The following Fedora 28 Security updates need testing: Age URL 161 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d510cfd7eb jgraphx-3.6.0.0-6.fc28 110 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d7aeaa74da nodejs-brace-expansion-1.1.11-1.fc28 109 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc073fdc1a nodejs-atob-2.1.1-1.fc28 102 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9dd3f7c013 unrtf-0.21.9-8.fc28 70 https://bodhi.fedoraproject.org/updates/FEDORA-2018-28e9841baf docker-latest-1.13.1-37.git9cb56fd.fc28 19 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4f0089c995 yum-utils-1.1.31-515.fc28 13 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1735cbc422 CImg-2.3.6-1.fc28 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b6072889db php-7.2.10-1.fc28 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-dc060c6f2a gitolite3-3.6.9-1.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2bba84217a php-tcpdf-6.2.22-1.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9fc46b45ab visualboyadvance-m-2.1.0-2.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1758d97170 yaml-cpp-0.6.1-4.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e9821afbca mozilla-noscript-10.1.9.6-1.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-690535d30b moodle-3.4.5-1.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-37a27807e0 hylafax+-5.6.1-1.fc28
The following Fedora 28 Critical Path updates have yet to be approved: Age URL 19 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4f0089c995 yum-utils-1.1.31-515.fc28 18 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9403743de2 edk2-20180815gitcb5f4f45ce-1.fc28 13 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f06af0ec34 qemu-2.11.2-4.fc28 13 https://bodhi.fedoraproject.org/updates/FEDORA-2018-221c934152 perl-File-Path-2.16-1.fc28 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6a3d2795ab pungi-4.1.28-1.fc28 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b34ee01b0d iproute-4.18.0-1.fc28 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8217a06c3a pcre2-10.32-1.fc28 perl-re-engine-PCRE2-0.14-4.fc28
The following builds have been pushed to Fedora 28 updates-testing
NetworkManager-1.10.12-1.fc28 coan-6.0.1-17.fc28 dash-0.5.10.2-1.fc28 dmidecode-3.2-1.fc28 elementary-shortcut-overlay-1.0.1-1.fc28 elementary-wallpapers-5.3-1.fc28 elementary-xfce-icon-theme-0.13-1.fc28 erlang-20.3.8.9-1.fc28 erlang-meck-0.8.12-1.fc28 fldigi-4.0.18-2.fc28 freedv-1.3.1-3.fc28 gsequencer-2.0.12-0.fc28 hamlib-3.3-1.fc28 kmail-18.04.3-2.fc28 ktikz-0.12-3.fc28 lcms2-2.9-4.fc28 libbson-1.9.5-3.fc28 libmodulemd-1.6.4-1.fc28 openssl-pkcs11-0.4.8-2.fc28 pcre2-10.32-2.fc28 perl-Dancer2-Plugin-Database-2.17-2.fc28 php-nikic-php-parser4-4.0.4-1.fc28 python-msgpack-0.5.6-5.fc28 qsstv-9.2.6-4.fc28 recoll-1.23.7-8.fc28 spamassassin-3.4.2-1.fc28 twa-1.3.1-1.fc28 wingpanel-applications-menu-2.4.0-1.fc28 xorgxrdp-0.2.8-1.fc28 zchunk-0.9.10-1.fc28
Details about builds:
================================================================================ NetworkManager-1.10.12-1.fc28 (FEDORA-2018-038d8f7b50) Network connection manager and user applications -------------------------------------------------------------------------------- Update Information:
Update to 1.10.12 release -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 18 2018 Thomas Haller thaller@redhat.com - 1:1.10.12-1 - Update to 1.10.12 release --------------------------------------------------------------------------------
================================================================================ coan-6.0.1-17.fc28 (FEDORA-2018-828aa9746b) A command line tool for simplifying the pre-processor conditionals in source code -------------------------------------------------------------------------------- Update Information:
This package fixes a crash on Fedora 28 and later. -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 18 2018 Jonathan Underwood jonathan.underwood@gmail.com - 6.0.1-17 - Add patch to fix crash on Fedora 28 and later (BZ 1626440) - Fix missing python on Fedora >=29 - Re-enable test failures on x86_64 and i686 only * Thu Jul 12 2018 Fedora Release Engineering releng@fedoraproject.org - 6.0.1-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu Mar 15 2018 Iryna Shcherbina ishcherb@redhat.com - 6.0.1-15 - Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1626440 - Out of bounds error combined with Fedora 28 hardening flags leads to crash https://bugzilla.redhat.com/show_bug.cgi?id=1626440 --------------------------------------------------------------------------------
