The following Fedora 27 Security updates need testing: Age URL 35 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec1cd6db3 bro-2.5.3-1.fc27 26 https://bodhi.fedoraproject.org/updates/FEDORA-2018-dc984c59e5 drupal7-7.57-1.fc27 21 https://bodhi.fedoraproject.org/updates/FEDORA-2018-52d79f4f36 dovecot-2.2.34-1.fc27 16 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e38f759144 python-bleach-2.1.3-1.fc27 16 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8ff86925c3 memcached-1.5.6-1.fc27 11 https://bodhi.fedoraproject.org/updates/FEDORA-2018-96601292a2 php-simplesamlphp-saml2_1-1.10.6-1.fc27 11 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6db40b0c37 php-simplesamlphp-saml2-2.3.8-1.fc27 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-37e28670f2 php-simplesamlphp-saml2_3-3.1.4-3.fc27 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c923533479 webkitgtk4-2.20.0-1.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-45d8b8ae21 puppet-4.10.10-1.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6db2f7a02e python-paramiko-2.3.2-1.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7c2e0a998d acpica-tools-20180209-1.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-df1a571a34 slurm-17.02.10-1.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1b67b3a3a3 glpi-9.1.7.1-2.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ad652798b8 mosquitto-1.4.15-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cf918d73cc apache-commons-compress-1.14-3.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-0a473d6e7b unboundid-ldapsdk-4.0.5-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-50f0da5d38 tomcat-8.0.50-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a4353f97db slf4j-1.7.25-4.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1fb6a24703 mozjs52-52.7.2-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-223d8fc52a java-1.8.0-openjdk-aarch32-1.8.0.161-1.180220.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b621d86462 python-notebook-5.2.1-2.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-44e1c23700 qt5-qtwebengine-5.10.1-4.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-07e15ad5a5 sqlite-3.20.1-2.fc27 The following Fedora 27 Critical Path updates have yet to be approved: Age URL 21 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1c31f1eccd iptables-1.6.2-2.fc27 libnftnl-1.0.9-2.fc27 nftables-0.8.2-2.fc27 17 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7acb1065ee lxpanel-0.9.3-7.D20180305gitb85c71a6.fc27 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c923533479 webkitgtk4-2.20.0-1.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-55a6726164 PackageKit-1.1.9-2.fc27 gnome-software-3.28.0-4.fc27 libappstream-glib-0.7.7-2.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3c04a6145d osinfo-db-20180318-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-61e6647d3b glusterfs-3.12.7-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-95dac71a1c pcre-8.42-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e344a6d79b xfce4-settings-4.12.3-1.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-01ae3c39c5 libgweather-3.26.2-1.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4eaa75349d flatpak-0.10.4-1.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-adbc1da28c pcre2-10.31-4.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-07e15ad5a5 sqlite-3.20.1-2.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-87f0523a2d ostree-2018.3-1.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-badf6d0f9e grubby-8.40-8.fc27 The following builds have been pushed to Fedora 27 updates-testing R-R.oo-1.21.0-2.fc27 R-bindrcpp-0.2-1.fc27 R-callr-2.0.2-2.fc27 R-clipr-0.4.0-1.fc27 R-openssl-1.0.1-1.fc27 R-orcutt-2.2-1.fc27 R-poLCA-1.4.1-1.fc27 R-rgdal-1.2.18-1.fc27 R-rprintf-0.2.1-2.fc27 R-statnet.common-4.0.0-1.fc27 R-tkrplot-0.0.23-1.fc27 bind-9.11.3-2.fc27 bind-dyndb-ldap-11.1-10.fc27 cantata-2.2.0-1.fc27 chromium-65.0.3325.181-1.fc27 dnsmasq-2.79-1.fc27 dnsperf-2.1.0.0-14.fc27 erlang-19.3.6.7-1.fc27 exempi-2.4.5-1.fc27 fleet-commander-admin-0.10.6-3.fc27 ghc-servant-options-0.1.0.0-2.fc27 ghc-servant-server-0.12-2.fc27 gqrx-2.11.1-1.fc27 icecat-52.7.2-1.fc27 kernel-4.15.12-301.fc27 libvncserver-0.9.11-5.fc27 openblas-0.2.20-10.fc27 php-pragmarx-google2fa-3.0.1-1.fc27 policycoreutils-2.7-6.fc27 python-django-mptt-0.8.6-5.fc27 python-ratelimitingfilter-0.6-1.fc27 python-recaptcha-client-2.0.1-1.fc27 qemu-2.10.1-3.fc27 rawtherapee-5.4-1.fc27 skrooge-2.12.0-1.fc27 urjtag-2017.10-2.fc27 Details about builds: ================================================================================ R-R.oo-1.21.0-2.fc27 (FEDORA-2018-c63f15baff) R Object-Oriented Programming with