The following Fedora 27 Security updates need testing: Age URL 225 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec1cd6db3 bro-2.5.3-1.fc27 157 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8dc6395408 dpdk-17.08.2-1.fc27 120 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3b33f65b01 nodejs-brace-expansion-1.1.11-1.fc27 112 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a748acc219 unrtf-0.21.9-8.fc27 88 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f6ccdeb750 mailman-2.1.21-9.fc27 88 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc864bb9e1 openslp-2.0.0-15.fc27 46 https://bodhi.fedoraproject.org/updates/FEDORA-2018-21ffebf41c tomcat-8.0.53-1.fc27 46 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e8533a3ef1 unixODBC-2.3.7-1.fc27 23 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3a7916c8b9 thunderbird-60.0-1.fc27 23 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bf613d82be CImg-2.3.6-1.fc27 23 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5a82282e4e gmic-2.3.6-1.fc27 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3e9f26489b lcms2-2.8-6.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-02a38af202 openssl-1.1.0i-1.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8b109a6de0 python-marshmallow-2.11.1-8.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-187e212568 php-tcpdf-6.2.25-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3b14abc9b0 libmad-0.15.1b-26.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-54d84b0b0c bind-9.11.4-3.P2.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-11b3ae4e31 ca-certificates-2018.2.26-1.0.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3d187b1a5b udisks2-2.7.6-2.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5f88837c1b firefox-62.0.2-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9a09435935 liblouis-2.6.2-13.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1f64819623 php-horde-Horde-Core-2.31.6-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-69cce46328 rust-1.29.1-2.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1de045298c php-horde-horde-5.2.20-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c0a1284064 kernel-headers-4.18.10-100.fc27 kernel-tools-4.18.10-100.fc27 kernel-4.18.10-100.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d280e35281 php-horde-kronolith-4.2.25-1.fc27
The following Fedora 27 Critical Path updates have yet to be approved: Age URL 141 https://bodhi.fedoraproject.org/updates/FEDORA-2018-25d5c86330 libidn-1.34-2.fc27 mcabber-1.1.0-1.fc27.1 pidgin-2.13.0-1.fc27.1 python-slixmpp-1.3.0-5.fc27.1 101 https://bodhi.fedoraproject.org/updates/FEDORA-2018-200dba6b93 upower-0.99.8-1.fc27 65 https://bodhi.fedoraproject.org/updates/FEDORA-2018-05a68ea22e geoclue2-2.4.11-1.fc27 45 https://bodhi.fedoraproject.org/updates/FEDORA-2018-20c3deae24 iproute-4.17.0-1.fc27 30 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c223c11259 libldb-1.3.2-2.fc27.1.2.3 samba-4.7.10-0.fc27 23 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3a7916c8b9 thunderbird-60.0-1.fc27 20 https://bodhi.fedoraproject.org/updates/FEDORA-2018-227775ff3a ceph-12.2.8-1.fc27 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ca54aecfc8 highlight-3.44-1.fc27 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-847a5b27f8 vim-8.1.408-1.fc27 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ede34350d8 dash-0.5.10.2-1.fc27 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3e9f26489b lcms2-2.8-6.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-387a30f785 osinfo-db-20180920-1.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-02a38af202 openssl-1.1.0i-1.fc27 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cf532c08b5 libguestfs-1.38.6-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a8d5e098bf pcre2-10.32-3.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c0a1284064 kernel-headers-4.18.10-100.fc27 kernel-tools-4.18.10-100.fc27 kernel-4.18.10-100.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5f88837c1b firefox-62.0.2-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3d187b1a5b udisks2-2.7.6-2.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3006b99087 xen-4.9.3-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-11b3ae4e31 ca-certificates-2018.2.26-1.0.fc27
The following builds have been pushed to Fedora 27 updates-testing
ansible-2.6.5-1.fc27 dgit-6.12-1.fc27 gnome-shell-extension-media-player-indicator-0-0.21.20180918gitd3201ea.fc27 gnome-shell-extension-netspeed-3.28-0.5.20180210gite3cea60.fc27 golang-github-thejerf-suture-3.0.0-1.fc27 golang-github-xtaci-smux-1.0.8-1.fc27 lightdm-1.28.0-2.fc27 lldb-5.0.2-2.fc27 mediawiki-1.29.3-1.fc27 openas2-2.6.2-2.fc27 python-markdown2-2.3.6-1.fc27
Details about builds:
================================================================================ ansible-2.6.5-1.fc27 (FEDORA-2018-bdcf17d7e5) SSH-based configuration management, deployment, and task execution system -------------------------------------------------------------------------------- Update Information:
Update to 2.6.5 bugfix release. See https://github.com/ansible/ansible/blob/v2.6.5/changelogs/CHANGELOG-v2.6.rst for a full list of fixed bugs. -------------------------------------------------------------------------------- ChangeLog:
* Fri Sep 28 2018 Kevin Fenzi kevin@scrye.com - 2.6.5-1 - Update to 2.6.5. --------------------------------------------------------------------------------
================================================================================ dgit-6.12-1.fc27 (FEDORA-2018-26b4f2e714) Integration between git and Debian-style archives -------------------------------------------------------------------------------- Update Information:
- Rebuilt for new upstream version 6.12, fixes rhbz #1634209 -------------------------------------------------------------------------------- ChangeLog:
* Sat Sep 29 2018 Filipe Rosset rosset.filipe@gmail.com - 6.12-1 - Rebuilt for new upstream version 6.12, fixes rhbz #1634209 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1634209 - dgit-6.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=1634209 --------------------------------------------------------------------------------
================================================================================ gnome-shell-extension-media-player-indicator-0-0.21.20180918gitd3201ea.fc27 (FEDORA-2018-aee3ddc83d) Control MPRIS2 capable media players: Rhythmbox, Banshee, Clementine and more -------------------------------------------------------------------------------- Update Information:
- Update to 0-0.21.20180918gitd3201ea - Remove scriptlet glib-compile-schemas: This scriptlet SHOULD NOT be used in Fedora 24 or later. -------------------------------------------------------------------------------- ChangeLog:
* Fri Sep 28 2018 Martin Gansser martinkg@fedoraproject.org - 0-0.21.20180918gitd3201ea - Update to new git snapshot 0-0.21.20180918gitd3201ea - Remove scriptlet glib-compile-schemas: This scriptlet SHOULD NOT be used in Fedora 24 or later. --------------------------------------------------------------------------------
================================================================================ gnome-shell-extension-netspeed-3.28-0.5.20180210gite3cea60.fc27 (FEDORA-2018-960fa5b813) A gnome-shell extension to show speed of the internet -------------------------------------------------------------------------------- Update Information:
- Add support for gnome 3.30 -------------------------------------------------------------------------------- ChangeLog:
* Fri Sep 28 2018 Martin Gansser martinkg@fedoraproject.org - 3.28-0.5.20180208gite3cea60 - Add support for gnome 3.30 * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 3.28-0.4.20180208gite3cea60 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ golang-github-thejerf-suture-3.0.0-1.fc27 (FEDORA-2018-5fd0964701) Supervisor trees for Go -------------------------------------------------------------------------------- Update Information:
Update to version 3.0.0. -------------------------------------------------------------------------------- ChangeLog:
* Fri Sep 28 2018 Fabio Valentini decathorpe@gmail.com - 3.0.0-1 - Update to version 3.0.0. --------------------------------------------------------------------------------
================================================================================ golang-github-xtaci-smux-1.0.8-1.fc27 (FEDORA-2018-30fd1639b5) Simple Stream Multiplexing for golang -------------------------------------------------------------------------------- Update Information:
Update to version 1.0.8. -------------------------------------------------------------------------------- ChangeLog:
* Fri Sep 28 2018 Fabio Valentini decathorpe@gmail.com - 1.0.8-1 - Update to version 1.0.8. * Sun Sep 2 2018 Fabio Valentini decathorpe@gmail.com - 1.0.7-2 - Update to use spec 3.0. --------------------------------------------------------------------------------
================================================================================ lightdm-1.28.0-2.fc27 (FEDORA-2018-227b29d323) A cross-desktop Display Manager -------------------------------------------------------------------------------- Update Information:
Adjust ordering of pam modules to ensure gnome_keyring/kwallet loads after system-auth -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 26 2018 Rex Dieter rdieter@fedoraproject.org - 1.28.0-2 - revert over-aggressive use of %name macro - lightdm.pam: move 'session...system-auth' before gnome_keyring/kwallet (#1581495,#1631220) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1631220 - Gnome keyring not unlocked on login https://bugzilla.redhat.com/show_bug.cgi?id=1631220 [ 2 ] Bug #1581495 - lightdm + pam-kwallet causes polkit issues https://bugzilla.redhat.com/show_bug.cgi?id=1581495 --------------------------------------------------------------------------------
================================================================================ lldb-5.0.2-2.fc27 (FEDORA-2018-c906f0913d) Next generation high-performance debugger -------------------------------------------------------------------------------- Update Information:
Fix for rhbz#1567262 -------------------------------------------------------------------------------- ChangeLog:
* Fri Sep 21 2018 Tom Stellard tstellar@redhat.com - 5.0.2-2 - lldb should depend on python2-lldb -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1567262 - missing Recommends: python2-lldb https://bugzilla.redhat.com/show_bug.cgi?id=1567262 --------------------------------------------------------------------------------
================================================================================ mediawiki-1.29.3-1.fc27 (FEDORA-2018-edf90410ea) A wiki engine -------------------------------------------------------------------------------- Update Information:
https://www.mediawiki.org/wiki/Release_notes/1.29#MediaWiki_1.29.3 - (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides 'newbie'. - (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's account lock. - (T180551) Fix LanguageSrTest for language converter - (T180552) Fix langauge converter parser test with self-close tags - (T180537) Remove $wgAuth usage from wrapOldPasswords.php - (T180485) InputBox: Have inputbox langconvert certain attributes - (T161732, T181547) Upgraded Moment.js from v2.15.0 to v2.19.3. - (T172927) Drop vendor from MW release branch - (T87572) Make FormatMetadata::flattenArrayReal() work for an associative array - Updated composer/spdx-licenses from 1.1.4 to 1.3.0 (development dependency). - (T189567) the CLI installer (maintenance/install.php) learned to detect and include extensions. Pass --with- extensions to enable that feature. - (T182381) Mask deprecated call in WatchedItemUnitTest - (T190503) Let built-in web server (maintenance/dev) handle .php requests. - The karma qunit tests would fail on some configuration due to headers already sent. Check headers_sent() before sending cpPosTime headers - (T167507) selenium: Run Chrome headlessly. - selenium: Pass -no-sandbox to Chrome under Docker - (T191247) Use MediaWiki\SuppressWarnings around trigger_error() instead @ - (T75174, T161041) Unit test ChangesListSpecialPageTest::testFilterUserExpLevel fails under SQLite. - (T192584) Stop incorrectly passing USE INDEX to RecentChange::newFromConds(). - (T179190) selenium: Move test running logic from package.json to selenium.sh. - (T117839, T193200) PDFHandler: Fix for pdfinfo changes in poppler-utils 0.48. - Add default edit rate limit of 90 edits/minute for all users. - (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported. - (T196672) The mtime of extension.json files is now able to be zero - (T180403) Validate $length in padleft/padright parser functions. - (T143790) Make $wgEmailConfirmToEdit only affect edit actions. - (T194237) Special:BotPasswords now requires reauthentication. - (T191608, T187638) Add 'logid' parameter to Special:Log. - (T176097) resourceloader: Disable a flaky MessageBlobStoreTest case - (T193829) Indicate when a Bot Password needs reset. - (T151415) Log email changes. - (T118420) Unbreak Oracle installer. -------------------------------------------------------------------------------- ChangeLog:
* Fri Sep 28 2018 Michael Cronenworth mike@cchtml.com - 1.29.3-1 - Update to 1.29.3 - https://www.mediawiki.org/wiki/Release_notes/1.29#MediaWiki_1.29.3 * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 1.29.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu Feb 8 2018 Fedora Release Engineering releng@fedoraproject.org - 1.29.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1634162 - CVE-2018-0503 mediawiki: $wgRateLimits (rate limit / ping limiter) entry for 'user' overrides that for 'newbie' [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1634162 [ 2 ] Bug #1634167 - CVE-2018-0505 mediawiki: BotPassword can bypass CentralAuth's account lock [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1634167 [ 3 ] Bug #1634170 - CVE-2018-0504 mediawiki: Information exposure when a log event is (partially) hidden [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1634170 --------------------------------------------------------------------------------
================================================================================ openas2-2.6.2-2.fc27 (FEDORA-2018-cce9180096) Java-based implementation of the EDIINT AS2 standard -------------------------------------------------------------------------------- Update Information:
New upstream release with some workarounds for MDN related partner braindamage. Plus, we disable tcp_server by default and set factory passwords to ChangeMe. ---- This is an open Java implementation of the AS2 EDI transport standard. To test, you need to install multiple instances, or use actual EDI partners. For instance, if you are an Amazon EDI vendor, you can create a TEST connection to your openas2 instance and run Amazon tests. You need to use the Java keytool to create and exchange public keys to identify EDI partners. At some point, I need to add a Fedora README with more Fedora specific howtos. While this is an application designed to exchange business EDI documents, you can test by creating 2 or more instances, and exchanging any arbitrary files. AS2 doesn't look at the contents of documents other than to compute the hash for signatures. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1633362 - MDN fails to decrypt for some partners https://bugzilla.redhat.com/show_bug.cgi?id=1633362 [ 2 ] Bug #1478210 - Review Request: openas2 - Java implementation of EDIINT AS2 https://bugzilla.redhat.com/show_bug.cgi?id=1478210 --------------------------------------------------------------------------------
================================================================================ python-markdown2-2.3.6-1.fc27 (FEDORA-2018-e52160d0bc) A fast and complete Python implementation of Markdown -------------------------------------------------------------------------------- Update Information:
#### python-markdown2 2.3.6 #### - [pull #282] Add TOC depth option - [pull #283] Fix to add TOC html to output via CLI - [pull #284] Do not remove anchors in safe_mode - [pull #288] fixing cuddled-lists with a single list item - [pull #292] Fix Wrong rendering of last list element - [pull #295] link-patterns fix - [pull #300] Replace a deprecated method - [pull #301] DeprecationWarning: invalid escape sequence - [pull #302] Fix "make test" in Python 3 - [pull #303] Fix CVE-2018-5773 -------------------------------------------------------------------------------- ChangeLog:
* Sat Sep 29 2018 Thomas Moschny thomas.moschny@gmx.de - 2.3.6-1 - Update to 2.3.6. * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 2.3.5-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Tue Jun 19 2018 Miro Hron��ok mhroncok@redhat.com - 2.3.5-4 - Rebuilt for Python 3.7 * Tue Jun 19 2018 Miro Hron��ok mhroncok@redhat.com - 2.3.5-3 - Rebuilt for Python 3.7 * Fri Feb 9 2018 Fedora Release Engineering releng@fedoraproject.org - 2.3.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1536923 - CVE-2018-5773 python-markdown2: Unsanitized input in markdown() method allows for cross-site scripting (XSS) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1536923 --------------------------------------------------------------------------------