================================================================================ dash-0.5.10.2-1.fc28 (FEDORA-2018-33c28dc24f) Small and fast POSIX-compliant shell -------------------------------------------------------------------------------- Update Information:
- upgrade to latest upstream 0.5.10.2 fixes RHBZ #1379016 and #1381509 -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 19 2018 Filipe Rosset rosset.filipe@gmail.com - 0.5.10.2-1 - upgrade to latest upstream 0.5.10.2 fixes RHBZ #1379016 and #1381509 * Wed Sep 19 2018 Filipe Rosset rosset.filipe@gmail.com - 0.5.9-8 - spec cleanup and modernization * Fri Jul 20 2018 Stephen Gallagher sgallagh@redhat.com - 0.5.9-7 - Add BuildRequires: gcc * Thu Jul 12 2018 Fedora Release Engineering releng@fedoraproject.org - 0.5.9-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1381509 - RFE: dash for EPEL https://bugzilla.redhat.com/show_bug.cgi?id=1381509 [ 2 ] Bug #1379016 - dash-0.5.10.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1379016 --------------------------------------------------------------------------------
================================================================================ dmidecode-3.2-1.fc28 (FEDORA-2018-b26195ce1d) Tool to analyse BIOS DMI data -------------------------------------------------------------------------------- Update Information:
updated to upstream v3.2 -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 18 2018 Anton Arapov aarapov@redhat.com - 1:3.2-1 - updated to upstream v3.2 - Supported SMBIOS spec up to v3.2.0 --------------------------------------------------------------------------------
================================================================================ elementary-shortcut-overlay-1.0.1-1.fc28 (FEDORA-2018-ab361652dc) Native, OS-wide shortcut overlay -------------------------------------------------------------------------------- Update Information:
Update to version 1.0.1. Release notes: https://github.com/elementary/shortcut- overlay/releases/tag/1.0.1 -------------------------------------------------------------------------------- ChangeLog:
--------------------------------------------------------------------------------
================================================================================ elementary-wallpapers-5.3-1.fc28 (FEDORA-2018-f17f184284) Collection of wallpapers from the elementary project -------------------------------------------------------------------------------- Update Information:
Update to version 5.3. Release notes: https://github.com/elementary/wallpapers/releases/tag/5.3 -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 18 2018 Fabio Valentini decathorpe@gmail.com - 5.3-1 - Update to version 5.3. --------------------------------------------------------------------------------
================================================================================ elementary-xfce-icon-theme-0.13-1.fc28 (FEDORA-2018-04cb7e142a) Icons for Xfce based on the elementary Project Icon Theme -------------------------------------------------------------------------------- Update Information:
- update to 0.13 - https://github.com/shimmerproject/elementary- xfce/releases/tag/v0.13 -------------------------------------------------------------------------------- ChangeLog:
* Fri Sep 14 2018 Johannes Lips hannes@fedoraproject.org - 0.13-1 - update to latest upstream version 0.13 * Thu Jul 12 2018 Fedora Release Engineering releng@fedoraproject.org - 0.12-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ erlang-20.3.8.9-1.fc28 (FEDORA-2018-5a757afaed) General-purpose programming language and runtime environment -------------------------------------------------------------------------------- Update Information:
* Erlang ver. 20.8.3.9 * Fix for meck -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 18 2018 Peter Lemenkov lemenkov@gmail.com - 20.3.8.9-1 - Ver. 20.3.8.9 --------------------------------------------------------------------------------
================================================================================ erlang-meck-0.8.12-1.fc28 (FEDORA-2018-0ad563a12f) A mocking library for Erlang -------------------------------------------------------------------------------- Update Information:
* Erlang-meck ver. 0.8.12 -------------------------------------------------------------------------------- ChangeLog:
* Wed Aug 15 2018 Peter Lemenkov lemenkov@gmail.com - 0.8.12-1 - Ver. 0.8.12 * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 0.8.8-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1603910 - erlang-meck: FTBFS in Fedora rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1603910 [ 2 ] Bug #1595240 - erlang-meck-0.8.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=1595240 --------------------------------------------------------------------------------
================================================================================ fldigi-4.0.18-2.fc28 (FEDORA-2018-e877b1af30) Digital modem program for Linux -------------------------------------------------------------------------------- Update Information:
Update to hamlib 3.3 and rebuild dependencies. -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1623903 - hamlib-3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1623903 --------------------------------------------------------------------------------
================================================================================ freedv-1.3.1-3.fc28 (FEDORA-2018-e877b1af30) FreeDV Digital Voice -------------------------------------------------------------------------------- Update Information:
Update to hamlib 3.3 and rebuild dependencies. -------------------------------------------------------------------------------- ChangeLog:
* Thu Aug 30 2018 Richard Shaw hobbes1069@gmail.com - 1.3.1-3 - Rebuild for hamlib 3.3. * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 1.3.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1623903 - hamlib-3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1623903 --------------------------------------------------------------------------------
================================================================================ gsequencer-2.0.12-0.fc28 (FEDORA-2018-1a658f6913) Audio processing engine -------------------------------------------------------------------------------- Update Information:
provide patch to disable functional tests ---- provide patch to disable functional tests -------------------------------------------------------------------------------- ChangeLog:
* Sun Sep 9 2018 Jo��l Kr��hemann jkraehemann@gmail.com 2.0.1-1 - provide patch to disable functional tests * Sun Sep 9 2018 Jo��l Kr��hemann jkraehemann@gmail.com 2.0.1-0 - updated Source to point to new major version directory --------------------------------------------------------------------------------
================================================================================ hamlib-3.3-1.fc28 (FEDORA-2018-e877b1af30) Run-time library to control radio transceivers and receivers -------------------------------------------------------------------------------- Update Information:
Update to hamlib 3.3 and rebuild dependencies. -------------------------------------------------------------------------------- ChangeLog:
* Thu Aug 30 2018 Richard Shaw hobbes1069@gmail.com - 3.3-1 - Update to 3.3. * Fri Jul 20 2018 Jaroslav ��karvada jskarvad@redhat.com - 3.2-5 - Fixed FTBFS by adding gcc-c++ requirement Resolves: rhbz#1604307 * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 3.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Wed Jun 27 2018 Jitka Plesnikova jplesnik@redhat.com - 3.2-3 - Perl 5.28 rebuild * Tue Jun 19 2018 Jaroslav ��karvada jskarvad@redhat.com - 3.2-2 - Dropped info scriptlets, it's now handled automatically by trigger -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1623903 - hamlib-3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1623903 --------------------------------------------------------------------------------
================================================================================ kmail-18.04.3-2.fc28 (FEDORA-2018-2dcc691c7a) Mail client -------------------------------------------------------------------------------- Update Information:
Backport fix for saving layout/settings -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 18 2018 Rex Dieter rdieter@fedoraproject.org - 18.04.3-2 - kmail Toollbar and statusbar disappear on restart of application (#1630388) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1630388 - kmail Toollbar and statusbar disappear on restart of application https://bugzilla.redhat.com/show_bug.cgi?id=1630388 --------------------------------------------------------------------------------
================================================================================ ktikz-0.12-3.fc28 (FEDORA-2018-feb80e2de8) KDE Editor for the TikZ language -------------------------------------------------------------------------------- Update Information:
Fixing typo in node-option "text height" -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 18 2018 Mohamed El Morabity melmorabity@fedoraproject.org - 0.12-3 - Fix RHBZ #1565806 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1565806 - Typo in ktikz auto-completion https://bugzilla.redhat.com/show_bug.cgi?id=1565806 --------------------------------------------------------------------------------
================================================================================ lcms2-2.9-4.fc28 (FEDORA-2018-1cb4c4a6d8) Color Management Engine -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2018-16435 -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 18 2018 Rex Dieter rdieter@fedoraproject.org - 2.9-4 - CVE-2018-16435 lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile (#1628969) - .spec cosmetics, use %make_build %make_install %ldconfig_scriptlets * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 2.9-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1628969 - CVE-2018-16435 lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile https://bugzilla.redhat.com/show_bug.cgi?id=1628969 --------------------------------------------------------------------------------
================================================================================ libbson-1.9.5-3.fc28 (FEDORA-2018-2062cd7548) Building, parsing, and iterating BSON documents -------------------------------------------------------------------------------- Update Information:
This release fixes a heap-based buffer over-read when parsing a mallformed BSON document (CVE-2018-16790). -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 18 2018 Petr Pisar ppisar@redhat.com - 1.9.5-3 - Fix CVE-2018-16790 (heap-based buffer over-read in _bson_iter_next_internal()) (bug #1627924) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1627923 - CVE-2018-16790 libbson: Heap-based buffer over-read in _bson_iter_next_internal in bson-iter.c https://bugzilla.redhat.com/show_bug.cgi?id=1627923 --------------------------------------------------------------------------------
================================================================================ libmodulemd-1.6.4-1.fc28 (FEDORA-2018-14ee6073a6) Module metadata manipulation library -------------------------------------------------------------------------------- Update Information:
- Update to 1.6.4 - Add Buildopts to the documentation. - Deduplicate module streams when merging. - Drop upstreamed patches. -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 18 2018 Stephen Gallagher sgallagh@redhat.com - 1.6.4-1 - Update to 1.6.4. - Add Buildopts to the documentation. - Deduplicate module streams when merging. - Drop upstreamed patches. --------------------------------------------------------------------------------
================================================================================ openssl-pkcs11-0.4.8-2.fc28 (FEDORA-2018-6e46af6a08) A PKCS#11 engine for use with OpenSSL -------------------------------------------------------------------------------- Update Information:
Require OpenSSL >= 1.0.2 Add support to use EC keys and tests (#1619184) Changed package description (#1614699) Allow engine to use private key without PIN Exposed check_fork() API -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 18 2018 Anderson Sasaki ansasaki@redhat.com - 0.4.8-2 - Require OpenSSL >= 1.0.2 - Fixed missing declaration of ERR_get_CKR_code() - Add support to use EC keys and tests (#1619184) - Exposed check_fork() API - Fixed memory leak of RSA objects in pkcs11_store_key() - Updated OpenSSL license in eng_front.c - Fixed build for old C dialects - Allow engine to use private key without PIN - Require DEBUG to be defined to print debug messages - Changed package description (#1614699) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1619184 - Double free segmentation fault when used via openssl-pkcs11 (OpenSSL engine) https://bugzilla.redhat.com/show_bug.cgi?id=1619184 [ 2 ] Bug #1614699 - Please provide better description of the package https://bugzilla.redhat.com/show_bug.cgi?id=1614699 --------------------------------------------------------------------------------
================================================================================ pcre2-10.32-2.fc28 (FEDORA-2018-337910120d) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information:
