The following Fedora 26 Security updates need testing: Age URL 283 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ccb5c8d1e7 docker-distribution-2.6.2-1.git48294d9.fc26 114 https://bodhi.fedoraproject.org/updates/FEDORA-2018-66b885ae3c keycloak-httpd-client-install-0.8-1.fc26 102 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4f8a78a5ef squid-4.0.23-1.fc26 77 https://bodhi.fedoraproject.org/updates/FEDORA-2018-db5041e661 bro-2.5.3-1.fc26 43 https://bodhi.fedoraproject.org/updates/FEDORA-2018-010396b4a2 chromium-65.0.3325.181-1.fc26 38 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7649fef814 thunderbird-52.7.0-1.fc26 18 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8ba4601398 dovecot-2.2.35-1.fc26 15 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7be77249d4 ruby-2.4.4-88.fc26 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-0c0671072b knot-resolver-2.3.0-1.fc26 10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f9e0f1caf7 glusterfs-3.10.12-1.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2359c2ae0e drupal7-7.59-1.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-eb69078020 xen-4.8.3-4.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1361f39801 ckeditor-4.9.2-1.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5e8de70380 quassel-0.12.5-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e6d9251471 httpd-2.4.33-4.fc26 The following Fedora 26 Critical Path updates have yet to be approved: Age URL 80 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ddd1e5c30a iproute-4.14.1-5.fc26 38 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7649fef814 thunderbird-52.7.0-1.fc26 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6dde187524 redhat-rpm-config-66-1.fc26 10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f9e0f1caf7 glusterfs-3.10.12-1.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-eb69078020 xen-4.8.3-4.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6d82adbfeb libnfs-1.11.0-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c4f0b23dd9 vim-8.0.1788-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-afc4f5f88f osinfo-db-20180502-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a311ccc70c pungi-4.1.24-1.fc26 The following builds have been pushed to Fedora 26 updates-testing GraphicsMagick-1.3.29-1.fc26 LibRaw-0.18.10-1.fc26 composer-1.6.5-1.fc26 cpuid-20180419-1.fc26 globus-net-manager-0.18-1.fc26 grip-3.7.1-1.fc26 guava-18.0-12.fc26 ivykis-0.42.3-1.fc26 kernel-4.16.7-100.fc26 libefp-1.5.0-2.fc26 libtaskotron-0.6.1-1.fc26 modem-manager-gui-0.0.19.1-1.fc26 mosquitto-1.4.15-2.fc26 myproxy-6.1.29-1.fc26 mysql-mmm-2.2.1-20.fc26 nheko-0.4.0-1.fc26 nodejs-6.14.2-1.fc26 nordugrid-arc-5.4.2-5.fc26 nvml-1.4-3.fc26 pam-kwallet-5.12.5-3.fc26 patch-2.7.6-4.fc26 pcc-1.1.0-1.1.20180504cvs.fc26 perl-Session-Storage-Secure-0.011-1.fc26 python-astral-1.6.1-1.fc26 python-colorlog-3.1.4-1.fc26 python-dulwich-0.19.2-1.fc26 scap-security-guide-0.1.39-2.fc26 seamonkey-2.49.3-1.fc26 taskotron-trigger-0.5.1-1.fc26 Details about builds: ================================================================================ GraphicsMagick-1.3.29-1.fc26 (FEDORA-2018-aa5c3a4b56) An ImageMagick fork, offering faster image generation and better quality -------------------------------------------------------------------------------- Update Information: Latest upstream release, see http://www.graphicsmagick.org/NEWS.html#april-29-2017 -------------------------------------------------------------------------------- ChangeLog: * Wed May 2 2018 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 1.3.29-1 - 1.3.29 (#1574031]) * Wed Mar 7 2018 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 1.3.28-4 - BR: gcc-c++, %make_build %make_install %ldconfig_scriptlets * Fri Feb 16 2018 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 1.3.28-3 - use %ldconfig_scriptlets - s/libungif/giflib * Wed Feb 7 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3.28-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ LibRaw-0.18.10-1.fc26 (FEDORA-2018-52836ed5e5) Library for reading RAW files obtained from digital photo cameras -------------------------------------------------------------------------------- Update Information: CVE-2018-10529 fixed: out of bounds read in X3F parser CVE-2018-10528 fixed: possible stack overrun in X3F parser -------------------------------------------------------------------------------- ChangeLog: * Thu May 3 2018 Gwyn Ciesla <limburgher@xxxxxxxxx> - 0.18.10-1 - 0.18.10. * Wed Apr 25 2018 Gwyn Ciesla <limburgher@xxxxxxxxx> - 0.18.9-1 - 0.18.9. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1574326 - CVE-2018-10529 LibRaw: Out-of-bounds read in X3F property table list functionality in libraw_x3f.cpp and libraw_cxx.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1574326 [ 2 ] Bug #1574322 - CVE-2018-10528 LibRaw: Stack-based buffer overflow in libraw_cxx.cpp:utf2char() allows for potential code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1574322 [ 3 ] Bug #1574486 - LibRaw-0.18.