or without References -------------------------------------------------------------------------------- Update Information: Initial package of R.oo for R -------------------------------------------------------------------------------- References: [ 1 ] Bug #1558874 - Review Request: R-R.oo - R Object-Oriented Programming with or without References https://bugzilla.redhat.com/show_bug.cgi?id=1558874 -------------------------------------------------------------------------------- ================================================================================ R-bindrcpp-0.2-1.fc27 (FEDORA-2018-2849812dbe) An 'Rcpp' Interface to Active Bindings -------------------------------------------------------------------------------- Update Information: Initial package of bindrcpp for R -------------------------------------------------------------------------------- References: [ 1 ] Bug #1558882 - Review Request: R-bindrcpp - An 'Rcpp' Interface to Active Bindings https://bugzilla.redhat.com/show_bug.cgi?id=1558882 -------------------------------------------------------------------------------- ================================================================================ R-callr-2.0.2-2.fc27 (FEDORA-2018-26e6c1dfe2) Call R from R -------------------------------------------------------------------------------- Update Information: Initial package of callr for R -------------------------------------------------------------------------------- References: [ 1 ] Bug #1558892 - Review Request: R-callr - Call R from R https://bugzilla.redhat.com/show_bug.cgi?id=1558892 -------------------------------------------------------------------------------- ================================================================================ R-clipr-0.4.0-1.fc27 (FEDORA-2018-aacd18ceef) Read and Write from the System Clipboard -------------------------------------------------------------------------------- Update Information: Initial package of clipr for R -------------------------------------------------------------------------------- References: [ 1 ] Bug #1558894 - Review Request: R-clipr - Read and Write from the System Clipboard https://bugzilla.redhat.com/show_bug.cgi?id=1558894 -------------------------------------------------------------------------------- ================================================================================ R-openssl-1.0.1-1.fc27 (FEDORA-2018-923ea32234) Toolkit for Encryption, Signatures and Certificates Based on OpenSSL -------------------------------------------------------------------------------- Update Information: Initial package of openssl for R -------------------------------------------------------------------------------- References: [ 1 ] Bug #1557748 - Review Request: R-openssl - Toolkit for Encryption, Signatures and Certificates Based on OpenSSL https://bugzilla.redhat.com/show_bug.cgi?id=1557748 -------------------------------------------------------------------------------- ================================================================================ R-orcutt-2.2-1.fc27 (FEDORA-2018-77afa17466) Estimate Procedure in Case of First Order Autocorrelation -------------------------------------------------------------------------------- Update Information: Initial package of orcutt for R -------------------------------------------------------------------------------- References: [ 1 ] Bug #1558789 - Review Request: R-orcutt - Estimate Procedure in Case of First Order Autocorrelation https://bugzilla.redhat.com/show_bug.cgi?id=1558789 -------------------------------------------------------------------------------- ================================================================================ R-poLCA-1.4.1-1.fc27 (FEDORA-2018-db14084fa3) Polytomous variable Latent Class Analysis -------------------------------------------------------------------------------- Update Information: Initial package of poLCA for R -------------------------------------------------------------------------------- References: [ 1 ] Bug #1558859 - Review Request: R-poLCA - Polytomous variable Latent Class Analysis https://bugzilla.redhat.com/show_bug.cgi?id=1558859 -------------------------------------------------------------------------------- ================================================================================ R-rgdal-1.2.18-1.fc27 (FEDORA-2018-2a1bdde08c) Bindings for the 'Geospatial' Data Abstraction Library -------------------------------------------------------------------------------- Update Information: Initial package of rgdal for R -------------------------------------------------------------------------------- References: [ 1 ] Bug #1558779 - Review Request: R-rgdal - Bindings for the 'Geospatial' Data Abstraction Library https://bugzilla.redhat.com/show_bug.cgi?id=1558779 -------------------------------------------------------------------------------- ================================================================================ R-rprintf-0.2.1-2.fc27 (FEDORA-2018-33c09d2a4d) Adaptive Builder for Formatted Strings -------------------------------------------------------------------------------- Update Information: Initial package of rprintf for R -------------------------------------------------------------------------------- References: [ 1 ] Bug #1558784 - Review Request: R-rprintf - Adaptive Builder for Formatted Strings https://bugzilla.redhat.com/show_bug.cgi?id=1558784 -------------------------------------------------------------------------------- ================================================================================ R-statnet.common-4.0.0-1.fc27 (FEDORA-2018-89052264a4) Common R Scripts and Utilities Used by the Statnet Project Software -------------------------------------------------------------------------------- Update Information: Initial package of statnet.common for R -------------------------------------------------------------------------------- References: [ 1 ] Bug #1558756 - Review Request: R-statnet.common - Common R Scripts and Utilities Used by the Statnet Project Software https://bugzilla.redhat.com/show_bug.cgi?id=1558756 -------------------------------------------------------------------------------- ================================================================================ R-tkrplot-0.0.23-1.fc27 (FEDORA-2018-bc92fd0157) TK Rplot -------------------------------------------------------------------------------- Update Information: Initial package of tkrplot for R -------------------------------------------------------------------------------- References: [ 1 ] Bug #1558757 - Review Request: R-tkrplot - TK Rplot https://bugzilla.redhat.com/show_bug.cgi?id=1558757 -------------------------------------------------------------------------------- ================================================================================ bind-9.11.3-2.fc27 (FEDORA-2018-0b6bcf4f5b) The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server -------------------------------------------------------------------------------- Update Information: - Rebase to latest supported release 9.11.3 - support IDN 2008 in dig, enabled by default - rebuilt bind-dyndb-ldap and dnsperf -------------------------------------------------------------------------------- References: [ 1 ] Bug #1098783 - BIND only supports IDNA 2003 but not IDNA 2008 https://bugzilla.redhat.com/show_bug.cgi?id=1098783 -------------------------------------------------------------------------------- ================================================================================ bind-dyndb-ldap-11.1-10.fc27 (FEDORA-2018-0b6bcf4f5b) LDAP back-end plug-in for BIND -------------------------------------------------------------------------------- Update Information: - Rebase to latest supported release 9.11.3 - support IDN 2008 in dig, enabled by default - rebuilt bind-dyndb-ldap and dnsperf -------------------------------------------------------------------------------- References: [ 1 ] Bug #1098783 - BIND only supports IDNA 2003 but not IDNA 2008 https://bugzilla.redhat.com/show_bug.cgi?id=1098783 -------------------------------------------------------------------------------- ================================================================================ cantata-2.2.0-1.fc27 (FEDORA-2018-5bddfe4ea7) Music Player Daemon (MPD) graphical client -------------------------------------------------------------------------------- Update Information: New stable release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1497367 - cantata-2.2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1497367 -------------------------------------------------------------------------------- ================================================================================ chromium-65.0.3325.181-1.fc27 (FEDORA-2018-faff5f661e) A WebKit (Blink) powered web browser -------------------------------------------------------------------------------- Update Information: Update to Chromium 65. For EPEL7, it has been a long time since a successful build has been possible, so this will fix a LOT of CVEs. CVE-2017-15396 CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15412 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15422 CVE-2018-6056 CVE-2018-6406 CVE-2018-6057 CVE-2018-6058 CVE-2018-6059 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6068 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1552500 - CVE-2018-6083 chromium-browser: incorrect processing of appmanifests https://bugzilla.redhat.com/show_bug.cgi?id=1552500 [ 2 ] Bug #1552499 - CVE-2018-6082 chromium-browser: circumvention of port blocking https://bugzilla.redhat.com/show_bug.cgi?id=1552499 [ 3 ] Bug #1552498 - CVE-2018-6081 chromium-browser: xss in interstitials https://bugzilla.redhat.com/show_bug.cgi?id=1552498 [ 4 ] Bug #1552497 - CVE-2018-6080 chromium-browser: information disclosure in ipc call https://bugzilla.redhat.com/show_bug.cgi?id=1552497 [ 5 ] Bug #1552496 - CVE-2018-6079 chromium-browser: information disclosure via texture data in webgl https://bugzilla.redhat.com/show_bug.cgi?id=1552496 [ 6 ] Bug #1552495 - CVE-2018-6078 chromium-browser: url spoof in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1552495 [ 7 ] Bug #1552494 - CVE-2018-6077 chromium-browser: timing attack using svg filters https://bugzilla.redhat.com/show_bug.cgi?id=1552494 [ 8 ] Bug #1552493 - CVE-2018-6076 chromium-browser: incorrect handling of url fragment identifiers in blink https://bugzilla.redhat.com/show_bug.cgi?id=1552493 [ 9 ] Bug #1552492 - CVE-2018-6075 chromium-browser: overly permissive cross origin downloads https://bugzilla.redhat.com/show_bug.cgi?id=1552492 [ 10 ] Bug #1552491 - CVE-2018-6074 chromium-browser: mark-of-the-web bypass https://bugzilla.redhat.com/show_bug.cgi?id=1552491 [ 11 ] Bug #1552490 - CVE-2018-6073 chromium-browser: heap bufffer overflow in webgl https://bugzilla.redhat.com/show_bug.cgi?id=1552490 [ 12 ] Bug #1552489 - CVE-2018-6072 chromium-browser: integer overflow in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1552489 [ 13 ] Bug #1552488 - CVE-2018-6071 chromium-browser: heap bufffer overflow in skia https://bugzilla.redhat.com/show_bug.cgi?id=1552488 [ 14 ] Bug #1552487 - CVE-2018-6070 chromium-browser: csp bypass through extensions https://bugzilla.redhat.com/show_bug.cgi?id=1552487 [ 15 ] Bug #1552486 - CVE-2018-6069 chromium-browser: stack buffer overflow in skia https://bugzilla.redhat.com/show_bug.cgi?id=1552486 [ 16 ] Bug #1552485 - CVE-2018-6068 chromium-browser: object lifecycle issues in chrome custom tab https://bugzilla.redhat.com/show_bug.cgi?id=1552485 [ 17 ] Bug #1552484 - CVE-2018-6067 chromium-browser: buffer overflow in skia https://bugzilla.redhat.com/show_bug.cgi?id=1552484 [ 18 ] Bug #1552483 - CVE-2018-6066 chromium-browser: same origin bypass via canvas https://bugzilla.redhat.com/show_bug.cgi?id=1552483 [ 19 ] Bug #1552482 - CVE-2018-6065 chromium-browser: integer overflow in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1552482 [ 20 ] Bug #1552481 - CVE-2018-6064 chromium-browser: type confusion in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1552481 [ 21 ] Bug #1552480 - CVE-2018-6063 chromium-browser: incorrect permissions on shared memory https://bugzilla.redhat.com/show_bug.cgi?id=1552480 [ 22 ] Bug #1552479 - CVE-2018-6057 chromium-browser: incorrect permissions on shared memory https://bugzilla.redhat.com/show_bug.cgi?id=1552479 [ 23 ] Bug #1552478 - CVE-2018-6062 chromium-browser: heap buffer overflow in skia https://bugzilla.redhat.com/show_bug.cgi?id=1552478 [ 24 ] Bug #1552477 - CVE-2018-6061 chromium-browser: race condition in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1552477 [ 25 ] Bug #1552476 - CVE-2018-6060 chromium-browser: use-after-free in blink https://bugzilla.redhat.com/show_bug.cgi?id=1552476 [ 26 ] Bug #1552475 - CVE-2018-6059 chromium-browser: use-after-free in flash https://bugzilla.redhat.com/show_bug.cgi?id=1552475 [ 27 ] Bug #1552474 - CVE-2018-6058 chromium-browser: use-after-free in flash https://bugzilla.redhat.com/show_bug.cgi?id=1552474 [ 28 ] Bug #1547349 - CVE-2018-6406 libwebm: Out of bounds read in libwebm_util.cc:ParseVP9SuperFrameIndex() can lead to information leak or potential denial of service https://bugzilla.redhat.com/show_bug.cgi?id=1547349 [ 29 ] Bug #1545062 - CVE-2018-6056 chromium-browser: incorrect derived class instantiation in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1545062 [ 30 ] Bug #1523141 - CVE-2017-15427 chromium-browser: insufficient blocking of javascript in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1523141 [ 31 ] Bug #1523140 - CVE-2017-15426 chromium-browser: url spoof in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1523140 [ 32 ] Bug #1523139 - CVE-2017-15425 chromium-browser: url spoof in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1523139 [ 33 ] Bug #1523138 - CVE-2017-15424 chromium-browser: url spoof in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1523138 [ 34 ] Bug #1523137 - CVE-2017-15423 chromium-browser: issue with spake implementation in boringssl https://bugzilla.redhat.com/show_bug.cgi?id=1523137 [ 35 ] Bug #1523136 - CVE-2017-15422 chromium-browser: integer overflow in icu https://bugzilla.redhat.com/show_bug.cgi?id=1523136 [ 36 ] Bug #1523135 - CVE-2017-15420 chromium-browser: url spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1523135 [ 37 ] Bug #1523134 - CVE-2017-15419 chromium-browser: cross origin leak of redirect url in blink https://bugzilla.redhat.com/show_bug.cgi?id=1523134 [ 38 ] Bug #1523133 - CVE-2017-15418 chromium-browser: use of uninitialized value in skia https://bugzilla.redhat.com/show_bug.cgi?id=1523133 [ 39 ] Bug #1523132 - CVE-2017-15417 chromium-browser: cross origin information disclosure in skia https://bugzilla.redhat.com/show_bug.cgi?id=1523132 [ 40 ] Bug #1523131 - CVE-2017-15416 chromium-browser: out of bounds read in blink https://bugzilla.redhat.com/show_bug.cgi?id=1523131 [ 41 ] Bug #1523130 - CVE-2017-15415 chromium-browser: pointer information disclosure in ipc call https://bugzilla.redhat.com/show_bug.cgi?id=1523130 [ 42 ] Bug #1523129 - CVE-2017-15413 chromium-browser: type confusion in webassembly https://bugzilla.redhat.com/show_bug.cgi?id=1523129 [ 43 ] Bug #1523128 - CVE-2017-15412 chromium-browser: use after free in libxml https://bugzilla.redhat.com/show_bug.cgi?id=1523128 [ 44 ] Bug #1523127 - CVE-2017-15411 chromium-browser: use after free in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1523127 [ 45 ] Bug #1523126 - CVE-2017-15410 chromium-browser: use after free in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1523126 [ 46 ] Bug #1523125 - CVE-2017-15409 chromium-browser: out of bounds write in skia https://bugzilla.redhat.com/show_bug.cgi?id=1523125 [ 47 ] Bug #1523124 - CVE-2017-15408 chromium-browser: heap buffer overflow in pdfium https://bugzilla.redhat.com/show_bug.cgi?id=1523124 [ 48 ] Bug #1523123 - CVE-2017-15407 chromium-browser: out of bounds write in quic https://bugzilla.redhat.com/show_bug.cgi?id=1523123 -------------------------------------------------------------------------------- ================================================================================ dnsmasq-2.79-1.fc27 (FEDORA-2018-bb556fd888) A lightweight DHCP/caching DNS server -------------------------------------------------------------------------------- Update Information: - Rebase to 2.79 - Manual require to nettle >= 3.4 - cname can contain spaces again -------------------------------------------------------------------------------- References: [ 1 ] Bug #1548060 - dnsmasq fails with older version of nettle rpm https://bugzilla.redhat.com/show_bug.cgi?id=1548060 [ 2 ] Bug #1557978 - dnsmasq-2.79 is available https://bugzilla.redhat.com/show_bug.cgi?id=1557978 [ 3 ] Bug #1498667 - [Regression] dnsmasq 2.78 breaks CNAMEs in config file https://bugzilla.redhat.com/show_bug.cgi?id=1498667 -------------------------------------------------------------------------------- ================================================================================ dnsperf-2.1.0.0-14.fc27 (FEDORA-2018-0b6bcf4f5b) Benchmarking authorative and recursing DNS servers -------------------------------------------------------------------------------- Update Information: - Rebase to latest supported release 9.11.3 - support IDN 2008 in dig, enabled by default - rebuilt bind-dyndb-ldap and dnsperf -------------------------------------------------------------------------------- References: [ 1 ] Bug #1098783 - BIND only supports IDNA 2003 but not IDNA 2008 https://bugzilla.redhat.com/show_bug.cgi?id=1098783 -------------------------------------------------------------------------------- ================================================================================ erlang-19.3.6.7-1.fc27 (FEDORA-2018-0166271cea) General-purpose programming language and runtime environment -------------------------------------------------------------------------------- Update Information: * Erlang ver. 19.3.6.7 ---- * Ver. 19.3.6.6 -------------------------------------------------------------------------------- ================================================================================ exempi-2.4.5-1.fc27 (FEDORA-2018-c442aad4dc) Library for easy parsing of XMP metadata -------------------------------------------------------------------------------- Update Information: Version **2.4.5** fixes the following security issues: * **CVE-2018-7728** * **CVE-2018-7729** * **CVE-2018-7730** * **CVE-2018-7731** Version **2.4.4** fixes the following security issues: * **CVE-2017-18233** * **CVE-2017-18236** Version **2.4.3** fixes the following security issues: * **CVE-2017-18234** * **CVE-2017-18235** * **CVE-2017-18237** -------------------------------------------------------------------------------- References: [ 1 ] Bug #1555156 - CVE-2018-7728 CVE-2018-7729 CVE-2018-7730 CVE-2018-7731 