The following Fedora 27 Security updates need testing: Age URL 24 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec1cd6db3 bro-2.5.3-1.fc27 19 https://bodhi.fedoraproject.org/updates/FEDORA-2018-81e1618ab9 glibc-arm-linux-gnu-2.26-4.fc27 15 https://bodhi.fedoraproject.org/updates/FEDORA-2018-dc984c59e5 drupal7-7.57-1.fc27 11 https://bodhi.fedoraproject.org/updates/FEDORA-2018-de113aeac6 ntp-4.2.8p11-1.fc27 11 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a32082df51 postgresql-9.6.8-1.fc27 10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-52d79f4f36 dovecot-2.2.34-1.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e38f759144 python-bleach-2.1.3-1.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8ff86925c3 memcached-1.5.6-1.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c38e40a4bf golang-1.9.4-2.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bd1147f152 python-django-1.11.11-1.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-af30668257 advancecomp-2.1-4.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-38a0e1e6f5 ming-0.4.8-5.fc27 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1697970ac4 dolphin-emu-5.0-21.fc27 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-55b7018374 mailman-2.1.21-8.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ed907ef9a0 ceph-12.2.4-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5649824f49 calibre-3.19.0-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-96601292a2 php-simplesamlphp-saml2_1-1.10.6-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6db40b0c37 php-simplesamlphp-saml2-2.3.8-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-37e28670f2 php-simplesamlphp-saml2_3-3.1.4-1.fc27 The following Fedora 27 Critical Path updates have yet to be approved: Age URL 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e27287a733 pcre2-10.31-3.fc27 10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1c31f1eccd iptables-1.6.2-2.fc27 libnftnl-1.0.9-2.fc27 nftables-0.8.2-2.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d4a2b7350f xfce4-settings-4.12.2-2.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-eaf0d85684 go-srpm-macros-2-16.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7acb1065ee lxpanel-0.9.3-7.D20180305gitb85c71a6.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa5edf1551 gsm-1.0.17-4.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ef0b897e5d pulseaudio-11.1-15.fc27 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-975e9f8b47 shared-mime-info-1.9-2.fc27 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c1e573d9d7 desktop-file-utils-0.23-6.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-243f8a93d5 libtirpc-1.0.2-5.rc2.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c215361612 sssd-1.16.1-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ed907ef9a0 ceph-12.2.4-1.fc27 The following builds have been pushed to Fedora 27 updates-testing afflib-3.7.16-4.fc27 datagrepper-0.9.3-1.fc27 fwupd-1.0.6-1.fc27 getdns-1.4.1-1.fc27 gfal2-2.15.3-1.fc27 gsequencer-1.4.21-1.fc27 hplip-3.18.3-1.fc27 icoutils-0.32.3-1.fc27 libgit2-0.26.3-1.fc27 libimagequant-2.11.10-1.fc27 libinput-1.10.2-4.fc27 libpaper-1.1.24-21.fc27 libprelude-4.1.0-2.fc27 lighttpd-1.4.49-4.fc27 link-grammar-5.4.4-1.fc27 lynis-2.6.3-1.fc27 nspr-4.19.0-1.fc27 nss-3.36.0-1.0.fc27 nss-softokn-3.36.0-1.0.fc27 nss-util-3.36.0-1.0.fc27 osinfo-db-20180311-1.fc27 perl-DateTime-Format-Flexible-0.30-1.fc27 php-pecl-couchbase2-2.4.5-1.fc27 php-pecl-ds-1.2.5-1.fc27 pngquant-2.11.7-5.fc27 python-agate-1.6.1-1.fc27 python-agate-excel-0.2.2-1.fc27 python-agate-sql-0.5.3-1.fc27 python-csvkit-1.0.3-1.fc27 python-neovim-0.2.4-1.fc27 python-openpyxl-2.5.1-1.fc27 python-pytelegrambotapi-3.6.1-1.fc27 qutebrowser-1.2.0-1.fc27 sane-backends-1.0.27-15.fc27 uget-2.2.1-1.fc27 waiverdb-0.9.1-1.fc27 Details about builds: ================================================================================ afflib-3.7.16-4.fc27 (FEDORA-2018-a2cc71c081) Library to support the Advanced Forensic Format -------------------------------------------------------------------------------- Update Information: Security issue -------------------------------------------------------------------------------- References: [ 1 ] Bug #1554426 - CVE-2018-8050 afflib: denial of service (DoS) in af_get_page() function in lib/afflib_pages.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1554426 -------------------------------------------------------------------------------- ================================================================================ datagrepper-0.9.3-1.fc27 (FEDORA-2018-da6d20cce2) A webapp to query fedmsg history -------------------------------------------------------------------------------- Update Information: Fix a [500 error](https://http.cat/500) when using `contains`. -------------------------------------------------------------------------------- ================================================================================ fwupd-1.0.6-1.fc27 (FEDORA-2018-55fdd71f22) Firmware update daemon -------------------------------------------------------------------------------- Update Information: - New upstream release - Add bash completion for fwupdmgr - Add support for newest Thunderbolt chips - Allow devices to use the runtime version when in bootloader mode - Allow overriding ESP mount point via conf file - Correct handling of unknown Thunderbolt devices - Correctly detect new remotes that are manually copied - Delete any old fwupdate capsules and efivars when launching fwupd - Fix a crash related to when passing device to downgrade in CLI - Fix Unifying signature writing and parsing for Texas bootloader - Generate Vala bindings -------------------------------------------------------------------------------- References: [ 1 ] Bug #1469315 - fwupd-1.0.