The following Fedora 27 Security updates need testing: Age URL 277 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec1cd6db3 bro-2.5.3-1.fc27 209 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8dc6395408 dpdk-17.08.2-1.fc27 173 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3b33f65b01 nodejs-brace-expansion-1.1.11-1.fc27 164 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a748acc219 unrtf-0.21.9-8.fc27 141 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f6ccdeb750 mailman-2.1.21-9.fc27 141 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc864bb9e1 openslp-2.0.0-15.fc27 98 https://bodhi.fedoraproject.org/updates/FEDORA-2018-21ffebf41c tomcat-8.0.53-1.fc27 98 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e8533a3ef1 unixODBC-2.3.7-1.fc27 47 https://bodhi.fedoraproject.org/updates/FEDORA-2018-fc2ba807a6 xerces-c27-2.7.0-28.fc27 20 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4c0b99a9eb drupal7-7.60-2.fc27 20 https://bodhi.fedoraproject.org/updates/FEDORA-2018-60c74d2b16 php-Smarty2-2.6.31-2.fc27 18 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cca4732a99 thunderbird-60.3.0-1.fc27 11 https://bodhi.fedoraproject.org/updates/FEDORA-2018-fe24359b69 xen-4.9.3-3.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-0363fec36c chromium-70.0.3538.77-4.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5743ef02a1 rubygem-rack-2.0.3-4.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4febd7f702 rubygem-i18n-0.7.0-6.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-291f75cf0f libconfuse-3.2.2-1.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4ce40afcb6 rubygem-loofah-2.0.3-6.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-399bce9f8f libtiff-4.0.10-1.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-dbe9da512d soundtouch-2.1.1-1.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4ae94c8deb community-mysql-5.7.24-1.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b68776e5b0 kernel-headers-4.18.19-100.fc27 kernel-tools-4.18.19-100.fc27 kernel-4.18.19-100.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-192148f4ff mariadb-10.2.19-1.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-50eceed44a kio-extras-17.12.3-1.fc27.1 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-daee493feb php-PHPMailer-5.2.27-1.fc27 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-46b92c9064 php-phpmailer6-6.0.6-1.fc27 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-382362e255 firefox-63.0.3-1.fc27 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9b7d7a155b flatpak-1.0.6-1.fc27 The following Fedora 27 Critical Path updates have yet to be approved: Age URL 193 https://bodhi.fedoraproject.org/updates/FEDORA-2018-25d5c86330 libidn-1.34-2.fc27 mcabber-1.1.0-1.fc27.1 pidgin-2.13.0-1.fc27.1 python-slixmpp-1.3.0-5.fc27.1 154 https://bodhi.fedoraproject.org/updates/FEDORA-2018-200dba6b93 upower-0.99.8-1.fc27 118 https://bodhi.fedoraproject.org/updates/FEDORA-2018-05a68ea22e geoclue2-2.4.11-1.fc27 98 https://bodhi.fedoraproject.org/updates/FEDORA-2018-20c3deae24 iproute-4.17.0-1.fc27 18 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cca4732a99 thunderbird-60.3.0-1.fc27 14 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6c6faa135b selinux-policy-3.13.1-284.38.fc27 11 https://bodhi.fedoraproject.org/updates/FEDORA-2018-fe24359b69 xen-4.9.3-3.fc27 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-399bce9f8f libtiff-4.0.10-1.fc27 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b68776e5b0 kernel-headers-4.18.19-100.fc27 kernel-tools-4.18.19-100.fc27 kernel-4.18.19-100.fc27 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9b7d7a155b flatpak-1.0.6-1.fc27 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-382362e255 firefox-63.0.3-1.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a864e8515f osinfo-db-20181116-1.fc27 The following builds have been pushed to Fedora 27 updates-testing GraphicsMagick-1.3.31-1.fc27 foremost-1.5.7-20.fc27 gnome-shell-extension-openweather-1-0.35.20181119git7ea4ce7.fc27 hdhomerun-20180817-1.fc27 module-build-service-2.8.1-2.fc27 muParser-2.2.5-8.fc27 nginx-1.14.1-1.fc27 pdfgrep-2.1.2-1.fc27 python-pycryptodomex-3.7.0-1.fc27 vrms-rpm-2.0-1.fc27 Details about builds: ================================================================================ GraphicsMagick-1.3.31-1.fc27 (FEDORA-2018-cd8b85dbab) An ImageMagick fork, offering faster image generation and better quality -------------------------------------------------------------------------------- Update Information: New upstream release, http://www.graphicsmagick.org/NEWS.html#november-17-2018 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 20 2018 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 1.3.31-1 - GraphicsMasgick-1.3.31 * Thu Jul 12 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3.30-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Sun