This release fixes a a subject buffer overread in JIT when UTF is disabled and \X or \R has a greater than 1 fixed quantifier. -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 18 2018 Petr Pisar ppisar@redhat.com - 10.32-2 - Fix a subject buffer overread in JIT when UTF is disabled and \X or \R has a greater than 1 fixed quantifier (upstream bug #2320) * Wed Sep 12 2018 Petr Pisar ppisar@redhat.com - 10.32-1 - 10.32 bump --------------------------------------------------------------------------------
================================================================================ perl-Dancer2-Plugin-Database-2.17-2.fc28 (FEDORA-2018-479df5ee45) Easy database connections for Dancer2 applications -------------------------------------------------------------------------------- Update Information:
This package provides Dancer2::Plugin::Database which itself provides an easy way to obtain a connected DBI database handle by simply calling the database keyword within your Dancer2 application --------------------------------------------------------------------------------
================================================================================ php-nikic-php-parser4-4.0.4-1.fc28 (FEDORA-2018-eb4ca2f3e1) A PHP parser written in PHP - version 4 -------------------------------------------------------------------------------- Update Information:
**Version 4.0.4** (2018-09-18) **Added** * The following methods have been added to `BuilderFactory`: * `useTrait()` (fluent builder) * `traitUseAdaptation()` (fluent builder) * `useFunction()` (fluent builder) * `useConst()` (fluent builder) * `var()` * `propertyFetch()` **Deprecated** * `Builder\Param::setTypeHint()` has been deprecated in favor of the newly introduced `Builder\Param::setType()`. -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 18 2018 Remi Collet remi@remirepo.net - 4.0.4-1 - update to 4.0.4 --------------------------------------------------------------------------------
================================================================================ python-msgpack-0.5.6-5.fc28 (FEDORA-2018-c75ce511a7) A Python MessagePack (de)serializer -------------------------------------------------------------------------------- Update Information:
Switch from msgpack-python to msgpack upstream. The chnage is that the package now provides `pythonXdist(msgpack)` (`pythonXdist(msgpack-python)` is still provided for backwards compatibility). This is important when using the Python automatic dependency generator. -------------------------------------------------------------------------------- ChangeLog:
* Mon Sep 3 2018 Miro Hron��ok mhroncok@redhat.com - 0.5.6-5 - Use msgpack from PyPI, not msgpack-python (deprecated) --------------------------------------------------------------------------------
================================================================================ qsstv-9.2.6-4.fc28 (FEDORA-2018-e877b1af30) Qt-based slow-scan TV and fax -------------------------------------------------------------------------------- Update Information:
Update to hamlib 3.3 and rebuild dependencies. -------------------------------------------------------------------------------- ChangeLog:
* Thu Aug 30 2018 Richard Shaw hobbes1069@gmail.com - 9.2.6-4 - Rebuild for hamlib 3.3. * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 9.2.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1623903 - hamlib-3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1623903 --------------------------------------------------------------------------------
================================================================================ recoll-1.23.7-8.fc28 (FEDORA-2018-597675803c) Desktop full text search tool with Qt GUI -------------------------------------------------------------------------------- Update Information:
Fix a minor issue causing unwanted error messages showing up. -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 18 2018 Terje Rosten terje.rosten@ntnu.no - 1.23.7-8 - Add patch from upstream to fix rhbz#1625313 * Tue Jul 31 2018 Florian Weimer fweimer@redhat.com - 1.23.7-7 - Rebuild with fixed binutils * Mon Jul 30 2018 Terje Rosten terje.rosten@ntnu.no - 1.23.7-6 - Add patch from upstream to fix FTBFS * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 1.23.7-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Tue Jun 19 2018 Miro Hron��ok mhroncok@redhat.com - 1.23.7-4 - Rebuilt for Python 3.7 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1625313 - stderr messages (Textsplit UTF-8 errors) when hovering on the results https://bugzilla.redhat.com/show_bug.cgi?id=1625313 --------------------------------------------------------------------------------
