The following Fedora 28 Security updates need testing: Age URL 309 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d510cfd7eb jgraphx-3.6.0.0-6.fc28 258 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d7aeaa74da nodejs-brace-expansion-1.1.11-1.fc28 257 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc073fdc1a nodejs-atob-2.1.1-1.fc28 133 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc4b7af297 xerces-c27-2.7.0-28.fc28 85 https://bodhi.fedoraproject.org/updates/FEDORA-2018-997a9e3e1f xen-4.10.2-4.fc28 85 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa3752ac3c nginx-1.14.1-1.fc28 64 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc86ef9e22 squid-4.4-1.fc28 61 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b18f9dd65b tomcat-8.5.35-1.fc28 33 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e0eb3d797e systemd-238-11.gita76ee90.fc28 18 https://bodhi.fedoraproject.org/updates/FEDORA-2019-6cf96757fe golang-1.10.8-1.fc28 6 https://bodhi.fedoraproject.org/updates/FEDORA-2019-afade40f3d spice-0.14.0-5.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e1cf31e58f thunderbird-60.5.0-4.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-3f9a71578d java-1.8.0-openjdk-1.8.0.201.b09-2.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-82acb29c1b ghostscript-9.26-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-710afd062a gsi-openssh-7.8p1-3.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-a16e1127d3 python-markdown2-2.3.7-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-8cbe2a05cd mosquitto-1.5.6-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-75ee9101ea netmask-2.4.4-1.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-8e683d3810 kf5-kauth-5.54.0-2.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-829524f28f moby-engine-18.06.0-2.ce.git0ffa825.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-a5f616808e flatpak-1.0.7-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-31e6f6e545 rubygem-activejob-5.1.5-2.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-02e13cb1a8 libexif-0.6.21-19.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-c602845b91 nss-3.42.1-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-5c54d58073 webkit2gtk3-2.22.6-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-963ea958f9 runc-1.0.0-68.dev.git6635b4f.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-f455ef79b8 docker-1.13.1-65.git1185cfd.fc28 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-3da64f3e61 kernel-headers-4.20.8-100.fc28 kernel-4.20.8-100.fc28 kernel-tools-4.20.8-100.fc28
The following Fedora 28 Critical Path updates have yet to be approved: Age URL 85 https://bodhi.fedoraproject.org/updates/FEDORA-2018-997a9e3e1f xen-4.10.2-4.fc28 64 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9f541b469b nfs-utils-2.3.3-1.rc2.fc28 55 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4dddcb3e5e highlight-3.48-1.fc28 33 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e0eb3d797e systemd-238-11.gita76ee90.fc28 28 https://bodhi.fedoraproject.org/updates/FEDORA-2019-78153d357c totem-pl-parser-3.26.2-1.fc28 24 https://bodhi.fedoraproject.org/updates/FEDORA-2019-870e8d8234 osinfo-db-20190120-1.fc28 21 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e9c4843d39 volume_key-0.3.12-2.fc28 20 https://bodhi.fedoraproject.org/updates/FEDORA-2019-bb30467485 ostree-2019.1-2.fc28 rpm-ostree-2019.1-1.fc28 14 https://bodhi.fedoraproject.org/updates/FEDORA-2019-2735cb18d8 lorax-28.26-1.fc28 12 https://bodhi.fedoraproject.org/updates/FEDORA-2019-cb4a3023ef iproute-4.20.0-1.fc28 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-67c405c3d8 hwdata-0.320-1.fc28 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-856b9ada37 selinux-policy-3.14.1-53.fc28 6 https://bodhi.fedoraproject.org/updates/FEDORA-2019-4ab744e2bc firefox-65.0-4.fc28 6 https://bodhi.fedoraproject.org/updates/FEDORA-2019-afade40f3d spice-0.14.0-5.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-f6fcc53d28 libidn2-2.1.1a-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e5db0dc40c nss-pem-1.0.5-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-b9a64e04c4 polkit-0.115-2.2.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e1cf31e58f thunderbird-60.5.0-4.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-df5f3b0bb2 gnome-online-accounts-3.28.2-1.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-a5f616808e flatpak-1.0.7-1.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-4855c4d486 curl-7.59.0-10.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-d70bc2e1c8 samba-4.8.9-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-c602845b91 nss-3.42.1-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-02e13cb1a8 libexif-0.6.21-19.fc28 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-3da64f3e61 kernel-headers-4.20.8-100.fc28 kernel-4.20.8-100.fc28 kernel-tools-4.20.8-100.fc28 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-dc66cd245f pungi-4.1.33-1.fc28 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-069924b60e vim-8.1.897-1.fc28
The following builds have been pushed to Fedora 28 updates-testing
R-stringi-1.3.1-1.fc28 buildstream-1.2.4-1.fc28 goldendict-1.5-0.19.RC2.fc28 linux-firmware-20190213-93.git710963fe.fc28 lynis-2.7.1-1.fc28 mgetty-1.1.37-10.fc28 pspg-1.6.3-3.fc28 python-pykwalify-1.7.0-1.fc28 sphinx-2.2.11-11.fc28 standard-test-roles-3.1-1.fc28 subversion-api-docs-1.11.1-1.fc28 vultr-1.15.0-2.fc28
Details about builds:
================================================================================ R-stringi-1.3.1-1.fc28 (FEDORA-2019-4c4143e194) Character String Processing Facilities -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Wed Feb 13 2019 Elliott Sales de Andrade quantum.analyst@gmail.com - 1.3.1-1 - Update to latest version * Thu Jan 31 2019 Fedora Release Engineering releng@fedoraproject.org - 1.2.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1606939 - R-stringi-1.3.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1606939 --------------------------------------------------------------------------------
================================================================================ buildstream-1.2.4-1.fc28 (FEDORA-2019-75e0431626) Build/integrate software stacks -------------------------------------------------------------------------------- Update Information:
* Migration of scripts to use tox * Force updating tags when fetching from git repos ([#812](https://gitlab.com/BuildStream/buildstream/issues/812)) * Avoid downloading unused submodules ([#804](https://gitlab.com/BuildStream/buildstream/issues/804)) * Fixed cleanup of cache server with disk is full ([#609](https://gitlab.com/BuildStream/buildstream/issues/609)) * Fixed possible artifact cache corruption ([#749](https://gitlab.com/BuildStream/buildstream/issues/749)) * Fixed `bst checkout --deps none` behavior ([#670](https://gitlab.com/BuildStream/buildstream/issues/670)) -------------------------------------------------------------------------------- ChangeLog:
* Thu Feb 14 2019 Mathieu Bridon bochecha@daitauha.fr - 1.2.4-1 - Update to the latest upstream release. --------------------------------------------------------------------------------
================================================================================ goldendict-1.5-0.19.RC2.fc28 (FEDORA-2019-e143e7ddca) A feature-rich dictionary lookup program -------------------------------------------------------------------------------- Update Information:
- Switched to Qt5 to fix major issues with HiDPI displays. - Moved to latest snapshot to resolve issues with latest GCC compiler versions. - Major SPEC cleanup. -------------------------------------------------------------------------------- ChangeLog:
* Thu Feb 14 2019 Mosaab Alzoubi moceap@hotmail.com - 1.5-0.20.RC2 - Cant build on s390x check koji #1210158 * Fri Feb 1 2019 Fedora Release Engineering releng@fedoraproject.org - 1.5-0.19.RC2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Sat Jan 26 2019 Mosaab Alzoubi moceap@hotmail.com - 1.5-0.18.RC2 - TRY TO FIX https://koji.fedoraproject.org/koji/taskinfo?taskID=32260066 * Mon Sep 24 2018 Vitaly Zaitsev vitaly@easycoding.org - 1.5-0.17.RC2 - Switched to Qt5 to fix major issues with HiDPI displays. - Moved to latest snapshot to resolve issues with latest GCC compiler versions. - Major SPEC cleanup. * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 1.5-0.16.RC2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1338571 - Not owrking https://bugzilla.redhat.com/show_bug.cgi?id=1338571 [ 2 ] Bug #1594569 - Update Goldendict from GIT (Qt4 deprecation->Qt5) https://bugzilla.redhat.com/show_bug.cgi?id=1594569 [ 3 ] Bug #1572681 - [abrt] goldendict: std::__replacement_assert(): goldendict killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1572681 [ 4 ] Bug #1667084 - Switch to Qt5 to fix major issues with HiDPI displays https://bugzilla.redhat.com/show_bug.cgi?id=1667084 --------------------------------------------------------------------------------
================================================================================ linux-firmware-20190213-93.git710963fe.fc28 (FEDORA-2019-f27089e66c) Firmware files used by the Linux kernel -------------------------------------------------------------------------------- Update Information:
* ath10k updates for QCA6174/QCA9888/QCA988X/QCA9984 * Marvell updates for SD8977/SD8897-B0/PCIe-USB8997 * amdgpu: add firmware for vega20 from 18.50 * nvidia: add TU10x typec controller firmware * bnx2x: Add FW 7.13.11.0 -------------------------------------------------------------------------------- ChangeLog:
* Thu Feb 14 2019 Peter Robinson pbrobinson@fedoraproject.org 20190213-93.git710963fe - ath10k updates for QCA6174/QCA9888/QCA988X/QCA9984 - Marvell updates for SD8977/SD8897-B0/PCIe-USB8997 - amdgpu: add firmware for vega20 from 18.50 - nvidia: add TU10x typec controller firmware - bnx2x: Add FW 7.13.11.0 * Thu Feb 7 2019 Peter Robinson pbrobinson@fedoraproject.org 20190118-92.gita8b75cac - Split out LiquidIO and Netronome firmware to their own package - Ship just one copy of WHENCE -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1435816 - Crash on standby / Wifi disconnect on Surface Book https://bugzilla.redhat.com/show_bug.cgi?id=1435816 [ 2 ] Bug #1507273 - Marvell AVASTAR Wireless-AC fails initialization, loses entire connectivity after few minutes https://bugzilla.redhat.com/show_bug.cgi?id=1507273 [ 3 ] Bug #1560973 - ath10k_pci firmware crash https://bugzilla.redhat.com/show_bug.cgi?id=1560973 [ 4 ] Bug #1622362 - missing brcmfmac43430a0_sdio.txt file (and manual workaround) https://bugzilla.redhat.com/show_bug.cgi?id=1622362 [ 5 ] Bug #1651779 - Surface Go - QCA6174 wifi card not correctly recognized and therefore not working https://bugzilla.redhat.com/show_bug.cgi?id=1651779 [ 6 ] Bug #1663634 - QCA6174 ath10k_pci firmware issue https://bugzilla.redhat.com/show_bug.cgi?id=1663634 [ 7 ] Bug #1669051 - amdgpu can't load polaris10_mc.bin on kernel 4.20.3-200.fc29 https://bugzilla.redhat.com/show_bug.cgi?id=1669051 --------------------------------------------------------------------------------
================================================================================ lynis-2.7.1-1.fc28 (FEDORA-2019-aa788a5aed) Security and system auditing tool -------------------------------------------------------------------------------- Update Information:
2.7.1 -------------------------------------------------------------------------------- ChangeLog:
* Thu Feb 14 2019 Gwyn Ciesla gwync@protonmail.com - 2.7.1-1 - 2.7.1 * Fri Feb 1 2019 Fedora Release Engineering releng@fedoraproject.org - 2.7.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1671425 - lynis-2.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1671425 --------------------------------------------------------------------------------
================================================================================ mgetty-1.1.37-10.fc28 (FEDORA-2019-3d38ab031e) A getty replacement for use with data and fax modems -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2018-16741,CVE-2018-16744,CVE-2018-16745 -------------------------------------------------------------------------------- ChangeLog:
* Thu Feb 14 2019 Tomas Korbar tkorbar@redhat.com - 1.1.37-10 - Fix possible command injection in fax/faxq-helper.c (bug #1628755) - CVE-2018-16741 * Thu Feb 14 2019 Tomas Korbar tkorbar@redhat.com - 1.1.37-9 - Fix multiple security problems in faxrec.c - Possible Command injection in faxrec.c (bug #1629976) - CVE-2018-16744 - Stack-based buffer overflow in fax_notify_mail() in faxrec.c (bug #1629980) - CVE-2018-16745 * Thu Feb 14 2019 Tomas Korbar tkorbar@redhat.com - 1.1.37-8 - Fix Out-of-bound access in putwhitespan() function g3/g32pbm.c - bug #1629986 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1628754 - CVE-2018-16741 mgetty: command injection in faxrunq https://bugzilla.redhat.com/show_bug.cgi?id=1628754 [ 2 ] Bug #1629975 - CVE-2018-16744 mgetty: Command injection in faxrec.c https://bugzilla.redhat.com/show_bug.cgi?id=1629975 [ 3 ] Bug #1629979 - CVE-2018-16745 mgetty: Stack-based buffer overflow in fax_notify_mail() in faxrec.c https://bugzilla.redhat.com/show_bug.cgi?id=1629979 [ 4 ] Bug #1629985 - mgetty: Out-of-bound access in putwhitespan() function g3/g32pbm.c https://bugzilla.redhat.com/show_bug.cgi?id=1629985 --------------------------------------------------------------------------------
================================================================================ pspg-1.6.3-3.fc28 (FEDORA-2019-f5f5534c70) A unix pager optimized for psql -------------------------------------------------------------------------------- Update Information:
A unix pager optimized for psql -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1677259 - Review Request: pspg - A unix pager optimized for psql https://bugzilla.redhat.com/show_bug.cgi?id=1677259 --------------------------------------------------------------------------------
================================================================================ python-pykwalify-1.7.0-1.fc28 (FEDORA-2019-5fe6c5cd78) Python lib/cli for JSON/YAML schema validation -------------------------------------------------------------------------------- Update Information:
Upgrade to 1.7.0. -------------------------------------------------------------------------------- ChangeLog:
* Wed Feb 13 2019 Marek Goldmann mgoldman@redhat.com - 1.7.0-1 - Release 1.7.0 - Update url to fetch source from GitHub - Drop strict version requirements in requirements.txt * Sat Feb 2 2019 Fedora Release Engineering releng@fedoraproject.org - 1.5.1-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 1.5.1-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Tue Jun 19 2018 Miro Hron��ok mhroncok@redhat.com - 1.5.1-8 - Rebuilt for Python 3.7 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1635216 - [abrt] python3-pykwalify: resolve(): __init__.py:781:resolve:pkg_resources.DistributionNotFound: The 'python-dateutil==2.4.2' distribution was not found and is required by pykwalify https://bugzilla.redhat.com/show_bug.cgi?id=1635216 [ 2 ] Bug #1658365 - Initiating unresponsive maintainer process (Per FESCo policy) https://bugzilla.redhat.com/show_bug.cgi?id=1658365 [ 3 ] Bug #1597149 - python-pykwalify-1.7.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1597149 --------------------------------------------------------------------------------
================================================================================ sphinx-2.2.11-11.fc28 (FEDORA-2019-fa9cc57659) Free open-source SQL full-text search engine -------------------------------------------------------------------------------- Update Information:
Revert incorrect use of _tmpfiledir -------------------------------------------------------------------------------- ChangeLog:
* Thu Feb 14 2019 Orion Poplawski orion@nwra.com - 2.2.11-11 - Revert incorrect use of _tmpfiledir rhbx#1551735 * Sun Feb 3 2019 Fedora Release Engineering releng@fedoraproject.org - 2.2.11-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Jul 20 2018 Ben Cotton bcotton@fedoraproject.org - 2.2.11-9 - Fix FTBFS rhbz#1606397 * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 2.2.11-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1551735 - sphinx: strange directories under /usr/lib/tmpfiles.d/ https://bugzilla.redhat.com/show_bug.cgi?id=1551735 --------------------------------------------------------------------------------
================================================================================ standard-test-roles-3.1-1.fc28 (FEDORA-2019-addfe58ac6) Standard Test Interface Ansible roles -------------------------------------------------------------------------------- Update Information:
Update to 3.1 -------------------------------------------------------------------------------- ChangeLog:
* Thu Feb 14 2019 Andrei Stepanov astepano@redhat.com - 3.1-1 - Build with the latest merged PRs. --------------------------------------------------------------------------------
================================================================================ subversion-api-docs-1.11.1-1.fc28 (FEDORA-2019-deadf58e58) Subversion API documentation -------------------------------------------------------------------------------- Update Information:
Rebuild against subversion 1.11.1. -------------------------------------------------------------------------------- ChangeLog:
* Thu Feb 14 2019 Bojan Smojver bojan@rexursive.com 1.11.1-1 - bump up to 1.11.1 * Sun Feb 3 2019 Fedora Release Engineering releng@fedoraproject.org - 1.11.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Wed Nov 7 2018 Bojan Smojver bojan@rexursive.com 1.11.0-1 - bump up to 1.11.0 * Sat Jul 21 2018 Bojan Smojver bojan@rexursive.com 1.10.2-1 - bump up to 1.10.2 * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 1.9.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1676049 - subversion-api-docs: FTBFS in Fedora rawhide/f30 https://bugzilla.redhat.com/show_bug.cgi?id=1676049 --------------------------------------------------------------------------------
================================================================================ vultr-1.15.0-2.fc28 (FEDORA-2019-de157aef3e) Vultr CLI -------------------------------------------------------------------------------- Update Information:
- Initial package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1663709 - Review Request: vultr - Vultr CLI https://bugzilla.redhat.com/show_bug.cgi?id=1663709 --------------------------------------------------------------------------------