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1469315 -------------------------------------------------------------------------------- ================================================================================ getdns-1.4.1-1.fc27 (FEDORA-2018-43683278d1) Modern asynchronous API to the DNS -------------------------------------------------------------------------------- Update Information: Resolves rhbz#1551810 Updated to 1.4.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1551810 - getdns-1.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1551810 -------------------------------------------------------------------------------- ================================================================================ gfal2-2.15.3-1.fc27 (FEDORA-2018-b8c6ac003c) Grid file access library 2.0 -------------------------------------------------------------------------------- Update Information: * new upstream release ---- * new upstream release -------------------------------------------------------------------------------- ================================================================================ gsequencer-1.4.21-1.fc27 (FEDORA-2018-24b302dc24) Audio processing engine -------------------------------------------------------------------------------- Update Information: Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ hplip-3.18.3-1.fc27 (FEDORA-2018-03009abb42) HP Linux Imaging and Printing Project -------------------------------------------------------------------------------- Update Information: 3.18.3 -------------------------------------------------------------------------------- ================================================================================ icoutils-0.32.3-1.fc27 (FEDORA-2018-649014866f) Utility for extracting and converting Microsoft icon and cursor files -------------------------------------------------------------------------------- Update Information: This is a minor maintenance release that improves the wording of some warning and error messages. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1552593 - icoutils-0.32.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1552593 -------------------------------------------------------------------------------- ================================================================================ libgit2-0.26.3-1.fc27 (FEDORA-2018-4fb7cdd27f) C implementation of the Git core methods as a library with a solid API -------------------------------------------------------------------------------- Update Information: Update to 0.26.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1383213 - CVE-2016-8568 CVE-2016-8569 libgit2: Invalid memory accesses parsing object files [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1383213 [ 2 ] Bug #1554368 - libgit2: denial of service (DoS) via crafted repository index files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1554368 -------------------------------------------------------------------------------- ================================================================================ libimagequant-2.11.10-1.fc27 (FEDORA-2018-06a508638d) Palette quantization library -------------------------------------------------------------------------------- Update Information: Update to libimagequant-2.11.10, see https://github.com/ImageOptim/libimagequant/compare/2.11.7...2.11.10 for details. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1542282 - libimagequant-2.11.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1542282 -------------------------------------------------------------------------------- ================================================================================ libinput-1.10.2-4.fc27 (FEDORA-2018-50c5108802) Input device library -------------------------------------------------------------------------------- Update Information: Fix occasional crashes on gestures when libinput loses track of hovering fake fingers -------------------------------------------------------------------------------- ================================================================================ libpaper-1.1.24-21.fc27 (FEDORA-2018-e08cfe0c00) Library and tools for handling papersize -------------------------------------------------------------------------------- Update Information: Fixing leaking descriptor -------------------------------------------------------------------------------- ================================================================================ libprelude-4.1.0-2.fc27 (FEDORA-2018-e8f4f4dd7c) Secure Connections between all Sensors and the Prelude Manager -------------------------------------------------------------------------------- Update Information: Bump to 4.1 -------------------------------------------------------------------------------- ================================================================================ lighttpd-1.4.49-4.fc27 (FEDORA-2018-cac8841300) Lightning fast webserver with light system requirements -------------------------------------------------------------------------------- Update Information: https://www.lighttpd.net/2018/3/11/1.4.49/ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1554317 - lighttpd-1.4.49 is available https://bugzilla.redhat.com/show_bug.cgi?id=1554317 -------------------------------------------------------------------------------- ================================================================================ link-grammar-5.4.4-1.fc27 (FEDORA-2018-12d3e9fe26) A full-service natural language dependency parser -------------------------------------------------------------------------------- Update Information: 5.4.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1554318 - link-grammar-5.4.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1554318 -------------------------------------------------------------------------------- ================================================================================ lynis-2.6.3-1.fc27 (FEDORA-2018-47f1bb3b00) Security and system auditing tool -------------------------------------------------------------------------------- Update Information: Update to 2.6.3 (rhbz #1552963) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1552963 - lynis-2.6.