================================================================================ spamassassin-3.4.2-1.fc28 (FEDORA-2018-d42addb489) Spam filter for email which can be invoked from mail delivery agents -------------------------------------------------------------------------------- Update Information:
Update to 3.4.2. Fixes CVE-2017-15705, CVE-2018-11780 and CVE-2018-11781 along with many other bugfixes and improvements. See https://www.mail- archive.com/announce@apache.org/msg04823.html for more information. -------------------------------------------------------------------------------- ChangeLog:
* Sun Sep 16 2018 Kevin Fenzi kevin@scrye.com - 3.4.2-1 - Update to 3.4.2 - Fixes: CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781 * Mon Jul 23 2018 Jaroslav ��karvada jskarvad@redhat.com - 3.4.1-25 - perl-Razor-Agent and perl-Net-Patricia not used on RHEL * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 3.4.1-24 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Tue Jul 10 2018 Tomas Korbar tkorbar@redhat.com - 3.4.1-23 - Fix daemonize subroutine - See https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7594 * Fri Jun 29 2018 Jitka Plesnikova jplesnik@redhat.com - 3.4.1-22 - Perl 5.28 rebuild * Wed Jun 20 2018 Kevin Fenzi kevin@scrye.com - 3.4.1-21 - Conditionalize Requires for /sbin/service and /sbin/chkconfig. Fixes bug #1592390 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1629537 - CVE-2018-11781 spamassassin: Local user code injection in the meta rule syntax [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1629537 [ 2 ] Bug #1629534 - CVE-2018-11780 spamassassin: Potential remote code execution vulnerability in PDFInfo plugin [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1629534 [ 3 ] Bug #1629522 - CVE-2017-15705 spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and resulting denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1629522 [ 4 ] Bug #1629491 - SpamAssassin 3.4.2 released with CVE disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1629491 [ 5 ] Bug #1590592 - Need spamassassin release with patch for bug 7208 included https://bugzilla.redhat.com/show_bug.cgi?id=1590592 --------------------------------------------------------------------------------
================================================================================ twa-1.3.1-1.fc28 (FEDORA-2018-6da6953a64) Tiny web auditor with strong opinions -------------------------------------------------------------------------------- Update Information:
New package - first bodhi update -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1629446 - Review Request: twa - tiny web auditor https://bugzilla.redhat.com/show_bug.cgi?id=1629446 --------------------------------------------------------------------------------
================================================================================ wingpanel-applications-menu-2.4.0-1.fc28 (FEDORA-2018-e8d4d2ece8) Lightweight and stylish app launcher -------------------------------------------------------------------------------- Update Information:
Update to version 2.4.0. Release notes: https://github.com/elementary /applications-menu/releases/tag/2.4.0 -------------------------------------------------------------------------------- ChangeLog:
--------------------------------------------------------------------------------
================================================================================ xorgxrdp-0.2.8-1.fc28 (FEDORA-2018-12a6273e1e) Implementation of xrdp backend as Xorg modules -------------------------------------------------------------------------------- Update Information:
This release includes some invalid memory access issue, #124 and #125. -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 19 2018 Bojan Smojver bojan@rexursive.com - 0.2.8-1 - Bump up to 0.2.8 * Thu Sep 6 2018 Bojan Smojver bojan@rexursive.com - 0.2.7-3 - Rebuild against Xorg 1.20.1 * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 0.2.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ zchunk-0.9.10-1.fc28 (FEDORA-2018-1e79c12af0) Compressed file format that allows easy deltas -------------------------------------------------------------------------------- Update Information:
Fixes security bugs identified by Coverity -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 18 2018 Jonathan Dieter jdieter@gmail.com - 0.9.10-1 - Update to 0.9.10 - Fixes security bugs found by Coverity --------------------------------------------------------------------------------