The following Fedora 27 Security updates need testing: Age URL 23 https://bodhi.fedoraproject.org/updates/FEDORA-2018-969328b17c jhead-3.00-7.fc27 13 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec1cd6db3 bro-2.5.3-1.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a0a356fb68 cryptopp-5.6.5-2.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-81e1618ab9 glibc-arm-linux-gnu-2.26-4.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-023baab00f mingw-wavpack-5.1.0-4.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9cd3ff3784 quagga-1.2.2-2.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8f4b3fa844 sharutils-4.15.2-8.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2eb691e7d7 freexl-1.0.5-1.fc27 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-60c4aa0e01 nx-libs-3.5.0.33-4.fc27 x2goserver-4.0.1.22-2.fc27 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-dc984c59e5 drupal7-7.57-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c553a586c8 xen-4.9.1-5.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cbf621a53c mingw-leptonica-1.74.4-4.fc27 leptonica-1.74.4-5.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-30a8492364 libcdio-0.94-5.fc27 The following Fedora 27 Critical Path updates have yet to be approved: Age URL 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-dab548649a perl-PathTools-3.74-1.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2f076fcd3c pcre-8.41-6.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2db4bd7ebb zerofree-1.1.1-1.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a6b436d186 sssd-1.16.0-8.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-63caeb457a soxr-0.1.3-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7aa4244196 glade-3.20.3-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e27287a733 pcre2-10.31-3.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ae0e6e4949 p11-kit-0.23.10-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-30a8492364 libcdio-0.94-5.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6573d822ec publicsuffix-list-20180223-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c585d8cf91 xdg-utils-1.1.2-4.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c553a586c8 xen-4.9.1-5.fc27 The following builds have been pushed to Fedora 27 updates-testing boost-1.64.0-5.fc27 copr-cli-1.66-1.fc27 copr-frontend-1.129-1.fc27 dcap-2.47.12-4.fc27 dhcp-4.3.6-9.fc27 elementary-xfce-icon-theme-0.10-1.fc27 epiphany-3.26.6-1.fc27 fedora-repos-27-2 glibc-2.26-26.fc27 gmic-2.2.0-1.fc27 golang-github-client9-gospell-0-0.1.git90dfc71.fc27 golang-github-remeh-sizedwaitgroup-0-0.1.git5582a67.fc27 help2man-1.47.6-1.fc27 icecat-52.6.0-7.fc27 js-jquery-file-upload-9.21.0-1.fc27 knot-resolver-2.1.1-1.fc27 kstars-2.9.3-1.fc27 libbson-1.9.3-1.fc27 libreport-2.9.3-2.fc27 libsolv-0.6.33-1.fc27 libunistring-0.9.9-1.fc27 mock-core-configs-28.3-1.fc27 mongo-c-driver-1.9.3-1.fc27 ntp-4.2.8p11-1.fc27 packmol-18.013-1.fc27 perl-Calendar-Simple-1.23-1.fc27 perl-Test-MockTime-0.16-1.fc27 php-nikic-php-parser3-3.1.5-1.fc27 postgresql-9.6.8-1.fc27 python-cartopy-0.16.0-2.fc27 python-copr-1.87-1.fc27 python-pdir2-0.3.0-1.fc27 python37-3.7.0-0.12.b2.fc27 ravada-0.2.13-2.fc27 waiverdb-0.9.0-1.fc27 Details about builds: ================================================================================ boost-1.64.0-5.fc27 (FEDORA-2018-beb633daf8) The free peer-reviewed portable C++ source libraries -------------------------------------------------------------------------------- Update Information: The `boost` package was updated to add a dependency on its `boost-container` sub-package. -------------------------------------------------------------------------------- ================================================================================ copr-cli-1.66-1.fc27 (FEDORA-2018-64cdf8fda5) Command line interface for COPR -------------------------------------------------------------------------------- Update Information: - add missing frontend states to clientv2 ---- - remove Group tag - build python2-copr package conditionally - Remove unnecessary shebang sed in copr- cli.spec and python-copr.spec - fix deps in spec - new custom source method - use username from config if nothing is explicitly specified - remove outdated modularity code - require to specify project when building module -------------------------------------------------------------------------------- ================================================================================ copr-frontend-1.129-1.fc27 (FEDORA-2018-10650bccb2) Frontend for Copr -------------------------------------------------------------------------------- Update Information: - several tweaks for graphs of utilization - fix copr_update after user and group routes merge - custom build: single-line textarea placeholder - vanish '\r\n' in custom script - fix filter has no len() error - make the news box optional - fix group listing - remove workaround from copr_url macro - merge regular and group views ---- - fix counting stat logic - use end_commit when building by copr-fedmsg-listener - update service file for copr-fedmsg-listener to use python3 - add forked description - fix init_db - fix unittests (zlib.compress expects bytes, not str) - task queue info cleanup - fix initial build.source_status and chroot statuses for auto- rebuilds - remove some old python scripts - enable chroot for every project that follows branching - fix copr_url() template macro for custom method - remove Group tag - Shebangs cleanup - new custom source method - fix search page error due to missing graph data - add fetch_sources_only: True into build task defintion - add graphs of utilization - option to give COPR repository bigger priority (see #97) - grammar: s/duplicate a backend data/duplicate backend data/ - Trailing ".git" is ignored when matching clone URL, so is unnecessary. - fix frontend by disabling doc generation - Accept webhooks from bitbucket.org. - Expand docs on how to find the correct Pagure hook setting. - fix typos - fixed status_to_order, order_to_status functions, added waiting icon - add indeces for faster build selection - add source_status field for Builds - implement the module buildorder logic - krb5: last iteritems()->items() - have .repo on the end of module repofile URL - set the gpg properties for module repo - Byecompile files in %%{_datadir} with python3 - pg#191 When auto-rebuilding from push event, use a head commit hash - move run3_tests.sh into run_tests.sh, polish .spec a bit - fix run scripts under python3 - frontend now presents the whole job queue state to backend - opt rename SRPM_STORAGE_DIR to STORAGE_DIR - new generic web-hook - when passing URL with path, expect it in result; see ad9c3b4cc - remove outdated tests, see 3f62873 - add index to build module_id - copy only module builds into the repo directory - generate the module NSV rather than asking for it - fix condition that all module packages were successfully built - remove outdated modularity code - fix baseurl for module repofile - build modules in all enabled chroots - implement submitting modules via URL - set default values for optional modulemd params - change module version to bigint - always have a known state of a module - have unique module nsv per project - build a module without using MBS - require to specify project when building module - add build to module relation - limit spec to python3 deps and switch application and scripts to python3 - pg#188 COPR webhook doesn't work with branches - python3 conversion -------------------------------------------------------------------------------- ================================================================================ dcap-2.47.12-4.fc27 (FEDORA-2018-094df03aa5) Client Tools for dCache -------------------------------------------------------------------------------- Update Information: Fix a compiler warning. -------------------------------------------------------------------------------- ================================================================================ dhcp-4.3.6-9.fc27 (FEDORA-2018-5051dbd15e) Dynamic host configuration protocol software -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2018-5732 CVE-2018-5733 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1549960 - CVE-2018-5732 dhcp: Buffer overflow in dhclient possibly allowing code execution triggered by malicious server https://bugzilla.redhat.com/show_bug.cgi?id=1549960 [ 2 ] Bug #1549961 - CVE-2018-5733 dhcp: Reference count overflow in dhcpd allows denial of service https://bugzilla.redhat.com/show_bug.cgi?id=1549961 -------------------------------------------------------------------------------- ================================================================================ elementary-xfce-icon-theme-0.10-1.fc27 (FEDORA-2018-03d8a72a7c) Icons for Xfce based on the elementary Project Icon Theme -------------------------------------------------------------------------------- Update Information: - update to 0.10 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1493741 - broken package ? https://bugzilla.redhat.com/show_bug.cgi?id=1493741 -------------------------------------------------------------------------------- ================================================================================ epiphany-3.26.6-1.fc27 (FEDORA-2018-fa25b752a2) Web browser for GNOME -------------------------------------------------------------------------------- Update Information: Update to 3.26.6 -------------------------------------------------------------------------------- ================================================================================ fedora-repos-27-2 (FEDORA-2018-cd4fc4cd16) Fedora package repositories -------------------------------------------------------------------------------- Update Information: Adding fedora 29 key -------------------------------------------------------------------------------- ================================================================================ glibc-2.26-26.fc27 (FEDORA-2018-1cbdc8cbb8) The GNU libc libraries -------------------------------------------------------------------------------- Update Information: This update fixes two minor security vulnerabilities in `malloc` (CVE-2018-6485, CVE-2018-6551, RHBZ#1542102, RHBZ#1542119), and provides a C++ version of `iseqsig`. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1542102 - CVE-2018-6485 glibc: Integer overflow in posix_memalign in memalign functions https://bugzilla.redhat.com/show_bug.cgi?id=1542102 -------------------------------------------------------------------------------- ================================================================================ gmic-2.2.0-1.fc27 (FEDORA-2018-ae31463d33) GREYC's Magic for Image Computing -------------------------------------------------------------------------------- Update Information: Update to new 2.2.0 upstream release -------------------------------------------------------------------------------- ================================================================================ golang-github-client9-gospell-0-0.1.git90dfc71.fc27 (FEDORA-2018-3cb6ac6dcd) Pure golang spelling based on hunspell dictionaries -------------------------------------------------------------------------------- Update Information: Pure golang spelling based on hunspell dictionaries. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1549676 - Review Request: golang-github-client9-gospell - Pure golang spelling based on hunspell dictionaries https://bugzilla.redhat.com/show_bug.cgi?id=1549676 -------------------------------------------------------------------------------- ================================================================================ golang-github-remeh-sizedwaitgroup-0-0.1.git5582a67.fc27 (FEDORA-2018-e231462dad) A Golang WaitGroup with throttling -------------------------------------------------------------------------------- Update Information: A Golang WaitGroup with throttling. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1550031 - Review Request: golang-github-remeh-sizedwaitgroup - A Golang WaitGroup with throttling https://bugzilla.redhat.com/show_bug.cgi?id=1550031 -------------------------------------------------------------------------------- ================================================================================ help2man-1.47.6-1.fc27 (FEDORA-2018-d4e66677d7) Create simple man pages from --help output -------------------------------------------------------------------------------- Update Information: Upstream update. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1494824 - help2man-1.47.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1494824 -------------------------------------------------------------------------------- ================================================================================ icecat-52.6.0-7.fc27 (FEDORA-2018-4b1c2acbc5) GNU version of Firefox browser -------------------------------------------------------------------------------- Update Information: - HTTPS Everywhere updated to 2018.1.11 - "goteo.org payments with free JS" updated to 1.1 - "LibreJS compatible Pay.gov" updated to 1.3 - "Reveal hidden HTML" updated to 1.6 - Enabled WebRTC, but prevent leaking the LAN ip -------------------------------------------------------------------------------- ================================================================================ js-jquery-file-upload-9.21.0-1.fc27 (FEDORA-2018-288411a4dc) File Upload widget for jQuery -------------------------------------------------------------------------------- Update Information: Update to 9.21.0. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1548605 - js-jquery-file-upload-v9.21.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1548605 -------------------------------------------------------------------------------- ================================================================================ knot-resolver-2.1.1-1.fc27 (FEDORA-2018-57467c3bf4) Caching full DNS Resolver -------------------------------------------------------------------------------- Update Information: Knot Resolver 2.1.1 (2018-02-23) ================================ Bugfixes -------- - when iterating, avoid unnecessary queries for NS in insecure parent. This problem worsened in 2.0.0. (#246) - prevent UDP packet leaks when using TLS forwarding - fix the hints module also on some other systems, e.g. Gentoo. -------------------------------------------------------------------------------- ================================================================================ kstars-2.9.3-1.fc27 (FEDORA-2018-e4f0367c83) Desktop Planetarium -------------------------------------------------------------------------------- Update Information: Update to bugfix release 2.9.3 -------------------------------------------------------------------------------- ================================================================================ libbson-1.9.3-1.fc27 (FEDORA-2018-59a7f93f7e) Building, parsing, and iterating BSON documents -------------------------------------------------------------------------------- Update Information: This release only increases the version string. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1550300 - libbson-1.9.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1550300 -------------------------------------------------------------------------------- ================================================================================ libreport-2.9.3-2.fc27 (FEDORA-2018-dcbc86e9a8) Generic library for reporting various problems -------------------------------------------------------------------------------- Update Information: - Add report and reportclient directories to rpm -------------------------------------------------------------------------------- References: [ 1 ] Bug #1548807 - None https://bugzilla.redhat.com/show_bug.cgi?id=1548807 [ 2 ] Bug #1548805 - None https://bugzilla.redhat.com/show_bug.cgi?id=1548805 -------------------------------------------------------------------------------- ================================================================================ libsolv-0.6.33-1.fc27 (FEDORA-2018-831715f4e3) Package dependency solver -------------------------------------------------------------------------------- Update Information: **New features**: * new `selection.clone()` method in the bindings * new `pool.parserpmrichdep()` method in the bindings **Bug fixes**: * fix bad assignment in solution refinement that led to a memory leak -------------------------------------------------------------------------------- ================================================================================ libunistring-0.9.9-1.fc27 (FEDORA-2018-61cc5475b4) GNU Unicode string library -------------------------------------------------------------------------------- Update Information: - Update to upstream 0.9.9 release -------------------------------------------------------------------------------- ================================================================================ mock-core-configs-28.3-1.fc27 (FEDORA-2018-ed777dc39b) Mock core config files basic chroots -------------------------------------------------------------------------------- Update Information: - bump up releasever in rawhide configs - add CentOS SCL repositories to EPEL 6 & 7 (x86_64 -------------------------------------------------------------------------------- ================================================================================ mongo-c-driver-1.9.3-1.fc27 (FEDORA-2018-5a8295e9de) Client library written in C for MongoDB -------------------------------------------------------------------------------- Update Information: This version fixes a session-management bug that could cause an authentication error while connected to MongoDB 3.6+ and iterating a cursor, and it permits the $gleStats modifier with mongoc_collection_aggregate. -------------------------------------------------------------------------------- ================================================================================ ntp-4.2.8p11-1.fc27 (FEDORA-2018-de113aeac6) The NTP daemon and utilities -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-1549, CVE-2018-7170, CVE-2018-7182, CVE-2018-7183, CVE-2018-7184, CVE-2018-7185 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1550208 - CVE-2018-7182 ntp: buffer read overrun leads information leak in ctl_getitem() https://bugzilla.redhat.com/show_bug.cgi?id=1550208 [ 2 ] Bug #1550214 - CVE-2018-7170 ntp: Ephemeral association time spoofing additional protection https://bugzilla.redhat.com/show_bug.cgi?id=1550214 [ 3 ] Bug #1550218 - CVE-2018-7184 ntp: Interleaved symmetric mode cannot recover from bad state https://bugzilla.redhat.com/show_bug.cgi?id=1550218 [ 4 ] Bug #1550220 - CVE-2018-7185 ntp: Unauthenticated packet can reset authenticated interleaved association https://bugzilla.redhat.com/show_bug.cgi?id=1550220 [ 5 ] Bug #1550223 - CVE-2018-7183 ntp: decodearr() can write beyond its buffer limit https://bugzilla.redhat.com/show_bug.cgi?id=1550223 -------------------------------------------------------------------------------- ================================================================================ packmol-18.013-1.fc27 (FEDORA-2018-866abb6df7) Packing optimization for molecular dynamics simulations -------------------------------------------------------------------------------- Update Information: Update to version 18.013. -------------------------------------------------------------------------------- ================================================================================ perl-Calendar-Simple-1.23-1.fc27 (FEDORA-2018-5565644774) Perl extension to create simple calendars -------------------------------------------------------------------------------- Update Information: Upstream update -------------------------------------------------------------------------------- ================================================================================ perl-Test-MockTime-0.16-1.fc27 (FEDORA-2018-5277bcd8e6) Replaces actual time with simulated time -------------------------------------------------------------------------------- Update Information: Upstream bugfix -------------------------------------------------------------------------------- ================================================================================ php-nikic-php-parser3-3.1.5-1.fc27 (FEDORA-2018-8e52c7e7c2) A PHP parser written in PHP -------------------------------------------------------------------------------- Update Information: **Version 3.1.5** (2018-02-28) * **Fixed** * Fixed duplicate comment assignment in switch statements. (#469) * Improve compatibility with PHP- Scoper. (#477) -------------------------------------------------------------------------------- ================================================================================ postgresql-9.6.8-1.fc27 (FEDORA-2018-a32082df51) PostgreSQL client programs -------------------------------------------------------------------------------- Update Information: update to 9.6.8 per release notes https://www.postgresql.org/docs/9.6/static/release-9-6-8.html -------------------------------------------------------------------------------- ================================================================================ python-cartopy-0.16.0-2.fc27 (FEDORA-2018-140535bad5) Cartographic Python library with Matplotlib visualisations -------------------------------------------------------------------------------- Update Information: Initial package of cartopy for Python. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1548797 - Review Request: python-cartopy - Cartographic Python library with Matplotlib visualisations https://bugzilla.redhat.com/show_bug.cgi?id=1548797 -------------------------------------------------------------------------------- ================================================================================ python-copr-1.87-1.fc27 (FEDORA-2018-64cdf8fda5) Python interface for Copr -------------------------------------------------------------------------------- Update Information: - add missing frontend states to clientv2 ---- - remove Group tag - build python2-copr package conditionally - Remove unnecessary shebang sed in copr- cli.spec and python-copr.spec - fix deps in spec - new custom source method - use username from config if nothing is explicitly specified - remove outdated modularity code - require to specify project when building module -------------------------------------------------------------------------------- ================================================================================ python-pdir2-0.3.0-1.fc27 (FEDORA-2018-85719b5e9d) Pretty dir() printing with joy -------------------------------------------------------------------------------- Update Information: - Latest upstream -------------------------------------------------------------------------------- References: [ 1 ] Bug #1544125 - python-pdir2-0.3.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1544125 -------------------------------------------------------------------------------- ================================================================================ python37-3.7.0-0.12.b2.fc27 (FEDORA-2018-7834334add) Version 3.7 of the Python interpreter -------------------------------------------------------------------------------- Update Information: Update to 3.7.0b2 -------------------------------------------------------------------------------- ================================================================================ ravada-0.2.13-2.fc27 (FEDORA-2018-ebd2ee8176) Remote Virtual Desktops Manager -------------------------------------------------------------------------------- Update Information: Fix incorrect kvm binary ---- Release 0.2.13 -------------------------------------------------------------------------------- ================================================================================ waiverdb-0.9.0-1.fc27 (FEDORA-2018-95ea870af2) Service for waiving results in ResultsDB -------------------------------------------------------------------------------- Update Information: Fix some database migrations. ---- Release notes: https://docs.pagure.org/waiverdb/release-notes.html#waiverdb-0-8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1538463 - waiverdb-cli --help crashes https://bugzilla.redhat.com/show_bug.cgi?id=1538463 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
