The following Fedora 27 Security updates need testing: Age URL 26 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec1cd6db3 bro-2.5.3-1.fc27 21 https://bodhi.fedoraproject.org/updates/FEDORA-2018-81e1618ab9 glibc-arm-linux-gnu-2.26-4.fc27 18 https://bodhi.fedoraproject.org/updates/FEDORA-2018-dc984c59e5 drupal7-7.57-1.fc27 13 https://bodhi.fedoraproject.org/updates/FEDORA-2018-de113aeac6 ntp-4.2.8p11-1.fc27 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-52d79f4f36 dovecot-2.2.34-1.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e38f759144 python-bleach-2.1.3-1.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8ff86925c3 memcached-1.5.6-1.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c38e40a4bf golang-1.9.4-2.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bd1147f152 python-django-1.11.11-1.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-af30668257 advancecomp-2.1-4.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1697970ac4 dolphin-emu-5.0-21.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-55b7018374 mailman-2.1.21-8.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-96601292a2 php-simplesamlphp-saml2_1-1.10.6-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6db40b0c37 php-simplesamlphp-saml2-2.3.8-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4fb7cdd27f libgit2-0.26.3-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a2cc71c081 afflib-3.7.16-4.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-37e28670f2 php-simplesamlphp-saml2_3-3.1.4-3.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cf76003e1f kernel-4.15.9-300.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c923533479 webkitgtk4-2.20.0-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-89ed29a14b wireshark-2.4.5-2.fc27 The following Fedora 27 Critical Path updates have yet to be approved: Age URL 14 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e27287a733 pcre2-10.31-3.fc27 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1c31f1eccd iptables-1.6.2-2.fc27 libnftnl-1.0.9-2.fc27 nftables-0.8.2-2.fc27 10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d4a2b7350f xfce4-settings-4.12.2-2.fc27 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7acb1065ee lxpanel-0.9.3-7.D20180305gitb85c71a6.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa5edf1551 gsm-1.0.17-4.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-975e9f8b47 shared-mime-info-1.9-2.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c1e573d9d7 desktop-file-utils-0.23-6.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-77fdb91f3e nss-3.36.0-1.0.fc27 nss-softokn-3.36.0-1.0.fc27 nss-util-3.36.0-1.0.fc27 nspr-4.19.0-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-464eb6dc5e libappstream-glib-0.7.7-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c923533479 webkitgtk4-2.20.0-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cf76003e1f kernel-4.15.9-300.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f7a759e8c1 jansson-2.11-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-32ebae3424 selinux-policy-3.13.1-283.28.fc27 The following builds have been pushed to Fedora 27 updates-testing CuraEngine-lulzbot-2.6.69-1.fc27 R-Rcpp-0.12.16-1.fc27 R-gtools-3.5.0-1.fc27 R-hexbin-1.27.2-1.fc27 cura-lulzbot-2.6.69-1.fc27 curl-7.55.1-10.fc27 dnssec-trigger-0.15-5.fc27 elfutils-0.170-10.fc27 exim-4.90.1-3.fc27 firefox-59.0-3.fc27 ftp-0.17-75.fc27 gpxsee-5.4-1.fc27 hexchat-2.14.1-1.fc27 icecat-52.7.0-1.fc27 jetring-0.26-1.fc27 libtirpc-1.0.3-0.fc27 lollypop-0.9.401-1.fc27 lulzbot-marlin-firmware-1.1.5.71-1.fc27 lyx-2.3.0-1.fc27 oci-kvm-hook-0.3-1.fc27 openssl-pkcs11-0.4.7-6.fc27 perl-Gearman-2.004.014-1.fc27 perl-HTTP-Message-6.15-1.fc27 php-7.1.16~RC1-1.fc27 powerline-2.6-7.fc27 python-CommonMark-0.7.5-1.fc27 python-btchip-0.1.26-1.fc27 python-tree-format-0.1.2-1.fc27 python-uranium-lulzbot-2.6.69-1.fc27 python2-2.7.14-10.fc27 python3-3.6.4-9.fc27 speed-dreams-2.2.2-0.2.20180309svn6528.rc2.fc27 texlive-2016-37.20160520.fc27 vagrant-openstack-provider-0.12.0-1.fc27 youtube-dl-2018.03.10-1.fc27 Details about builds: ================================================================================ CuraEngine-lulzbot-2.6.69-1.fc27 (FEDORA-2018-da81ba15ca) Engine for processing 3D models into G-code instructions for 3D printers -------------------------------------------------------------------------------- Update Information: Update to cura-lulzbot 2.6.69. ---- Update to 2.6.66 (latest stable). ---- Update to Cura-lulzbot version 2! Comes with new firmware that actually builds properly from source code, AND a whole new UI. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1532837 - Review Request: python-uranium-lulzbot - A Python framework for building desktop applications https://bugzilla.redhat.com/show_bug.cgi?id=1532837 -------------------------------------------------------------------------------- ================================================================================ R-Rcpp-0.12.16-1.fc27 (FEDORA-2018-1da755922f) Seamless R and C++ Integration -------------------------------------------------------------------------------- Update Information: Rcpp 0.12.16 -------------------------------------------------------------------------------- ================================================================================ R-gtools-3.5.0-1.fc27 (FEDORA-2018-bd0b9ac37f) Various R Programming Tools -------------------------------------------------------------------------------- Update Information: Initial package of gtools for R -------------------------------------------------------------------------------- References: [ 1 ] Bug #1554659 - Review Request: R-gtools - Various R Programming Tools https://bugzilla.redhat.com/show_bug.cgi?id=1554659 -------------------------------------------------------------------------------- ================================================================================ R-hexbin-1.27.2-1.fc27 (FEDORA-2018-8d7cd5abda) Hexagonal Binning Routines -------------------------------------------------------------------------------- Update Information: Initial package of hexbin for R -------------------------------------------------------------------------------- References: [ 1 ] Bug #1554684 - Review Request: R-hexbin - Hexagonal Binning Routines https://bugzilla.redhat.com/show_bug.cgi?id=1554684 -------------------------------------------------------------------------------- ================================================================================ cura-lulzbot-2.6.69-1.fc27 (FEDORA-2018-da81ba15ca) 3D printer control software -------------------------------------------------------------------------------- Update Information: Update to cura-lulzbot 2.6.69. ---- Update to 2.6.66 (latest stable). ---- Update to Cura-lulzbot version 2! Comes with new firmware that actually builds properly from source code, AND a whole new UI. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1532837 - Review Request: python-uranium-lulzbot - A Python framework for building desktop applications https://bugzilla.redhat.com/show_bug.cgi?id=1532837 -------------------------------------------------------------------------------- ================================================================================ curl-7.55.1-10.fc27 (FEDORA-2018-8877b4ccac) A utility for getting files from remote servers (FTP, HTTP, and others) -------------------------------------------------------------------------------- Update Information: - fix FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120) - fix LDAP NULL pointer dereference (CVE-2018-1000121) - fix RTSP RTP buffer over-read (CVE-2018-1000122) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1555209 - CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 curl: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1555209 -------------------------------------------------------------------------------- ================================================================================ dnssec-trigger-0.15-5.fc27 (FEDORA-2018-85e79bd83c) Tool for dynamic reconfiguration of validating resolver Unbound -------------------------------------------------------------------------------- Update Information: Occasional NXDOMAIN failures for resolver are fixed. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1555355 - NSEC probe on resolver sometimes fail with NXDOMAIN https://bugzilla.redhat.com/show_bug.cgi?id=1555355 -------------------------------------------------------------------------------- ================================================================================ elfutils-0.170-10.fc27 (FEDORA-2018-189e532522) A collection of utilities and DSOs to handle ELF files and DWARF data -------------------------------------------------------------------------------- Update Information: Prepare for GCC8 and some new DWARF constructs. -------------------------------------------------------------------------------- ================================================================================ exim-4.90.1-3.fc27 (FEDORA-2018-db9adf44c9) The exim mail transfer agent -------------------------------------------------------------------------------- Update Information: This is an update fixing dec64table OOB read in b64decode. -------------------------------------------------------------------------------- ================================================================================ firefox-59.0-3.fc27 (FEDORA-2018-05c7b5a5cc) Mozilla Firefox Web browser -------------------------------------------------------------------------------- Update Information: There's a new Firefox version (59.0) available, see https://www.mozilla.org/en- US/firefox/59.0/releasenotes/ for details. -------------------------------------------------------------------------------- ================================================================================ ftp-0.17-75.fc27 (FEDORA-2018-2a86032f6e) The standard UNIX FTP (File Transfer Protocol) client -------------------------------------------------------------------------------- Update Information: Added distribution LDFLAGS during build -------------------------------------------------------------------------------- References: [ 1 ] Bug #1548427 - ftp: Partial build flags injection https://bugzilla.redhat.com/show_bug.cgi?id=1548427 -------------------------------------------------------------------------------- ================================================================================ gpxsee-5.4-1.fc27 (FEDORA-2018-1acce94adc) GPS log file viewer and analyzer -------------------------------------------------------------------------------- Update Information: News in version **5.4**: * Added pace info * Added support for EPSG 21781 PCS (Swiss grid) * Added missing WMTS dimensions handling * Fixed broken zoom rectangle computation * Fixed swapped GeoTIFF LCC1 and LCC2 projection codes * Fixed loading of WGS84 GeoTIFF images defined using the ellipsoid only * Fixed broken (case-sensitive) WMTS parameters handling -------------------------------------------------------------------------------- References: [ 1 ] Bug #1554158 - gpxsee-5.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1554158 -------------------------------------------------------------------------------- ================================================================================ hexchat-2.14.1-1.fc27 (FEDORA-2018-c61b5df7d5) A popular and easy to use graphical IRC (chat) client -------------------------------------------------------------------------------- Update Information: Performance fix on top of 2.14.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1516656 - there's no way to get it back after iconify to tray https://bugzilla.redhat.com/show_bug.cgi?id=1516656 [ 2 ] Bug #1554263 - hexchat 2.14.0-1.fc27 has extremely slow redrawing https://bugzilla.redhat.com/show_bug.cgi?id=1554263 -------------------------------------------------------------------------------- ================================================================================ icecat-52.7.0-1.fc27 (FEDORA-2018-b63e60fb24) GNU version of Firefox browser -------------------------------------------------------------------------------- Update Information: - Update to 52.7.0 -------------------------------------------------------------------------------- ================================================================================ jetring-0.26-1.fc27 (FEDORA-2018-4e83a79cb6) GPG keyring maintenance using changesets -------------------------------------------------------------------------------- Update Information: Update to jetring-0.26, see http://metadata.ftp- master.debian.org/changelogs/main/j/jetring/jetring_0.26_changelog for details. -------------------------------------------------------------------------------- ================================================================================ libtirpc-1.0.3-0.fc27 (FEDORA-2018-e725c2cd7b) Transport Independent RPC Library -------------------------------------------------------------------------------- Update Information: Update to latest upstream release: libtirpc-1-0-3 -------------------------------------------------------------------------------- ================================================================================ lollypop-0.9.401-1.fc27 (FEDORA-2018-7217601fe9) Music player for GNOME -------------------------------------------------------------------------------- Update Information: Update to 0.9.401 ---- Update to 0.9.400 -------------------------------------------------------------------------------- ================================================================================ lulzbot-marlin-firmware-1.1.5.71-1.fc27 (FEDORA-2018-da81ba15ca) Marlin firmware files for the Lulzbot family of 3D printers -------------------------------------------------------------------------------- Update Information: Update to cura-lulzbot 2.6.69. ---- Update to 2.6.66 (latest stable). ---- Update to Cura-lulzbot version 2! Comes with new firmware that actually builds properly from source code, AND a whole new UI. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1532837 - Review Request: python-uranium-lulzbot - A Python framework for building desktop applications https://bugzilla.redhat.com/show_bug.cgi?id=1532837 -------------------------------------------------------------------------------- ================================================================================ lyx-2.3.0-1.fc27 (FEDORA-2018-9dd4071888) WYSIWYM (What You See Is What You Mean) document processor -------------------------------------------------------------------------------- Update Information: This is the first release of the new stable series for LyX. The 2.3 series has a rich set of new features compared to the previous stable series. An overview of the new features can be found here: https://wiki.lyx.org/LyX/NewInLyX23 If a file from an earlier version of LyX is opened *and saved* with any version of 