97a): > control destruction order to avoid segfault with SVN 1.9.5 > when using "git svn branch". -------------------------------------------------------------------------------- ================================================================================ gnutls-3.5.18-2.fc26 (FEDORA-2018-4c28b00507) A TLS protocol implementation -------------------------------------------------------------------------------- Update Information: Backported PKCS#11 loading improvements. ---- - Update to upstream 3.5.18 release -------------------------------------------------------------------------------- ================================================================================ greenwave-0.6.0-2.fc26 (FEDORA-2018-0f445243a9) Service for gating on automated tests -------------------------------------------------------------------------------- Update Information: https://docs.pagure.org/greenwave/release-notes.html#greenwave-0-6 -------------------------------------------------------------------------------- ================================================================================ irssi-1.0.7-1.fc26 (FEDORA-2018-cbc52e8812) Modular text mode IRC client with Perl scripting -------------------------------------------------------------------------------- Update Information: This is new version fixing multiple vulnerabilities: CVE-2018-7050, CVE-2018-7051, CVE-2018-7052, CVE-2018-7053, CVE-2018-7054. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1546226 - CVE-2018-7053 irssi: use-after-free when SASL messages are received in unexpected order https://bugzilla.redhat.com/show_bug.cgi?id=1546226 [ 2 ] Bug #1546280 - CVE-2018-7050 irssi: Null pointer dereference when an "empty" nick has been observed by https://bugzilla.redhat.com/show_bug.cgi?id=1546280 [ 3 ] Bug #1546275 - CVE-2018-7051 irssi: out-of-bounds access when printing theme strings with certain nick names https://bugzilla.redhat.com/show_bug.cgi?id=1546275 [ 4 ] Bug #1546272 - CVE-2018-7052 irssi: Denial of Service (DoS) due to a NULL pointer dereference https://bugzilla.redhat.com/show_bug.cgi?id=1546272 [ 5 ] Bug #1546223 - CVE-2018-7054 irssi: use-after-free when a server is disconnected during netsplits https://bugzilla.redhat.com/show_bug.cgi?id=1546223 -------------------------------------------------------------------------------- ================================================================================ jd-2.8.9.180217-1.fc26 (FEDORA-2018-42ba42d401) A 2ch browser -------------------------------------------------------------------------------- Update Information: Switch to yama-natuki version JD. Support https, emoji. -------------------------------------------------------------------------------- ================================================================================ kernel-4.15.3-200.fc26 (FEDORA-2018-8739091f47) The Linux kernel -------------------------------------------------------------------------------- Update Information: Rebase to 4.15.3 -------------------------------------------------------------------------------- ================================================================================ kernel-tools-4.15.0-200.fc26 (FEDORA-2018-5b97f619fe) Assortment of tools for the Linux kernel -------------------------------------------------------------------------------- Update Information: Rebase to 4.15 -------------------------------------------------------------------------------- ================================================================================ koji-1.15.0-4.fc26 (FEDORA-2018-5e5bb3f1fb) Build system tools -------------------------------------------------------------------------------- Update Information: Rebase to koji 1.15. Backports included for PR#735 and PR#794. Changelog: - Display license Info - Keytabs for GSSAPI authentication - Add krb_canon_host option - Watch-task return code - New runroot options - New watch-logs options -------------------------------------------------------------------------------- ================================================================================ libmodulemd-1.0.2-1.fc26 (FEDORA-2018-f731883394) Module metadata manipulation library -------------------------------------------------------------------------------- Update Information: - Support modulemd v2 - Add tool to do quick validation of modulemd - Fix memory management - Warn and ignore unparseable sub-documents in the YAML -------------------------------------------------------------------------------- ================================================================================ liborigin-20080225-23.fc26 (FEDORA-2018-cf21bf273a) Library for reading OriginLab OPJ project files -------------------------------------------------------------------------------- Update Information: Added missing gcc-c++ build dependency. -------------------------------------------------------------------------------- ================================================================================ liborigin2-2.0.0-17.fc26 (FEDORA-2018-2c50db4586) Library for reading OriginLab OPJ project files -------------------------------------------------------------------------------- Update Information: Added missing gcc-c++ build dependency. -------------------------------------------------------------------------------- ================================================================================ libwebp-0.6.1-5.fc26 (FEDORA-2018-4c127acb0f) Library and tools for the WebP graphics format -------------------------------------------------------------------------------- Update Information: This