exempi: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1555156 [ 2 ] Bug #1559578 - CVE-2017-18233 CVE-2017-18234 CVE-2017-18235 CVE-2017-18236 CVE-2017-18237 exempi: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1559578 -------------------------------------------------------------------------------- ================================================================================ fleet-commander-admin-0.10.6-3.fc27 (FEDORA-2018-4c465a9964) Fleet Commander -------------------------------------------------------------------------------- Update Information: Fixed EPEL specfile conditionals ---- Updated release to 0.10.6 -------------------------------------------------------------------------------- ================================================================================ ghc-servant-options-0.1.0.0-2.fc27 (FEDORA-2018-7cba671c22) Provide responses to OPTIONS requests for Servant applications -------------------------------------------------------------------------------- Update Information: Rebuild against new warp packages -------------------------------------------------------------------------------- ================================================================================ ghc-servant-server-0.12-2.fc27 (FEDORA-2018-7cba671c22) A family of combinators for defining webservices APIs and serving them -------------------------------------------------------------------------------- Update Information: Rebuild against new warp packages -------------------------------------------------------------------------------- ================================================================================ gqrx-2.11.1-1.fc27 (FEDORA-2018-06a9a570e8) Software defined radio receiver powered by GNU Radio and Qt -------------------------------------------------------------------------------- Update Information: new upstream version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1557979 - gqrx-2.11.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1557979 -------------------------------------------------------------------------------- ================================================================================ icecat-52.7.2-1.fc27 (FEDORA-2018-cd7625f75a) GNU version of Firefox browser -------------------------------------------------------------------------------- Update Information: Update to 52.7.2 -------------------------------------------------------------------------------- ================================================================================ kernel-4.15.12-301.fc27 (FEDORA-2018-e378863e47) The Linux kernel -------------------------------------------------------------------------------- Update Information: Incremental update to fix kernel-devel issues. ---- The 4.15.12 update contains numerous fixes across the tree. ---- The 4.15.11 update contains a number of important fixes across the tree -------------------------------------------------------------------------------- References: [ 1 ] Bug #1558066 - CVE-2017-18232 kernel: Mishandling mutex within libsas allowing local Denial of Service https://bugzilla.redhat.com/show_bug.cgi?id=1558066 -------------------------------------------------------------------------------- ================================================================================ libvncserver-0.9.11-5.fc27 (FEDORA-2018-4897772a43) Library to make writing a VNC server easy -------------------------------------------------------------------------------- Update Information: This release fixes a possible sensitive data leak and a memory exhaustion when handling ClientTextCut messages of the RFB protocol. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1546858 - CVE-2018-7225 libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c https://bugzilla.redhat.com/show_bug.cgi?id=1546858 -------------------------------------------------------------------------------- ================================================================================ openblas-0.2.20-10.fc27 (FEDORA-2018-493ca8ae30) An optimized BLAS library based on GotoBLAS2 -------------------------------------------------------------------------------- Update Information: Disables CPU affinity that had been enabled upstream by mistake. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1558091 - Different processor affinity for Fedora and julialang.org builds https://bugzilla.redhat.com/show_bug.cgi?id=1558091 -------------------------------------------------------------------------------- ================================================================================ php-pragmarx-google2fa-3.0.1-1.fc27 (FEDORA-2018-77b4142c4e) Google Two-Factor Authentication for PHP Package -------------------------------------------------------------------------------- Update Information: Google2FA is a PHP implementation of the Google Two-Factor Authentication Module, supporting the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1552442 - Review Request: php-pragmarx-google2fa - Google Two-Factor Authentication for PHP Package https://bugzilla.redhat.com/show_bug.cgi?id=1552442 -------------------------------------------------------------------------------- ================================================================================ policycoreutils-2.7-6.fc27 (FEDORA-2018-7535a8e21e) SELinux policy core utilities -------------------------------------------------------------------------------- Update Information: Few sepolicy gui fixes and important fix of 'semanage boolean -m' -------------------------------------------------------------------------------- References: [ 1 ] Bug #1334834 - semodule_unpackage man page is incorrect https://bugzilla.redhat.com/show_bug.cgi?id=1334834 [ 2 ] Bug #1559174 - Locally-changed booleans not preserved on upgrade from F27 to F28, cannot be set permanently after upgrade https://bugzilla.redhat.com/show_bug.cgi?id=1559174 -------------------------------------------------------------------------------- ================================================================================ python-django-mptt-0.8.6-5.fc27 (FEDORA-2018-7c2894f940) Utilities for implementing Modified Preorder Tree Traversal -------------------------------------------------------------------------------- Update Information: skip tests to fix ftbfs (rhbz#1531595) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1531595 - python-django-mptt: FTBFS in Fedora rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1531595 -------------------------------------------------------------------------------- ================================================================================ python-ratelimitingfilter-0.6-1.fc27 (FEDORA-2018-b22314065a) A rate limiting filter for the Python logging system -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- ================================================================================ python-recaptcha-client-2.0.1-1.fc27 (FEDORA-2018-a3a8a63db7) Python module for reCAPTCHA and reCAPTCHA Mailhide -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ================================================================================ qemu-2.10.1-3.fc27 (FEDORA-2018-38a277227c) QEMU is a FAST! processor emulator -------------------------------------------------------------------------------- Update Information: This update fixes a [crash when resuming from a snapshot twice within a single boot](https://bugzilla.redhat.com/show_bug.cgi?id=1531048). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1531048 - Reverting to snapshots causes qemu to crash. https://bugzilla.redhat.com/show_bug.cgi?id=1531048 -------------------------------------------------------------------------------- ================================================================================ rawtherapee-5.4-1.fc27 (FEDORA-2018-93a3be9f2f) Raw image processing software -------------------------------------------------------------------------------- Update Information: Update to 5.4 stable. For the full list of new features and bugfixes see the blogpost at http://rawtherapee.com/blog/rawtherapee-5.4-released -------------------------------------------------------------------------------- References: [ 1 ] Bug #1558535 - rawtherapee-5.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1558535 -------------------------------------------------------------------------------- ================================================================================ skrooge-2.12.0-1.fc27 (FEDORA-2018-b0c3833ac5) Personal finances manager -------------------------------------------------------------------------------- Update Information: New stable release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1553733 - skrooge-2.12.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1553733 -------------------------------------------------------------------------------- ================================================================================ urjtag-2017.10-2.fc27 (FEDORA-2018-5d88d5203e) A tool for communicating over JTAG with flash chips and CPUs -------------------------------------------------------------------------------- Update Information: revert back armfix patch ---- added bison and flex for bsdl2jtag command -------------------------------------------------------------------------------- References: [ 1 ] Bug #1553506 - urjtag-2017.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1553506 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