2.3.x, then the original file will automatically be backed up. The backup file will be found in the backup directory, if one is set under Tools> Preferences> Paths, or else in the same folder as the original file, if no backup directory is set. The filename of the backup file will be: ORIGNAME-lyxformat- NUM.lyx~ where NUM is the LyX format number of the original file. In the case of 2.2.x file, this will be 508, but in the case of older files it will be different. The file `RELEASE-NOTES` available in the package or at https://www.lyx.org/trac/browser/lyxgit/lib/RELEASE-NOTES?rev=2.3.0 lists the major changes compared to the previous stable release (LyX 2.2.3). -------------------------------------------------------------------------------- ================================================================================ oci-kvm-hook-0.3-1.fc27 (FEDORA-2018-df368e4ed4) Golang binary to mount /dev/kvm into OCI containers -------------------------------------------------------------------------------- Update Information: - Lookup devices cgroup path of target process -------------------------------------------------------------------------------- ================================================================================ openssl-pkcs11-0.4.7-6.fc27 (FEDORA-2018-f82561c00a) A PKCS#11 engine for use with OpenSSL -------------------------------------------------------------------------------- Update Information: Obsolete libp11-devel to fix update -------------------------------------------------------------------------------- ================================================================================ perl-Gearman-2.004.014-1.fc27 (FEDORA-2018-b07e6cb955) Perl interface for Gearman distributed job system -------------------------------------------------------------------------------- Update Information: This release fixes a recursion warning with a large payload. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1555096 - perl-Gearman-2.004.014 is available https://bugzilla.redhat.com/show_bug.cgi?id=1555096 -------------------------------------------------------------------------------- ================================================================================ perl-HTTP-Message-6.15-1.fc27 (FEDORA-2018-6d6efcb0c9) HTTP style message -------------------------------------------------------------------------------- Update Information: This release adds is_cacheable_by_default() function to evaluate whether a given response code allows caching. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1555093 - perl-HTTP-Message-6.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=1555093 -------------------------------------------------------------------------------- ================================================================================ php-7.1.16~RC1-1.fc27 (FEDORA-2018-5b458a66d7) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: # Only for QA **PHP version 7.1.16RC1** (15 Mar 2018) **Core:** * Fixed bug php#76025 (Segfault while throwing exception in error_handler). (Dmitry, Laruence) * Fixed bug php#76044 ('date: illegal option -- -' in ./configure on FreeBSD). (Anatol) **GD:** * Fixed bug php#73957 (signed integer conversion in imagescale()). (cmb) **ODBC:** * Fixed bug php#76088 (ODBC functions are not available by default on Windows). (cmb) **Opcache:** * Fixed bug php#76074 (opcache corrupts variable in for-loop). (Bob) **Phar:** * Fixed bug php#76085 (Segmentation fault in buildFromIterator when directory name contains a \n). (Laruence) **Standard:** * Fixed bug php#74139 (mail.add_x_header default inconsistent with docs). (cmb) * Fixed bug php#76068 (parse_ini_string fails to parse "[foo]\nbar=1|>baz" with segfault). (Anatol) -------------------------------------------------------------------------------- ================================================================================ powerline-2.6-7.fc27 (FEDORA-2018-d6a558d13b) The ultimate status-line/prompt utility -------------------------------------------------------------------------------- Update Information: Fix mislocated ipython bindings by not moving them (RHBZ #1554741) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1554741 - ModuleNotFoundError: No module named 'powerline.bindings.ipython.post_0_11' https://bugzilla.redhat.com/show_bug.cgi?id=1554741 -------------------------------------------------------------------------------- ================================================================================ python-CommonMark-0.7.5-1.fc27 (FEDORA-2018-e4d53e789c) Python parser for the CommonMark Markdown spec -------------------------------------------------------------------------------- Update Information: Update to 0.7.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1555092 - python-CommonMark-0.7.