update backports an upstream big-endian fix (https://github.com/webmproject /libwebp/commit/3005237a5d68d1e1f465d925040a9507f55e8895). -------------------------------------------------------------------------------- ================================================================================ milkytracker-1.01.00-1.fc26 (FEDORA-2018-7d90e269a4) Module tracker software for creating music -------------------------------------------------------------------------------- Update Information: New upstream version Security fix for upstream issue 35 https://github.com/milkytracker/MilkyTracker/issues/35 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1545501 - milkytracker: Multiple flaws in module loaders potentially leading to remote code execution https://bugzilla.redhat.com/show_bug.cgi?id=1545501 -------------------------------------------------------------------------------- ================================================================================ mir-0.30.0-1.fc26 (FEDORA-2018-c405830c86) Next generation display server -------------------------------------------------------------------------------- Update Information: Notable upstream changes: * Many fixes to Wayland protocol support: * `SessionAuthorizer::connection_is_allowed` is now called on Wayland client connection, required for Wayland clients to work in Unity 8. * Keyboard state is now sent of focus, resolving strange modifier behavior when switching between clients * A number of crash fixes * Initial, experimental, support for `xdg-shell` (v6). * Set the `MIR_EXPERIMENTAL_XDG_SHELL` environment variable to enable. * Pointer events are now sent to windows that move underneath the pointer -------------------------------------------------------------------------------- References: [ 1 ] Bug #1545646 - mir-0.30.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1545646 -------------------------------------------------------------------------------- ================================================================================ nheko-0.1.0-20.20180216gita1ea11d.fc26 (FEDORA-2018-eca4affcda) Desktop client for the Matrix protocol -------------------------------------------------------------------------------- Update Information: Implemented server-side notification count. -------------------------------------------------------------------------------- ================================================================================ python-wxpython4-4.0.1-3.fc26 (FEDORA-2018-aa203b363a) New implementation of wxPython, a GUI toolkit for Python -------------------------------------------------------------------------------- Update Information: Initial import of wxpython4 -------------------------------------------------------------------------------- ================================================================================ rtv-1.21.0-1.fc26 (FEDORA-2018-e7170d88a8) A simple terminal viewer for Reddit (Reddit Terminal Viewer) -------------------------------------------------------------------------------- Update Information: Package was broken and would not run -------------------------------------------------------------------------------- References: [ 1 ] Bug #1437890 - rtv-v1.21.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1437890 -------------------------------------------------------------------------------- ================================================================================ rust-1.24.0-1.fc26 (FEDORA-2018-ba0213cbc2) The Rust Programming Language -------------------------------------------------------------------------------- Update Information: New version of Rust -- see the release notes for [1.24](https://blog.rust- lang.org/2018/02/15/Rust-1.24.html). -------------------------------------------------------------------------------- ================================================================================ scidavis-1.22-4.fc26 (FEDORA-2018-40fa3d400c) Application for Scientific Data Analysis and Visualization -------------------------------------------------------------------------------- Update Information: Added missing gcc-c++ build dependency. -------------------------------------------------------------------------------- ================================================================================ vim-vimoutliner-0.4.0-8.fc26 (FEDORA-2018-db1a856199) Script for building an outline editor on top of Vim -------------------------------------------------------------------------------- Update Information: Taking over the package and adding AppStream metadata. ---- Just rebuild upon clean-up and taking over the maintenance of the package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1128821 - Add Addon metadata for GNOME Software https://bugzilla.redhat.com/show_bug.cgi?id=1128821 -------------------------------------------------------------------------------- ================================================================================ waiverdb-0.7.0-2.fc26 (FEDORA-2018-df0de1f518) Service for waiving results in ResultsDB -------------------------------------------------------------------------------- Update Information: https://docs.pagure.org/waiverdb/release-notes.html#waiverdb-0-7 ---- Added missing requirement on python2-configparser ---- New upstream release: https://docs.pagure.org/waiverdb/release-notes.html#waiverdb-0-5 ---- Synchronize specfile with upstream. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1538463 - waiverdb-cli --help crashes https://bugzilla.redhat.com/show_bug.cgi?id=1538463 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