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1574486 -------------------------------------------------------------------------------- ================================================================================ composer-1.6.5-1.fc26 (FEDORA-2018-395b9274bc) Dependency Manager for PHP -------------------------------------------------------------------------------- Update Information: **Version 1.6.5** 2018-05-04 * Fixed regression in 1.6.4 causing strange update behaviors with dev packages * Fixed regression in 1.6.4 color support detection for Windows * Fixed issues dealing with broken symlinks when switching branches and using path repositories * Fixed JSON schema for package repositories * Fixed issues on computers set to Turkish locale * Fixed classmap parsing of files using short-open-tags when they are disabled in php -------------------------------------------------------------------------------- ChangeLog: * Fri May 4 2018 Remi Collet <remi@xxxxxxxxxxxx> - 1.6.5-1 - update to 1.6.5 -------------------------------------------------------------------------------- ================================================================================ cpuid-20180419-1.fc26 (FEDORA-2018-2c8df2cf12) Dumps information about the CPU(s) -------------------------------------------------------------------------------- Update Information: Update to new upstream version 20180419 (rhbz#1569758) -------------------------------------------------------------------------------- ChangeLog: * Sat May 5 2018 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 20180419-1 - Update to new upstream version 20180419 (rhbz#1569758) * Thu Feb 22 2018 Florian Weimer <fweimer@xxxxxxxxxx> - 20170122-7 - Use LDFLAGS from redhat-rpm-config * Wed Feb 7 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 20170122-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1569758 - cpuid-20180419.src is available https://bugzilla.redhat.com/show_bug.cgi?id=1569758 -------------------------------------------------------------------------------- ================================================================================ globus-net-manager-0.18-1.fc26 (FEDORA-2018-bd15c1ba2f) Globus Toolkit - Network Manager -------------------------------------------------------------------------------- Update Information: globus-net-manager * Fix pre-connect not using changed remote contact myproxy * Fix -Werror=format-security errors -------------------------------------------------------------------------------- ChangeLog: * Thu May 3 2018 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 0.18-1 - GT6 update: Fix pre-connect not using changed remote contact * Wed Feb 7 2018 Iryna Shcherbina <ishcherb@xxxxxxxxxx> - 0.17-5 - Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) * Wed Feb 7 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.17-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Wed Aug 2 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.17-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.17-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ grip-3.7.1-1.fc26 (FEDORA-2018-d8e3e15e63) Front-end for CD rippers and Ogg Vorbis encoders -------------------------------------------------------------------------------- Update Information: Updated to 3.7.1 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 26 2018 Adrian Reber <adrian@xxxxxxxx> - 1:3.7.1-1 - Updated to 3.7.1 * Wed Feb 7 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1:3.6.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Wed Jan 31 2018 Adrian Reber <adrian@xxxxxxxx> - 1:3.6.3-1 - Updated to 3.6.3 - Remove icon scriptlets -------------------------------------------------------------------------------- References: [ 1 ] Bug #1558285 - grip-3.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1558285 -------------------------------------------------------------------------------- ================================================================================ guava-18.0-12.fc26 (FEDORA-2018-db8f322bb0) Google Core Libraries for Java -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2018-10237 -------------------------------------------------------------------------------- ChangeLog: * Thu May 3 2018 Michael Simacek <msimacek@xxxxxxxxxx> - 18.0-12 - Backport fix for CVE-2018-10237 * Wed Jul 26 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 18.0-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1573391 - CVE-2018-10237 guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service https://bugzilla.redhat.com/show_bug.cgi?id=1573391 -------------------------------------------------------------------------------- ================================================================================ ivykis-0.42.3-1.fc26 (FEDORA-2018-91dcdb8d83) Library for asynchronous I/O readiness notification -------------------------------------------------------------------------------- Update Information: Update to 0.42.3 -------------------------------------------------------------------------------- ChangeLog: * Sat May 5 2018 My Karlsson <mk@xxxxxxxxxx> - 0.42.3-1 - Update to 0.42.3 -------------------------------------------------------------------------------- ================================================================================ kernel-4.16.7-100.fc26 (FEDORA-2018-884a105c04) The Linux kernel -------------------------------------------------------------------------------- Update Information: Update to v4.16.7 which contains fixes across the tree. This also temporarily reverts the fix for CVE-2018-1108 as it resulted in boots hanging in some scenarios. ---- Update to v4.16.6 which contains fixes across the tree ---- Update to v4.16.5 which contains fixes across the tree ---- Rebase to v4.16.4 ---- The 4.15.18 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Wed May 2 2018 Jeremy Cline <jeremy@xxxxxxxxxx> - 4.16.7-100 - Linux v4.16.7 - Revert a second patch related to CVE-2018-1108 4.16.4 (rhbz 1572944) * Tue May 1 2018 Jeremy Cline <jeremy@xxxxxxxxxx> - 4.16.6-101 - Revert the fix for CVE-2018-1108 (rhbz 1572944) * Mon Apr 30 2018 Jeremy Cline <jeremy@xxxxxxxxxx> - 4.16.6-100 - Linux v4.16.6 * Fri Apr 27 2018 Jeremy Cline <jeremy@xxxxxxxxxx> - 4.16.5-100 - Fix an issue with bluetooth autosupsend on some XPS 13 9360 (rhbz 1514836) - Fix prlimit64 with RLIMIT_CPU ignored (rhbz 1568337) - Linux v4.16.5 * Fri Apr 27 2018 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - Enable QLogic NICs on ARM * Wed Apr 25 2018 Jeremy Cline <jeremy@xxxxxxxxxx> - Fix a kernel oops when using Thunderbolt 3 docks (rhbz 1565131) * Wed Apr 25 2018 Jeremy Cline <jeremy@xxxxxxxxxx> - 4.16.4-100 - Linux v4.16.4 rebase - Fix a regression in backlight interfaces for some laptops (rhbz 1571036) * Thu Apr 19 2018 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - 4.15.18-200 - Linux v4.15.18 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1571036 - Kernel updates breaks screen brightness keys https://bugzilla.redhat.com/show_bug.cgi?id=1571036 [ 2 ] Bug #1531927 - lirc_zilog ceased working with kernel 4.14 https://bugzilla.redhat.com/show_bug.cgi?id=1531927 -------------------------------------------------------------------------------- ================================================================================ libefp-1.5.0-2.fc26 (FEDORA-2018-48d82d4b4b) A full implementation of the Effective Fragment Potential (EFP) method -------------------------------------------------------------------------------- Update Information: First release in Fedora. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1419379 - Review Request: libefp - A full implementation of the Effective Fragment Potential (EFP) method https://bugzilla.redhat.com/show_bug.cgi?id=1419379 -------------------------------------------------------------------------------- ================================================================================ libtaskotron-0.6.1-1.fc26 (FEDORA-2018-92d1d10a39) Taskotron Support Library -------------------------------------------------------------------------------- Update Information: - yumrepoinfo: retry on socket errors - yumrepoinfo: mark F28 as stable -------------------------------------------------------------------------------- ChangeLog: * Thu May 3 2018 Frantisek Zatloukal <fzatlouk@xxxxxxxxxx> - 0.6.1-1 - yumrepoinfo: retry on socket errors - yumrepoinfo: mark F28 as stable -------------------------------------------------------------------------------- ================================================================================ modem-manager-gui-0.0.19.1-1.fc26 (FEDORA-2018-d413db9e21) Graphical interface for ModemManager -------------------------------------------------------------------------------- Update Information: Update to new upstream version (0.0.19.1) -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 28 2018 Artur Iwicki <fedora@xxxxxxxxxx> - 0.0.19.1-1 - Update to new upstream version - Remove Patch0 (fix to linker errors) - issues fixed upstream -------------------------------------------------------------------------------- ================================================================================ mosquitto-1.4.15-2.fc26 (FEDORA-2018-6e823f8f11) An Open Source MQTT v3.1/v3.1.1 Broker -------------------------------------------------------------------------------- Update Information: Update systemd unit file (rhbz#1564733) -------------------------------------------------------------------------------- ChangeLog: * Sat May 5 2018 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 1.4.15-2 - Update systemd unit file (rhbz#1564733) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1564733 - mosquitto fails to start https://bugzilla.redhat.com/show_bug.cgi?id=1564733 -------------------------------------------------------------------------------- ================================================================================ myproxy-6.1.29-1.fc26 (FEDORA-2018-bd15c1ba2f) Manage X.509 Public Key Infrastructure (PKI) security credentials -------------------------------------------------------------------------------- Update Information: globus-net-manager * Fix pre-connect not using changed remote contact myproxy * Fix -Werror=format-security errors -------------------------------------------------------------------------------- ChangeLog: * Thu May 3 2018 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 6.1.29-1 - Update to 6.1.29: Fix -Werror=format-security errors * Thu Feb 8 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 6.1.28-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Aug 3 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 6.1.28-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 6.1.28-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ mysql-mmm-2.2.1-20.fc26 (FEDORA-2018-92f04c6b61) Multi-Master Replication Manager for MySQL -------------------------------------------------------------------------------- Update Information: # Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection Vulnerabilities This update adds data sanitization to inputs for the mmm agent. Multiple exploitable remote command injection vulnerabilities exist in the MySQL Master-Master Replication Manager (MMM) mmm_agentd daemon 2.2.1. mmm_agentd commonly runs with root privileges and does not require authentication by default. A specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm_agentd process. An attacker that can initiate a TCP session with mmm_agentd can trigger these vulnerabilities. The impact of these vulnerabilities can be lessened by configuring mmm_agentd to require TLS mutual authentication and by using network ACLs to prevent hosts other than legitimate mmm_mond hosts from accessing mmm_agentd. For example on Linux iptables rules can be used to block access to the port mmm_agent is listening on from all hosts except the mmm_monitor. The configuration of ssl can be used where firewall rules are not practical. See Socket Documentation http://mysql-mmm.org/mysql-mmm.html#SEC58 Add to mmm_common.conf <socket> type ssl cert_file /etc/ssl/certs/www.example.com.bundle.crt key_file /etc/ssl/certs/www.example.com.key ca_file /etc/ssl/certs/ca-bundle.crt # or ca-certificates.crt </socket> Now only those with access to the private key can send commands. Whilst your web server certificate will do the job, you may consider registering a dedicated certificate just for this task. NOTE: By now there are a some good alternatives to MySQL-MMM. Maybe you want to check out Galera Cluster which is part of MariaDB Galera Cluster and Percona XtraDB Cluster. - http://mysql-mmm.org - http://galeracluster.com/ - https://mariadb.com/kb/en/library/what-is-mariadb-galera-cluster/ - https://www.percona.com/software/mysql-database/percona-xtradb-cluster -------------------------------------------------------------------------------- ChangeLog: * Wed May 2 2018 David Beveridge <dave@xxxxxxxxxxx> 2.2.1-20 - Patch for mmm_agentd Remote Command Injection Vulnerabilities - TALOS-2017-0501, CVE-2017-14474 - CVE-2017-14481 * Thu Feb 8 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.2.1-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Wed Dec 20 2017 Ruben Kerkhof <ruben@xxxxxxxxxxxxxxxx> - 2.2.1-18 - Correct permissions for systemd units (#1527992) * Wed Jul 26 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.2.1-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1575161 https://bugzilla.redhat.com/show_bug.cgi?id=1575161 -------------------------------------------------------------------------------- ================================================================================ nheko-0.4.0-1.fc26 (FEDORA-2018-bd6b7b7d5a) Desktop client for the Matrix protocol -------------------------------------------------------------------------------- Update Information: Features ================= * Basic member list * Basic room settings menu * Support for displaying stickers * Fuzzy search for rooms Improvements ==================== * Cache refactoring (reduced memory consumption) * Implement media cache (faster avatar loading) * Show room tooltips when the sidebar is collapsed * Flicker-free auto-completion menus (rooms, users) * Improved message spacing in the timeline * Improved macOS installer * Fancier date separator widget * Minor popup improvements Bug fixes ================= * Fix UI inconsistencies between room list & communities * Adjust popup completion menu to fit its contents * Fix stuck typing notifications * Handle invalid access tokens -------------------------------------------------------------------------------- ChangeLog: * Fri May 4 2018 Vitaly Zaitsev <vitaly@xxxxxxxxxxxxxx> - 0.4.0-1 - Updated to version 0.4.0. -------------------------------------------------------------------------------- ================================================================================ nodejs-6.14.2-1.fc26 (FEDORA-2018-9dc3a15a3a) JavaScript runtime -------------------------------------------------------------------------------- Update Information: Update to Node.js 6.14.2 -------------------------------------------------------------------------------- ChangeLog: * Thu May 3 2018 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1:6.14.2-1 - Update to 6.14.2 - https://nodejs.org/en/blog/release/v6.14.2/ - https://nodejs.org/en/blog/release/v6.14.1/ * Fri Apr 13 2018 Rafael dos Santos <rdossant@xxxxxxxxxx> - 1:6.14.0-2 - Use standard Fedora linker flags (bug #1543859) -------------------------------------------------------------------------------- ================================================================================ nordugrid-arc-5.4.2-5.fc26 (FEDORA-2018-ca794a3a74) Advanced Resource Connector Grid Middleware -------------------------------------------------------------------------------- Update Information: * Minor packaging tweaks * Backport a few out-of-bounds compiler warning fixes * python34-nordugrid-arc package for EPEL 7 -------------------------------------------------------------------------------- ChangeLog: * Thu May 3 2018 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 5.4.2-5 - Create python34-nordugrid-arc package on EPEL 7 - Add BuildRequires on gcc-c++ - Use pylint in EPEL 7 (it's back) - Adjust python dependencies for old releases * Tue Feb 20 2018 Iryna Shcherbina <ishcherb@xxxxxxxxxx> - 5.4.2-4 - Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) * Thu Feb 8 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 5.4.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Fri Jan 26 2018 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 5.4.2-2 - Fix out-of-bounds errors causing test failures -------------------------------------------------------------------------------- ================================================================================ nvml-1.4-3.fc26 (FEDORA-2018-b1ea7de535) Persistent Memory Development Kit (former NVML) -------------------------------------------------------------------------------- Update Information: Revert package name change -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 30 2018 Krzysztof Czurylo <krzysztof.czurylo@xxxxxxxxx> - 1.4-3 - Revert package name change - Re-enable check * Thu Mar 29 2018 Krzysztof Czurylo <krzysztof.czurylo@xxxxxxxxx> - 1.4-2 - Fix issues found by rpmlint * Thu Mar 29 2018 Krzysztof Czurylo <krzysztof.czurylo@xxxxxxxxx> - 1.4-1 - Rename NVML project to PMDK - Update to PMDK version 1.4 (RHBZ #1480578, #1539562, #1539564) * Thu Feb 8 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Sat Jan 27 2018 Krzysztof Czurylo <krzysztof.czurylo@xxxxxxxxx> - 1.3.1-1 - Update to NVML version 1.3.1 (RHBZ #1480578) * Thu Aug 3 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Thu Jul 27 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Mon Jul 17 2017 Krzysztof Czurylo <krzysztof.czurylo@xxxxxxxxx> - 1.3-1 - Update to NVML version 1.3 (RHBZ #1451741, RHBZ #1455216) - Add librpmem and rpmemd sub-packages - Force file system to appear as PMEM for make check * Fri Jun 16 2017 Krzysztof Czurylo <krzysztof.czurylo@xxxxxxxxx> - 1.2.3-2 - Update to NVML version 1.2.3 (RHBZ #1451741) -------------------------------------------------------------------------------- ================================================================================ pam-kwallet-5.12.5-3.fc26 (FEDORA-2018-a954bb958b) PAM module for KWallet -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2018-10380 -------------------------------------------------------------------------------- ChangeLog: * Sat May 5 2018 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 5.12.5-3 - followup fix * Thu May 3 2018 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 5.12.5-2 - pull in CVE-2018-10380 fixes * Tue May 1 2018 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 5.12.5-1 - 5.12.5 * Fri Mar 30 2018 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 5.12.4-3 - Requires: kf5-kwallet * Wed Mar 28 2018 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 5.12.4-2 - omit (kde4) kwallet support on f28+ - use %make_build * Tue Mar 27 2018 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 5.12.4-1 - 5.12.4 * Tue Mar 6 2018 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 5.12.3-1 - 5.12.3 * Wed Feb 21 2018 Jan Grulich <jgrulich@xxxxxxxxxx> - 5.12.2-1 - 5.12.2 * Tue Feb 13 2018 Jan Grulich <jgrulich@xxxxxxxxxx> - 5.12.1-1 - 5.12.1 * Thu Feb 8 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 5.12.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Fri Feb 2 2018 Jan Grulich <jgrulich@xxxxxxxxxx> - 5.12.0-1 - 5.12.0 * Mon Jan 15 2018 Jan Grulich <jgrulich@xxxxxxxxxx> - 5.11.95-1 - 5.11.95 * Tue Jan 2 2018 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 5.11.5-1 - 5.11.5 * Thu Nov 30 2017 Martin Kyral <martin.kyral@xxxxxxxxx> - 5.11.4-1 - 5.11.4 * Wed Nov 8 2017 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 5.11.3-1 - 5.11.3 * Wed Oct 25 2017 Martin Kyral <martin.kyral@xxxxxxxxx> - 5.11.2-1 - 5.11.2 * Tue Oct 17 2017 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 5.11.1-1 - 5.11.1 * Wed Oct 11 2017 Martin Kyral <martin.kyral@xxxxxxxxx> - 5.11.0-1 - 5.11.