Jul 1 2018 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.3.30-2 - Perl 5.28 rebuild * Sun Jul 1 2018 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 1.3.30-1 - GraphicsMagick-1.3.30 * Wed Jun 27 2018 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.3.29-2 - Perl 5.28 rebuild -------------------------------------------------------------------------------- ================================================================================ foremost-1.5.7-20.fc27 (FEDORA-2018-15219ff2fb) Recover files by "carving" them from a raw disk -------------------------------------------------------------------------------- Update Information: - rebuilt to fix rhbz #1650955 replace format security patch (thanks to Jon Burgess) -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 18 2018 Filipe Rosset <rosset.filipe@xxxxxxxxx> - 1.5.7-20 - rebuilt to fix rhbz #1650955 replace format security patch (thanks to Jon Burgess) * Fri Jul 13 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.5.7-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Sun Apr 8 2018 Filipe Rosset <rosset.filipe@xxxxxxxxx> - 1.5.7-18 - added gcc as BR * Wed Feb 7 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.5.7-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1650955 - foremost crashes due to bad fedora patch https://bugzilla.redhat.com/show_bug.cgi?id=1650955 -------------------------------------------------------------------------------- ================================================================================ gnome-shell-extension-openweather-1-0.35.20181119git7ea4ce7.fc27 (FEDORA-2018-ec17c62140) Display weather information from many locations in the world -------------------------------------------------------------------------------- Update Information: - Fix invisble location-list in prefs (F29). - Fix an issue where all symbols are shown in symbolic-version (F29). - Add some languages. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 19 2018 Jens Lody <fedora@xxxxxxxxxxx> - 1-0.35.20181119git7ea4ce7 - Fix invisble location-list in prefs. - Fix an issue where all symbols are shown in symbolic-version. - Add some languages. * Fri Jul 13 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1-0.34.20180616git401d68e - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ hdhomerun-20180817-1.fc27 (FEDORA-2018-bdc1307c78) Silicon Dust HDHomeRun configuration utility -------------------------------------------------------------------------------- Update Information: Update from ancient to current release. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 19 2018 Richard Shaw <hobbes1069@xxxxxxxxx> - 20180817-1 - Update to 20180817. * Fri Jul 13 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.0-0.35.20161117 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Wed Feb 7 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.0-0.34.20161117 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1651217 - Outdated version in EPEL; the version from fc29 rebuilds with mock in fc28 https://bugzilla.redhat.com/show_bug.cgi?id=1651217 -------------------------------------------------------------------------------- ================================================================================ module-build-service-2.8.1-2.fc27 (FEDORA-2018-0f388d974e) The Module Build Service for Modularity -------------------------------------------------------------------------------- Update Information: Release v2.8.1 ---- Release v2.8.1 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 19 2018 mprahl <mprahl@xxxxxxxxxx> - 2.8.1-2 - Don't assume the context is set on base modules in the 526fb7d445f7_module_buildrequires migration * Mon Nov 19 2018 mprahl <mprahl@xxxxxxxxxx> - 2.8.1-1 - new version -------------------------------------------------------------------------------- ================================================================================ muParser-2.2.5-8.fc27 (FEDORA-2018-30ad7f90b3) A fast math parser library -------------------------------------------------------------------------------- Update Information: - rebuilt to fix FTBFS rhbz #1604900 #1316595 and #1448721 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 20 2018 Filipe Rosset <rosset.filipe@xxxxxxxxx> - 2.2.5-8 - rebuilt to fix FTBFS rhbz #1604900 #1316595 and #1448721 * Fri Jul 13 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.2.5-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu Feb 8 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.2.5-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1448721 - [muParser] Upgrade to version 2.2.5 on epel7 https://bugzilla.redhat.com/show_bug.cgi?id=1448721 [ 2 ] Bug #1604900 - muParser: FTBFS in Fedora rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1604900 [ 3 ] Bug #1316595 - muParser-v2.2.