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1552963 -------------------------------------------------------------------------------- ================================================================================ nspr-4.19.0-1.fc27 (FEDORA-2018-77fdb91f3e) Netscape Portable Runtime -------------------------------------------------------------------------------- Update Information: Updates the nss family of packages to upstream NSS 3.36 and NSPR 4.19. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/NSS_3.36_release_notes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1551814 - nss-3.36 is available https://bugzilla.redhat.com/show_bug.cgi?id=1551814 -------------------------------------------------------------------------------- ================================================================================ nss-3.36.0-1.0.fc27 (FEDORA-2018-77fdb91f3e) Network Security Services -------------------------------------------------------------------------------- Update Information: Updates the nss family of packages to upstream NSS 3.36 and NSPR 4.19. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/NSS_3.36_release_notes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1551814 - nss-3.36 is available https://bugzilla.redhat.com/show_bug.cgi?id=1551814 -------------------------------------------------------------------------------- ================================================================================ nss-softokn-3.36.0-1.0.fc27 (FEDORA-2018-77fdb91f3e) Network Security Services Softoken Module -------------------------------------------------------------------------------- Update Information: Updates the nss family of packages to upstream NSS 3.36 and NSPR 4.19. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/NSS_3.36_release_notes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1551814 - nss-3.36 is available https://bugzilla.redhat.com/show_bug.cgi?id=1551814 -------------------------------------------------------------------------------- ================================================================================ nss-util-3.36.0-1.0.fc27 (FEDORA-2018-77fdb91f3e) Network Security Services Utilities Library -------------------------------------------------------------------------------- Update Information: Updates the nss family of packages to upstream NSS 3.36 and NSPR 4.19. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/NSS_3.36_release_notes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1551814 - nss-3.36 is available https://bugzilla.redhat.com/show_bug.cgi?id=1551814 -------------------------------------------------------------------------------- ================================================================================ osinfo-db-20180311-1.fc27 (FEDORA-2018-5221fc3883) osinfo database files -------------------------------------------------------------------------------- Update Information: Update to new release -------------------------------------------------------------------------------- ================================================================================ perl-DateTime-Format-Flexible-0.30-1.fc27 (FEDORA-2018-473a437034) Flexibly parse strings and turn them into DateTime objects -------------------------------------------------------------------------------- Update Information: This release adds support for bare times with AM/PM, for a format like JUL25'17, and for bare times with "at". -------------------------------------------------------------------------------- References: [ 1 ] Bug #1553949 - perl-DateTime-Format-Flexible-0.30 is available https://bugzilla.redhat.com/show_bug.cgi?id=1553949 -------------------------------------------------------------------------------- ================================================================================ php-pecl-couchbase2-2.4.5-1.fc27 (FEDORA-2018-6edc561a54) Couchbase Server PHP extension -------------------------------------------------------------------------------- Update Information: **Version 2.4.5** * PCBC-527: Initial tracing implementation. The extension checks if libcouchbase has tracing support, and sets up hooks for fetch/persist operations to report encoding/decoding times. This functionality is preview and is not enabled by default. * PCBC-519: Implement log redaction. When `log_redaction=on` is specified in the connection string, the library will wrap sensitive data in the logs in special tags, which can be processed by the `cblogredaction` tool from the server distribution. -------------------------------------------------------------------------------- ================================================================================ php-pecl-ds-1.2.5-1.fc27 (FEDORA-2018-772e561c4e) Data Structures for PHP -------------------------------------------------------------------------------- Update Information: **Version 1.2.5** - Fixed empty `PriorityQueue` causing segfault on `gc_collect_cycles`. #106 -------------------------------------------------------------------------------- ================================================================================ pngquant-2.11.7-5.fc27 (FEDORA-2018-06a508638d) PNG quantization tool for reducing image file size -------------------------------------------------------------------------------- Update Information: Update to libimagequant-2.11.10, see https://github.com/ImageOptim/libimagequant/compare/2.11.7...2.11.10 for details. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1542282 - libimagequant-2.11.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1542282 -------------------------------------------------------------------------------- ================================================================================ python-agate-1.6.1-1.fc27 (FEDORA-2018-8b3d44e326) Data analysis library that is optimized for humans instead of machines -------------------------------------------------------------------------------- Update Information: Update csvkit to 1.0.3 and its dependencies required by this new version. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1554152 - python-csvkit-1.0.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1554152 -------------------------------------------------------------------------------- ================================================================================ python-agate-excel-0.2.2-1.fc27 (FEDORA-2018-8b3d44e326) Adds read support for Excel files to agate -------------------------------------------------------------------------------- Update Information: Update csvkit to 1.0.3 and its dependencies required by this new version. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1554152 - python-csvkit-1.0.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1554152 -------------------------------------------------------------------------------- ================================================================================ python-agate-sql-0.5.3-1.fc27 (FEDORA-2018-8b3d44e326) Adds SQL read/write support to agate -------------------------------------------------------------------------------- Update Information: Update csvkit to 1.0.3 and its dependencies required by this new version. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1554152 - python-csvkit-1.0.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1554152 -------------------------------------------------------------------------------- ================================================================================ python-csvkit-1.0.3-1.fc27 (FEDORA-2018-8b3d44e326) Suite of utilities for converting to and working with CSV -------------------------------------------------------------------------------- Update Information: Update csvkit to 1.0.3 and its dependencies required by this new version. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1554152 - python-csvkit-1.0.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1554152 -------------------------------------------------------------------------------- ================================================================================ python-neovim-0.2.4-1.fc27 (FEDORA-2018-9d9b59f8e3) Python client to Neovim -------------------------------------------------------------------------------- Update Information: Update to 0.2.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1541621 - python-neovim-0.2.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1541621 -------------------------------------------------------------------------------- ================================================================================ python-openpyxl-2.5.1-1.fc27 (FEDORA-2018-4b0d326b99) Python library to read/write Excel 2010 xlsx/xlsm files -------------------------------------------------------------------------------- Update Information: Update to 2.5.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1554319 - python-openpyxl-2.5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1554319 -------------------------------------------------------------------------------- ================================================================================ python-pytelegrambotapi-3.6.1-1.fc27 (FEDORA-2018-bfd5bc5f78) Python Telegram bot API -------------------------------------------------------------------------------- Update Information: Updated to version 3.6.1. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1554044 - python-pytelegrambotapi-3.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1554044 -------------------------------------------------------------------------------- ================================================================================ qutebrowser-1.2.0-1.fc27 (FEDORA-2018-f7e8afaabb) A keyboard-driven, vim-like browser based on PyQt5 and QtWebEngine -------------------------------------------------------------------------------- Update Information: The two main changes are : * the initial implementation of per-domain settings * a complete refactoring of key input handling -------------------------------------------------------------------------------- References: [ 1 ] Bug #1550760 - qutebrowser-v1.2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1550760 -------------------------------------------------------------------------------- ================================================================================ sane-backends-1.0.27-15.fc27 (FEDORA-2018-27b31a3903) Scanner access software -------------------------------------------------------------------------------- Update Information: 1554032 - saned doesn't have permissions to write on usb port -------------------------------------------------------------------------------- References: [ 1 ] Bug #1554032 - saned doesn't have permissions to write on usb port https://bugzilla.redhat.com/show_bug.cgi?id=1554032 -------------------------------------------------------------------------------- ================================================================================ uget-2.2.1-1.fc27 (FEDORA-2018-2404249040) Download manager using GTK+ and libcurl -------------------------------------------------------------------------------- Update Information: New version 2.2.1 is released. -------------------------------------------------------------------------------- ================================================================================ waiverdb-0.9.1-1.fc27 (FEDORA-2018-9b51a1d05f) Service for waiving results in ResultsDB -------------------------------------------------------------------------------- Update Information: - Include "resultsdb_api_url" in the default config. - Switch to python3! ---- Fix some database migrations. ---- Release notes: https://docs.pagure.org/waiverdb/release-notes.html#waiverdb-0-8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1449168 - waiverdb: Switch to Python 3 https://bugzilla.redhat.com/show_bug.cgi?id=1449168 [ 2 ] Bug #1538463 - waiverdb-cli --help crashes https://bugzilla.redhat.com/show_bug.cgi?id=1538463 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
