The following Fedora 28 Security updates need testing: Age URL 387 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d510cfd7eb jgraphx-3.6.0.0-6.fc28 336 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d7aeaa74da nodejs-brace-expansion-1.1.11-1.fc28 335 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc073fdc1a nodejs-atob-2.1.1-1.fc28 211 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc4b7af297 xerces-c27-2.7.0-28.fc28 163 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa3752ac3c nginx-1.14.1-1.fc28 142 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc86ef9e22 squid-4.4-1.fc28 69 https://bodhi.fedoraproject.org/updates/FEDORA-2019-86412405d5 bind-9.11.5-4.P4.fc28 57 https://bodhi.fedoraproject.org/updates/FEDORA-2019-63029a7692 libu2f-host-1.1.8-1.fc28 37 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ba19e79e9a thunderbird-60.6.1-1.fc28 35 https://bodhi.fedoraproject.org/updates/FEDORA-2019-0927602e59 chromium-73.0.3683.86-2.fc28 15 https://bodhi.fedoraproject.org/updates/FEDORA-2019-3193a75b06 poppler-0.62.0-22.fc28 8 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ca4ee3510d java-11-openjdk-11.0.3.7-1.fc28 6 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e2d5de3342 libqb-1.0.5-1.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-feac6674b7 ruby-2.5.5-108.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-9dfd44e1e9 python-gnupg-0.4.4-1.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-1a3edd7e8a drupal8-8.6.15-1.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-d109db9c8a libfilezilla-0.15.1-1.fc28 filezilla-3.41.2-1.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-f563e66380 drupal7-7.66-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-bab3944fee php-7.2.18-1.fc28 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-04e7d39ad3 community-mysql-5.7.26-1.fc28 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-a6cd583a8d kernel-5.0.11-100.fc28 The following Fedora 28 Critical Path updates have yet to be approved: Age URL 142 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9f541b469b nfs-utils-2.3.3-1.rc2.fc28 106 https://bodhi.fedoraproject.org/updates/FEDORA-2019-78153d357c totem-pl-parser-3.26.2-1.fc28 98 https://bodhi.fedoraproject.org/updates/FEDORA-2019-bb30467485 ostree-2019.1-2.fc28 rpm-ostree-2019.1-1.fc28 90 https://bodhi.fedoraproject.org/updates/FEDORA-2019-cb4a3023ef iproute-4.20.0-1.fc28 73 https://bodhi.fedoraproject.org/updates/FEDORA-2019-6c4e362bd0 dhcp-4.3.6-22.fc28 dnsperf-2.2.1-1.fc28 bind-dyndb-ldap-11.1-13.fc28 bind-9.11.5-2.P1.fc28 52 https://bodhi.fedoraproject.org/updates/FEDORA-2019-cb98bf5ace fedfind-4.2.2-1.fc28 python-productmd-1.20-1.fc28 44 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e60ecc03b4 python-productmd-1.21-1.fc28 37 https://bodhi.fedoraproject.org/updates/FEDORA-2019-a0ae4e93b9 sssd-1.16.4-2.fc28 37 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ba19e79e9a thunderbird-60.6.1-1.fc28 28 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ba19af6a58 libldb-1.4.0-5.fc28.1.3.8 samba-4.8.10-0.fc28 15 https://bodhi.fedoraproject.org/updates/FEDORA-2019-3193a75b06 poppler-0.62.0-22.fc28 15 https://bodhi.fedoraproject.org/updates/FEDORA-2019-bc14eac80e libblockdev-2.18-2.fc28 11 https://bodhi.fedoraproject.org/updates/FEDORA-2019-dddd3b8418 ceph-12.2.12-1.fc28 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-9244c8b209 pungi-4.1.36-1.fc28 6 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e2d5de3342 libqb-1.0.5-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-b3ab59df83 ethtool-5.0-1.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-c82d274716 dhcp-4.3.6-23.fc28 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-a6cd583a8d kernel-5.0.11-100.fc28 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-3ab1dba357 hwdata-0.323-1.fc28 The following builds have been pushed to Fedora 28 updates-testing CuraEngine-lulzbot-3.6.8-1.fc28 R-IRkernel-1.0.1-1.fc28 cura-lulzbot-3.6.8-1.fc28 fuse-2.9.9-7.fc28 gnome-shell-extension-gsconnect-23-1.fc28 httpd-2.4.39-1.1.fc28 libuv-1.28.0-2.fc28 lulzbot-marlin-firmware-1.1.9.34-5.fc28 openstack-java-sdk-3.2.7-1.fc28 perl-Redis-1.991-6.fc28 python-uranium-lulzbot-3.6.8-1.fc28 visualboyadvance-m-2.1.3-1.fc28 whatsup-1.14-23.fc28 xrdp-0.9.10-1.fc28 Details about builds: ================================================================================ CuraEngine-lulzbot-3.6.8-1.fc28 (FEDORA-2019-c1557ea652) Engine for processing 3D models into G-code instructions for 3D printers -------------------------------------------------------------------------------- Update Information: Update to cura-lulzbot 3.6.8, necessary for TAZ PRO printers. -------------------------------------------------------------------------------- ChangeLog: * Thu May 2 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1:3.6.8-1 - update to 3.6.8 * Wed Apr 17 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1:3.6.6-1 - update to 3.6.6 * Wed Apr 17 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1:3.6.5-2 - fix libarcus requirements * Wed Mar 27 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1:3.6.5-1 - update to 3.6.