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1316595 -------------------------------------------------------------------------------- ================================================================================ nginx-1.14.1-1.fc27 (FEDORA-2018-c271659b1e) A high performance web server and reverse proxy server -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2018-16843, CVE-2018-16844, CVE-2018-16845 + nginx rebase to 1.14.1. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 20 2018 Lubos Uhliarik <luhliari@xxxxxxxxxx> - 1:1.14.1-1 - new version 1.14.1 - Resolves: #1584426 - Upstream Nginx 1.14.0 is now available - Resolves: #1647255 - CVE-2018-16845 nginx: Denial of service and memory disclosure via mp4 module - Resolves: #1647259 - CVE-2018-16843 nginx: Excessive memory consumption via flaw in HTTP/2 implementation - Resolves: #1647258 - CVE-2018-16844 nginx: Excessive CPU usage via flaw in HTTP/2 implementation * Tue Sep 19 2017 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1:1.12.1-2 - own system drop-in directories #1493036 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1584426 - Upstream Nginx 1.14.0 is now available https://bugzilla.redhat.com/show_bug.cgi?id=1584426 [ 2 ] Bug #1647258 - CVE-2018-16844 nginx: Excessive CPU usage via flaw in HTTP/2 implementation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1647258 [ 3 ] Bug #1647259 - CVE-2018-16843 nginx: Excessive memory consumption via flaw in HTTP/2 implementation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1647259 [ 4 ] Bug #1647255 - CVE-2018-16845 nginx: Denial of service and memory disclosure via mp4 module [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1647255 -------------------------------------------------------------------------------- ================================================================================ pdfgrep-2.1.2-1.fc27 (FEDORA-2018-4379fa3f2a) Tool to search text in PDF files -------------------------------------------------------------------------------- Update Information: pdfgrep 2.1.2 (2018-11-19) ========================== - Bugfix: Fix crash when compiled with hardened compiler flags (specifically `-D_GLIBCXX_ASSERTIONS`) -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 19 2018 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> - 2.1.2-1 - Upgrade to 2.1.2 (#1648154) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1648154 - pdfgrep crashing when searching recursive https://bugzilla.redhat.com/show_bug.cgi?id=1648154 -------------------------------------------------------------------------------- ================================================================================ python-pycryptodomex-3.7.0-1.fc27 (FEDORA-2018-fc576a8e2f) A self-contained cryptographic library for Python -------------------------------------------------------------------------------- Update Information: This update provides the latest version of the pycryptodomex python library. New features ------------ * Added support for Poly1305 MAC (with AES and ChaCha20 ciphers for key derivation). * Added support for ChaCha20-Poly1305 AEAD cipher. * New parameter ``output`` for ``Crypto.Util.strxor.strxor``, ``Crypto.Util.strxor.strxor_c``, ``encrypt`` and ``decrypt`` methods in symmetric ciphers (``Crypto.Cipher`` package). ``output`` is a pre-allocated buffer (a ``bytearray`` or a writeable ``memoryview``) where the result must be stored. This requires less memory for very large payloads; it is also more efficient when encrypting (or decrypting) several small payloads. Resolved issues --------------- * GH#266: AES-GCM hangs when processing more than 4GB at a time on x86 with PCLMULQDQ instruction. Breaks in compatibility ----------------------- * Drop support for Python 3.3. * Remove ``Crypto.Util.py3compat.unhexlify`` and ``Crypto.Util.py3compat.hexlify``. * With the old Python 2.6, use only ``ctypes`` (and not ``cffi``) to interface to native code. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 19 2018 Mohamed El Morabity <melmorabity@xxxxxxxxxxxxxxxxx> - 3.7.0-1 - Update to 3.7.0 - Use the same .spec file for all supported releases of Fedora and EL -------------------------------------------------------------------------------- References: [ 1 ] Bug #1649088 - Upgrade from Fedora 27 to 29 fails with python2-pycryptodomex conflict https://bugzilla.redhat.com/show_bug.cgi?id=1649088 -------------------------------------------------------------------------------- ================================================================================ vrms-rpm-2.0-1.fc27 (FEDORA-2018-c79d9148da) Report non-free software -------------------------------------------------------------------------------- Update Information: Update to upstream release 2.0 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 20 2018 Artur Iwicki <fedora@xxxxxxxxxx> - 2.0-1 - Update to newest upstream release - No longer a noarch package -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx
