The following Fedora 28 Security updates need testing: Age URL 231 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d510cfd7eb jgraphx-3.6.0.0-6.fc28 180 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d7aeaa74da nodejs-brace-expansion-1.1.11-1.fc28 179 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc073fdc1a nodejs-atob-2.1.1-1.fc28 172 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9dd3f7c013 unrtf-0.21.9-8.fc28 140 https://bodhi.fedoraproject.org/updates/FEDORA-2018-28e9841baf docker-latest-1.13.1-37.git9cb56fd.fc28 55 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc4b7af297 xerces-c27-2.7.0-28.fc28 32 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7d748596e9 drupal8-8.6.2-1.fc28 28 https://bodhi.fedoraproject.org/updates/FEDORA-2018-18023f40fa drupal7-7.60-2.fc28 28 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2d2739ebed php-Smarty2-2.6.31-2.fc28 27 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2ee55d77c9 links-2.17-1.fc28 15 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8f0d2429d3 bird-1.6.4-2.fc28 14 https://bodhi.fedoraproject.org/updates/FEDORA-2018-86e2487df2 pdns-recursor-4.1.7-1.fc28 13 https://bodhi.fedoraproject.org/updates/FEDORA-2018-af9bd28cf1 glusterfs-4.1.6-1.fc28 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aadd3c2790 mupdf-1.14.0-6.fc28 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-997a9e3e1f xen-4.10.2-4.fc28 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa3752ac3c nginx-1.14.1-1.fc28 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-96b48b34ae mingw-uriparser-0.9.0-1.fc28 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a3ef0a026f uriparser-0.9.0-1.fc28 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f4910a3260 moodle-3.4.6-1.fc28 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b9581d9624 python-notebook-5.5.0-6.fc28 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b74b9ac8d1 tmux-2.8-2.fc28 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ef486b9e50 dnsdist-1.3.3-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1d2a79fe1c cobbler-2.8.4-5.fc28 The following Fedora 28 Critical Path updates have yet to be approved: Age URL 19 https://bodhi.fedoraproject.org/updates/FEDORA-2018-783dfc5196 shadow-utils-4.6-4.fc28 13 https://bodhi.fedoraproject.org/updates/FEDORA-2018-af9bd28cf1 glusterfs-4.1.6-1.fc28 11 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c2c01c0a06 pam-1.3.1-8.fc28 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2f5e72a448 grilo-0.3.7-1.fc28 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d169dbb09d osinfo-db-20181116-1.fc28 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-997a9e3e1f xen-4.10.2-4.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-fdc6d449e5 pungi-4.1.31-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-63e2c74a11 python-productmd-1.18-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a171287251 libarchive-3.3.3-2.fc28 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa127b03bc vim-8.1.549-1.fc28 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3222e7c914 radvd-2.17-11.fc28 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-17f2d1f30c patch-2.7.6-8.fc28 The following builds have been pushed to Fedora 28 updates-testing GoldenCheetah-3.5-0.5.20181125gitea5c07d.fc28 armacycles-ad-0.2.8.3.4-9.fc28 blaze-3.4-1.fc28 cinnamon-4.0.3-1.fc28 cinnamon-translations-4.0.1-1.fc28 cockpit-183-1.fc28 freeipa-4.7.0-5.fc28 glibc-2.27-35.fc28 ibus-typing-booster-2.2.1-2.fc28 java-runtime-decompiler-2.0-2.fc28 kernel-4.19.5-200.fc28 kernel-headers-4.19.5-200.fc28 kernel-tools-4.19.5-200.fc28 muffin-4.0.3-1.fc28 openjfx-8.0.202-2.b02.fc28 phan-1.1.4-1.fc28 samba-4.8.7-0.fc28 switchboard-plug-pantheon-shell-2.7.2-1.fc28 switchboard-plug-printers-2.1.6-1.fc28 task-2.5.1-10.fc28 wine-3.21-1.fc28 xed-2.0.1-1.fc28 xplayer-2.0.1-1.fc28 xreader-2.0.1-1.fc28 Details about builds: ================================================================================ GoldenCheetah-3.5-0.5.20181125gitea5c07d.fc28 (FEDORA-2018-f2bcc71f4c) Cycling Performance Software -------------------------------------------------------------------------------- Update Information: - Merge qxt-sys.patch qwt3d-sys.patch and lmfit-levmar.patch to sys-path.patch - Update to 3.5-0.5.20181125gitea5c07d ---- - Add %{name}-lmfit-levmar.patch - Update to git0c668c0 -------------------------------------------------------------------------------- ================================================================================ armacycles-ad-0.2.8.3.4-9.fc28 (FEDORA-2018-fd80cae1ac) A lightcycle game in 3D -------------------------------------------------------------------------------- Update Information: Crash fix. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 28 2018 Gwyn Ciesla <limburgher@xxxxxxxxx> - 0.2.8.3.4-9 - Upstream patches to fix crash, cleanup. * Fri Jul 20 2018 Gwyn Ciesla <limburgher@xxxxxxxxx> - 0.2.8.3.4-8 - BR fix. * Thu Jul 12 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.2.8.3.4-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1584586 - [abrt] armacycles-ad: std::__replacement_assert(): armacyclesad killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1584586 -------------------------------------------------------------------------------- ================================================================================ blaze-3.4-1.fc28 (FEDORA-2018-b9ad0bfe02) An high-performance C++ math library for dense and sparse arithmetic -------------------------------------------------------------------------------- Update Information: Initial Release of blaze 3.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1652939 - Review Request: blaze - An open-source, high-performance C++ math library for dense and sparse arithmetic https://bugzilla.redhat.com/show_bug.cgi?id=1652939 -------------------------------------------------------------------------------- ================================================================================ cinnamon-4.0.3-1.fc28 (FEDORA-2018-e4a0cd266a) Window management and application launching for GNOME -------------------------------------------------------------------------------- Update Information: - Update -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 28 2018 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 4.0.3-1 - Update to 4.0.3 release -------------------------------------------------------------------------------- ================================================================================ cinnamon-translations-4.0.1-1.fc28 (FEDORA-2018-e4a0cd266a) Translations for Cinnamon and Nemo -------------------------------------------------------------------------------- Update Information: - Update -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 28 2018 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 4.0.1-1 - Update to 4.0.1 release -------------------------------------------------------------------------------- ================================================================================ cockpit-183-1.fc28 (FEDORA-2018-d61a88d042) Web Console for Linux servers -------------------------------------------------------------------------------- Update Information: - Machines: Manage storage pools - Kernel Dump: Support non-local targets - Respect SSH configuration - Never send Content-Length with chunked encoding -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 28 2018 Martin Pitt <martin@xxxxxxxxx> - 183-1 - Machines: Manage storage pools - Kernel Dump: Support non-local targets - Respect SSH configuration - Never send Content-Length with chunked encoding -------------------------------------------------------------------------------- ================================================================================ freeipa-4.7.0-5.fc28 (FEDORA-2018-892835660b) The Identity, Policy and Audit system -------------------------------------------------------------------------------- Update Information: This update resolves an issue which caused uninstall of a FreeIPA server to fail with authselect 1.0.2, which recently appeared as an update. See [the pull request](https://github.com/freeipa/freeipa/pull/2610) for more details. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 28 2018 Adam Williamson <awilliam@xxxxxxxxxx> - 4.7.0-5 - Update PR #2610 patch to tiran's modified version * Tue Nov 27 2018 Adam Williamson <awilliam@xxxxxxxxxx> - 4.7.0-4 - Backport PR #2610 to fix for authselect 1.0.2+ (see #1645708) -------------------------------------------------------------------------------- ================================================================================ glibc-2.27-35.fc28 (FEDORA-2018-060302dc83) The GNU libc libraries -------------------------------------------------------------------------------- Update Information: This update for the `glibc` package addresses one moderate security vulnerability and several defects. * CVE-2018-19591: A file descriptor leak in `if_nametoindex` can lead to a denial of service due to resource exhaustion when processing `getaddrinfo` calls with crafted host names. Reported by Guido Vranken. (RHBZ#1654000) * Failure to create the helper thread for `getaddrinfo_a`/`libanl` could result in a crash. (RHBZ#1646381) * On certain Haswell-class Intel CPUs, string function feature flags could be set incorrectly, leading to a suboptimal choice of string functions. (RHBZ#1641980) * Parallel building of locales led to nondeterminism in the RPM build process. (RHBZ#1652228) * Various minor bug fixes from the upstream 2.27 release branch were imported as part of this update ([swbz#17630](https://sourceware.org/bugzilla/show_bug.cgi?id=17630), [swbz#22753](https://sourceware.org/bugzilla/show_bug.cgi?id=22753), [swbz#23275](https://sourceware.org/bugzilla/show_bug.cgi?id=23275), [swbz#23562](https://sourceware.org/bugzilla/show_bug.cgi?id=23562), [swbz#23579](https://sourceware.org/bugzilla/show_bug.cgi?id=23579), [swbz#23822](https://sourceware.org/bugzilla/show_bug.cgi?id=23822)). -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 28 2018 Florian Weimer <fweimer@xxxxxxxxxx> - 2.27-35 - Auto-sync with upstream branch release/2.27/master, commit 9f433fc791ca4f9d678903ff45b504b524c886fb: - CVE-2018-19591: if_nametoindex: Fix descriptor leak (#1654000) - libanl: proper cleanup if first helper thread creation failed (#1646381) - x86: Fix Haswell CPU string flags (#1641980) - resolv/tst-resolv-network.c: Additional test case (swbz#17630) - ia64: fix missing exp2f, log2f and powf symbols in libm.a (swbz#23822) - conform: XFAIL siginfo_t si_band test on sparc64 - signal: Use correct type for si_band in siginfo_t (swbz#23562) - pthread_mutex_lock: Fix race while promoting to PTHREAD_MUTEX_ELISION_NP (swbz#23275) - preadv2/pwritev2: Fix misreported errno (swbz#23579) - preadv2/pwritev2: Handle offset == -1 (swbz#22753) - posix_spawn: Fix potential segmentation fault * Mon Nov 26 2018 Florian Weimer <fweimer@xxxxxxxxxx> - 2.27-34 - Do not use parallel make for building locales (#1652228) * Thu Aug 30 2018 Florian Weimer <fweimer@xxxxxxxxxx> - 2.27-33 - Revert glibc_make_flags setting which is not needed in Fedora 28 (#1600034) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1653993 - CVE-2018-19591 glibc: file descriptor leak in if_nametoindex() in sysdeps/unix/sysv/linux/if_index.c https://bugzilla.redhat.com/show_bug.cgi?id=1653993 -------------------------------------------------------------------------------- ================================================================================ ibus-typing-booster-2.2.1-2.fc28 (FEDORA-2018-43ab316be7) A completion input method -------------------------------------------------------------------------------- Update Information: Update pl and uk translations from zanata -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 28 2018 Mike FABIAN <mfabian@xxxxxxxxxx> - 2.2.1-2 - Add desktop-file-utils, python3-gobject-base, gtk3, dbus-x11, dconf, and ibus to BuildRequires (without that the build started failing on F28). * Wed Nov 28 2018 Mike FABIAN <mfabian@xxxxxxxxxx> - 2.2.1-1 - Update to 2.2.1 - Update translations from zanata (pl, uk updated) -------------------------------------------------------------------------------- ================================================================================ java-runtime-decompiler-2.0-2.fc28 (FEDORA-2018-675bc983cc) Application for extraction and decompilation of JVM byte code -------------------------------------------------------------------------------- Update Information: This is a new package for java-runtime-decompiler, a tool used for extraction of byte code from running JVM. The byte code can be then decompiled using external decompilers back to source code. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1636019 - None https://bugzilla.redhat.com/show_bug.cgi?id=1636019 -------------------------------------------------------------------------------- ================================================================================ kernel-4.19.5-200.fc28 (FEDORA-2018-3857a8b41a) The Linux kernel -------------------------------------------------------------------------------- Update Information: The v4.19.5 stable update contains important fixes across the tree -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 27 2018 Jeremy Cline <jcline@xxxxxxxxxx> - 4.19.5-300 - Linux v4.19.5 - Fix CVE-2018-16862 (rhbz 1649017 1653122) - Fix CVE-2018-19407 (rhbz 1652656 1652658) * Mon Nov 26 2018 Jeremy Cline <jeremy@xxxxxxxxxx> - Fixes a null pointer dereference with Nvidia and vmwgfx drivers (rhbz 1650224) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1652656 - CVE-2018-19407 kernel: kvm: NULL pointer dereference in vcpu_scan_ioapic in arch/x86/kvm/x86.c https://bugzilla.redhat.com/show_bug.cgi?id=1652656 [ 2 ] Bug #1649017 - CVE-2018-16862 kernel: cleancache: Infoleak of deleted files after reuse of old inodes https://bugzilla.redhat.com/show_bug.cgi?id=1649017 -------------------------------------------------------------------------------- ================================================================================ kernel-headers-4.19.5-200.fc28 (FEDORA-2018-3857a8b41a) Header files for the Linux kernel for use by glibc -------------------------------------------------------------------------------- Update Information: The v4.19.5 stable update contains important fixes across the tree -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 27 2018 Jeremy Cline <jcline@xxxxxxxxxx> - 4.19.5-200 - Linux v4.19.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1652656 - CVE-2018-19407 kernel: kvm: NULL pointer dereference in vcpu_scan_ioapic in arch/x86/kvm/x86.c https://bugzilla.redhat.com/show_bug.cgi?id=1652656 [ 2 ] Bug #1649017 - CVE-2018-16862 kernel: cleancache: Infoleak of deleted files after reuse of old inodes https://bugzilla.redhat.com/show_bug.cgi?id=1649017 -------------------------------------------------------------------------------- ================================================================================ kernel-tools-4.19.5-200.fc28 (FEDORA-2018-3857a8b41a) Assortment of tools for the Linux kernel -------------------------------------------------------------------------------- Update Information: The v4.19.5 stable update contains important fixes across the tree -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 27 2018 Jeremy Cline <jeremy@xxxxxxxxxx> - 4.19.5-200 - Linux v4.19.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1652656 - CVE-2018-19407 kernel: kvm: NULL pointer dereference in vcpu_scan_ioapic in arch/x86/kvm/x86.c https://bugzilla.redhat.com/show_bug.cgi?id=1652656 [ 2 ] Bug #1649017 - CVE-2018-16862 kernel: cleancache: Infoleak of deleted files after reuse of old inodes https://bugzilla.redhat.com/show_bug.cgi?id=1649017 -------------------------------------------------------------------------------- ================================================================================ muffin-4.0.3-1.fc28 (FEDORA-2018-e4a0cd266a) Window and compositing manager based on Clutter -------------------------------------------------------------------------------- Update Information: - Update -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 28 2018 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 4.0.3-1 - Update to 4.0.3 release -------------------------------------------------------------------------------- ================================================================================ openjfx-8.0.202-2.b02.fc28 (FEDORA-2018-f752a46b86) Rich client application platform for Java -------------------------------------------------------------------------------- Update Information: Update to upstream version 8.0.202b02 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 27 2018 Nicolas De Amicis <deamicis@xxxxxxxxxx> - 8.0.202-2.b02 - Update to upstream version 8.0.202b02 * Mon Nov 12 2018 Nicolas De Amicis <deamicis@xxxxxxxxxx> - 8.0.152-19.b05 - Fix missing java packages in openjfx * Fri Jul 13 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 8.0.152-18.b05 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu Jun 21 2018 Mat Booth <mat.booth@xxxxxxxxxx> - 8.0.152-17.b05 - Fix failure to build from source * Thu Feb 8 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 8.0.152-16.b05 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Aug 3 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 8.0.152-15.b05 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Thu Jul 27 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 8.0.152-14.b05 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Sun Jul 2 2017 Jonny Heggheim <hegjon@xxxxxxxxx> - 8.0.152-13.b05 - Update to upstream version 8.0.152b05 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1611943 - Please update it to the last version (8u202-b00) https://bugzilla.redhat.com/show_bug.cgi?id=1611943 -------------------------------------------------------------------------------- ================================================================================ phan-1.1.4-1.fc28 (FEDORA-2018-ce2aec005b) A static analyzer for PHP -------------------------------------------------------------------------------- Update Information: 27 Nov 2018, Phan 1.1.4 ----------------------- **New features(Analysis):** + Preserve original descendent object types after type assertions, when original object types are all subtypes (e.g. infer `SubClass` for `$x = rand(0,1) ? new SubClass() : false; if ($x instanceof BaseClass) { ... }`) **Maintenance:** + Emit `UnusedPluginSuppression` on `@phan-suppress-next-line` and `@phan-file- suppress` on the same line as the comment declaring the suppression. (#2167, #1731) + Don't emit `PhanInvalidCommentForDeclarationType` (or attempt to parse) unknown tags that have known tags as prefixes (#2156) (e.g. `@param-some- unknown-tag`) **Bug fixes:** + Fix a crash when analyzing a nullable parameter of type `self` in traits (#2163) + Properly parse closures/generic arrays/array shapes when inner types also contain commas (#2141) + Support matching parentheses inside closure params, recursively. (e.g. `Closure(int[],Closure(int):bool):int[]`) + Don't warn about properties being read-only when they might be modified by reference (#1729) ---- 20 Nov 2018, Phan 1.1.3 ----------------------- **New features (CLI):** + Warn when calling method on union types that are definitely partially invalid. (#1885) New config setting: `--strict-method-checking` (enabled as part of `--strict-type- checking`) New issue type: `PhanPossiblyNonClassMethodCall` + Add a prototype tool `tool/phoogle`, which can be used to search for function/method signatures in user-declared and internal functions/methods. E.g. to look for functions that return a string, given a string and an array: `/path/phan/tool/phoogle 'string -> array -> string` **New features (Analysis):** + Add a heuristic check to detect potential infinite recursion in a functionlike calling itself (i.e. stack overflows) New issue types: `PhanInfiniteRecursion` + Infer literal integer values from expressions such as `2 | 1`, `2 + 2`, etc. + Infer more accurate array shapes for `preg_match_all` (based on existing inferences for `preg_match`) + Make Phan infer union types of variables from switch statements on variables (#1291) (including literal int and string types) + Analyze simple assertions on `get_class($var)` of various forms (#1977) Examples: - `assert(get_class($x) === 'someClass')` - `if (get_class($x) === someClass::class)` - `switch (get_class($x)) {case someClass::class: ...}` + Warn about invalid/possibly invalid callables in function calls. New issue types: `PhanTypeInvalidCallable`, `PhanTypePossiblyInvalidCallable` (the latter check requires `--strict-method-checking`) + Reduce false positives for a few functions (such as `substr`) in strict mode. + Make Phan infer that variables are not null/false from various comparison expressions, e.g. `assert($x > 0);` + Detect invalid arguments to `++`/`--` operators (#680). Improve the analysis of the side effects of `++`/`--` operators. New issue type: `PhanTypeInvalidUnaryOperandIncOrDec` **Plugins:** + Add `BeforeAnalyzeCapability`, which will be executed once before starting the analysis phase. (#2086) **Bug fixes:** + Fix false positives analyzing `define()` (#2128) + Support declaring instance properties as the union type `static` (#2145) New issue types: `PhanStaticPropIsStaticType` + Fix a crash seen when Phan attempted to emit `PhanTypeArrayOperator` for certain operations (#2153) -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 28 2018 Remi Collet <remi@xxxxxxxxxxxx> - 1.1.4-1 - update to 1.1.4 * Wed Nov 21 2018 Remi Collet <remi@xxxxxxxxxxxx> - 1.1.3-1 - update to 1.1.3 -------------------------------------------------------------------------------- ================================================================================ samba-4.8.7-0.fc28 (FEDORA-2018-c2a93f8e1b) Server and Client software to interoperate with Windows machines -------------------------------------------------------------------------------- Update Information: Update to Samba 4.8.7 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 27 2018 Guenther Deschner <gdeschner@xxxxxxxxxx> - 4.8.7-0 - Update to Samba 4.8.7 - resolves: #1625449, #1654078 - Security fixes for CVE-2018-14629 - resolves: #1642545, #1654082 - Security fixes for CVE-2018-16841 - resolves: #1646377, #1654091 - Security fixes for CVE-2018-16851 - resolves: #1647246, #1654093 - Security fixes for CVE-2018-16853 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1625449 - CVE-2018-14629 samba: Unprivileged adding of CNAME record causing loop in AD LDAP server https://bugzilla.redhat.com/show_bug.cgi?id=1625449 [ 2 ] Bug #1642545 - CVE-2018-16841 samba: Double-free in Samba AD DC KDC with PKINIT https://bugzilla.redhat.com/show_bug.cgi?id=1642545 [ 3 ] Bug #1646377 - CVE-2018-16851 samba: NULL pointer de-reference in Samba AD DC LDAP server https://bugzilla.redhat.com/show_bug.cgi?id=1646377 [ 4 ] Bug #1647246 - CVE-2018-16853 samba: S4U2Self crash with MIT KDC build https://bugzilla.redhat.com/show_bug.cgi?id=1647246 -------------------------------------------------------------------------------- ================================================================================ switchboard-plug-pantheon-shell-2.7.2-1.fc28 (FEDORA-2018-9819797ebc) Switchboard Pantheon Shell plug -------------------------------------------------------------------------------- Update Information: Update to version 2.7.2. This update should fix the wallpaper discovery on fedora, because subdirectory scanning was fixed. Release notes: https://github.com/elementary/switchboard-plug-pantheon-shell/releases/tag/2.7.2 -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 28 2018 Fabio Valentini <decathorpe@xxxxxxxxx> - 2.7.2-1 - Update to version 2.7.2. -------------------------------------------------------------------------------- ================================================================================ switchboard-plug-printers-2.1.6-1.fc28 (FEDORA-2018-bb66cf1cb8) Switchboard Printers Plug -------------------------------------------------------------------------------- Update Information: Update to version 2.1.6. Release notes: https://github.com/elementary/switchboard-plug-printers/releases/tag/2.1.6 -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 28 2018 Fabio Valentini <decathorpe@xxxxxxxxx> - 2.1.6-1 - Update to version 2.1.6. -------------------------------------------------------------------------------- ================================================================================ task-2.5.1-10.fc28 (FEDORA-2018-df5596a68f) Taskwarrior - a command-line TODO list manager -------------------------------------------------------------------------------- Update Information: Fix wrong .taskrc template -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 28 2018 Igor Gnatenko <ignatenkobrain@xxxxxxxxxxxxxxxxx> - 2.5.1-10 - Fixup rcdir path -------------------------------------------------------------------------------- References: [ 1 ] Bug #1551256 - generated .taskrc file contains duplicate datadir in include path https://bugzilla.redhat.com/show_bug.cgi?id=1551256 -------------------------------------------------------------------------------- ================================================================================ wine-3.21-1.fc28 (FEDORA-2018-90cf6a4a48) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information: - Typelib marshaller rewrite using NDR functions. - Graphics support on recent Android versions. - Support for memory font resources in DirectWrite. - Joystick support improvements. - Various bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 28 2018 Michael Cronenworth <mike@xxxxxxxxxx> 3.21-1 - version update -------------------------------------------------------------------------------- ================================================================================ xed-2.0.1-1.fc28 (FEDORA-2018-dbc09734d0) X-Apps [Text] Editor (Cross-DE, backward-compatible, GTK3, traditional UI) -------------------------------------------------------------------------------- Update Information: - Update -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 28 2018 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.0.1-1 - Update to 2.0.1 release -------------------------------------------------------------------------------- ================================================================================ xplayer-2.0.1-1.fc28 (FEDORA-2018-dbc09734d0) A generic Media Player -------------------------------------------------------------------------------- Update Information: - Update -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 28 2018 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.0.1-1 - Update to 2.0.1 release -------------------------------------------------------------------------------- ================================================================================ xreader-2.0.1-1.fc28 (FEDORA-2018-dbc09734d0) Simple document viewer -------------------------------------------------------------------------------- Update Information: - Update -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 28 2018 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.0.1-1 - Update to 2.0.1 release -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx