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1574852 - CVE-2018-10380 pam-kwallet: Access to privileged files https://bugzilla.redhat.com/show_bug.cgi?id=1574852 -------------------------------------------------------------------------------- ================================================================================ patch-2.7.6-4.fc26 (FEDORA-2018-88a4219528) Utility for modifying/upgrading files -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2018-1000156 -------------------------------------------------------------------------------- ChangeLog: * Thu May 3 2018 Tim Waugh <twaugh@xxxxxxxxxx> - 2.7.6-4 - Fixed CVE-2018-1000156 - Malicious patch files cause ed to execute arbitrary commands. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1564326 - CVE-2018-1000156 patch: Malicious patch files cause ed to execute arbitrary commands https://bugzilla.redhat.com/show_bug.cgi?id=1564326 -------------------------------------------------------------------------------- ================================================================================ pcc-1.1.0-1.1.20180504cvs.fc26 (FEDORA-2018-0a0c28ff3c) The Portable C Compiler -------------------------------------------------------------------------------- Update Information: Update to 20180504 snapshot, which fixes crash when stdlib.h was included. -------------------------------------------------------------------------------- ChangeLog: * Fri May 4 2018 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 1.1.0-1.1.20180504cvs - Update to 20180504 snapshot, fixing BZ #1551537. * Wed Feb 28 2018 Susi Lehtola <jussilehtola@xxxxxxxxxxxxxxxxx> - 1.1.0-1.1.20180228cvs - Update to 20180228 snapshot. - Added gcc buildrequires. * Thu Feb 8 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.1.0-1.1.20161201cvs.4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Aug 3 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.1.0-1.1.20161201cvs.3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Thu Jul 27 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.1.0-1.1.20161201cvs.2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1551537 - Compilation fails when including <stdlib.h> https://bugzilla.redhat.com/show_bug.cgi?id=1551537 -------------------------------------------------------------------------------- ================================================================================ perl-Session-Storage-Secure-0.011-1.fc26 (FEDORA-2018-ebc610619f) Encrypted, expiring, compressed, serialized session data with integrity -------------------------------------------------------------------------------- Update Information: This release updates tests. We deliver it only to provide up-to-date version string. -------------------------------------------------------------------------------- ChangeLog: * Fri May 4 2018 Petr Pisar <ppisar@xxxxxxxxxx> - 0.011-1 - 0.011 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1574983 - perl-Session-Storage-Secure-0.011 is available https://bugzilla.redhat.com/show_bug.cgi?id=1574983 -------------------------------------------------------------------------------- ================================================================================ python-astral-1.6.1-1.fc26 (FEDORA-2018-2d63556df9) Calculations for the position of the sun and moon -------------------------------------------------------------------------------- Update Information: Update to latest upstream release 1.6.1 (rhbz#1574748) -------------------------------------------------------------------------------- ChangeLog: * Fri May 4 2018 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 1.6.1-1 - Update to latest upstream release 1.6.1 (rhbz#1574748) * Fri Feb 23 2018 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 1.6-1 - Update to latest upstream release 1.6 * Fri Feb 9 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Mon Jan 29 2018 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 1.5-1 - Update to latest upstream release 1.5 * Thu Jul 27 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1574748 - python-astral-1.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1574748 -------------------------------------------------------------------------------- ================================================================================ python-colorlog-3.1.4-1.fc26 (FEDORA-2018-f67a5ecd4b) A colored formatter for the Python logging module -------------------------------------------------------------------------------- Update Information: Update to latest upstream release 3.1.4 (rhbz#1568639) -------------------------------------------------------------------------------- ChangeLog: * Sat May 5 2018 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 3.1.4-1 - Update to latest upstream release 3.1.4 (rhbz#1568639) * Fri Feb 9 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.1.