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1697148 - python-uranium-lulzbot-3.6.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1697148 -------------------------------------------------------------------------------- ================================================================================ R-IRkernel-1.0.1-1.fc28 (FEDORA-2019-044243a4fd) Native R Kernel for the 'Jupyter Notebook' -------------------------------------------------------------------------------- Update Information: Update to latest version -------------------------------------------------------------------------------- ChangeLog: * Thu May 2 2019 Elliott Sales de Andrade <quantum.analyst@xxxxxxxxx> - 1.0.1-1 - Update to latest version * Tue Apr 30 2019 Elliott Sales de Andrade <quantum.analyst@xxxxxxxxx> - 1.0.0-1 - Update to latest version * Thu Jan 31 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.8.15-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1704824 - R-IRkernel-1.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1704824 [ 2 ] Bug #1705556 - R-IRkernel-1.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1705556 -------------------------------------------------------------------------------- ================================================================================ cura-lulzbot-3.6.8-1.fc28 (FEDORA-2019-c1557ea652) 3D printer control software -------------------------------------------------------------------------------- Update Information: Update to cura-lulzbot 3.6.8, necessary for TAZ PRO printers. -------------------------------------------------------------------------------- ChangeLog: * Thu May 2 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> 1:3.6.8-1 - update to 3.6.8 * Thu Apr 18 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> 1:3.6.6-1 - update to 3.6.6 * Wed Mar 27 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> 1:3.6.5-1 - update to 3.6.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1697148 - python-uranium-lulzbot-3.6.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1697148 -------------------------------------------------------------------------------- ================================================================================ fuse-2.9.9-7.fc28 (FEDORA-2019-44ac6082f0) File System in Userspace (FUSE) v2 utilities -------------------------------------------------------------------------------- Update Information: Split out fuse3 into a separate package -------------------------------------------------------------------------------- ChangeLog: * Wed May 1 2019 Dave Dykstra <dwd@xxxxxxxxxxxxxxxxx> - 2.9.9-7 - Update the Requires: fuse-common >= version to 3.4.2-4 because fuse-common > 3.4.2-3 is insufficient to force the new version * Wed May 1 2019 Dave Dykstra <dwd@xxxxxxxxxxxxxxxxx> - 2.9.9-6 - Fix name of libfuse.so.2 * Wed May 1 2019 Dave Dykstra <dwd@xxxxxxxxxxxxxxxxx> - 2.9.9-5 - Update the Requires: fuse-common > version to 3.4.2-3 * Wed May 1 2019 Dave Dykstra <dwd@xxxxxxxxxxxxxxxxx> - 2.9.9-4 - Separate fuse3 out into its own package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1696454 - Please include fuse3 and fuse3-libs in EPEL https://bugzilla.redhat.com/show_bug.cgi?id=1696454 -------------------------------------------------------------------------------- ================================================================================ gnome-shell-extension-gsconnect-23-1.fc28 (FEDORA-2019-83dd359f30) KDE Connect implementation for GNOME Shell -------------------------------------------------------------------------------- Update Information: * SFTP * Drop support for password authentication, since public key authorization is fully supported * Support error messages via a desktop notification * Notification Actions Notifications from Android now support actions (aka buttons). This is a new feature and may contain some bugs. Desktop notification actions are not shared yet. * Fix Keyboard Shortcuts on GNOME Shell >= 3.32 * Create a symlink to FUSE dir with a stable name GVFS mounts filesystems on `/run/user/.../gvfs/sftp:host=...,port=...`, where the IP address and port number will vary. Create a symbolic link in `/run/user/.../gsconnect/by-name/` so that the filesystem can be found in a predictable place. Translations * Add Danish (da) * Update to German (de) and Turkish (tr) * Publish new version of WebExtension with translation updates. -------------------------------------------------------------------------------- ChangeLog: * Thu May 2 2019 Mohamed El Morabity <melmorabity@xxxxxxxxxxxxxxxxx> - 23-1 - Update to 23 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1699495 - gnome-shell-extension-gsconnect-23 is available https://bugzilla.redhat.com/show_bug.cgi?id=1699495 -------------------------------------------------------------------------------- ================================================================================ httpd-2.4.39-1.1.fc28 (FEDORA-2019-a4ed7400f4) Apache HTTP Server -------------------------------------------------------------------------------- Update Information: This update includes the latest upstream release of **Apache httpd**, version **2.4.39**, including multiple bug and security fixes. To see the full list of changes in this release, see: https://www.apache.org/dist/httpd/CHANGES_2.4.39 The following security vulnerabilities are addressed: * `CVE-2019-0211` - MPMs unix: Fix a local priviledge escalation vulnerability by not maintaining each child's listener bucket number in the scoreboard, preventing unprivileged code like scripts run by/on the server (e.g. via mod_php) from modifying it persistently to abuse the priviledged main process. * `CVE-2019-0215` - mod_ssl: Fix access control bypass for per-location/per-dir client certificate verification in TLSv1.3. * `CVE-2019-0217` - mod_auth_digest: Fix a race condition checking user credentials which could allow a user with valid credentials to impersonate another, under a threaded MPM. * `CVE-2019-0220`- Merge consecutive slashes in URL's. Opt-out with `MergeSlashes OFF`. -------------------------------------------------------------------------------- ChangeLog: * Fri May 3 2019 Joe Orton <jorton@xxxxxxxxxx> - 2.4.39-1.1 - mod_reqtimeout: fix default values regression (PR 63325) * Tue Apr 2 2019 Lubos Uhliarik <luhliari@xxxxxxxxxx> - 2.4.39-1 - new version 2.4.39 * Mon Nov 26 2018 Lubos Uhliarik <luhliari@xxxxxxxxxx> - 2.4.34-4 - Resolves: #1652678 - TLS connection allowed while all protocols are forbidden -------------------------------------------------------------------------------- References: [ 1 ] Bug #1694986 - CVE-2019-0211 httpd: privilege escalation from modules scripts [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1694986 [ 2 ] Bug #1695046 - CVE-2019-0215 CVE-2019-0217 CVE-2019-0220 httpd: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1695046 [ 3 ] Bug #1694510 - httpd-2.4.39 is available https://bugzilla.redhat.com/show_bug.cgi?id=1694510 [ 4 ] Bug #1698719 - fix a regression introduced in r1740928 https://bugzilla.redhat.com/show_bug.cgi?id=1698719 -------------------------------------------------------------------------------- ================================================================================ libuv-1.28.0-2.fc28 (FEDORA-2019-ee2275814f) Platform layer for node.js -------------------------------------------------------------------------------- Update Information: Fix regression causing segmentation faults -------------------------------------------------------------------------------- ChangeLog: * Fri May 3 2019 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.28.0-2 - Fix regression in uv_fs_poll_stop() (BZ 1703935) * Tue Apr 23 2019 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.28.0-1 - Update to libuv 1.28.0 - https://github.com/libuv/libuv/blob/v1.28.0/ChangeLog -------------------------------------------------------------------------------- References: [ 1 ] Bug #1703935 - assertion failure since 1.27.0 https://bugzilla.redhat.com/show_bug.cgi?id=1703935 -------------------------------------------------------------------------------- ================================================================================ lulzbot-marlin-firmware-1.1.9.34-5.fc28 (FEDORA-2019-c1557ea652) Marlin firmware files for the Lulzbot family of 3D printers -------------------------------------------------------------------------------- Update Information: Update to cura-lulzbot 3.6.8, necessary for TAZ PRO printers. -------------------------------------------------------------------------------- ChangeLog: * Thu May 2 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1:1.1.9.34-5 - update pro version for c-le 3.6.8 * Thu Apr 18 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1:1.1.9.34-4 - update pro version for c-le 3.6.6 * Thu Mar 28 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1:1.1.9.34-3 - preserve all PRO firmware files * Wed Mar 27 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1:1.1.9.34-2 - add 2.0 PRO firmware subpackage -------------------------------------------------------------------------------- References: [ 1 ] Bug #1697148 - python-uranium-lulzbot-3.6.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1697148 -------------------------------------------------------------------------------- ================================================================================ openstack-java-sdk-3.2.7-1.fc28 (FEDORA-2019-e0cd093f34) OpenStack Java SDK -------------------------------------------------------------------------------- Update Information: update to openstack-java-sdk-3.2.7 -------------------------------------------------------------------------------- ChangeLog: * Fri May 3 2019 Dominik Holler <dholler@xxxxxxxxxx> - 3.2.7-1 - update to openstack-java-sdk-3.2.7 * Fri May 3 2019 Dominik Holler <dholler@xxxxxxxxxx> - 3.2.6-1 - update to openstack-java-sdk-3.2.6 -------------------------------------------------------------------------------- ================================================================================ perl-Redis-1.991-6.fc28 (FEDORA-2019-08799a600c) Perl binding for Redis database -------------------------------------------------------------------------------- Update Information: This release adjusts tests to changes in Redis 4.0.11. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 30 2018 Petr Pisar <ppisar@xxxxxxxxxx> - 1.991-6 - Adjust tests to changes in Redis 4.0.11 (bug #1624360) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1624360 - perl-Redis-1.991-7.fc29 FTBFS: Failed test 'pipeline with embedded error' https://bugzilla.redhat.com/show_bug.cgi?id=1624360 -------------------------------------------------------------------------------- ================================================================================ python-uranium-lulzbot-3.6.8-1.fc28 (FEDORA-2019-c1557ea652) A Python framework for building desktop applications (Lulzbot fork) -------------------------------------------------------------------------------- Update Information: Update to cura-lulzbot 3.6.8, necessary for TAZ PRO printers. -------------------------------------------------------------------------------- ChangeLog: * Thu May 2 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 3.6.8-1 - update to 3.6.8 * Thu Apr 18 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 3.6.6-1 - update to 3.6.6 * Wed Apr 17 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 3.6.5-2 - fix arcus requirements * Wed Mar 27 2019 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 3.6.5-1 - update to 3.6.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1697148 - python-uranium-lulzbot-3.6.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1697148 -------------------------------------------------------------------------------- ================================================================================ visualboyadvance-m-2.1.3-1.fc28 (FEDORA-2019-e903cae219) High compatibility Gameboy Advance Emulator combining VBA builds -------------------------------------------------------------------------------- Update Information: Update to 2.1.3 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 23 2019 Jeremy Newton <alexjnewt AT hotmail DOT com> - 2.1.3-1 - Update to v2.1.3 * Sun Feb 3 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.1.0-2.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Sat Sep 15 2018 Jeremy Newton <alexjnewt AT hotmail DOT com> - 2.1.0-2 - Actually use 2.1.0 sources - Add performance patch for xserver -------------------------------------------------------------------------------- ================================================================================ whatsup-1.14-23.fc28 (FEDORA-2019-50e6d6c351) Node up/down detection utility -------------------------------------------------------------------------------- Update Information: This release fixes building on 32-bit ARM architectures. -------------------------------------------------------------------------------- ChangeLog: * Fri May 3 2019 Petr Pisar <ppisar@xxxxxxxxxx> - 1.14-23 - Disable InfiniBand support on 32-bit ARM architectures (bug #1556539) * Fri Feb 9 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.14-22 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1556539 - whatsup: FTBFS: No matching package to install: 'opensm-devel' https://bugzilla.redhat.com/show_bug.cgi?id=1556539 -------------------------------------------------------------------------------- ================================================================================ xrdp-0.9.10-1.fc28 (FEDORA-2019-399d98199f) Open source remote desktop protocol (RDP) server -------------------------------------------------------------------------------- Update Information: New features - Restrict outbound (server->client) clipboard transfer, configured in sesman.ini #1298 Bug fixes - Fix the issue libscp v1 not setting width but height twice #1293 - Fix the issue reconnecting to session causes duplicate drive entries in fuse fs #1299 - Fix default_wm and reconnect_sh refer wrong path after sesman caught SIGUP #1315 #1331 - Shutdown xrdp more responsively #1325 - Improve remote file lookup in drive redirection #996 #1327 - Overwriting & appending to existing files is are now supported #1327 Other changes - Add Danish Keyboard #1290 - Put xrdp- prefix to some executables appear in man page #1313 - Replace some URLs from SF.net to xrdp.org #1313 Known issues - FreeRDP 2.0.0-rc4 or later might not able to connect to xrdp due to - xrdp's bad-mannered behaviour, add +glyph-cache option to FreeRDP to connect #1266 - Audio redirection by MP3 codec doesn't sound with some client, use AAC instead #965 -------------------------------------------------------------------------------- ChangeLog: * Fri May 3 2019 Bojan Smojver <bojan@xxxxxxxxxxxx> - 1:0.9.10-1 - Bump up to 0.9.10 * Sun Feb 3 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1:0.9.9-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx