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1555092 -------------------------------------------------------------------------------- ================================================================================ python-btchip-0.1.26-1.fc27 (FEDORA-2018-e931c7fe17) Python communication library for Ledger Hardware Wallet products -------------------------------------------------------------------------------- Update Information: Update to 0.1.26 (0.1.25 was a same-day release) -------------------------------------------------------------------------------- ================================================================================ python-tree-format-0.1.2-1.fc27 (FEDORA-2018-98907b6fa9) Python library to generate nicely formatted trees, like the UNIX tree command -------------------------------------------------------------------------------- Update Information: new package -------------------------------------------------------------------------------- ================================================================================ python-uranium-lulzbot-2.6.69-1.fc27 (FEDORA-2018-da81ba15ca) A Python framework for building desktop applications (Lulzbot fork) -------------------------------------------------------------------------------- Update Information: Update to cura-lulzbot 2.6.69. ---- Update to 2.6.66 (latest stable). ---- Update to Cura-lulzbot version 2! Comes with new firmware that actually builds properly from source code, AND a whole new UI. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1532837 - Review Request: python-uranium-lulzbot - A Python framework for building desktop applications https://bugzilla.redhat.com/show_bug.cgi?id=1532837 -------------------------------------------------------------------------------- ================================================================================ python2-2.7.14-10.fc27 (FEDORA-2018-a9d2b42ad4) An interpreted, interactive, object-oriented programming language -------------------------------------------------------------------------------- Update Information: Fix broken SSL module -------------------------------------------------------------------------------- References: [ 1 ] Bug #1555081 - python2-2.7.14-14 breaks fedpkg build (_ssl.so: undefined symbol: Py_MAX) https://bugzilla.redhat.com/show_bug.cgi?id=1555081 [ 2 ] Bug #1554760 - Don't send IP address as SNI TLS extension https://bugzilla.redhat.com/show_bug.cgi?id=1554760 -------------------------------------------------------------------------------- ================================================================================ python3-3.6.4-9.fc27 (FEDORA-2018-786774956d) Interpreter of the Python programming language -------------------------------------------------------------------------------- Update Information: Do not send IP addresses in SNI TLS extension -------------------------------------------------------------------------------- References: [ 1 ] Bug #1554757 - Backport fix for SSLContext.wrap_socket sending SNI Extension when server_hostname is IP https://bugzilla.redhat.com/show_bug.cgi?id=1554757 -------------------------------------------------------------------------------- ================================================================================ speed-dreams-2.2.2-0.2.20180309svn6528.rc2.fc27 (FEDORA-2018-7b4d478ed6) The Open Racing Car Simulator -------------------------------------------------------------------------------- Update Information: Update to 2.2.2-0.2.20180309svn6528.rc2 -------------------------------------------------------------------------------- ================================================================================ texlive-2016-37.20160520.fc27 (FEDORA-2018-7e9e216bc2) TeX formatting system -------------------------------------------------------------------------------- Update Information: Fix a2ping with Ghostscript 9.22+ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1530268 - a2ping doesn't work with ghostscript 9.22 https://bugzilla.redhat.com/show_bug.cgi?id=1530268 -------------------------------------------------------------------------------- ================================================================================ vagrant-openstack-provider-0.12.0-1.fc27 (FEDORA-2018-fd605aced6) Vagrant plugin for OpenStack provider -------------------------------------------------------------------------------- Update Information: New upstream release 0.12.0 BZ#1549356 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1549356 - vagrant-openstack-provider-0.12.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1549356 -------------------------------------------------------------------------------- ================================================================================ youtube-dl-2018.03.10-1.fc27 (FEDORA-2018-7d40ecfc31) A small command-line program to download online videos -------------------------------------------------------------------------------- Update Information: Latest upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1551176 - youtube-dl-2018.03.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1551176 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