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Sun Jan 28 2018 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 3.1.2-1 - Update to latest upstream release 3.1.2 (rhbz#1539019) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1568639 - python-colorlog-v3.1.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1568639 -------------------------------------------------------------------------------- ================================================================================ python-dulwich-0.19.2-1.fc26 (FEDORA-2018-8aec56d1aa) A python implementation of the Git file formats and protocols -------------------------------------------------------------------------------- Update Information: Update to new upstream version 0.19.2 -------------------------------------------------------------------------------- ChangeLog: * Sat May 5 2018 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 0.19.2-1 - Update to new upstream version 0.19.2 * Fri Mar 23 2018 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 0.19.0-1 - Update to new upstream version 0.19.0 * Tue Mar 13 2018 Iryna Shcherbina <ishcherb@xxxxxxxxxx> - 0.18.6-3 - Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) * Fri Feb 9 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.18.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Mon Nov 27 2017 Alan Pevec <alan.pevec@xxxxxxxxxx> 0.18.6-1 - Update to 0.18.6 - Fixes CVE-2017-16228 * Fri Oct 13 2017 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 0.18.4-1 - Update to new upstream version 0.16.0 (rhbz#*1405983) * Thu Aug 3 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.16.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Thu Jul 27 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.16.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Sat Feb 11 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.16.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Mon Jan 23 2017 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 0.16.0-1 - Update to new upstream version 0.16.0 -------------------------------------------------------------------------------- ================================================================================ scap-security-guide-0.1.39-2.fc26 (FEDORA-2018-6616f38201) Security guidance and baselines in SCAP formats -------------------------------------------------------------------------------- Update Information: Add python version to python2-jinja2 package ---- Add python version to python package prefixes ---- Update to latest upstream SCAP-Security-Guide-0.1.38 release: -------------------------------------------------------------------------------- ChangeLog: * Fri May 4 2018 Watson Yuuma Sato <wsato@xxxxxxxxxx> - 0.1.39-2 - Add python version to python2-jinja2 package * Fri May 4 2018 Watson Yuuma Sato <wsato@xxxxxxxxxx> - 0.1.39-1 - Update to latest upstream SCAP-Security-Guide-0.1.39 release: https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.39 * Mon Mar 5 2018 Watson Yuuma Sato <wsato@xxxxxxxxxx> - 0.1.38-2 - Add python version to python package prefixes * Mon Mar 5 2018 Watson Yuuma Sato <wsato@xxxxxxxxxx> - 0.1.38-1 - Update to latest upstream SCAP-Security-Guide-0.1.38 release: https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.38 * Fri Feb 9 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.1.37-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ seamonkey-2.49.3-1.fc26 (FEDORA-2018-cf8e6c1a35) Web browser, e-mail, news, IRC client, HTML editor -------------------------------------------------------------------------------- Update Information: Update to 2.49.3 Based on the Firefox/Thunderbird ESR (extension support release) code version 52.7.3 Fixes various security issues, see https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ and https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ for more info. -------------------------------------------------------------------------------- ChangeLog: * Fri May 4 2018 Dmitry Butskoy <Dmitry@xxxxxxxxxxxx> 2.49.3-1 - update to 2.49.3 -------------------------------------------------------------------------------- ================================================================================ taskotron-trigger-0.5.1-1.fc26 (FEDORA-2018-228da5aa6c) Triggering Taskotron jobs via fedmsg -------------------------------------------------------------------------------- Update Information: - Make fixed-architecture job scheduling possible - Ondemand task scheduling -------------------------------------------------------------------------------- ChangeLog: * Thu May 3 2018 Frantisek Zatloukal <fzatlouk@xxxxxxxxxx> - 0.5.1-1 - Make fixed-architecture job scheduling possible - Ondemand task scheduling -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx